diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index e94e6111d54..67d355a2733 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -268,6 +268,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Remove wrongly mapped `tls.client.server_name` from `fortinet/firewall` fileset. {pull}20983[20983] - Fix an error updating file size being logged when EOF is reached. {pull}21048[21048] - Fix error when processing AWS Cloudtrail Digest logs. {pull}21086[21086] {issue}20943[20943] +- Handle multiple upstreams in ingress-controller. {pull}21215[21215] - Provide backwards compatibility for the `append` processor when Elasticsearch is less than 7.10.0. {pull}21159[21159] - Fix checkpoint module when logs contain time field. {pull}20567[20567] diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index b4888ec8c5e..8a145ff8724 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -105135,6 +105135,46 @@ type: array -- +*`nginx.ingress_controller.upstream_address_list`*:: ++ +-- +An array of the upstream addresses. It is a list because it is common that several upstream servers were contacted during request processing. + + +type: keyword + +-- + +*`nginx.ingress_controller.upstream.response.length_list`*:: ++ +-- +An array of upstream response lengths. It is a list because it is common that several upstream servers were contacted during request processing. + + +type: keyword + +-- + +*`nginx.ingress_controller.upstream.response.time_list`*:: ++ +-- +An array of upstream response durations. It is a list because it is common that several upstream servers were contacted during request processing. + + +type: keyword + +-- + +*`nginx.ingress_controller.upstream.response.status_code_list`*:: ++ +-- +An array of upstream response status codes. It is a list because it is common that several upstream servers were contacted during request processing. + + +type: keyword + +-- + *`nginx.ingress_controller.http.request.length`*:: + -- @@ -105182,7 +105222,7 @@ type: keyword *`nginx.ingress_controller.upstream.response.length`*:: + -- -The length of the response obtained from the upstream server +The length of the response obtained from the upstream server. If several servers were contacted during request process, the summary of the multiple response lengths is stored. type: long @@ -105194,7 +105234,7 @@ format: bytes *`nginx.ingress_controller.upstream.response.time`*:: + -- -The time spent on receiving the response from the upstream server as seconds with millisecond resolution +The time spent on receiving the response from the upstream as seconds with millisecond resolution. If several servers were contacted during request process, the summary of the multiple response times is stored. type: double @@ -105206,40 +105246,40 @@ format: duration *`nginx.ingress_controller.upstream.response.status_code`*:: + -- -The status code of the response obtained from the upstream server +The status code of the response obtained from the upstream server. If several servers were contacted during request process, only the status code of the response from the last one is stored in this field. type: long -- -*`nginx.ingress_controller.http.request.id`*:: +*`nginx.ingress_controller.upstream.ip`*:: + -- -The randomly generated ID of the request +The IP address of the upstream server. If several servers were contacted during request process, only the last one is stored in this field. -type: keyword +type: ip -- -*`nginx.ingress_controller.upstream.ip`*:: +*`nginx.ingress_controller.upstream.port`*:: + -- -The IP address of the upstream server. If several servers were contacted during request processing, their addresses are separated by commas. +The port of the upstream server. If several servers were contacted during request process, only the last one is stored in this field. -type: ip +type: long -- -*`nginx.ingress_controller.upstream.port`*:: +*`nginx.ingress_controller.http.request.id`*:: + -- -The port of the upstream server. +The randomly generated ID of the request -type: long +type: keyword -- diff --git a/filebeat/module/nginx/fields.go b/filebeat/module/nginx/fields.go index 2f9e50ceb60..4e622f85db6 100644 --- a/filebeat/module/nginx/fields.go +++ b/filebeat/module/nginx/fields.go @@ -32,5 +32,5 @@ func init() { // AssetNginx returns asset data. // This is the base64 encoded gzipped contents of module/nginx. func AssetNginx() string { - return "eJzsWM9u48YPvucpiP1dfgUSPYAPBYotFsihRVH00Jt3rKFkIqOhSo6c+u2LkeQ/kUe25GS3PUinRDK/7+OQwxnyCV5wvwJfkv/7ASBQcLiCT7/G/z89AFjUXKgOxH4FPz4AAPzCtnEIBQvURpR8CWGL0JqA4xIKcqjZA4BuWcI6Z19QuYIgDT4AFITO6qqFegJvKjzRxyfsa1xBKdzU/ZuEhvh8aYGgEK7GBMTnnO+c0+Q5qh5fp4ivkMfnM/tgyGtP0a7ISUiHH/UcpaTknEsSrDjgmuq1Iw1vfnKQZ0TMfvDlisT4/OQ7K+CiZ4Dn38BYK6iKmsFzAFIwEElhg7lpFIHalzlXFXsIDORz11h8hA0qWdTW09wR+qFQOIN/fEPVxWqLxqIoOHpB+Prn0xeWVyMWbfzra3aB9jsaB8qN5K1wUhDUwII26vrafcmoPjNNru6G7X6t6EO22QfU9PI6MsMvtQnbFWxDqDNBrdkrZhErCVNRKaaLRJ/vl0IaRVnHP2dKiHZZwm4KZ4Vhy/Y+n/9qUEOWRJjkrri5jorLWKgkb4amUwij7PUORYn9PR6nTacwH/JjnbOdG923CabBhEZTONN0FCiC8p54j2BMoTflZVWYktzr1nBu6Mf32LiOYZWHkcp8DmlxR/kwGtddS7rX4aQ28jUvh2pGzGdqeacITpHMlMCaFY1zqYI4T8oYwnw975WSzt97tIwjzdoNJTIN0/3+jZCzD+TRh/eseH9sl8jZTbypC59z44Ps16Scqpx3SbuJOFWc47z92ftFXUGaKkawJPYfFL/rYJODR2H/UQl1BWrmCn1cKt0GHJN2kIQiLN+uYWnhZ/UrOXuPeWjdSt8tHftyXrfy+YgJZNEHKgjlxs3e4Q7n3jEdl1nKbsr9ph7xdpytFo7dYHZpOYUv3M0XtoLGZnexVqhqyrnX2LTVrdQmX8YWcR2PAmHn8Jvk+XPH0uf7iWvp1f8rvfr/DpnwdBYdrTGngvI+HqM937F1cejLsJ1akAqWyoQVpNr5G+H6Y4vQk0JHCv/vFp98efpCHh/7pXwE4+3xy4bt/ofb/gQamRVYbjZu+Ongj20kdU245RJVCOhMrWhByefYZk9BEvXGJYJXlOi2safZWyK5jp1YrUHQVKlbdefFC+5fWYYlasLSR8S4U6KCI811EcYFFG8C7XB8BPMhgs6Ypoo7dv/fNYH7xO1lHzQAb2INxbMgH3SCouwGg4FxX75r8m4RIl8sGT4AexDMkXaHGfXRuTGfwCgo5uytwiuFLVTkHHVvojW75kLVuOvjQ5x7b0fRwQ4VIuoHBe1NsRm5a9y9J8R4y5XbQ4kexQS08PzzSXhLen09R1rXi9cTxJxOuGHd6Ncng+cCFHco8SBrX/UFLx5IJo/ybSPn5b2/a5EvHyMiydkhagRBsTad35t9e0gbvVEHapb0jeK+hIlwY+5ev1gvI/NlZL6MzJeR+TIyX0bm1/UsI/NlZL6MzJeR+b88Mv8nAAD///5cnQ8=" + return "eJzsWcFu4zYQvecrBttLCyT6AB8KFFsskEOLouihNy8tjuTBUhx1SCX13xeUZFmRKFuSkzQLWKdEMue9eTNDDskH+IaHDdic7L93AJ68wQ18+j38/+kOQKNLhUpPbDfw8x0AwG+sK4OQsUCpxJHNwe8R6iFgOIeMDLrkDsDtWfw2ZZtRvgEvFd4BZIRGu01t6gGsKvAEHx5/KHEDuXBVtm8iHMLzpTYEmXAxRSA8fbw+pkpTdK57HQM+Ax6ez2y9IutaiFqRE5HGfuDTUYnR6VMSLNjjlsqtIedf/ORIT4mow+DLGYrh+cU2o4CzFgEe/wCltaBz6BJ49EAOFARQ2GGqKodA9cuUi4IteAayqak03sMOHWl0taepIbRDotAzf/8CqonVHpVGcWDoG8LXvx++sDwr0ajDX1+TkbU/URlwXElaEycHgs6zoA68vjZfEip7Q6Pq7lgftg6tT3YHjy4uryE1/FIqv9/A3vsyEXQlW4dJsBU1U1AuqolEm+9jIpVD2YY/F1II45LIuDmYBfo963U+/1Oh80nUwix3xSx1VEzCQjlZNRw6BzDQ3j6hOGK7xuP40DnIx/zYpqyXRvdlgjmvfOVidubxyFAE5Zp4T9iYA6/y8awwJ7m39cCloZ+usWkew1keJmbmvkmNT5QOo3Hetah7jZ1YIZ/zcshmYvhCLleS4BjIQgrskqwyJjYhLqMyZWE5n2upxPN3DZdpS4uqIUemYbqvL4SUrSeL1l+jeLts58jJRXtzhU+5sl4OW3IcmzlXUbtocS45w2n9s+tJnbE0l4xgTmxfKX7njc0OHvnDayXUGVMLFXq9VLpscIrakRKKsLzdhqU2v2i/krK1mPrarXhvadjmy3YrnzubQBqtp4xQLnT2Bp9waY9pOE9i4+b0N+WEt9NopXDYDSbjkXPw/Go8vxdUOlmFWqBzKl/axsZHXUptsnnYIm7DUiBsDL5Jnj82KG2+n7Bue/WPslf/4ZgJD73ouBJTyiht4xHv90vnBVWxbR2Yjso3PDyzDAtiQVyCmEe4haHZKw8On1CUOZlwKGHHOcJ8RsE6SVXqUYOuhGwO7fbsWOFk8+SsIKctpUGb+/0bCtN5dISEBvI70MZTge+qjK6a+fA70KZ3FPGuEjW4EHA/nEovTkqaLJ/b/2QshfIbiJ0eXtDrrz12DBtQ+LGZ6/vcDVm8b2fue1BWd192rA8/XfYnFEPUG83Vzgw/Hf05ZvRCl6hAQKNKhxoc2RTr+TUjCXyDRE2kQhtzOuqPrGWj/J08YF2VqkH6YHG4AFwoImU8ilWennD6xPdVCPWQ5pIbrAzvlMBt4ra0u2rnXWjZsBfkQQkn8Jh15d1W9bwqvh/xCOZdVRRKuhW9qIyn0uBo8QozTNPCLFlM3q1+9ggBLzRJ1gNbEEyRno63cp03Y1mVA4cpW+3gmfweCjKGmjdhGJsqgI57vNVhmCd78GaF6NMH5mt3okHa3hr0lhk7wh5Jx9YcGv3OMOqIGOVCLuBJRqCwQFK7Jbog6sRZ4ej1DAFPW4pR6/z6Zd2JdKX/JUu8y1mXRMHcx/f+RQswceCweqUSZTUX5gA5WhQV3Hr89ZS/Nej5M57b7e3t9vZ2e3u7vb3d3t5ub8/zud3e3m5vb7e3t9vb//n29r8AAAD//ydZrLw=" } diff --git a/filebeat/module/nginx/ingress_controller/_meta/fields.yml b/filebeat/module/nginx/ingress_controller/_meta/fields.yml index 2c467e3856a..30bc1f5ad9e 100644 --- a/filebeat/module/nginx/ingress_controller/_meta/fields.yml +++ b/filebeat/module/nginx/ingress_controller/_meta/fields.yml @@ -11,6 +11,26 @@ Real source IP is restored to `source.ip`. # ingress-controller specific fields + - name: upstream_address_list + type: keyword + description: > + An array of the upstream addresses. It is a list because it is common that several upstream servers + were contacted during request processing. + - name: upstream.response.length_list + type: keyword + description: > + An array of upstream response lengths. It is a list because it is common that several upstream servers + were contacted during request processing. + - name: upstream.response.time_list + type: keyword + description: > + An array of upstream response durations. It is a list because it is common that several upstream servers + were contacted during request processing. + - name: upstream.response.status_code_list + type: keyword + description: > + An array of upstream response status codes. It is a list because it is common that several upstream servers + were contacted during request processing. - name: http.request.length type: long format: bytes @@ -33,28 +53,33 @@ type: long format: bytes description: > - The length of the response obtained from the upstream server + The length of the response obtained from the upstream server. If several servers were contacted during request process, + the summary of the multiple response lengths is stored. - name: upstream.response.time type: double format: duration description: > - The time spent on receiving the response from the upstream server as seconds with millisecond resolution + The time spent on receiving the response from the upstream as seconds with millisecond resolution. + If several servers were contacted during request process, the summary of the multiple response times is stored. - name: upstream.response.status_code type: long description: > - The status code of the response obtained from the upstream server - - name: http.request.id - type: keyword - description: > - The randomly generated ID of the request + The status code of the response obtained from the upstream server. If several servers were contacted during + request process, only the status code of the response from the last one is stored in this field. - name: upstream.ip type: ip description: > - The IP address of the upstream server. If several servers were contacted during request processing, their addresses are separated by commas. + The IP address of the upstream server. If several servers were contacted during request process, + only the last one is stored in this field. - name: upstream.port type: long description: > - The port of the upstream server. + The port of the upstream server. If several servers were contacted during request process, + only the last one is stored in this field. + - name: http.request.id + type: keyword + description: > + The randomly generated ID of the request - name: body_sent.bytes type: alias diff --git a/filebeat/module/nginx/ingress_controller/ingest/pipeline.yml b/filebeat/module/nginx/ingress_controller/ingest/pipeline.yml index c9f4a5860c7..0eca28c6084 100644 --- a/filebeat/module/nginx/ingress_controller/ingest/pipeline.yml +++ b/filebeat/module/nginx/ingress_controller/ingest/pipeline.yml @@ -12,14 +12,17 @@ processors: %{NUMBER:http.response.status_code:long} %{NUMBER:http.response.body.bytes:long} "(-|%{DATA:http.request.referrer})" "(-|%{DATA:user_agent.original})" %{NUMBER:nginx.ingress_controller.http.request.length:long} %{NUMBER:nginx.ingress_controller.http.request.time:double} \[%{DATA:nginx.ingress_controller.upstream.name}\] - \[%{DATA:nginx.ingress_controller.upstream.alternative_name}\] (%{UPSTREAM_ADDRESS}|-) - (%{NUMBER:nginx.ingress_controller.upstream.response.length:long}|-) (%{NUMBER:nginx.ingress_controller.upstream.response.time:double}|-) - (%{NUMBER:nginx.ingress_controller.upstream.response.status_code:long}|-) %{GREEDYDATA:nginx.ingress_controller.http.request.id} + \[%{DATA:nginx.ingress_controller.upstream.alternative_name}\] (%{UPSTREAM_ADDRESS_LIST:nginx.ingress_controller.upstream_address_list}|-) + (%{UPSTREAM_RESPONSE_LENGTH_LIST:nginx.ingress_controller.upstream.response.length_list}|-) (%{UPSTREAM_RESPONSE_TIME_LIST:nginx.ingress_controller.upstream.response.time_list}|-) + (%{UPSTREAM_RESPONSE_STATUS_CODE_LIST:nginx.ingress_controller.upstream.response.status_code_list}|-) %{GREEDYDATA:nginx.ingress_controller.http.request.id} pattern_definitions: NGINX_HOST: (?:%{IP:destination.ip}|%{NGINX_NOTSEPARATOR:destination.domain})(:%{NUMBER:destination.port})? NGINX_NOTSEPARATOR: "[^\t ,:]+" NGINX_ADDRESS_LIST: (?:%{IP}|%{WORD})("?,?\s*(?:%{IP}|%{WORD}))* - UPSTREAM_ADDRESS: '%{IP:nginx.ingress_controller.upstream.ip}(:%{NUMBER:nginx.ingress_controller.upstream.port})?' + UPSTREAM_ADDRESS_LIST: (?:%{IP}(:%{NUMBER})?)("?,?\s*(?:%{IP}(:%{NUMBER})?))* + UPSTREAM_RESPONSE_LENGTH_LIST: (?:%{NUMBER})("?,?\s*(?:%{NUMBER}))* + UPSTREAM_RESPONSE_TIME_LIST: (?:%{NUMBER})("?,?\s*(?:%{NUMBER}))* + UPSTREAM_RESPONSE_STATUS_CODE_LIST: (?:%{NUMBER})("?,?\s*(?:%{NUMBER}))* ignore_missing: true - grok: field: nginx.ingress_controller.info @@ -33,6 +36,22 @@ processors: field: nginx.ingress_controller.remote_ip_list separator: '"?,?\s+' ignore_missing: true +- split: + field: nginx.ingress_controller.upstream_address_list + separator: '"?,?\s+' + ignore_missing: true +- split: + field: nginx.ingress_controller.upstream.response.length_list + separator: '"?,?\s+' + ignore_missing: true +- split: + field: nginx.ingress_controller.upstream.response.time_list + separator: '"?,?\s+' + ignore_missing: true +- split: + field: nginx.ingress_controller.upstream.response.status_code_list + separator: '"?,?\s+' + ignore_missing: true - split: field: nginx.ingress_controller.origin separator: '"?,?\s+' @@ -41,6 +60,81 @@ processors: field: source.address if: ctx.source?.address == null value: "" +- script: + if: ctx.nginx?.ingress_controller?.upstream?.response?.length_list != null && ctx.nginx.ingress_controller.upstream.response.length_list.length > 0 + lang: painless + source: >- + try { + if (ctx.nginx.ingress_controller.upstream.response.length_list.length == null) { + return; + } + int last_length = 0; + for (def item : ctx.nginx.ingress_controller.upstream.response.length_list) { + last_length = Integer.parseInt(item); + } + ctx.nginx.ingress_controller.upstream.response.length = last_length; + } + catch (Exception e) { + ctx.nginx.ingress_controller.upstream.response.length = null; + } +- script: + if: ctx.nginx?.ingress_controller?.upstream?.response?.time_list != null && ctx.nginx.ingress_controller.upstream.response.time_list.length > 0 + lang: painless + source: >- + try { + if (ctx.nginx.ingress_controller.upstream.response.time_list.length == null) { + return; + } + float res_time = 0; + for (def item : ctx.nginx.ingress_controller.upstream.response.time_list) { + res_time = res_time + Float.parseFloat(item); + } + ctx.nginx.ingress_controller.upstream.response.time = res_time; + } + catch (Exception e) { + ctx.nginx.ingress_controller.upstream.response.time = null; + } +- script: + if: ctx.nginx?.ingress_controller?.upstream?.response?.status_code_list != null && ctx.nginx.ingress_controller.upstream.response.status_code_list.length > 0 + lang: painless + source: >- + try { + if (ctx.nginx.ingress_controller.upstream.response.status_code_list.length == null) { + return; + } + int last_status_code; + for (def item : ctx.nginx.ingress_controller.upstream.response.status_code_list) { + last_status_code = Integer.parseInt(item); + } + ctx.nginx.ingress_controller.upstream.response.status_code = last_status_code; + } + catch (Exception e) { + ctx.nginx.ingress_controller.upstream.response.time = null; + } +- script: + if: ctx.nginx?.ingress_controller?.upstream_address_list != null && ctx.nginx.ingress_controller.upstream_address_list.length > 0 + lang: painless + source: >- + try { + if (ctx.nginx.ingress_controller.upstream_address_list.length == null) { + return; + } + def last_upstream = ""; + for (def item : ctx.nginx.ingress_controller.upstream_address_list) { + last_upstream = item; + } + StringTokenizer tok = new StringTokenizer(last_upstream, ":"); + if (tok.countTokens()>1) { + ctx.nginx.ingress_controller.upstream.ip = tok.nextToken(); + ctx.nginx.ingress_controller.upstream.port = Integer.parseInt(tok.nextToken()); + } else { + ctx.nginx.ingress_controller.upstream.ip = last_upstream; + } + } + catch (Exception e) { + ctx.nginx.ingress_controller.upstream.ip = null; + ctx.nginx.ingress_controller.upstream.port = null; + } - script: if: ctx.nginx?.ingress_controller?.remote_ip_list != null && ctx.nginx.ingress_controller.remote_ip_list.length > 0 lang: painless diff --git a/filebeat/module/nginx/ingress_controller/test/test.log b/filebeat/module/nginx/ingress_controller/test/test.log index 862c03a4af2..c8ba580f64d 100644 --- a/filebeat/module/nginx/ingress_controller/test/test.log +++ b/filebeat/module/nginx/ingress_controller/test/test.log @@ -20,3 +20,4 @@ 192.168.64.1 - - [07/Feb/2020:12:02:38 +0000] "GET /v2 HTTP/1.1" 200 61 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" 343 0.000 [default-web2-8080] [] 172.17.0.6:8080 61 0.001 200 ba91c30454893c121879396b0a78be79 192.168.64.1 - - [07/Feb/2020:12:02:38 +0000] "GET /favicon.ico HTTP/1.1" 200 59 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" 262 0.001 [default-web-8080] [] 172.17.0.5:8080 59 0.000 200 98c81aa2d50c67f6fb1fa16d5ce62f8f 192.168.64.1 - - [07/Feb/2020:12:02:42 +0000] "GET /v2/some HTTP/1.1" 200 61 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" 348 0.001 [default-web2-8080] [] 172.17.0.6:8080 61 0.000 200 835136ae24486dbb4156dcbe21f5d402 +192.168.64.14 - - [07/Feb/2020:12:02:42 +0000] "GET /v2/some HTTP/1.1" 200 61 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0" 348 0.001 [default-web2-8080] [] 172.17.0.6:8080, 172.17.0.7:8080 61, 100 0.100, 0.004 200, 203 835136ae24486dbb4156dcbe21f5d402 diff --git a/filebeat/module/nginx/ingress_controller/test/test.log-expected.json b/filebeat/module/nginx/ingress_controller/test/test.log-expected.json index 4bf393a5906..e8b09bc1abd 100644 --- a/filebeat/module/nginx/ingress_controller/test/test.log-expected.json +++ b/filebeat/module/nginx/ingress_controller/test/test.log-expected.json @@ -28,10 +28,22 @@ "nginx.ingress_controller.upstream.alternative_name": "", "nginx.ingress_controller.upstream.ip": "172.17.0.5", "nginx.ingress_controller.upstream.name": "default-web-8080", - "nginx.ingress_controller.upstream.port": "8080", + "nginx.ingress_controller.upstream.port": 8080, "nginx.ingress_controller.upstream.response.length": 59, + "nginx.ingress_controller.upstream.response.length_list": [ + "59" + ], "nginx.ingress_controller.upstream.response.status_code": 200, + "nginx.ingress_controller.upstream.response.status_code_list": [ + "200" + ], "nginx.ingress_controller.upstream.response.time": 0.0, + "nginx.ingress_controller.upstream.response.time_list": [ + "0.000" + ], + "nginx.ingress_controller.upstream_address_list": [ + "172.17.0.5:8080" + ], "related.ip": [ "192.168.64.1" ], @@ -73,10 +85,22 @@ "nginx.ingress_controller.upstream.alternative_name": "", "nginx.ingress_controller.upstream.ip": "172.17.0.5", "nginx.ingress_controller.upstream.name": "default-web-8080", - "nginx.ingress_controller.upstream.port": "8080", + "nginx.ingress_controller.upstream.port": 8080, "nginx.ingress_controller.upstream.response.length": 59, + "nginx.ingress_controller.upstream.response.length_list": [ + "59" + ], "nginx.ingress_controller.upstream.response.status_code": 200, + "nginx.ingress_controller.upstream.response.status_code_list": [ + "200" + ], "nginx.ingress_controller.upstream.response.time": 0.0, + "nginx.ingress_controller.upstream.response.time_list": [ + "0.000" + ], + "nginx.ingress_controller.upstream_address_list": [ + "172.17.0.5:8080" + ], "related.ip": [ "192.168.64.1" ], @@ -118,10 +142,22 @@ "nginx.ingress_controller.upstream.alternative_name": "", "nginx.ingress_controller.upstream.ip": "172.17.0.5", "nginx.ingress_controller.upstream.name": "default-web-8080", - "nginx.ingress_controller.upstream.port": "8080", + "nginx.ingress_controller.upstream.port": 8080, "nginx.ingress_controller.upstream.response.length": 59, + "nginx.ingress_controller.upstream.response.length_list": [ + "59" + ], "nginx.ingress_controller.upstream.response.status_code": 200, + "nginx.ingress_controller.upstream.response.status_code_list": [ + "200" + ], "nginx.ingress_controller.upstream.response.time": 0.001, + "nginx.ingress_controller.upstream.response.time_list": [ + "0.001" + ], + "nginx.ingress_controller.upstream_address_list": [ + "172.17.0.5:8080" + ], "related.ip": [ "192.168.64.1" ], @@ -163,10 +199,22 @@ "nginx.ingress_controller.upstream.alternative_name": "", "nginx.ingress_controller.upstream.ip": "172.17.0.5", "nginx.ingress_controller.upstream.name": "default-web-8080", - "nginx.ingress_controller.upstream.port": "8080", + "nginx.ingress_controller.upstream.port": 8080, "nginx.ingress_controller.upstream.response.length": 59, + "nginx.ingress_controller.upstream.response.length_list": [ + "59" + ], "nginx.ingress_controller.upstream.response.status_code": 200, + "nginx.ingress_controller.upstream.response.status_code_list": [ + "200" + ], "nginx.ingress_controller.upstream.response.time": 0.0, + "nginx.ingress_controller.upstream.response.time_list": [ + "0.000" + ], + "nginx.ingress_controller.upstream_address_list": [ + "172.17.0.5:8080" + ], "related.ip": [ "192.168.64.1" ], @@ -280,10 +328,22 @@ "nginx.ingress_controller.upstream.alternative_name": "", "nginx.ingress_controller.upstream.ip": "172.17.0.5", "nginx.ingress_controller.upstream.name": "default-web-8080", - "nginx.ingress_controller.upstream.port": "8080", + "nginx.ingress_controller.upstream.port": 8080, "nginx.ingress_controller.upstream.response.length": 59, + "nginx.ingress_controller.upstream.response.length_list": [ + "59" + ], "nginx.ingress_controller.upstream.response.status_code": 200, + "nginx.ingress_controller.upstream.response.status_code_list": [ + "200" + ], "nginx.ingress_controller.upstream.response.time": 0.0, + "nginx.ingress_controller.upstream.response.time_list": [ + "0.000" + ], + "nginx.ingress_controller.upstream_address_list": [ + "172.17.0.5:8080" + ], "related.ip": [ "192.168.64.1" ], @@ -325,10 +385,22 @@ "nginx.ingress_controller.upstream.alternative_name": "", "nginx.ingress_controller.upstream.ip": "172.17.0.5", "nginx.ingress_controller.upstream.name": "default-web-8080", - "nginx.ingress_controller.upstream.port": "8080", + "nginx.ingress_controller.upstream.port": 8080, "nginx.ingress_controller.upstream.response.length": 59, + "nginx.ingress_controller.upstream.response.length_list": [ + "59" + ], "nginx.ingress_controller.upstream.response.status_code": 200, + "nginx.ingress_controller.upstream.response.status_code_list": [ + "200" + ], "nginx.ingress_controller.upstream.response.time": 0.0, + "nginx.ingress_controller.upstream.response.time_list": [ + "0.000" + ], + "nginx.ingress_controller.upstream_address_list": [ + "172.17.0.5:8080" + ], "related.ip": [ "192.168.64.1" ], @@ -374,10 +446,22 @@ "nginx.ingress_controller.upstream.alternative_name": "", "nginx.ingress_controller.upstream.ip": "172.17.0.5", "nginx.ingress_controller.upstream.name": "default-web-8080", - "nginx.ingress_controller.upstream.port": "8080", + "nginx.ingress_controller.upstream.port": 8080, "nginx.ingress_controller.upstream.response.length": 59, + "nginx.ingress_controller.upstream.response.length_list": [ + "59" + ], "nginx.ingress_controller.upstream.response.status_code": 200, + "nginx.ingress_controller.upstream.response.status_code_list": [ + "200" + ], "nginx.ingress_controller.upstream.response.time": 0.0, + "nginx.ingress_controller.upstream.response.time_list": [ + "0.000" + ], + "nginx.ingress_controller.upstream_address_list": [ + "172.17.0.5:8080" + ], "related.ip": [ "192.168.64.1" ], @@ -422,10 +506,22 @@ "nginx.ingress_controller.upstream.alternative_name": "", "nginx.ingress_controller.upstream.ip": "172.17.0.6", "nginx.ingress_controller.upstream.name": "default-web2-8080", - "nginx.ingress_controller.upstream.port": "8080", + "nginx.ingress_controller.upstream.port": 8080, "nginx.ingress_controller.upstream.response.length": 61, + "nginx.ingress_controller.upstream.response.length_list": [ + "61" + ], "nginx.ingress_controller.upstream.response.status_code": 200, + "nginx.ingress_controller.upstream.response.status_code_list": [ + "200" + ], "nginx.ingress_controller.upstream.response.time": 0.001, + "nginx.ingress_controller.upstream.response.time_list": [ + "0.001" + ], + "nginx.ingress_controller.upstream_address_list": [ + "172.17.0.6:8080" + ], "related.ip": [ "192.168.64.1" ], @@ -471,10 +567,22 @@ "nginx.ingress_controller.upstream.alternative_name": "", "nginx.ingress_controller.upstream.ip": "172.17.0.5", "nginx.ingress_controller.upstream.name": "default-web-8080", - "nginx.ingress_controller.upstream.port": "8080", + "nginx.ingress_controller.upstream.port": 8080, "nginx.ingress_controller.upstream.response.length": 59, + "nginx.ingress_controller.upstream.response.length_list": [ + "59" + ], "nginx.ingress_controller.upstream.response.status_code": 200, + "nginx.ingress_controller.upstream.response.status_code_list": [ + "200" + ], "nginx.ingress_controller.upstream.response.time": 0.002, + "nginx.ingress_controller.upstream.response.time_list": [ + "0.002" + ], + "nginx.ingress_controller.upstream_address_list": [ + "172.17.0.5:8080" + ], "related.ip": [ "192.168.64.1" ], @@ -519,10 +627,22 @@ "nginx.ingress_controller.upstream.alternative_name": "", "nginx.ingress_controller.upstream.ip": "172.17.0.5", "nginx.ingress_controller.upstream.name": "default-web-8080", - "nginx.ingress_controller.upstream.port": "8080", + "nginx.ingress_controller.upstream.port": 8080, "nginx.ingress_controller.upstream.response.length": 59, + "nginx.ingress_controller.upstream.response.length_list": [ + "59" + ], "nginx.ingress_controller.upstream.response.status_code": 200, + "nginx.ingress_controller.upstream.response.status_code_list": [ + "200" + ], "nginx.ingress_controller.upstream.response.time": 0.001, + "nginx.ingress_controller.upstream.response.time_list": [ + "0.001" + ], + "nginx.ingress_controller.upstream_address_list": [ + "172.17.0.5:8080" + ], "related.ip": [ "192.168.64.1" ], @@ -568,10 +688,22 @@ "nginx.ingress_controller.upstream.alternative_name": "", "nginx.ingress_controller.upstream.ip": "172.17.0.5", "nginx.ingress_controller.upstream.name": "default-web-8080", - "nginx.ingress_controller.upstream.port": "8080", + "nginx.ingress_controller.upstream.port": 8080, "nginx.ingress_controller.upstream.response.length": 59, + "nginx.ingress_controller.upstream.response.length_list": [ + "59" + ], "nginx.ingress_controller.upstream.response.status_code": 200, + "nginx.ingress_controller.upstream.response.status_code_list": [ + "200" + ], "nginx.ingress_controller.upstream.response.time": 0.001, + "nginx.ingress_controller.upstream.response.time_list": [ + "0.001" + ], + "nginx.ingress_controller.upstream_address_list": [ + "172.17.0.5:8080" + ], "related.ip": [ "192.168.64.1" ], @@ -616,10 +748,22 @@ "nginx.ingress_controller.upstream.alternative_name": "", "nginx.ingress_controller.upstream.ip": "172.17.0.5", "nginx.ingress_controller.upstream.name": "default-web-8080", - "nginx.ingress_controller.upstream.port": "8080", + "nginx.ingress_controller.upstream.port": 8080, "nginx.ingress_controller.upstream.response.length": 59, + "nginx.ingress_controller.upstream.response.length_list": [ + "59" + ], "nginx.ingress_controller.upstream.response.status_code": 200, + "nginx.ingress_controller.upstream.response.status_code_list": [ + "200" + ], "nginx.ingress_controller.upstream.response.time": 0.002, + "nginx.ingress_controller.upstream.response.time_list": [ + "0.002" + ], + "nginx.ingress_controller.upstream_address_list": [ + "172.17.0.5:8080" + ], "related.ip": [ "192.168.64.1" ], @@ -664,10 +808,22 @@ "nginx.ingress_controller.upstream.alternative_name": "", "nginx.ingress_controller.upstream.ip": "172.17.0.5", "nginx.ingress_controller.upstream.name": "default-web-8080", - "nginx.ingress_controller.upstream.port": "8080", + "nginx.ingress_controller.upstream.port": 8080, "nginx.ingress_controller.upstream.response.length": 59, + "nginx.ingress_controller.upstream.response.length_list": [ + "59" + ], "nginx.ingress_controller.upstream.response.status_code": 200, + "nginx.ingress_controller.upstream.response.status_code_list": [ + "200" + ], "nginx.ingress_controller.upstream.response.time": 0.001, + "nginx.ingress_controller.upstream.response.time_list": [ + "0.001" + ], + "nginx.ingress_controller.upstream_address_list": [ + "172.17.0.5:8080" + ], "related.ip": [ "192.168.64.1" ], @@ -713,10 +869,22 @@ "nginx.ingress_controller.upstream.alternative_name": "", "nginx.ingress_controller.upstream.ip": "172.17.0.5", "nginx.ingress_controller.upstream.name": "default-web-8080", - "nginx.ingress_controller.upstream.port": "8080", + "nginx.ingress_controller.upstream.port": 8080, "nginx.ingress_controller.upstream.response.length": 59, + "nginx.ingress_controller.upstream.response.length_list": [ + "59" + ], "nginx.ingress_controller.upstream.response.status_code": 200, + "nginx.ingress_controller.upstream.response.status_code_list": [ + "200" + ], "nginx.ingress_controller.upstream.response.time": 0.002, + "nginx.ingress_controller.upstream.response.time_list": [ + "0.002" + ], + "nginx.ingress_controller.upstream_address_list": [ + "172.17.0.5:8080" + ], "related.ip": [ "192.168.64.1" ], @@ -761,10 +929,22 @@ "nginx.ingress_controller.upstream.alternative_name": "", "nginx.ingress_controller.upstream.ip": "172.17.0.6", "nginx.ingress_controller.upstream.name": "default-web2-8080", - "nginx.ingress_controller.upstream.port": "8080", + "nginx.ingress_controller.upstream.port": 8080, "nginx.ingress_controller.upstream.response.length": 61, + "nginx.ingress_controller.upstream.response.length_list": [ + "61" + ], "nginx.ingress_controller.upstream.response.status_code": 200, + "nginx.ingress_controller.upstream.response.status_code_list": [ + "200" + ], "nginx.ingress_controller.upstream.response.time": 0.002, + "nginx.ingress_controller.upstream.response.time_list": [ + "0.002" + ], + "nginx.ingress_controller.upstream_address_list": [ + "172.17.0.6:8080" + ], "related.ip": [ "192.168.64.1" ], @@ -810,10 +990,22 @@ "nginx.ingress_controller.upstream.alternative_name": "", "nginx.ingress_controller.upstream.ip": "172.17.0.5", "nginx.ingress_controller.upstream.name": "default-web-8080", - "nginx.ingress_controller.upstream.port": "8080", + "nginx.ingress_controller.upstream.port": 8080, "nginx.ingress_controller.upstream.response.length": 59, + "nginx.ingress_controller.upstream.response.length_list": [ + "59" + ], "nginx.ingress_controller.upstream.response.status_code": 200, + "nginx.ingress_controller.upstream.response.status_code_list": [ + "200" + ], "nginx.ingress_controller.upstream.response.time": 0.0, + "nginx.ingress_controller.upstream.response.time_list": [ + "0.000" + ], + "nginx.ingress_controller.upstream_address_list": [ + "172.17.0.5:8080" + ], "related.ip": [ "192.168.64.1" ], @@ -858,10 +1050,22 @@ "nginx.ingress_controller.upstream.alternative_name": "", "nginx.ingress_controller.upstream.ip": "172.17.0.5", "nginx.ingress_controller.upstream.name": "default-web-8080", - "nginx.ingress_controller.upstream.port": "8080", + "nginx.ingress_controller.upstream.port": 8080, "nginx.ingress_controller.upstream.response.length": 59, + "nginx.ingress_controller.upstream.response.length_list": [ + "59" + ], "nginx.ingress_controller.upstream.response.status_code": 200, + "nginx.ingress_controller.upstream.response.status_code_list": [ + "200" + ], "nginx.ingress_controller.upstream.response.time": 0.001, + "nginx.ingress_controller.upstream.response.time_list": [ + "0.001" + ], + "nginx.ingress_controller.upstream_address_list": [ + "172.17.0.5:8080" + ], "related.ip": [ "192.168.64.1" ], @@ -903,10 +1107,22 @@ "nginx.ingress_controller.upstream.alternative_name": "", "nginx.ingress_controller.upstream.ip": "172.17.0.6", "nginx.ingress_controller.upstream.name": "default-web2-8080", - "nginx.ingress_controller.upstream.port": "8080", + "nginx.ingress_controller.upstream.port": 8080, "nginx.ingress_controller.upstream.response.length": 61, + "nginx.ingress_controller.upstream.response.length_list": [ + "61" + ], "nginx.ingress_controller.upstream.response.status_code": 200, + "nginx.ingress_controller.upstream.response.status_code_list": [ + "200" + ], "nginx.ingress_controller.upstream.response.time": 0.001, + "nginx.ingress_controller.upstream.response.time_list": [ + "0.001" + ], + "nginx.ingress_controller.upstream_address_list": [ + "172.17.0.6:8080" + ], "related.ip": [ "192.168.64.1" ], @@ -951,10 +1167,22 @@ "nginx.ingress_controller.upstream.alternative_name": "", "nginx.ingress_controller.upstream.ip": "172.17.0.5", "nginx.ingress_controller.upstream.name": "default-web-8080", - "nginx.ingress_controller.upstream.port": "8080", + "nginx.ingress_controller.upstream.port": 8080, "nginx.ingress_controller.upstream.response.length": 59, + "nginx.ingress_controller.upstream.response.length_list": [ + "59" + ], "nginx.ingress_controller.upstream.response.status_code": 200, + "nginx.ingress_controller.upstream.response.status_code_list": [ + "200" + ], "nginx.ingress_controller.upstream.response.time": 0.0, + "nginx.ingress_controller.upstream.response.time_list": [ + "0.000" + ], + "nginx.ingress_controller.upstream_address_list": [ + "172.17.0.5:8080" + ], "related.ip": [ "192.168.64.1" ], @@ -999,10 +1227,22 @@ "nginx.ingress_controller.upstream.alternative_name": "", "nginx.ingress_controller.upstream.ip": "172.17.0.6", "nginx.ingress_controller.upstream.name": "default-web2-8080", - "nginx.ingress_controller.upstream.port": "8080", + "nginx.ingress_controller.upstream.port": 8080, "nginx.ingress_controller.upstream.response.length": 61, + "nginx.ingress_controller.upstream.response.length_list": [ + "61" + ], "nginx.ingress_controller.upstream.response.status_code": 200, + "nginx.ingress_controller.upstream.response.status_code_list": [ + "200" + ], "nginx.ingress_controller.upstream.response.time": 0.0, + "nginx.ingress_controller.upstream.response.time_list": [ + "0.000" + ], + "nginx.ingress_controller.upstream_address_list": [ + "172.17.0.6:8080" + ], "related.ip": [ "192.168.64.1" ], @@ -1017,5 +1257,69 @@ "user_agent.os.name": "Mac OS X", "user_agent.os.version": "10.14", "user_agent.version": "72.0." + }, + { + "@timestamp": "2020-02-07T12:02:42.000Z", + "event.category": [ + "web" + ], + "event.dataset": "nginx.ingress_controller", + "event.kind": "event", + "event.module": "nginx", + "event.outcome": "success", + "event.timezone": "-02:00", + "event.type": [ + "info" + ], + "fileset.name": "ingress_controller", + "http.request.method": "GET", + "http.response.body.bytes": 61, + "http.response.status_code": 200, + "http.version": "1.1", + "input.type": "log", + "log.offset": 5730, + "nginx.ingress_controller.http.request.id": "835136ae24486dbb4156dcbe21f5d402", + "nginx.ingress_controller.http.request.length": 348, + "nginx.ingress_controller.http.request.time": 0.001, + "nginx.ingress_controller.remote_ip_list": [ + "192.168.64.14" + ], + "nginx.ingress_controller.upstream.alternative_name": "", + "nginx.ingress_controller.upstream.ip": "172.17.0.7", + "nginx.ingress_controller.upstream.name": "default-web2-8080", + "nginx.ingress_controller.upstream.port": 8080, + "nginx.ingress_controller.upstream.response.length": 100, + "nginx.ingress_controller.upstream.response.length_list": [ + "61", + "100" + ], + "nginx.ingress_controller.upstream.response.status_code": 203, + "nginx.ingress_controller.upstream.response.status_code_list": [ + "200", + "203" + ], + "nginx.ingress_controller.upstream.response.time": 0.104, + "nginx.ingress_controller.upstream.response.time_list": [ + "0.100", + "0.004" + ], + "nginx.ingress_controller.upstream_address_list": [ + "172.17.0.6:8080", + "172.17.0.7:8080" + ], + "related.ip": [ + "192.168.64.14" + ], + "service.type": "nginx", + "source.address": "192.168.64.14", + "source.ip": "192.168.64.14", + "url.original": "/v2/some", + "user_agent.device.name": "Mac", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", + "user_agent.os.full": "Mac OS X 10.14", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.14", + "user_agent.version": "72.0." } -] \ No newline at end of file +]