IIS and MYSQL expected json logfile update (elastic#35221)

* IIS and MYSQL json update * Update changelog * Updating the snapshot version for CI/CD --------- Co-authored-by: Michal Pristas <michal.pristas@gmail.com>
HiDAl · Apr 27, 2023 · f5ace09 · f5ace09
1 parent af115f0
commit f5ace09
Show file tree

Hide file tree

Showing 6 changed files with 27 additions and 18 deletions.
diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
@@ -116,6 +116,7 @@ https://github.com/elastic/beats/compare/v8.2.0\...main[Check the HEAD diff]
 - Fix handling of MySQL audit logs with strict JSON parser. {issue}35158[35158] {pull}35160[35160]
 - Sanitize filenames for request tracer in cel input. {pull}35154[35154]
 - Fix accidental error overwrite in defer statement in entityanalytics Azure AD input. {issue}35153[35153] {pull}35169[35169]
+- Fixing the grok expression outputs of log files {pull}35221[35221]
 
 *Heartbeat*
 

diff --git a/filebeat/module/iis/access/test/test-iis-7.5.log-expected.json b/filebeat/module/iis/access/test/test-iis-7.5.log-expected.json
@@ -1,11 +1,12 @@
 [
     {
         "@timestamp": "2018-08-28T18:24:25.000Z",
-        "destination.address": "10.100.220.70",
-        "destination.ip": "10.100.220.70",
+        "destination.address": [
+            "10.100.220.70",
+            "10.100.220.70"
+        ],
         "destination.port": 80,
         "event.category": [
-            "network",
             "web"
         ],
         "event.dataset": "iis.access",
@@ -14,23 +15,18 @@
         "event.module": "iis",
         "event.original": "2018-08-28 18:24:25 [10.100.220.70](http://10.100.220.70) GET / - 80 - [10.100.118.31](http://10.100.118.31) Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.3;+WOW64;+Trident/7.0;+.NET4.0E;+.NET4.0C;+.NET+CLR+3.5.30729;+.NET+CLR[+2.0.50727](tel:+2050727);+.NET+CLR+3.0.30729) 404 4 2 792",
         "event.outcome": "failure",
-        "event.type": [
-            "connection"
-        ],
         "fileset.name": "access",
         "http.request.method": "GET",
         "http.response.status_code": 404,
         "iis.access.sub_status": 4,
         "iis.access.win32_status": 2,
         "input.type": "log",
         "log.offset": 244,
-        "related.ip": [
+        "service.type": "iis",
+        "source.address": [
             "10.100.118.31",
-            "10.100.220.70"
+            "10.100.118.31"
         ],
-        "service.type": "iis",
-        "source.address": "10.100.118.31",
-        "source.ip": "10.100.118.31",
         "url.original": "/",
         "url.path": "/",
         "user_agent.device.name": "Other",

diff --git a/filebeat/module/mysql/slowlog/test/mariadb-10.3.13.log-expected.json b/filebeat/module/mysql/slowlog/test/mariadb-10.3.13.log-expected.json
@@ -31,7 +31,10 @@
         "mysql.slowlog.rows_affected": 0,
         "mysql.slowlog.rows_examined": 3145718,
         "mysql.slowlog.rows_sent": 10,
-        "mysql.slowlog.schema": "employees-test",
+        "mysql.slowlog.schema": [
+            "employees-test",
+            "employees-test"
+        ],
         "mysql.slowlog.tmp_disk_tables": "0",
         "mysql.slowlog.tmp_table": true,
         "mysql.slowlog.tmp_table_on_disk": false,

diff --git a/filebeat/module/mysql/slowlog/test/mysql-ubuntu-8.0.15.log-expected.json b/filebeat/module/mysql/slowlog/test/mysql-ubuntu-8.0.15.log-expected.json
@@ -74,7 +74,10 @@
         "mysql.slowlog.sort_scan_count": 1,
         "mysql.slowlog.tmp_disk_tables": 0,
         "mysql.slowlog.tmp_tables": 1,
-        "mysql.thread_id": "16",
+        "mysql.thread_id": [
+            16,
+            "16"
+        ],
         "related.user": [
             "root"
         ],

diff --git a/filebeat/module/mysql/slowlog/test/percona-ubuntu-8.0.15.log-expected.json b/filebeat/module/mysql/slowlog/test/percona-ubuntu-8.0.15.log-expected.json
@@ -26,7 +26,10 @@
         "mysql.slowlog.rows_affected": 0,
         "mysql.slowlog.rows_examined": 3145718,
         "mysql.slowlog.rows_sent": 10,
-        "mysql.slowlog.schema": "employees",
+        "mysql.slowlog.schema": [
+            "employees",
+            "employees"
+        ],
         "mysql.thread_id": 182,
         "related.user": [
             "root"
@@ -74,7 +77,10 @@
         "mysql.slowlog.rows_affected": 0,
         "mysql.slowlog.rows_examined": 3145718,
         "mysql.slowlog.rows_sent": 10,
-        "mysql.slowlog.schema": "employees",
+        "mysql.slowlog.schema": [
+            "employees",
+            "employees"
+        ],
         "mysql.slowlog.tmp_disk_tables": "0",
         "mysql.slowlog.tmp_table": true,
         "mysql.slowlog.tmp_table_on_disk": false,

diff --git a/testing/environments/snapshot.yml b/testing/environments/snapshot.yml
@@ -3,7 +3,7 @@
 version: '2.3'
 services:
   elasticsearch:
-    image: docker.elastic.co/elasticsearch/elasticsearch:8.7.0-61c35791-SNAPSHOT
+    image: docker.elastic.co/elasticsearch/elasticsearch:8.7.1-1bebafa7-SNAPSHOT
     # When extend is used it merges healthcheck.tests, see:
     # https://github.com/docker/compose/issues/8962
     # healthcheck:
@@ -31,7 +31,7 @@ services:
     - "./docker/elasticsearch/users_roles:/usr/share/elasticsearch/config/users_roles"
 
   logstash:
-    image: docker.elastic.co/logstash/logstash:8.7.0-61c35791-SNAPSHOT
+    image: docker.elastic.co/logstash/logstash:8.7.1-1bebafa7-SNAPSHOT
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost:9600/_node/stats"]
       retries: 600
@@ -44,7 +44,7 @@ services:
       - 5055:5055
 
   kibana:
-    image: docker.elastic.co/kibana/kibana:8.7.0-61c35791-SNAPSHOT
+    image: docker.elastic.co/kibana/kibana:8.7.1-1bebafa7-SNAPSHOT
     environment:
     - "ELASTICSEARCH_USERNAME=kibana_system_user"
     - "ELASTICSEARCH_PASSWORD=testing"