elastic · narph · Oct 10, 2019 · Sep 19, 2019 · Sep 20, 2019 · Sep 20, 2019
diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc
@@ -15,6 +15,8 @@ grouped in the following categories:
 * <<exported-fields-apache>>
 * <<exported-fields-auditd>>
 * <<exported-fields-aws>>
+* <<exported-fields-azure>>
+* <<exported-fields-azure>>
 * <<exported-fields-beat-common>>
 * <<exported-fields-cef>>
 * <<exported-fields-cef-module>>
@@ -1241,6 +1243,31 @@ type: keyword
 
 --
 
+[[exported-fields-azure]]
+== azure fields
+
+azure Module
+
+
+
+[float]
+=== azure
+
+
+
+
+[float]
+=== activitylogs
+
+Fields for azure Activity logs.
+
+
+[[exported-fields-azure]]
+== Decode azure processor fields fields
+
+Common Event Format (azure) data.
+
+
 [[exported-fields-beat-common]]
 == Beat fields
 

diff --git a/filebeat/docs/modules/azure.asciidoc b/filebeat/docs/modules/azure.asciidoc
@@ -0,0 +1,60 @@
+////
+This file is generated! See scripts/docs_collector.py
+////
+
+[[filebeat-module-azure]]
+:modulename: azure
+:has-dashboards: true
+
+== azure module
+
+This is the azure module.
+
+include::../include/what-happens.asciidoc[]
+
+[float]
+=== Compatibility
+
+TODO: document with what versions of the software is this tested
+
+
+include::../include/running-modules.asciidoc[]
+
+[float]
+=== Example dashboard
+
+This module comes with a sample dashboard. For example:
+
+TODO: include an image of a sample dashboard. If you do not include a dashboard,
+remove this section and set `:has-dashboards: false` at the top of this file.
+
+include::../include/configuring-intro.asciidoc[]
+
+TODO: provide an example configuration
+
+:fileset_ex: {fileset}
+
+include::../include/config-option-intro.asciidoc[]
+
+TODO: document the variables from each fileset. If you're describing a variable
+that's common to other modules, you can reuse shared descriptions by including
+the relevant file. For example:
+
+[float]
+==== `{fileset}` log fileset settings
+
+include::../include/var-paths.asciidoc[]
+
+:has-dashboards!:
+
+:fileset_ex!:
+
+:modulename!:
+
+
+[float]
+=== Fields
+
+For a description of each field in the module, see the
+<<exported-fields-azure,exported fields>> section.
+
diff --git a/filebeat/docs/modules_list.asciidoc b/filebeat/docs/modules_list.asciidoc
@@ -6,6 +6,7 @@ This file is generated! See scripts/docs_collector.py
   * <<filebeat-module-apache>>
   * <<filebeat-module-auditd>>
   * <<filebeat-module-aws>>
+  * <<filebeat-module-azure>>
   * <<filebeat-module-cef>>
   * <<filebeat-module-cisco>>
   * <<filebeat-module-coredns>>
@@ -44,6 +45,7 @@ include::modules-overview.asciidoc[]
 include::modules/apache.asciidoc[]
 include::modules/auditd.asciidoc[]
 include::modules/aws.asciidoc[]
+include::modules/azure.asciidoc[]
 include::modules/cef.asciidoc[]
 include::modules/cisco.asciidoc[]
 include::modules/coredns.asciidoc[]

diff --git a/filebeat/input/kafka/config.go b/filebeat/input/kafka/config.go
@@ -32,7 +32,7 @@ import (
 	"github.com/elastic/beats/libbeat/outputs"
 )
 
-type kafkaInputConfig struct {
+type KafkaInputConfig struct {
 	// Kafka hosts with port, e.g. "localhost:9092"
 	Hosts          []string          `config:"hosts" validate:"required"`
 	Topics         []string          `config:"topics" validate:"required"`
@@ -103,8 +103,8 @@ var (
 
 // The default config for the kafka input. When in doubt, default values
 // were chosen to match sarama's defaults.
-func defaultConfig() kafkaInputConfig {
-	return kafkaInputConfig{
+func DefaultConfig() KafkaInputConfig {
+	return KafkaInputConfig{
 		Version:        kafka.Version("1.0.0"),
 		InitialOffset:  initialOffsetOldest,
 		ClientID:       "filebeat",
@@ -128,7 +128,7 @@ func defaultConfig() kafkaInputConfig {
 }
 
 // Validate validates the config.
-func (c *kafkaInputConfig) Validate() error {
+func (c *KafkaInputConfig) Validate() error {
 	if len(c.Hosts) == 0 {
 		return errors.New("no hosts configured")
 	}
@@ -143,7 +143,7 @@ func (c *kafkaInputConfig) Validate() error {
 	return nil
 }
 
-func newSaramaConfig(config kafkaInputConfig) (*sarama.Config, error) {
+func NewSaramaConfig(config KafkaInputConfig) (*sarama.Config, error) {
 	k := sarama.NewConfig()
 
 	version, ok := config.Version.Get()

diff --git a/filebeat/input/kafka/input.go b/filebeat/input/kafka/input.go
@@ -46,7 +46,7 @@ func init() {
 
 // Input contains the input and its config
 type kafkaInput struct {
-	config          kafkaInputConfig
+	config          KafkaInputConfig
 	saramaConfig    *sarama.Config
 	context         input.Context
 	outlet          channel.Outleter
@@ -62,7 +62,7 @@ func NewInput(
 	inputContext input.Context,
 ) (input.Input, error) {
 
-	config := defaultConfig()
+	config := DefaultConfig()
 	if err := cfg.Unpack(&config); err != nil {
 		return nil, errors.Wrap(err, "reading kafka input config")
 	}
@@ -85,7 +85,7 @@ func NewInput(
 		return nil, err
 	}
 
-	saramaConfig, err := newSaramaConfig(config)
+	saramaConfig, err := NewSaramaConfig(config)
 	if err != nil {
 		return nil, errors.Wrap(err, "initializing Sarama config")
 	}

diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml
@@ -87,6 +87,21 @@ filebeat.modules:
     # Profile name for aws credential
     #var.credential_profile_name: fb-aws
 
+#-------------------------------- Azure Module --------------------------------
+- module: azure
+  # All logs
+  activitylogs:
+    enabled: true
+    var:
+      eventhubs_namespace: ""
+      topics: ["insights-operational-logs"]
+      consumer_group: "$Default"
+      connection_string: ""
+
+    # Set custom paths for the log files. If left empty,
+    # Filebeat will choose the paths depending on your OS.
+    #var.paths:
+
 #--------------------------------- CEF Module ---------------------------------
 - module: cef
   log:

diff --git a/x-pack/filebeat/include/list.go b/x-pack/filebeat/include/list.go