Logstash Linux Json

Aug 8 12:44:33 100.888.30.52 {"agent":{"version":"7.9.
2","hostname":"blabla-IDC-
DC01","type":"winlogbeat","ephemeral_id":"904b5d5b-92c1-40ca-bf39-
5b229d13f862","name":"blabla-IDC-DC01","id":"5623wsdas3qsad-d744-409e-b81a-
4fd449636e86"},"host":{"hostname":"blabla-IDC-DC01","mac":
["00:50:56:99:1f:f1"],"name":"blabla-idc-dc01.redexptotestes.com.br","os":
{"version":"10.0","family":"windows","build":"17763.2366","platform":"windows","nam
e":"Windows Server 2019 Standard","kernel":"10.0.17763.2366
(WinBuild.160101.0800)"},"architecture":"x86_64","id":"eed257f2-3ac0-4a31-b768-
f46802936043","ip":
["fe80::84c1:605d:1fbf:3a4","100.888.65.47"]},"@version":"1","@timestamp":"2022-08-
08T15:45:26.868Z","user":{"name":"BLA-JVE-0004$"},"related":{"user":"BLA-JVE-
0004$"},"fields":{"host":
{"domain":"redexptotestes.com.br"}},"type":"cyber","winlog":
{"event_id":4776,"process":{"thread":
{"id":14220},"pid":696},"opcode":"Info","logon":{"failure":{"status":"Status
OK."}},"provider_name":"Microsoft-Windows-Security-Auditing","event_data":
{"Status":"0x0","TargetUserName":"BLA-JVE-0004$","Workstation":"BLA-JVE-
0004","PackageName":"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"},"channel":"Security","
computer_name":"blabla-IDC-
DC01.redexptotestes.com.br","api":"wineventlog","provider_guid":"{54849625-5478-
4994-a5ba-3e3b0328c30d}","keywords":["Audit Success"],"task":"Credential
Validation","record_id":250727172},"event":{"type":"start","provider":"Microsoft-
Windows-Security-Auditing","kind":"event","outcome":"success","action":"credential-
validated","code":4776,"category":"authentication","module":"security","created":"2
022-08-08T15:45:28.836Z","original":"{\"type\":\"cyber\",\"event\":
{\"provider\":\"Microsoft-Windows-Security-
Auditing\",\"kind\":\"event\",\"type\":\"start\",\"code\":4776,\"action\":\"credent
ial-
validated\",\"outcome\":\"success\",\"category\":\"authentication\",\"module\":\"se
curity\",\"created\":\"2022-08-08T15:45:28.836Z\"},\"user\":{\"name\":\"BLA-JVE-
0004$\"},\"tags\":[\"blabla-idc-
dc01.redexptotestes.com.br\",\"winlogbeat\",\"beats_input_codec_plain_applied\",\"b
labla-logstash01\",\"windows\"],\"ecs\":{\"version\":\"1.5.0\"},\"log\":
{\"level\":\"information\"},\"winlog\":
{\"channel\":\"Security\",\"task\":\"Credential
Validation\",\"opcode\":\"Info\",\"computer_name\":\"blabla-IDC-
DC01.redexptotestes.com.br\",\"keywords\":[\"Audit Success\"],\"event_data\":
{\"Workstation\":\"BLA-JVE-
0004\",\"Status\":\"0x0\",\"PackageName\":\"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0\"
,\"TargetUserName\":\"BLA-JVE-0004$\"},\"provider_name\":\"Microsoft-Windows-
Security-Auditing\",\"process\":{\"pid\":696,\"thread\":{\"id\":14220}},\"logon\":
{\"failure\":{\"status\":\"Status
OK.\"}},\"event_id\":4776,\"provider_guid\":\"{54849625-5478-4994-a5ba-
3e3b0328c30d}\",\"record_id\":250727172,\"api\":\"wineventlog\"},\"message\":\"The
computer attempted to validate the credentials for an account.\\n\\nAuthentication
Package:\\tMICROSOFT_AUTHENTICATION_PACKAGE_V1_0\\nLogon Account:\\tBLA-JVE-0004$\\
nSource Workstation:\\tBLA-JVE-0004\\nError Code:\\t0x0\",\"@timestamp\":\"2022-08-
08T15:45:26.868Z\",\"related\":{\"user\":\"BLA-JVE-
0004$\"},\"@version\":\"1\",\"agent\":{\"type\":\"winlogbeat\",\"name\":\"blabla-
IDC-DC01\",\"version\":\"7.9.2\",\"hostname\":\"blabla-IDC-
DC01\",\"id\":\"5623wsdas3qsad-d744-409e-b81a-
4fd449636e86\",\"ephemeral_id\":\"904b5d5b-92c1-40ca-bf39-
5b229d13f862\"},\"fields\":{\"host\":
{\"domain\":\"redexptotestes.com.br\"}},\"host\":{\"ip\":
[\"fe80::84c1:605d:1fbf:3a4\",\"100.888.65.47\"],\"name\":\"blabla-idc-
dc01.redexptotestes.com.br\",\"mac\":[\"00:50:56:99:1f:f1\"],\"hostname\":\"blabla-
IDC-DC01\",\"os\":
{\"platform\":\"windows\",\"build\":\"17763.2366\",\"kernel\":\"10.0.17763.2366
(WinBuild.160101.0800)\",\"name\":\"Windows Server 2019
Standard\",\"version\":\"10.0\",\"family\":\"windows\"},\"id\":\"eed257f2-3ac0-
4a31-b768-f46802936043\",\"architecture\":\"x86_64\"}}"},"log":
{"level":"information"},"message":"The computer attempted to validate the
credentials for an account.\n\nAuthentication Package:\
tMICROSOFT_AUTHENTICATION_PACKAGE_V1_0\nLogon Account:\tBLA-JVE-0004$\nSource
Workstation:\tBLA-JVE-0004\nError Code:\t0x0","ecs":{"version":"1.5.0"},"tags":
["blabla-idc-
dc01.redexptotestes.com.br","winlogbeat","beats_input_codec_plain_applied","blabla-
logstash01","windows","beats_input_codec_json_applied"]}
Aug 8 12:44:33 100.888.30.52 {"tags":["blabla-idc-
logstash01","windows","beats_input_codec_json_applied","beats_input_codec_plain_app
lied"],"host":{"hostname":"blabla-IDC-DC01","mac":
["00:50:56:99:1f:f1"],"name":"blabla-idc-dc01.redexptotestes.com.br","os":
{"family":"windows","version":"10.0","build":"17763.2366","platform":"windows","nam
(WinBuild.160101.0800)"},"architecture":"x86_64","id":"eed257f2-3ac0-4a31-b768-
f46802936043","ip":
["fe80::84c1:605d:1fbf:3a4","100.888.65.47"]},"@version":"1","@timestamp":"2022-08-
08T15:45:26.868Z","fields":{"host":{"domain":"redexptotestes.com.br"}},"related":
{"user":"BLA-JVE-0004$"},"user":{"name":"BLA-JVE-0004$"},"winlog":
{"event_id":4776,"process":{"thread":{"id":14220},"pid":696},"logon":{"failure":
{"status":"Status OK."}},"opcode":"Info","provider_name":"Microsoft-Windows-
Security-Auditing","event_data":{"Status":"0x0","TargetUserName":"BLA-JVE-
0004$","Workstation":"BLA-JVE-
0004","PackageName":"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"},"channel":"Security","
computer_name":"blabla-IDC-
4994-a5ba-3e3b0328c30d}","keywords":["Audit Success"],"task":"Credential
Validation","record_id":250727172},"type":"cyber","event":
{"type":"start","provider":"Microsoft-Windows-Security-
Auditing","kind":"event","original":"{\"type\":\"cyber\",\"event\":
{\"provider\":\"Microsoft-Windows-Security-
Auditing\",\"kind\":\"event\",\"type\":\"start\",\"code\":4776,\"action\":\"credent
ial-
validated\",\"outcome\":\"success\",\"category\":\"authentication\",\"module\":\"se
curity\",\"created\":\"2022-08-08T15:45:28.836Z\"},\"user\":{\"name\":\"BLA-JVE-
0004$\"},\"tags\":[\"blabla-idc-
labla-logstash01\",\"windows\"],\"ecs\":{\"version\":\"1.5.0\"},\"log\":
{\"level\":\"information\"},\"winlog\":
{\"channel\":\"Security\",\"task\":\"Credential
Validation\",\"opcode\":\"Info\",\"computer_name\":\"blabla-IDC-
DC01.redexptotestes.com.br\",\"keywords\":[\"Audit Success\"],\"event_data\":
{\"Workstation\":\"BLA-JVE-
0004\",\"Status\":\"0x0\",\"PackageName\":\"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0\"
,\"TargetUserName\":\"BLA-JVE-0004$\"},\"provider_name\":\"Microsoft-Windows-
Security-Auditing\",\"process\":{\"pid\":696,\"thread\":{\"id\":14220}},\"logon\":
{\"failure\":{\"status\":\"Status
OK.\"}},\"event_id\":4776,\"provider_guid\":\"{54849625-5478-4994-a5ba-
3e3b0328c30d}\",\"record_id\":250727172,\"api\":\"wineventlog\"},\"message\":\"The
computer attempted to validate the credentials for an account.\\n\\nAuthentication
Package:\\tMICROSOFT_AUTHENTICATION_PACKAGE_V1_0\\nLogon Account:\\tBLA-JVE-0004$\\
nSource Workstation:\\tBLA-JVE-0004\\nError Code:\\t0x0\",\"@timestamp\":\"2022-08-
08T15:45:26.868Z\",\"related\":{\"user\":\"BLA-JVE-
0004$\"},\"@version\":\"1\",\"agent\":{\"type\":\"winlogbeat\",\"name\":\"blabla-
IDC-DC01\",\"version\":\"7.9.2\",\"hostname\":\"blabla-IDC-
DC01\",\"id\":\"5623wsdas3qsad-d744-409e-b81a-
4fd449636e86\",\"ephemeral_id\":\"904b5d5b-92c1-40ca-bf39-
5b229d13f862\"},\"fields\":{\"host\":
{\"domain\":\"redexptotestes.com.br\"}},\"host\":{\"ip\":
[\"fe80::84c1:605d:1fbf:3a4\",\"100.888.65.47\"],\"name\":\"blabla-idc-
dc01.redexptotestes.com.br\",\"mac\":[\"00:50:56:99:1f:f1\"],\"hostname\":\"blabla-
IDC-DC01\",\"os\":
{\"platform\":\"windows\",\"build\":\"17763.2366\",\"kernel\":\"10.0.17763.2366
(WinBuild.160101.0800)\",\"name\":\"Windows Server 2019
Standard\",\"version\":\"10.0\",\"family\":\"windows\"},\"id\":\"eed257f2-3ac0-
4a31-b768-
f46802936043\",\"architecture\":\"x86_64\"}}","module":"security","code":4776,"acti
on":"credential-validated","created":"2022-08-
08T15:45:28.836Z","category":"authentication","outcome":"success"},"log":
{"level":"information"},"message":"The computer attempted to validate the
credentials for an account.\n\nAuthentication Package:\
tMICROSOFT_AUTHENTICATION_PACKAGE_V1_0\nLogon Account:\tBLA-JVE-0004$\nSource
Workstation:\tBLA-JVE-0004\nError Code:\t0x0","ecs":{"version":"1.5.0"},"agent":
{"hostname":"blabla-IDC-
DC01","version":"7.9.2","type":"winlogbeat","ephemeral_id":"904b5d5b-92c1-40ca-
bf39-5b229d13f862","name":"blabla-IDC-DC01","id":"5623wsdas3qsad-d744-409e-b81a-
4fd449636e86"}}
Aug 8 12:44:33 100.888.30.52 {"tags":["blabla-idc-
logstash02","windows","beats_input_codec_json_applied"],"host":{"hostname":"blabla-
IDC-DC02","mac":["00:50:56:99:13:19"],"name":"blabla-idc-
dc02.redexptotestes.com.br","architecture":"x86_64","os":
{"version":"10.0","family":"windows","build":"17763.2237","platform":"windows","nam
(WinBuild.160101.0800)"},"id":"bf8ff9ee-2afb-456c-94f6-95bec8f2cbad","ip":
["fe80::4c43:96b0:51f0:ba33","100.888.65.48"]},"@version":"1","@timestamp":"2022-
08-08T15:45:27.261Z","user":{"domain":"REDExptotestes","id":"S-1-5-21-3343-
1147","name":"user01.h"},"related":{"user":"user01.h"},"type":"cyber","winlog":
{"event_id":4634,"process":{"pid":1512,"thread":{"id":69488}},"logon":
{"id":"0x322adaf8c","type":"Network"},"opcode":"Info","provider_name":"Microsoft-
Windows-Security-Auditing","event_data":
{"TargetLogonId":"0x322adaf8c","TargetDomainName":"REDExptotestes","LogonType":"3",
"TargetUserName":"user01.h","TargetUserSid":"S-1-5-21-3343-
1147"},"channel":"Security","computer_name":"blabla-IDC-
4994-a5ba-3e3b0328c30d}","keywords":["Audit
Success"],"task":"Logoff","record_id":429767103},"event":
{"type":"end","kind":"event","provider":"Microsoft-Windows-Security-
Auditing","outcome":"success","action":"logged-
out","category":"authentication","code":4634,"created":"2022-08-
08T15:45:29.222Z","module":"security","original":"{\"@timestamp\":\"2022-08-
08T15:45:27.261Z\",\"type\":\"cyber\",\"@version\":\"1\",\"event\":
{\"kind\":\"event\",\"provider\":\"Microsoft-Windows-Security-
Auditing\",\"action\":\"logged-
out\",\"type\":\"end\",\"outcome\":\"success\",\"category\":\"authentication\",\"cr
eated\":\"2022-08-
08T15:45:29.222Z\",\"code\":4634,\"module\":\"security\"},\"agent\":
{\"version\":\"7.9.2\",\"type\":\"winlogbeat\",\"name\":\"blabla-IDC-
DC02\",\"ephemeral_id\":\"699c9282-8398-4238-aa37-
27920e11b08b\",\"hostname\":\"blabla-IDC-DC02\",\"id\":\"52de3e36-57e3-43ee-b8e9-
a2bfa55755c9\"},\"winlog\":{\"computer_name\":\"blabla-IDC-
DC02.redexptotestes.com.br\",\"logon\":
{\"type\":\"Network\",\"id\":\"0x322adaf8c\"},\"api\":\"wineventlog\",\"opcode\":\"
Info\",\"keywords\":[\"Audit
Success\"],\"record_id\":429767103,\"provider_guid\":\"{54849625-5478-4994-a5ba-
3e3b0328c30d}\",\"event_data\":
{\"TargetDomainName\":\"REDExptotestes\",\"TargetUserSid\":\"S-1-5-21-3343-
1147\",\"LogonType\":\"3\",\"TargetUserName\":\"user01.h\",\"TargetLogonId\":\"0x32
2adaf8c\"},\"task\":\"Logoff\",\"process\":{\"thread\":
{\"id\":69488},\"pid\":1512},\"channel\":\"Security\",\"event_id\":4634,\"provider_
name\":\"Microsoft-Windows-Security-Auditing\"},\"ecs\":
{\"version\":\"1.5.0\"},\"host\":{\"architecture\":\"x86_64\",\"mac\":
[\"00:50:56:99:13:19\"],\"os\":
{\"version\":\"10.0\",\"family\":\"windows\",\"build\":\"17763.2237\",\"name\":\"Wi
ndows Server 2019 Standard\",\"kernel\":\"10.0.17763.2237
(WinBuild.160101.0800)\",\"platform\":\"windows\"},\"name\":\"blabla-idc-
dc02.redexptotestes.com.br\",\"ip\":
[\"fe80::4c43:96b0:51f0:ba33\",\"100.888.65.48\"],\"hostname\":\"blabla-IDC-
DC02\",\"id\":\"bf8ff9ee-2afb-456c-94f6-95bec8f2cbad\"},\"log\":
{\"level\":\"information\"},\"tags\":[\"blabla-idc-
labla-logstash02\",\"windows\"],\"message\":\"An account was logged off.\\n\\
nSubject:\\n\\tSecurity ID:\\t\\tS-1-5-21-3343-1147\\n\\tAccount Name:\\t\\
tuser01.h\\n\\tAccount Domain:\\t\\tREDExptotestes\\n\\tLogon ID:\\t\\
t0x322ADAF8C\\n\\nLogon Type:\\t\\t\\t3\\n\\nThis event is generated when a logon
session is destroyed. It may be positively correlated with a logon event using the
Logon ID value. Logon IDs are only unique between reboots on the same
computer.\",\"related\":{\"user\":\"user01.h\"},\"user\":
{\"domain\":\"REDExptotestes\",\"name\":\"user01.h\",\"id\":\"S-1-5-21-3343-
1147\"}}"},"log":{"level":"information"},"message":"An account was logged off.\n\
nSubject:\n\tSecurity ID:\t\tS-1-5-21-3343-1147\n\tAccount Name:\t\tuser01.h\n\
tAccount Domain:\t\tREDExptotestes\n\tLogon ID:\t\t0x322ADAF8C\n\nLogon Type:\t\t\
t3\n\nThis event is generated when a logon session is destroyed. It may be
positively correlated with a logon event using the Logon ID value. Logon IDs are
only unique between reboots on the same computer.","ecs":
{"version":"1.5.0"},"agent":{"version":"7.9.2","hostname":"blabla-IDC-
DC02","type":"winlogbeat","ephemeral_id":"699c9282-8398-4238-aa37-
27920e11b08b","name":"blabla-IDC-DC02","id":"52de3e36-57e3-43ee-b8e9-
a2bfa55755c9"}}
Aug 8 14:49:56 100.888.30.52 {"agent":{"version":"7.16.0","hostname":"blabla-idc-
proxy-vcloud01.redexptotestes.com.br","type":"metricbeat","ephemeral_id":"983675d3-
0e11-4089-b96a-74e015419f1e","name":"blabla-idc-proxy-
vcloud01.redexptotestes.com.br","id":"5623wsdas3qsad-6e71-4a02-b55c-
d184cf02e722"},"host":{"hostname":"blabla-idc-proxy-
vcloud01.redexptotestes.com.br","containerized":false,"mac":
["00:50:56:99:97:79","00:50:56:99:83:82"],"name":"blabla-idc-proxy-
vcloud01.redexptotestes.com.br","os":
{"version":"8","family":"redhat","type":"linux","platform":"centos","name":"CentOS
Linux","kernel":"4.18.0-
348.2.1.el8_5.x86_64"},"architecture":"x86_64","id":"370ed4c4795e4104816466c9d8fae5
73","ip":
["189.45.192.19","2804:30c:2000:0:189:45:192:19","fe80::154f:8a8:97b2:f8a9","100.88
8.114.14","fe80::250:56ff:fe99:8382"]},"@version":"1","@timestamp":"2022-08-
08T17:49:50.847Z","metricset":
{"period":10000,"name":"network"},"type":"cyber","system":{"network":{"in":
{"bytes":2543039907247,"errors":0,"packets":11289830049,"dropped":76865},"out":
{"bytes":85317725001080,"errors":0,"packets":11265699481,"dropped":0},"name":"ens22
4"}},"event":{"module":"system","original":"{\"type\":\"cyber\",\"event\":
{\"dataset\":\"system.network\",\"duration\":148010,\"module\":\"system\"},\"servic
e\":{\"type\":\"system\"},\"ecs\":{\"version\":\"1.12.0\"},\"tags\":[\"blabla-idc-
proxy-
vcloud01.redexptotestes.com.br\",\"metricbeat\",\"beats_input_raw_event\",\"blabla-
logstash01\",\"linux\"],\"metricset\":
{\"name\":\"network\",\"period\":10000},\"@timestamp\":\"2022-08-
08T17:49:50.847Z\",\"@version\":\"1\",\"agent\":
{\"type\":\"metricbeat\",\"name\":\"blabla-idc-proxy-
vcloud01.redexptotestes.com.br\",\"version\":\"7.16.0\",\"hostname\":\"blabla-idc-
proxy-vcloud01.redexptotestes.com.br\",\"id\":\"5623wsdas3qsad-6e71-4a02-b55c-
d184cf02e722\",\"ephemeral_id\":\"983675d3-0e11-4089-b96a-74e015419f1e\"},\"host\":
{\"containerized\":false,\"ip\":
[\"189.45.192.19\",\"2804:30c:2000:0:189:45:192:19\",\"fe80::154f:8a8:97b2:f8a9\",\
"100.888.114.14\",\"fe80::250:56ff:fe99:8382\"],\"name\":\"blabla-idc-proxy-
vcloud01.redexptotestes.com.br\",\"mac\":
[\"00:50:56:99:97:79\",\"00:50:56:99:83:82\"],\"hostname\":\"blabla-idc-proxy-
vcloud01.redexptotestes.com.br\",\"os\":
{\"platform\":\"centos\",\"type\":\"linux\",\"kernel\":\"4.18.0-
348.2.1.el8_5.x86_64\",\"name\":\"CentOS
Linux\",\"version\":\"8\",\"family\":\"redhat\"},\"id\":\"370ed4c4795e4104816466c9d
8fae573\",\"architecture\":\"x86_64\"},\"system\":{\"network\":{\"in\":
{\"packets\":11289830049,\"bytes\":2543039907247,\"dropped\":76865,\"errors\":0},\"
name\":\"ens224\",\"out\":
{\"packets\":11265699481,\"bytes\":85317725001080,\"dropped\":0,\"errors\":0}}}}","
duration":148010,"dataset":"system.network"},"service":{"type":"system"},"ecs":
{"version":"1.12.0"},"tags":["blabla-idc-proxy-
vcloud01.redexptotestes.com.br","metricbeat","beats_input_raw_event","blabla-
logstash01","linux","beats_input_codec_json_applied"]}
Aug 8 14:49:56 100.888.30.52 {"tags":["blabla-idc-proxy-
logstash01","linux","beats_input_codec_json_applied","linux"],"host":
{"hostname":"blabla-idc-proxy-
{"family":"redhat","version":"8","type":"linux","platform":"centos","name":"CentOS
73","ip":
["189.45.192.19","2804:30c:2000:0:189:45:192:19","fe80::154f:8a8:97b2:f8a9","100.88
08T17:49:50.847Z","metricset":
{"name":"network","period":10000},"type":"cyber","system":{"network":{"in":
{"bytes":2543039907247,"errors":0,"dropped":76865,"packets":11289830049},"out":
{"bytes":85317725001080,"errors":0,"dropped":0,"packets":11265699481},"name":"ens22
4"}},"event":
{"module":"system","dataset":"system.network","duration":148010,"original":"{\"type
\":\"cyber\",\"event\":
{\"dataset\":\"system.network\",\"duration\":148010,\"module\":\"system\"},\"servic
e\":{\"type\":\"system\"},\"ecs\":{\"version\":\"1.12.0\"},\"tags\":[\"blabla-idc-
proxy-
logstash01\",\"linux\"],\"metricset\":
{\"name\":\"network\",\"period\":10000},\"@timestamp\":\"2022-08-
08T17:49:50.847Z\",\"@version\":\"1\",\"agent\":
[\"189.45.192.19\",\"2804:30c:2000:0:189:45:192:19\",\"fe80::154f:8a8:97b2:f8a9\",\
348.2.1.el8_5.x86_64\",\"name\":\"CentOS
8fae573\",\"architecture\":\"x86_64\"},\"system\":{\"network\":{\"in\":
{\"packets\":11289830049,\"bytes\":2543039907247,\"dropped\":76865,\"errors\":0},\"
name\":\"ens224\",\"out\":
{\"packets\":11265699481,\"bytes\":85317725001080,\"dropped\":0,\"errors\":0}}}}"},
"service":{"type":"system"},"ecs":{"version":"1.12.0"},"agent":{"hostname":"blabla-
idc-proxy-
vcloud01.redexptotestes.com.br","version":"7.16.0","type":"metricbeat","ephemeral_i
d":"983675d3-0e11-4089-b96a-74e015419f1e","name":"blabla-idc-proxy-
vcloud01.redexptotestes.com.br","id":"5623wsdas3qsad-6e71-4a02-b55c-d184cf02e722"}}
d184cf02e722"},"process":{"memory":{"pct":0.0084},"name":"nginx","cpu":
{"start_time":"2022-05-10T13:30:42.000Z","pct":0.002},"args":["nginx: worker
process","","","","","","","","","","","","","","","","","","",""],"command_line":"
nginx: worker process
","executable":"/usr/sbin/nginx","state":"sleeping","working_directory":"/","pid":1
45649,"ppid":363747,"pgid":363747},"host":{"hostname":"blabla-idc-proxy-
73","ip":
["189.45.192.19","2804:30c:2000:0:189:45:192:19","fe80::154f:8a8:97b2:f8a9","100.88
08T17:49:50.900Z","user":{"name":"nginx"},"metricset":
{"period":10000,"name":"process"},"type":"cyber","system":{"process":
{"state":"sleeping","memory":{"share":3731456,"rss":
{"bytes":32800768,"pct":0.0084},"size":131485696},"cgroup":
{"cgroups_version":1,"memory":{"memsw":{"usage":{"bytes":114380800,"max":
{"bytes":3329245184}},"failures":0,"limit":{"bytes":9223372036854771712}},"kmem":
{"usage":{"bytes":1187840,"max":{"bytes":8712192}},"failures":0,"limit":
{"bytes":9223372036854771712}},"mem":{"usage":{"bytes":61263872,"max":
{"bytes":3150811136}},"failures":0,"limit":{"bytes":9223372036854771712}},"stats":
{"hierarchical_memsw_limit":
{"bytes":9223372036854771712},"pages_in":42005403,"pages_out":42023454,"active_file
":{"bytes":4079616},"major_page_faults":13134,"inactive_anon":
{"bytes":26013696},"active_anon":{"bytes":4956160},"inactive_file":
{"bytes":24743936},"rss":{"bytes":30699520},"rss_huge":
{"bytes":25165824},"unevictable":{"bytes":0},"swap":
{"bytes":53121024},"mapped_file":{"bytes":2838528},"hierarchical_memory_limit":
{"bytes":9223372036854771712},"page_faults":40365963,"cache":
{"bytes":28925952}},"kmem_tcp":{"usage":{"bytes":0,"max":
{"bytes":0}},"failures":0,"limit":{"bytes":9223372036854771712}},"path":"/
system.slice/nginx.service","id":"nginx.service"}},"cpu":{"start_time":"2022-05-
10T13:30:42.000Z","total":{"norm":
{"pct":0.002},"value":9.239256E7,"pct":0.004}},"cmdline":"nginx: worker process
","fd":{"open":98,"limit":{"hard":100000,"soft":100000}}}},"event":
{"module":"system","original":"{\"type\":\"cyber\",\"event\":
{\"dataset\":\"system.process\",\"duration\":66857013,\"module\":\"system\"},\"serv
ice\":{\"type\":\"system\"},\"tags\":[\"blabla-idc-proxy-
logstash01\",\"linux\"],\"ecs\":{\"version\":\"1.12.0\"},\"user\":
{\"name\":\"nginx\"},\"metricset\":
{\"name\":\"process\",\"period\":10000},\"@timestamp\":\"2022-08-
08T17:49:50.900Z\",\"@version\":\"1\",\"process\":
{\"working_directory\":\"/\",\"args\":[\"nginx: worker
process\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\
",\"\",\"\",\"\",\"\"],\"pid\":145649,\"name\":\"nginx\",\"command_line\":\"nginx:
worker process \",\"ppid\":363747,\"memory\":
{\"pct\":0.0084},\"pgid\":363747,\"state\":\"sleeping\",\"executable\":\"/usr/
sbin/nginx\",\"cpu\":{\"start_time\":\"2022-05-
10T13:30:42.000Z\",\"pct\":0.002}},\"agent\":
[\"189.45.192.19\",\"2804:30c:2000:0:189:45:192:19\",\"fe80::154f:8a8:97b2:f8a9\",\
348.2.1.el8_5.x86_64\",\"name\":\"CentOS
8fae573\",\"architecture\":\"x86_64\"},\"system\":{\"process\":
{\"cmdline\":\"nginx: worker process \",\"memory\":
{\"share\":3731456,\"rss\":
{\"bytes\":32800768,\"pct\":0.0084},\"size\":131485696},\"cgroup\":
{\"cgroups_version\":1,\"memory\":{\"kmem\":{\"failures\":0,\"usage\":
{\"bytes\":1187840,\"max\":{\"bytes\":8712192}},\"limit\":
{\"bytes\":9223372036854771712}},\"memsw\":{\"failures\":0,\"usage\":
{\"bytes\":9223372036854771712}},\"kmem_tcp\":{\"failures\":0,\"usage\":
{\"bytes\":9223372036854771712}},\"path\":\"/system.slice/
nginx.service\",\"stats\":{\"hierarchical_memsw_limit\":
{\"bytes\":9223372036854771712},\"hierarchical_memory_limit\":
{\"bytes\":9223372036854771712},\"inactive_anon\":{\"bytes\":26013696},\"rss\":
{\"bytes\":30699520},\"mapped_file\":
{\"bytes\":2838528},\"major_page_faults\":13134,\"pages_out\":42023454,\"rss_huge\"
:{\"bytes\":25165824},\"unevictable\":
{\"bytes\":0},\"page_faults\":40365963,\"cache\":
{\"bytes\":28925952},\"active_anon\":{\"bytes\":4956160},\"inactive_file\":
{\"bytes\":24743936},\"pages_in\":42005403,\"active_file\":
{\"bytes\":4079616},\"swap\":{\"bytes\":53121024}},\"mem\":
{\"failures\":0,\"usage\":{\"bytes\":61263872,\"max\":
{\"bytes\":3150811136}},\"limit\":
{\"bytes\":9223372036854771712}},\"id\":\"nginx.service\"}},\"fd\":
{\"open\":98,\"limit\":
{\"hard\":100000,\"soft\":100000}},\"state\":\"sleeping\",\"cpu\":{\"total\":
{\"value\":9.239256E7,\"norm\":
{\"pct\":0.002},\"pct\":0.004},\"start_time\":\"2022-05-
10T13:30:42.000Z\"}}}}","duration":66857013,"dataset":"system.process"},"service":
{"type":"system"},"ecs":{"version":"1.12.0"},"tags":["blabla-idc-proxy-
logstash01","linux","beats_input_codec_json_applied"]}
Aug 8 14:49:56 100.888.30.52 {"tags":["blabla-idc-proxy-
logstash01","linux","beats_input_codec_json_applied","linux"],"process":{"memory":
{"pct":0.0084},"name":"nginx","cpu":{"start_time":"2022-05-
10T13:30:42.000Z","pct":0.002},"args":["nginx: worker
process","","","","","","","","","","","","","","","","","","",""],"command_line":"
nginx: worker process
","executable":"/usr/sbin/nginx","state":"sleeping","working_directory":"/","pid":1
45649,"ppid":363747,"pgid":363747},"host":{"hostname":"blabla-idc-proxy-
{"family":"redhat","version":"8","type":"linux","platform":"centos","name":"CentOS
73","ip":
["189.45.192.19","2804:30c:2000:0:189:45:192:19","fe80::154f:8a8:97b2:f8a9","100.88
08T17:49:50.900Z","metricset":{"name":"process","period":10000},"user":
{"name":"nginx"},"type":"cyber","system":{"process":{"fd":{"open":98,"limit":
{"hard":100000,"soft":100000}},"memory":{"rss":
{"bytes":32800768,"pct":0.0084},"share":3731456,"size":131485696},"cgroup":
{"bytes":3329245184}},"failures":0,"limit":{"bytes":9223372036854771712}},"mem":
{"bytes":9223372036854771712}},"kmem":{"usage":{"bytes":1187840,"max":
{"pages_in":42005403,"hierarchical_memsw_limit":
{"bytes":9223372036854771712},"pages_out":42023454,"active_file":
{"bytes":4079616},"major_page_faults":13134,"inactive_anon":
{"bytes":24743936},"rss":{"bytes":30699520},"rss_huge":{"bytes":25165824},"swap":
{"bytes":53121024},"unevictable":{"bytes":0},"mapped_file":
{"bytes":2838528},"cache":{"bytes":28925952},"hierarchical_memory_limit":
{"bytes":9223372036854771712},"page_faults":40365963},"kmem_tcp":{"usage":
{"bytes":0,"max":{"bytes":0}},"failures":0,"limit":
{"bytes":9223372036854771712}},"path":"/system.slice/
nginx.service","id":"nginx.service"}},"cpu":{"start_time":"2022-05-
10T13:30:42.000Z","total":{"norm":
{"pct":0.002},"value":9.239256E7,"pct":0.004}},"cmdline":"nginx: worker process
","state":"sleeping"}},"event":
{"module":"system","dataset":"system.process","duration":66857013,"original":"{\"ty
pe\":\"cyber\",\"event\":
{\"name\":\"nginx\"},\"metricset\":
{\"working_directory\":\"/\",\"args\":[\"nginx: worker
process\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\
",\"\",\"\",\"\",\"\"],\"pid\":145649,\"name\":\"nginx\",\"command_line\":\"nginx:
worker process \",\"ppid\":363747,\"memory\":
{\"pct\":0.0084},\"pgid\":363747,\"state\":\"sleeping\",\"executable\":\"/usr/
sbin/nginx\",\"cpu\":{\"start_time\":\"2022-05-
10T13:30:42.000Z\",\"pct\":0.002}},\"agent\":
[\"189.45.192.19\",\"2804:30c:2000:0:189:45:192:19\",\"fe80::154f:8a8:97b2:f8a9\",\
348.2.1.el8_5.x86_64\",\"name\":\"CentOS
8fae573\",\"architecture\":\"x86_64\"},\"system\":{\"process\":
{\"cmdline\":\"nginx: worker process \",\"memory\":
{\"share\":3731456,\"rss\":
{\"bytes\":9223372036854771712}},\"path\":\"/system.slice/
nginx.service\",\"stats\":{\"hierarchical_memsw_limit\":
{\"bytes\":2838528},\"major_page_faults\":13134,\"pages_out\":42023454,\"rss_huge\"
:{\"bytes\":25165824},\"unevictable\":
{\"bytes\":4079616},\"swap\":{\"bytes\":53121024}},\"mem\":
{\"failures\":0,\"usage\":{\"bytes\":61263872,\"max\":
{\"bytes\":3150811136}},\"limit\":
{\"bytes\":9223372036854771712}},\"id\":\"nginx.service\"}},\"fd\":
{\"open\":98,\"limit\":
{\"value\":9.239256E7,\"norm\":
{\"pct\":0.002},\"pct\":0.004},\"start_time\":\"2022-05-
10T13:30:42.000Z\"}}}}"},"service":{"type":"system"},"ecs":
{"version":"1.12.0"},"agent":{"hostname":"blabla-idc-proxy-
vcloud01.redexptotestes.com.br","version":"7.16.0","type":"metricbeat","ephemeral_i
d":"983675d3-0e11-4089-b96a-74e015419f1e","name":"blabla-idc-proxy-
vcloud01.redexptotestes.com.br","id":"5623wsdas3qsad-6e71-4a02-b55c-d184cf02e722"}}
d184cf02e722"},"process":{"memory":{"pct":0.0028},"name":"systemd","cpu":
{"start_time":"2021-12-12T04:03:33.000Z","pct":0},"args":["/usr/lib/systemd/
systemd","--switched-root","--system","--deserialize","17"],"command_line":"/usr/
lib/systemd/systemd --switched-root --system --deserialize
17","executable":"/usr/lib/systemd/systemd","state":"sleeping","working_directory":
"/","pid":1,"ppid":0,"pgid":1},"host":{"hostname":"blabla-idc-proxy-
73","ip":
["189.45.192.19","2804:30c:2000:0:189:45:192:19","fe80::154f:8a8:97b2:f8a9","100.88
08T17:49:50.900Z","user":{"name":"root"},"metricset":
{"period":10000,"name":"process"},"type":"cyber","system":{"process":
{"state":"sleeping","memory":{"share":5087232,"rss":
{"bytes":11059200,"pct":0.0028},"size":181334016},"cgroup":
{"bytes":48930816}},"failures":0,"limit":{"bytes":9223372036854771712}},"kmem":
{"bytes":9223372036854771712}},"mem":{"usage":{"bytes":14024704,"max":
{"hierarchical_memsw_limit":
{"bytes":9223372036854771712},"pages_in":366839649,"pages_out":366837613,"active_fi
le":{"bytes":4866048},"major_page_faults":495,"inactive_anon":
{"bytes":294912},"rss":{"bytes":6873088},"rss_huge":
{"bytes":2097152},"unevictable":{"bytes":0},"swap":{"bytes":405504},"mapped_file":
{"bytes":3784704},"hierarchical_memory_limit":
{"bytes":9223372036854771712},"page_faults":1069245243,"cache":
{"bytes":5406720}},"kmem_tcp":{"usage":{"bytes":0,"max":
{"bytes":0}},"failures":0,"limit":{"bytes":9223372036854771712}},"path":"/
init.scope","id":"init.scope"}},"cpu":{"start_time":"2021-12-
12T04:03:33.000Z","total":{"norm":
{"pct":0},"value":1.13165E7,"pct":0}},"cmdline":"/usr/lib/systemd/systemd --
switched-root --system --deserialize 17","fd":{"open":58,"limit":
{"hard":1048576,"soft":1048576}}}},"event":
{"module":"system","original":"{\"type\":\"cyber\",\"event\":
{\"name\":\"root\"},\"metricset\":
{\"working_directory\":\"/\",\"args\":[\"/usr/lib/systemd/systemd\",\"--switched-
root\",\"--system\",\"--
deserialize\",\"17\"],\"pid\":1,\"name\":\"systemd\",\"command_line\":\"/usr/lib/
systemd/systemd --switched-root --system --deserialize 17\",\"ppid\":0,\"memory\":
{\"pct\":0.0028},\"pgid\":1,\"state\":\"sleeping\",\"executable\":\"/usr/lib/
systemd/systemd\",\"cpu\":{\"start_time\":\"2021-12-
12T04:03:33.000Z\",\"pct\":0}},\"agent\":
[\"189.45.192.19\",\"2804:30c:2000:0:189:45:192:19\",\"fe80::154f:8a8:97b2:f8a9\",\
348.2.1.el8_5.x86_64\",\"name\":\"CentOS
8fae573\",\"architecture\":\"x86_64\"},\"system\":{\"process\":{\"cmdline\":\"/
usr/lib/systemd/systemd --switched-root --system --deserialize 17\",\"memory\":
{\"share\":5087232,\"rss\":
{\"bytes\":9223372036854771712}},\"path\":\"/init.scope\",\"stats\":
{\"hierarchical_memsw_limit\":
{\"bytes\":3784704},\"major_page_faults\":495,\"pages_out\":366837613,\"rss_huge\":
{\"bytes\":2097152},\"unevictable\":
{\"bytes\":4866048},\"swap\":{\"bytes\":405504}},\"mem\":{\"failures\":0,\"usage\":
{\"bytes\":9223372036854771712}},\"id\":\"init.scope\"}},\"fd\":
{\"open\":58,\"limit\":
{\"value\":1.13165E7,\"norm\":{\"pct\":0},\"pct\":0},\"start_time\":\"2021-12-
12T04:03:33.000Z\"}}}}","duration":67143195,"dataset":"system.process"},"service":
{"type":"system"},"ecs":{"version":"1.12.0"},"tags":["blabla-idc-proxy-
logstash01","linux","beats_input_codec_json_applied7"]}

Logstash Linux Json

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Logstash Linux Json

Uploaded by

Copyright:

Available Formats

Aug 8 12:44:33 100.888.30.52 {"agent":{"version":"7.9.

You might also like