github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 17:59:23 -04:00
Code Issues Projects Releases Packages Wiki Activity

[logging] Upgrade ECS to 1.12 (#113583) (#113651)

Browse source 
Co-authored-by: Luke Elmers <luke.elmers@elastic.co>
This commit is contained in:
Kibana Machine 2021-10-01 15:32:08 -04:00 committed by GitHub
parent f730038fff
commit b91f8c8679
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
52 changed files with 326 additions and 67 deletions
Download patch file Download diff file Expand all files Collapse all files

2
packages/kbn-logging/src/ecs/agent.ts
View file

@ -7,7 +7,7 @@
*/
/**
* https://www.elastic.co/guide/en/ecs/1.9/ecs-agent.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-agent.html
*
* @internal
*/

2
packages/kbn-logging/src/ecs/autonomous_system.ts
View file

@ -7,7 +7,7 @@
*/
/**
* https://www.elastic.co/guide/en/ecs/1.9/ecs-as.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-as.html
*
* @internal
*/

2
packages/kbn-logging/src/ecs/base.ts
View file

@ -7,7 +7,7 @@
*/
/**
* https://www.elastic.co/guide/en/ecs/1.9/ecs-base.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-base.html
*
* @internal
*/

2
packages/kbn-logging/src/ecs/client.ts
View file

@ -17,7 +17,7 @@ interface NestedFields {
}
/**
* https://www.elastic.co/guide/en/ecs/1.9/ecs-client.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-client.html
*
* @internal
*/

2
packages/kbn-logging/src/ecs/cloud.ts
View file

@ -7,7 +7,7 @@
*/
/**
* https://www.elastic.co/guide/en/ecs/1.9/ecs-cloud.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-cloud.html
*
* @internal
*/

4
packages/kbn-logging/src/ecs/code_signature.ts
View file

@ -7,15 +7,17 @@
*/
/**
* https://www.elastic.co/guide/en/ecs/1.9/ecs-code_signature.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-code_signature.html
*
* @internal
*/
export interface EcsCodeSignature {
digest_algorithm?: string;
exists?: boolean;
signing_id?: string;
status?: string;
subject_name?: string;
timestamp?: string;
team_id?: string;
trusted?: boolean;
valid?: boolean;

9
packages/kbn-logging/src/ecs/container.ts
View file

@ -7,14 +7,21 @@
*/
/**
* https://www.elastic.co/guide/en/ecs/1.9/ecs-container.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-container.html
*
* @internal
*/
export interface EcsContainer {
cpu?: { usage?: number };
disk?: Disk;
id?: string;
image?: { name?: string; tag?: string[] };
labels?: Record<string, unknown>;
name?: string;
runtime?: string;
}
interface Disk {
read?: { bytes?: number };
write?: { bytes?: number };
}

18
packages/kbn-logging/src/ecs/data_stream.ts Normal file
View file

@ -0,0 +1,18 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0 and the Server Side Public License, v 1; you may not use this file except
* in compliance with, at your election, the Elastic License 2.0 or the Server
* Side Public License, v 1.
*/
/**
* https://www.elastic.co/guide/en/ecs/1.12/ecs-data_stream.html
*
* @internal
*/
export interface EcsDataStream {
dataset?: string;
namespace?: string;
type?: 'logs' | 'metrics';
}

2
packages/kbn-logging/src/ecs/destination.ts
View file

@ -17,7 +17,7 @@ interface NestedFields {
}
/**
* https://www.elastic.co/guide/en/ecs/1.9/ecs-destination.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-destination.html
*
* @internal
*/

2
packages/kbn-logging/src/ecs/dll.ts
View file

@ -17,7 +17,7 @@ interface NestedFields {
}
/**
* https://www.elastic.co/guide/en/ecs/1.9/ecs-dll.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-dll.html
*
* @internal
*/

2
packages/kbn-logging/src/ecs/dns.ts
View file

@ -7,7 +7,7 @@
*/
/**
* https://www.elastic.co/guide/en/ecs/1.9/ecs-dns.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-dns.html
*
* @internal
*/

71
packages/kbn-logging/src/ecs/elf.ts Normal file
View file

@ -0,0 +1,71 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0 and the Server Side Public License, v 1; you may not use this file except
* in compliance with, at your election, the Elastic License 2.0 or the Server
* Side Public License, v 1.
*/
/**
* https://www.elastic.co/guide/en/ecs/1.12/ecs-elf.html
*
* @internal
*/
export interface EcsElf {
architecture?: string;
byte_order?: string;
cpu_type?: string;
creation_date?: string;
exports?: Export[];
imports?: Import[];
header?: Header;
sections?: Section[];
segments?: Segment[];
shared_libraries?: string[];
telfhash?: string;
}
interface Export {
binding?: string;
name?: string;
section?: string;
size?: string;
type?: string;
version?: string;
visibility?: string;
}
interface Import {
library?: string;
name?: string;
type?: string;
version?: string;
}
interface Header {
abi_version?: string;
class?: string;
data?: string;
entrypoint?: number;
object_version?: string;
os_abi?: string;
type?: string;
version?: string;
}
interface Section {
chi2?: number;
entropy?: number;
flags?: string;
name?: string;
physical_offset?: string;
physical_size?: number;
type?: string;
virtual_address?: number;
virtual_size?: number;
}
interface Segment {
sections?: string;
type?: string;
}

48
packages/kbn-logging/src/ecs/email.ts Normal file
View file

@ -0,0 +1,48 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0 and the Server Side Public License, v 1; you may not use this file except
* in compliance with, at your election, the Elastic License 2.0 or the Server
* Side Public License, v 1.
*/
import { EcsFile } from './file';
import { EcsHash } from './hash';
interface NestedFields {
// Not all hash types are explicitly supported, see
// https://github.com/elastic/ecs/pull/1569
hash?: Pick<EcsHash, 'md5' | 'sha1' | 'sha256'>;
}
interface AttachmentNestedFields {
file?: Pick<EcsFile, 'extension' | 'mime_type' | 'name' | 'size' | 'hash'>;
}
/**
* No docs yet, see https://github.com/elastic/ecs/pull/1569
*
* @internal
*/
export interface EcsEmail extends NestedFields {
attachments?: Attachment[];
bcc?: string[];
cc?: string[];
content_type?: string;
delivery_timestamp?: string;
direction?: string;
from?: string;
local_id?: string;
message_id?: string;
origination_timestamp?: string;
reply_to?: string;
subject?: string;
'subject.text'?: string;
to?: string[];
x_mailer?: string;
}
// eslint-disable-next-line @typescript-eslint/no-empty-interface
interface Attachment extends AttachmentNestedFields {
// intentionally empty
}

2
packages/kbn-logging/src/ecs/error.ts
View file

@ -7,7 +7,7 @@
*/
/**
* https://www.elastic.co/guide/en/ecs/1.9/ecs-error.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-error.html
*
* @internal
*/

3
packages/kbn-logging/src/ecs/event.ts
View file

@ -7,12 +7,13 @@
*/
/**
* https://www.elastic.co/guide/en/ecs/1.9/ecs-event.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-event.html
*
* @internal
*/
export interface EcsEvent {
action?: string;
agent_id_status?: 'verified' | 'mismatch' | 'missing' | 'auth_metadata_missing';
category?: EcsEventCategory[];
code?: string;
created?: string;

5
packages/kbn-logging/src/ecs/file.ts
View file

@ -7,19 +7,21 @@
*/
import { EcsCodeSignature } from './code_signature';
import { EcsElf } from './elf';
import { EcsHash } from './hash';
import { EcsPe } from './pe';
import { EcsX509 } from './x509';
interface NestedFields {
code_signature?: EcsCodeSignature;
elf?: EcsElf;
hash?: EcsHash;
pe?: EcsPe;
x509?: EcsX509;
}
/**
* https://www.elastic.co/guide/en/ecs/1.9/ecs-file.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-file.html
*
* @internal
*/
@ -32,6 +34,7 @@ export interface EcsFile extends NestedFields {
directory?: string;
drive_letter?: string;
extension?: string;
fork_name?: string;
gid?: string;
group?: string;
inode?: string;

2
packages/kbn-logging/src/ecs/geo.ts
View file

@ -7,7 +7,7 @@
*/
/**
* https://www.elastic.co/guide/en/ecs/1.9/ecs-geo.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-geo.html
*
* @internal
*/

2
packages/kbn-logging/src/ecs/group.ts
View file

@ -7,7 +7,7 @@
*/
/**
* https://www.elastic.co/guide/en/ecs/1.9/ecs-group.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-group.html
*
* @internal
*/

2
packages/kbn-logging/src/ecs/hash.ts
View file

@ -7,7 +7,7 @@
*/
/**
* https://www.elastic.co/guide/en/ecs/1.9/ecs-hash.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-hash.html
*
* @internal
*/

2
packages/kbn-logging/src/ecs/host.ts
View file

@ -18,7 +18,7 @@ interface NestedFields {
}
/**
* https://www.elastic.co/guide/en/ecs/1.9/ecs-host.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-host.html
*
* @internal
*/

2
packages/kbn-logging/src/ecs/http.ts
View file

@ -7,7 +7,7 @@
*/
/**
* https://www.elastic.co/guide/en/ecs/1.9/ecs-http.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-http.html
*
* @internal
*/

12
packages/kbn-logging/src/ecs/index.ts
View file

@ -13,8 +13,10 @@ import { EcsAutonomousSystem } from './autonomous_system';
import { EcsClient } from './client';
import { EcsCloud } from './cloud';
import { EcsContainer } from './container';
import { EcsDataStream } from './data_stream';
import { EcsDestination } from './destination';
import { EcsDns } from './dns';
import { EcsEmail } from './email';
import { EcsError } from './error';
import { EcsEvent } from './event';
import { EcsFile } from './file';
@ -24,6 +26,7 @@ import { EcsHttp } from './http';
import { EcsLog } from './log';
import { EcsNetwork } from './network';
import { EcsObserver } from './observer';
import { EcsOrchestrator } from './orchestrator';
import { EcsOrganization } from './organization';
import { EcsPackage } from './package';
import { EcsProcess } from './process';
@ -45,13 +48,13 @@ export { EcsEventCategory, EcsEventKind, EcsEventOutcome, EcsEventType } from '.
interface EcsField {
/**
* These typings were written as of ECS 1.9.0.
* These typings were written as of ECS 1.12.0.
* Don't change this value without checking the rest
* of the types to conform to that ECS version.
*
* https://www.elastic.co/guide/en/ecs/1.9/index.html
* https://www.elastic.co/guide/en/ecs/1.12/index.html
*/
version: '1.9.0';
version: '1.12.0';
}
/**
@ -68,8 +71,10 @@ export type Ecs = EcsBase &
client?: EcsClient;
cloud?: EcsCloud;
container?: EcsContainer;
data_stream?: EcsDataStream;
destination?: EcsDestination;
dns?: EcsDns;
email?: EcsEmail;
error?: EcsError;
event?: EcsEvent;
file?: EcsFile;
@ -79,6 +84,7 @@ export type Ecs = EcsBase &
log?: EcsLog;
network?: EcsNetwork;
observer?: EcsObserver;
orchestrator?: EcsOrchestrator;
organization?: EcsOrganization;
package?: EcsPackage;
process?: EcsProcess;

2
packages/kbn-logging/src/ecs/interface.ts
View file

@ -7,7 +7,7 @@
*/
/**
* https://www.elastic.co/guide/en/ecs/1.9/ecs-interface.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-interface.html
*
* @internal
*/

3
packages/kbn-logging/src/ecs/log.ts
View file

@ -7,7 +7,7 @@
*/
/**
* https://www.elastic.co/guide/en/ecs/1.9/ecs-log.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-log.html
*
* @internal
*/
@ -16,6 +16,7 @@ export interface EcsLog {
level?: string;
logger?: string;
origin?: Origin;
/** @deprecated - use `event.original` instead */
original?: string;
syslog?: Syslog;
}

2
packages/kbn-logging/src/ecs/network.ts
View file

@ -14,7 +14,7 @@ interface NestedFields {
}
/**
* https://www.elastic.co/guide/en/ecs/1.9/ecs-network.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-network.html
*
* @internal
*/

2
packages/kbn-logging/src/ecs/observer.ts
View file

@ -29,7 +29,7 @@ interface NestedIngressFields {
}
/**
* https://www.elastic.co/guide/en/ecs/1.9/ecs-observer.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-observer.html
*
* @internal
*/

32
packages/kbn-logging/src/ecs/orchestrator.ts Normal file
View file

@ -0,0 +1,32 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0 and the Server Side Public License, v 1; you may not use this file except
* in compliance with, at your election, the Elastic License 2.0 or the Server
* Side Public License, v 1.
*/
/**
* https://www.elastic.co/guide/en/ecs/1.12/ecs-orchestrator.html
*
* @internal
*/
export interface EcsOrchestrator {
api_version?: string;
cluster?: Cluster;
namespace?: string;
organization?: string;
resource?: Resource;
type?: string;
}
interface Cluster {
name?: string;
url?: string;
version?: string;
}
interface Resource {
name?: string;
type?: string;
}

2
packages/kbn-logging/src/ecs/organization.ts
View file

@ -7,7 +7,7 @@
*/
/**
* https://www.elastic.co/guide/en/ecs/1.9/ecs-organization.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-organization.html
*
* @internal
*/

2
packages/kbn-logging/src/ecs/os.ts
View file

@ -7,7 +7,7 @@
*/
/**
* https://www.elastic.co/guide/en/ecs/1.9/ecs-os.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-os.html
*
* @internal
*/

2
packages/kbn-logging/src/ecs/package.ts
View file

@ -7,7 +7,7 @@
*/
/**
* https://www.elastic.co/guide/en/ecs/1.9/ecs-package.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-package.html
*
* @internal
*/

2
packages/kbn-logging/src/ecs/pe.ts
View file

@ -7,7 +7,7 @@
*/
/**
* https://www.elastic.co/guide/en/ecs/1.9/ecs-pe.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-pe.html
*
* @internal
*/

7
packages/kbn-logging/src/ecs/process.ts
View file

@ -7,18 +7,21 @@
*/
import { EcsCodeSignature } from './code_signature';
import { EcsElf } from './elf';
import { EcsHash } from './hash';
import { EcsPe } from './pe';
interface NestedFields {
code_signature?: EcsCodeSignature;
elf?: EcsElf;
hash?: EcsHash;
parent?: EcsProcess;
pe?: EcsPe;
target?: EcsProcess;
}
/**
* https://www.elastic.co/guide/en/ecs/1.9/ecs-process.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-process.html
*
* @internal
*/
@ -26,6 +29,7 @@ export interface EcsProcess extends NestedFields {
args?: string[];
args_count?: number;
command_line?: string;
end?: string;
entity_id?: string;
executable?: string;
exit_code?: number;
@ -34,7 +38,6 @@ export interface EcsProcess extends NestedFields {
pid?: number;
ppid?: number;
start?: string;
thread?: { id?: number; name?: string };
title?: string;
uptime?: number;
working_directory?: string;

2
packages/kbn-logging/src/ecs/registry.ts
View file

@ -7,7 +7,7 @@
*/
/**
* https://www.elastic.co/guide/en/ecs/1.9/ecs-registry.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-registry.html
*
* @internal
*/

2
packages/kbn-logging/src/ecs/related.ts
View file

@ -7,7 +7,7 @@
*/
/**
* https://www.elastic.co/guide/en/ecs/1.9/ecs-related.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-related.html
*
* @internal
*/

2
packages/kbn-logging/src/ecs/rule.ts
View file

@ -7,7 +7,7 @@
*/
/**
* https://www.elastic.co/guide/en/ecs/1.9/ecs-rule.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-rule.html
*
* @internal
*/

2
packages/kbn-logging/src/ecs/server.ts
View file

@ -17,7 +17,7 @@ interface NestedFields {
}
/**
* https://www.elastic.co/guide/en/ecs/1.9/ecs-server.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-server.html
*
* @internal
*/

4
packages/kbn-logging/src/ecs/service.ts
View file

@ -7,11 +7,13 @@
*/
/**
* https://www.elastic.co/guide/en/ecs/1.9/ecs-service.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-service.html
*
* @internal
*/
export interface EcsService {
address?: string;
environment?: string;
ephemeral_id?: string;
id?: string;
name?: string;

2
packages/kbn-logging/src/ecs/source.ts
View file

@ -17,7 +17,7 @@ interface NestedFields {
}
/**
* https://www.elastic.co/guide/en/ecs/1.9/ecs-source.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-source.html
*
* @internal
*/

67
packages/kbn-logging/src/ecs/threat.ts
View file

@ -6,17 +6,82 @@
* Side Public License, v 1.
*/
import { EcsAutonomousSystem } from './autonomous_system';
import { EcsFile } from './file';
import { EcsGeo } from './geo';
import { EcsRegistry } from './registry';
import { EcsUrl } from './url';
import { EcsX509 } from './x509';
interface IndicatorNestedFields {
as?: EcsAutonomousSystem;
file?: EcsFile;
geo?: EcsGeo;
registry?: EcsRegistry;
url?: EcsUrl;
x509?: EcsX509;
}
/**
* https://www.elastic.co/guide/en/ecs/1.9/ecs-threat.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-threat.html
*
* @internal
*/
export interface EcsThreat {
enrichments?: Enrichment[];
indicator?: Indicator;
framework?: string;
group?: Group;
software?: Software;
tactic?: Tactic;
technique?: Technique;
}
interface Enrichment {
indicator?: Indicator;
matched?: Matched;
}
interface Indicator extends IndicatorNestedFields {
confidence?: string;
description?: string;
email?: { address?: string };
first_seen?: string;
ip?: string;
last_seen?: string;
marking?: { tlp?: string };
modified_at?: string;
port?: number;
provider?: string;
reference?: string;
scanner_stats?: number;
sightings?: number;
type?: string;
}
interface Matched {
atomic?: string;
field?: string;
id?: string;
index?: string;
type?: string;
}
interface Group {
alias?: string[];
id?: string;
name?: string;
reference?: string;
}
interface Software {
id?: string;
name?: string;
platforms?: string[];
reference?: string;
type?: string;
}
interface Tactic {
id?: string[];
name?: string[];

2
packages/kbn-logging/src/ecs/tls.ts
View file

@ -17,7 +17,7 @@ interface NestedServerFields {
}
/**
* https://www.elastic.co/guide/en/ecs/1.9/ecs-tls.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-tls.html
*
* @internal
*/

2
packages/kbn-logging/src/ecs/tracing.ts
View file

@ -12,7 +12,7 @@
* the base fields, we will need to do an intersection with these types at
* the root level.
*
* https://www.elastic.co/guide/en/ecs/1.9/ecs-tracing.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-tracing.html
*
* @internal
*/

2
packages/kbn-logging/src/ecs/url.ts
View file

@ -7,7 +7,7 @@
*/
/**
* https://www.elastic.co/guide/en/ecs/1.9/ecs-url.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-url.html
*
* @internal
*/

2
packages/kbn-logging/src/ecs/user.ts
View file

@ -20,7 +20,7 @@ interface NestedFields {
* placed at the root level, but not if it is nested inside another field like
* `destination`. A more detailed explanation of these nuances can be found at:
*
* https://www.elastic.co/guide/en/ecs/1.9/ecs-user-usage.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-user-usage.html
*
* As a result, we need to export a separate `NestedUser` type to import into
* other interfaces internally. This contains the reusable subset of properties

2
packages/kbn-logging/src/ecs/user_agent.ts
View file

@ -13,7 +13,7 @@ interface NestedFields {
}
/**
* https://www.elastic.co/guide/en/ecs/1.9/ecs-user_agent.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-user_agent.html
*
* @internal
*/

2
packages/kbn-logging/src/ecs/vlan.ts
View file

@ -7,7 +7,7 @@
*/
/**
* https://www.elastic.co/guide/en/ecs/1.9/ecs-vlan.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-vlan.html
*
* @internal
*/

2
packages/kbn-logging/src/ecs/vulnerability.ts
View file

@ -7,7 +7,7 @@
*/
/**
* https://www.elastic.co/guide/en/ecs/1.9/ecs-vulnerability.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-vulnerability.html
*
* @internal
*/

2
packages/kbn-logging/src/ecs/x509.ts
View file

@ -7,7 +7,7 @@
*/
/**
* https://www.elastic.co/guide/en/ecs/1.9/ecs-x509.html
* https://www.elastic.co/guide/en/ecs/1.12/ecs-x509.html
*
* @internal
*/

10
src/core/server/logging/__snapshots__/logging_system.test.ts.snap generated
View file

@ -16,7 +16,7 @@ exports[`asLoggerFactory() only allows to create new loggers. 1`] = `
Object {
"@timestamp": "2012-01-30T22:33:22.011-05:00",
"ecs": Object {
"version": "1.9.0",
"version": "1.12.0",
},
"log": Object {
"level": "TRACE",
@ -33,7 +33,7 @@ exports[`asLoggerFactory() only allows to create new loggers. 2`] = `
Object {
"@timestamp": "2012-01-30T17:33:22.011-05:00",
"ecs": Object {
"version": "1.9.0",
"version": "1.12.0",
},
"log": Object {
"level": "INFO",
@ -51,7 +51,7 @@ exports[`asLoggerFactory() only allows to create new loggers. 3`] = `
Object {
"@timestamp": "2012-01-30T12:33:22.011-05:00",
"ecs": Object {
"version": "1.9.0",
"version": "1.12.0",
},
"log": Object {
"level": "FATAL",
@ -68,7 +68,7 @@ exports[`flushes memory buffer logger and switches to real logger once config is
Object {
"@timestamp": "2012-02-01T09:33:22.011-05:00",
"ecs": Object {
"version": "1.9.0",
"version": "1.12.0",
},
"log": Object {
"level": "INFO",
@ -86,7 +86,7 @@ exports[`flushes memory buffer logger and switches to real logger once config is
Object {
"@timestamp": "2012-01-31T23:33:22.011-05:00",
"ecs": Object {
"version": "1.9.0",
"version": "1.12.0",
},
"log": Object {
"level": "INFO",

12
src/core/server/logging/layouts/__snapshots__/json_layout.test.ts.snap generated
View file

@ -1,13 +1,13 @@
// Jest Snapshot v1, https://goo.gl/fbAQLP
exports[`\`format()\` correctly formats record. 1`] = `"{\\"ecs\\":{\\"version\\":\\"1.9.0\\"},\\"@timestamp\\":\\"2012-02-01T09:30:22.011-05:00\\",\\"message\\":\\"message-1\\",\\"error\\":{\\"message\\":\\"Some error message\\",\\"type\\":\\"Some error name\\",\\"stack_trace\\":\\"Some error stack\\"},\\"log\\":{\\"level\\":\\"FATAL\\",\\"logger\\":\\"context-1\\"},\\"process\\":{\\"pid\\":5355}}"`;
exports[`\`format()\` correctly formats record. 1`] = `"{\\"ecs\\":{\\"version\\":\\"1.12.0\\"},\\"@timestamp\\":\\"2012-02-01T09:30:22.011-05:00\\",\\"message\\":\\"message-1\\",\\"error\\":{\\"message\\":\\"Some error message\\",\\"type\\":\\"Some error name\\",\\"stack_trace\\":\\"Some error stack\\"},\\"log\\":{\\"level\\":\\"FATAL\\",\\"logger\\":\\"context-1\\"},\\"process\\":{\\"pid\\":5355}}"`;
exports[`\`format()\` correctly formats record. 2`] = `"{\\"ecs\\":{\\"version\\":\\"1.9.0\\"},\\"@timestamp\\":\\"2012-02-01T09:30:22.011-05:00\\",\\"message\\":\\"message-2\\",\\"log\\":{\\"level\\":\\"ERROR\\",\\"logger\\":\\"context-2\\"},\\"process\\":{\\"pid\\":5355}}"`;
exports[`\`format()\` correctly formats record. 2`] = `"{\\"ecs\\":{\\"version\\":\\"1.12.0\\"},\\"@timestamp\\":\\"2012-02-01T09:30:22.011-05:00\\",\\"message\\":\\"message-2\\",\\"log\\":{\\"level\\":\\"ERROR\\",\\"logger\\":\\"context-2\\"},\\"process\\":{\\"pid\\":5355}}"`;
exports[`\`format()\` correctly formats record. 3`] = `"{\\"ecs\\":{\\"version\\":\\"1.9.0\\"},\\"@timestamp\\":\\"2012-02-01T09:30:22.011-05:00\\",\\"message\\":\\"message-3\\",\\"log\\":{\\"level\\":\\"WARN\\",\\"logger\\":\\"context-3\\"},\\"process\\":{\\"pid\\":5355}}"`;
exports[`\`format()\` correctly formats record. 3`] = `"{\\"ecs\\":{\\"version\\":\\"1.12.0\\"},\\"@timestamp\\":\\"2012-02-01T09:30:22.011-05:00\\",\\"message\\":\\"message-3\\",\\"log\\":{\\"level\\":\\"WARN\\",\\"logger\\":\\"context-3\\"},\\"process\\":{\\"pid\\":5355}}"`;
exports[`\`format()\` correctly formats record. 4`] = `"{\\"ecs\\":{\\"version\\":\\"1.9.0\\"},\\"@timestamp\\":\\"2012-02-01T09:30:22.011-05:00\\",\\"message\\":\\"message-4\\",\\"log\\":{\\"level\\":\\"DEBUG\\",\\"logger\\":\\"context-4\\"},\\"process\\":{\\"pid\\":5355}}"`;
exports[`\`format()\` correctly formats record. 4`] = `"{\\"ecs\\":{\\"version\\":\\"1.12.0\\"},\\"@timestamp\\":\\"2012-02-01T09:30:22.011-05:00\\",\\"message\\":\\"message-4\\",\\"log\\":{\\"level\\":\\"DEBUG\\",\\"logger\\":\\"context-4\\"},\\"process\\":{\\"pid\\":5355}}"`;
exports[`\`format()\` correctly formats record. 5`] = `"{\\"ecs\\":{\\"version\\":\\"1.9.0\\"},\\"@timestamp\\":\\"2012-02-01T09:30:22.011-05:00\\",\\"message\\":\\"message-5\\",\\"log\\":{\\"level\\":\\"INFO\\",\\"logger\\":\\"context-5\\"},\\"process\\":{\\"pid\\":5355}}"`;
exports[`\`format()\` correctly formats record. 5`] = `"{\\"ecs\\":{\\"version\\":\\"1.12.0\\"},\\"@timestamp\\":\\"2012-02-01T09:30:22.011-05:00\\",\\"message\\":\\"message-5\\",\\"log\\":{\\"level\\":\\"INFO\\",\\"logger\\":\\"context-5\\"},\\"process\\":{\\"pid\\":5355}}"`;
exports[`\`format()\` correctly formats record. 6`] = `"{\\"ecs\\":{\\"version\\":\\"1.9.0\\"},\\"@timestamp\\":\\"2012-02-01T09:30:22.011-05:00\\",\\"message\\":\\"message-6\\",\\"log\\":{\\"level\\":\\"TRACE\\",\\"logger\\":\\"context-6\\"},\\"process\\":{\\"pid\\":5355}}"`;
exports[`\`format()\` correctly formats record. 6`] = `"{\\"ecs\\":{\\"version\\":\\"1.12.0\\"},\\"@timestamp\\":\\"2012-02-01T09:30:22.011-05:00\\",\\"message\\":\\"message-6\\",\\"log\\":{\\"level\\":\\"TRACE\\",\\"logger\\":\\"context-6\\"},\\"process\\":{\\"pid\\":5355}}"`;

16
src/core/server/logging/layouts/json_layout.test.ts
View file

@ -74,7 +74,7 @@ test('`format()` correctly formats record.', () => {
}
});
test('`format()` correctly formats record with meta-data', () => {
test('`format()` correctly formats record with meta-data and correct ECS version', () => {
const layout = new JsonLayout();
expect(
@ -94,7 +94,7 @@ test('`format()` correctly formats record with meta-data', () => {
})
)
).toStrictEqual({
ecs: { version: '1.9.0' },
ecs: { version: '1.12.0' },
'@timestamp': '2012-02-01T09:30:22.011-05:00',
log: {
level: 'DEBUG',
@ -136,7 +136,7 @@ test('`format()` correctly formats error record with meta-data', () => {
})
)
).toStrictEqual({
ecs: { version: '1.9.0' },
ecs: { version: expect.any(String) },
'@timestamp': '2012-02-01T09:30:22.011-05:00',
log: {
level: 'DEBUG',
@ -176,7 +176,7 @@ test('format() meta can merge override logs', () => {
})
)
).toStrictEqual({
ecs: { version: '1.9.0' },
ecs: { version: expect.any(String) },
'@timestamp': '2012-02-01T09:30:22.011-05:00',
message: 'foo',
log: {
@ -206,7 +206,7 @@ test('format() meta can not override message', () => {
})
)
).toStrictEqual({
ecs: { version: '1.9.0' },
ecs: { version: expect.any(String) },
'@timestamp': '2012-02-01T09:30:22.011-05:00',
message: 'foo',
log: {
@ -235,7 +235,7 @@ test('format() meta can not override ecs version', () => {
})
)
).toStrictEqual({
ecs: { version: '1.9.0' },
ecs: { version: expect.any(String) },
'@timestamp': '2012-02-01T09:30:22.011-05:00',
message: 'foo',
log: {
@ -267,7 +267,7 @@ test('format() meta can not override logger or level', () => {
})
)
).toStrictEqual({
ecs: { version: '1.9.0' },
ecs: { version: expect.any(String) },
'@timestamp': '2012-02-01T09:30:22.011-05:00',
message: 'foo',
log: {
@ -296,7 +296,7 @@ test('format() meta can not override timestamp', () => {
})
)
).toStrictEqual({
ecs: { version: '1.9.0' },
ecs: { version: expect.any(String) },
'@timestamp': '2012-02-01T09:30:22.011-05:00',
message: 'foo',
log: {

2
src/core/server/logging/layouts/json_layout.ts
View file

@ -43,7 +43,7 @@ export class JsonLayout implements Layout {
public format(record: LogRecord): string {
const log: Ecs = {
ecs: { version: '1.9.0' },
ecs: { version: '1.12.0' },
'@timestamp': moment(record.timestamp).format('YYYY-MM-DDTHH:mm:ss.SSSZ'),
message: record.message,
error: JsonLayout.errorToSerializableObject(record.error),

2
x-pack/plugins/security/server/audit/audit_events.ts
View file

@ -10,7 +10,7 @@ import type { EcsEventOutcome, EcsEventType, KibanaRequest, LogMeta } from 'src/
import type { AuthenticationResult } from '../authentication/authentication_result';
/**
* Audit event schema using ECS format: https://www.elastic.co/guide/en/ecs/1.9/index.html
* Audit event schema using ECS format: https://www.elastic.co/guide/en/ecs/1.12/index.html
*
* If you add additional fields to the schema ensure you update the Kibana Filebeat module:
* https://github.com/elastic/beats/tree/master/filebeat/module/kibana