diff --git a/.backportrc.json b/.backportrc.json index eab70a1fa4de1..8a52d4266ca8b 100644 --- a/.backportrc.json +++ b/.backportrc.json @@ -3,6 +3,7 @@ "repoName": "kibana", "targetBranchChoices": [ "main", + "8.2", "8.1", "8.0", "7.17", @@ -38,7 +39,7 @@ "backport" ], "branchLabelMapping": { - "^v8.2.0$": "main", + "^v8.3.0$": "main", "^v(\\d+).(\\d+).\\d+$": "$1.$2" }, "autoMerge": true, diff --git a/.buildkite/scripts/steps/artifacts/build.sh b/.buildkite/scripts/steps/artifacts/build.sh index 8f928596f2574..2d7edf71c1ddb 100644 --- a/.buildkite/scripts/steps/artifacts/build.sh +++ b/.buildkite/scripts/steps/artifacts/build.sh @@ -17,3 +17,27 @@ node scripts/build "$RELEASE_ARG" --all-platforms --debug --docker-cross-compile echo "--- Build dependencies report" node scripts/licenses_csv_report "--csv=target/dependencies-$VERSION.csv" + +# Release verification +if [[ "${RELEASE_BUILD:-}" == "true" ]]; then + echo "--- Build and push Kibana Cloud Distribution" + # This doesn't meet the requirements for a release image, implementation TBD + # Beats artifacts will need to match a specific commit sha that matches other stack iamges + # For now this is a placeholder step that will allow us to run automated Cloud tests + # against a best guess approximation of a release image + echo "$KIBANA_DOCKER_PASSWORD" | docker login -u "$KIBANA_DOCKER_USERNAME" --password-stdin docker.elastic.co + trap 'docker logout docker.elastic.co' EXIT + + node scripts/build \ + "$RELEASE_ARG" \ + --skip-initialize \ + --skip-generic-folders \ + --skip-platform-folders \ + --skip-archives \ + --docker-images \ + --docker-tag-qualifier="$GIT_COMMIT" \ + --docker-push \ + --skip-docker-ubi \ + --skip-docker-ubuntu \ + --skip-docker-contexts +fi diff --git a/.buildkite/scripts/steps/es_snapshots/build.sh b/.buildkite/scripts/steps/es_snapshots/build.sh index cdc1750e59bfc..c11f041836413 100755 --- a/.buildkite/scripts/steps/es_snapshots/build.sh +++ b/.buildkite/scripts/steps/es_snapshots/build.sh @@ -69,7 +69,6 @@ echo "--- Build Elasticsearch" :distribution:archives:darwin-aarch64-tar:assemble \ :distribution:archives:darwin-tar:assemble \ :distribution:docker:docker-export:assemble \ - :distribution:docker:cloud-docker-export:assemble \ :distribution:archives:linux-aarch64-tar:assemble \ :distribution:archives:linux-tar:assemble \ :distribution:archives:windows-zip:assemble \ @@ -80,26 +79,11 @@ find distribution -type f \( -name 'elasticsearch-*-*-*-*.tar.gz' -o -name 'elas ls -alh "$destination" -echo "--- Create docker default image archives" +echo "--- Create docker image archives" docker images "docker.elastic.co/elasticsearch/elasticsearch" docker images "docker.elastic.co/elasticsearch/elasticsearch" --format "{{.Tag}}" | xargs -n1 echo 'docker save docker.elastic.co/elasticsearch/elasticsearch:${0} | gzip > ../es-build/elasticsearch-${0}-docker-image.tar.gz' docker images "docker.elastic.co/elasticsearch/elasticsearch" --format "{{.Tag}}" | xargs -n1 bash -c 'docker save docker.elastic.co/elasticsearch/elasticsearch:${0} | gzip > ../es-build/elasticsearch-${0}-docker-image.tar.gz' -echo "--- Create kibana-ci docker cloud image archives" -ES_CLOUD_ID=$(docker images "docker.elastic.co/elasticsearch-ci/elasticsearch-cloud" --format "{{.ID}}") -ES_CLOUD_VERSION=$(docker images "docker.elastic.co/elasticsearch-ci/elasticsearch-cloud" --format "{{.Tag}}") -KIBANA_ES_CLOUD_VERSION="$ES_CLOUD_VERSION-$ELASTICSEARCH_GIT_COMMIT" -KIBANA_ES_CLOUD_IMAGE="docker.elastic.co/kibana-ci/elasticsearch-cloud:$KIBANA_ES_CLOUD_VERSION" - -docker tag "$ES_CLOUD_ID" "$KIBANA_ES_CLOUD_IMAGE" - -echo "$KIBANA_DOCKER_PASSWORD" | docker login -u "$KIBANA_DOCKER_USERNAME" --password-stdin docker.elastic.co -trap 'docker logout docker.elastic.co' EXIT -docker image push "$KIBANA_ES_CLOUD_IMAGE" - -export ELASTICSEARCH_CLOUD_IMAGE="$KIBANA_ES_CLOUD_IMAGE" -export ELASTICSEARCH_CLOUD_IMAGE_CHECKSUM="$(docker images "$KIBANA_ES_CLOUD_IMAGE" --format "{{.Digest}}")" - echo "--- Create checksums for snapshot files" cd "$destination" find ./* -exec bash -c "shasum -a 512 {} > {}.sha512" \; diff --git a/.buildkite/scripts/steps/es_snapshots/create_manifest.js b/.buildkite/scripts/steps/es_snapshots/create_manifest.js index 9357cd72fff06..cb4ea29a9c534 100644 --- a/.buildkite/scripts/steps/es_snapshots/create_manifest.js +++ b/.buildkite/scripts/steps/es_snapshots/create_manifest.js @@ -16,8 +16,6 @@ const { BASE_BUCKET_DAILY } = require('./bucket_config.js'); const destination = process.argv[2] || __dirname + '/test'; const ES_BRANCH = process.env.ELASTICSEARCH_BRANCH; - const ES_CLOUD_IMAGE = process.env.ELASTICSEARCH_CLOUD_IMAGE; - const ES_CLOUD_IMAGE_CHECKSUM = process.env.ELASTICSEARCH_CLOUD_IMAGE_CHECKSUM; const GIT_COMMIT = process.env.ELASTICSEARCH_GIT_COMMIT; const GIT_COMMIT_SHORT = process.env.ELASTICSEARCH_GIT_COMMIT_SHORT; @@ -61,17 +59,6 @@ const { BASE_BUCKET_DAILY } = require('./bucket_config.js'); }; }); - if (ES_CLOUD_IMAGE && ES_CLOUD_IMAGE_CHECKSUM) { - manifestEntries.push({ - checksum: ES_CLOUD_IMAGE_CHECKSUM, - url: ES_CLOUD_IMAGE, - version: VERSION, - platform: 'docker', - architecture: 'image', - license: 'default', - }); - } - const manifest = { id: SNAPSHOT_ID, bucket: `${BASE_BUCKET_DAILY}/${DESTINATION}`.toString(), diff --git a/.buildkite/scripts/steps/functional/synthetics.sh b/.buildkite/scripts/steps/functional/synthetics.sh index 76d355d99c2e3..ecb2922f89c8d 100644 --- a/.buildkite/scripts/steps/functional/synthetics.sh +++ b/.buildkite/scripts/steps/functional/synthetics.sh @@ -14,4 +14,4 @@ echo "--- Uptime @elastic/synthetics Tests" cd "$XPACK_DIR" checks-reporter-with-killswitch "Uptime @elastic/synthetics Tests" \ - node plugins/uptime/scripts/e2e.js --kibana-install-dir "$KIBANA_BUILD_LOCATION" --grep "MonitorManagement*" \ No newline at end of file + node plugins/uptime/scripts/e2e.js --kibana-install-dir "$KIBANA_BUILD_LOCATION" --grep "MonitorManagement-monitor*" \ No newline at end of file diff --git a/.buildkite/scripts/steps/test/jest_parallel.sh b/.buildkite/scripts/steps/test/jest_parallel.sh index 948a441185fca..0530fe0f84161 100755 --- a/.buildkite/scripts/steps/test/jest_parallel.sh +++ b/.buildkite/scripts/steps/test/jest_parallel.sh @@ -13,7 +13,7 @@ exitCode=0 while read -r config; do if [ "$((i % JOB_COUNT))" -eq "$JOB" ]; then echo "--- $ node scripts/jest --config $config" - node --max-old-space-size=14336 ./node_modules/.bin/jest --config="$config" --runInBand --coverage=false --passWithNoTests + node --max-old-space-size=14336 ./scripts/jest --config="$config" --runInBand --coverage=false --passWithNoTests lastCode=$? if [ $lastCode -ne 0 ]; then diff --git a/docs/api/cases.asciidoc b/docs/api/cases.asciidoc index ad0304ffa34b9..6342d3c4b8d2f 100644 --- a/docs/api/cases.asciidoc +++ b/docs/api/cases.asciidoc @@ -12,13 +12,13 @@ these APIs: * <> * {security-guide}/cases-api-find-cases-by-alert.html[Find cases by alert] * <> -* {security-guide}/cases-api-get-case-activity.html[Get all case activity] +* <> * <> * <> * <> * {security-guide}/cases-get-connector.html[Get current connector] * {security-guide}/cases-api-get-reporters.html[Get reporters] -* {security-guide}/cases-api-get-tag.html[Get tags] +* <> * {security-guide}/cases-api-push.html[Push case] * {security-guide}/assign-connector.html[Set default Elastic Security UI connector] * {security-guide}/case-api-update-connector.html[Update case configurations] @@ -36,9 +36,11 @@ include::cases/cases-api-delete-comments.asciidoc[leveloffset=+1] include::cases/cases-api-find-cases.asciidoc[leveloffset=+1] include::cases/cases-api-find-connectors.asciidoc[leveloffset=+1] //GET +include::cases/cases-api-get-case-activity.asciidoc[leveloffset=+1] include::cases/cases-api-get-case.asciidoc[leveloffset=+1] include::cases/cases-api-get-status.asciidoc[leveloffset=+1] include::cases/cases-api-get-comments.asciidoc[leveloffset=+1] +include::cases/cases-api-get-tags.asciidoc[leveloffset=+1] //UPDATE include::cases/cases-api-update.asciidoc[leveloffset=+1] include::cases/cases-api-update-comment.asciidoc[leveloffset=+1] diff --git a/docs/api/cases/cases-api-find-cases.asciidoc b/docs/api/cases/cases-api-find-cases.asciidoc index 68e620aece7b6..b6e87ad502d21 100644 --- a/docs/api/cases/cases-api-find-cases.asciidoc +++ b/docs/api/cases/cases-api-find-cases.asciidoc @@ -34,6 +34,9 @@ Defaults to `OR`. `fields`:: (Optional, array of strings) The fields in the entity to return in the response. +`from`:: +(Optional, string) Returns only cases that were created after a specific date. The date must be specified as a <> data range or date match expression. preview:[] + `owner`:: (Optional, string or array of strings) A filter to limit the retrieved cases to a specific set of applications. Valid values are: `cases`, `observability`, @@ -78,6 +81,9 @@ Defaults to `desc`. `tags`:: (Optional, string or array of strings) Filters the returned cases by tags. +`to`:: +(Optional, string) Returns only cases that were created before a specific date. The date must be specified as a <> data range or date match expression. preview:[] + === Response code `200`:: diff --git a/docs/api/cases/cases-api-get-case-activity.asciidoc b/docs/api/cases/cases-api-get-case-activity.asciidoc new file mode 100644 index 0000000000000..92b16b7862462 --- /dev/null +++ b/docs/api/cases/cases-api-get-case-activity.asciidoc @@ -0,0 +1,412 @@ +[[cases-api-get-case-activity]] +== Get case activity API +++++ +Get case activity +++++ + +Returns all user activity for the specified case. + +deprecated::[8.1.0] + +=== Request + +`GET :/api/cases//user_actions` + +`GET :/s//api/cases//user_actions` + +=== Prerequisite + +You must have `read` privileges for the *Cases* feature in the *Management*, +*{observability}*, or *Security* section of the +<>, depending on the +`owner` of the cases you're seeking. + +=== Path parameters + +``:: +(Required, string) An identifier for the case to retrieve. Use +<> to retrieve case IDs. + +``:: +(Optional, string) An identifier for the space. If it is not specified, the +default space is used. + +==== Response code + +`200`:: + Indicates a successful call. + +==== Example + +Gets all activity for case ID `a18b38a0-71b0-11ea-a0b2-c51ea50a58e2`: + +[source,sh] +-------------------------------------------------- +GET api/cases/a18b38a0-71b0-11ea-a0b2-c51ea50a58e2/user_actions +-------------------------------------------------- +// KIBANA + +The API returns a JSON object with all the activity for the case. For example: + +[source,json] +-------------------------------------------------- +[ + { + "action": "create", + "action_id": "5275af50-5e7d-11ec-9ee9-cd64f0b77b3c", + "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c", + "comment_id": null, + "created_at": "2021-12-16T14:34:48.709Z", + "created_by": { + "email": "", + "full_name": "", + "username": "elastic" + }, + "owner": "securitySolution", + "payload": { + "connector": { + "fields": null, + "id": "none", + "name": "none", + "type": ".none" + }, + "description": "migrating user actions", + "settings": { + "syncAlerts": true + }, + "status": "open", + "tags": [ + "user", + "actions" + ], + "title": "User actions", + "owner": "securitySolution" + }, + "sub_case_id": "", + "type": "create_case" + }, + { + "action": "create", + "action_id": "72e73240-5e7d-11ec-9ee9-cd64f0b77b3c", + "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c", + "comment_id": "72a03e30-5e7d-11ec-9ee9-cd64f0b77b3c", + "created_at": "2021-12-16T14:35:42.872Z", + "created_by": { + "email": "", + "full_name": "", + "username": "elastic" + }, + "owner": "securitySolution", + "payload": { + "comment": { + "comment": "a comment", + "owner": "securitySolution", + "type": "user" + } + }, + "sub_case_id": "", + "type": "comment" + }, + { + "action": "update", + "action_id": "7685b5c0-5e7d-11ec-9ee9-cd64f0b77b3c", + "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c", + "comment_id": null, + "created_at": "2021-12-16T14:35:48.826Z", + "created_by": { + "email": "", + "full_name": "", + "username": "elastic" + }, + "owner": "securitySolution", + "payload": { + "title": "User actions!" + }, + "sub_case_id": "", + "type": "title" + }, + { + "action": "update", + "action_id": "7a2d8810-5e7d-11ec-9ee9-cd64f0b77b3c", + "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c", + "comment_id": null, + "created_at": "2021-12-16T14:35:55.421Z", + "created_by": { + "email": "", + "full_name": "", + "username": "elastic" + }, + "owner": "securitySolution", + "payload": { + "description": "migrating user actions and update!" + }, + "sub_case_id": "", + "type": "description" + }, + { + "action": "update", + "action_id": "7f942160-5e7d-11ec-9ee9-cd64f0b77b3c", + "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c", + "comment_id": "72a03e30-5e7d-11ec-9ee9-cd64f0b77b3c", + "created_at": "2021-12-16T14:36:04.120Z", + "created_by": { + "email": "", + "full_name": "", + "username": "elastic" + }, + "owner": "securitySolution", + "payload": { + "comment": { + "comment": "a comment updated!", + "owner": "securitySolution", + "type": "user" + } + }, + "sub_case_id": "", + "type": "comment" + }, + { + "action": "add", + "action_id": "8591a380-5e7d-11ec-9ee9-cd64f0b77b3c", + "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c", + "comment_id": null, + "created_at": "2021-12-16T14:36:13.840Z", + "created_by": { + "email": "", + "full_name": "", + "username": "elastic" + }, + "owner": "securitySolution", + "payload": { + "tags": [ + "migration" + ] + }, + "sub_case_id": "", + "type": "tags" + }, + { + "action": "delete", + "action_id": "8591a381-5e7d-11ec-9ee9-cd64f0b77b3c", + "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c", + "comment_id": null, + "created_at": "2021-12-16T14:36:13.840Z", + "created_by": { + "email": "", + "full_name": "", + "username": "elastic" + }, + "owner": "securitySolution", + "payload": { + "tags": [ + "user" + ] + }, + "sub_case_id": "", + "type": "tags" + }, + { + "action": "update", + "action_id": "87fadb50-5e7d-11ec-9ee9-cd64f0b77b3c", + "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c", + "comment_id": null, + "created_at": "2021-12-16T14:36:17.764Z", + "created_by": { + "email": "", + "full_name": "", + "username": "elastic" + }, + "owner": "securitySolution", + "payload": { + "settings": { + "syncAlerts": false + } + }, + "sub_case_id": "", + "type": "settings" + }, + { + "action": "update", + "action_id": "89ca4420-5e7d-11ec-9ee9-cd64f0b77b3c", + "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c", + "comment_id": null, + "created_at": "2021-12-16T14:36:21.509Z", + "created_by": { + "email": "", + "full_name": "", + "username": "elastic" + }, + "owner": "securitySolution", + "payload": { + "status": "in-progress" + }, + "sub_case_id": "", + "type": "status" + }, + { + "action": "update", + "action_id": "9060aae0-5e7d-11ec-9ee9-cd64f0b77b3c", + "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c", + "comment_id": null, + "created_at": "2021-12-16T14:36:32.716Z", + "created_by": { + "email": "", + "full_name": "", + "username": "elastic" + }, + "owner": "securitySolution", + "payload": { + "connector": { + "fields": { + "issueType": "10001", + "parent": null, + "priority": "High" + }, + "id": "6773fba0-5e7d-11ec-9ee9-cd64f0b77b3c", + "name": "Jira", + "type": ".jira" + } + }, + "sub_case_id": "", + "type": "connector" + }, + { + "action": "push_to_service", + "action_id": "988579d0-5e7d-11ec-9ee9-cd64f0b77b3c", + "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c", + "comment_id": null, + "created_at": "2021-12-16T14:36:46.443Z", + "created_by": { + "email": "", + "full_name": "", + "username": "elastic" + }, + "owner": "securitySolution", + "payload": { + "externalService": { + "connector_id": "6773fba0-5e7d-11ec-9ee9-cd64f0b77b3c", + "connector_name": "Jira", + "external_id": "26225", + "external_title": "CASES-229", + "external_url": "https://example.com/browse/CASES-229", + "pushed_at": "2021-12-16T14:36:46.443Z", + "pushed_by": { + "email": "", + "full_name": "", + "username": "elastic" + } + } + }, + "sub_case_id": "", + "type": "pushed" + }, + { + "action": "update", + "action_id": "bcb76020-5e7d-11ec-9ee9-cd64f0b77b3c", + "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c", + "comment_id": null, + "created_at": "2021-12-16T14:37:46.863Z", + "created_by": { + "email": "", + "full_name": "", + "username": "elastic" + }, + "owner": "securitySolution", + "payload": { + "connector": { + "fields": { + "incidentTypes": [ + "17", + "4" + ], + "severityCode": "5" + }, + "id": "b3214df0-5e7d-11ec-9ee9-cd64f0b77b3c", + "name": "IBM", + "type": ".resilient" + } + }, + "sub_case_id": "", + "type": "connector" + }, + { + "action": "push_to_service", + "action_id": "c0338e90-5e7d-11ec-9ee9-cd64f0b77b3c", + "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c", + "comment_id": null, + "created_at": "2021-12-16T14:37:53.016Z", + "created_by": { + "email": "", + "full_name": "", + "username": "elastic" + }, + "owner": "securitySolution", + "payload": { + "externalService": { + "connector_id": "b3214df0-5e7d-11ec-9ee9-cd64f0b77b3c", + "connector_name": "IBM", + "external_id": "17574", + "external_title": "17574", + "external_url": "https://example.com/#incidents/17574", + "pushed_at": "2021-12-16T14:37:53.016Z", + "pushed_by": { + "email": "", + "full_name": "", + "username": "elastic" + } + } + }, + "sub_case_id": "", + "type": "pushed" + }, + { + "action": "update", + "action_id": "c5b6d7a0-5e7d-11ec-9ee9-cd64f0b77b3c", + "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c", + "comment_id": null, + "created_at": "2021-12-16T14:38:01.895Z", + "created_by": { + "email": "", + "full_name": "", + "username": "elastic" + }, + "owner": "securitySolution", + "payload": { + "connector": { + "fields": { + "issueType": "10001", + "parent": null, + "priority": "Lowest" + }, + "id": "6773fba0-5e7d-11ec-9ee9-cd64f0b77b3c", + "name": "Jira", + "type": ".jira" + } + }, + "sub_case_id": "", + "type": "connector" + }, + { + "action": "create", + "action_id": "ca8f61c0-5e7d-11ec-9ee9-cd64f0b77b3c", + "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c", + "comment_id": "ca1d17f0-5e7d-11ec-9ee9-cd64f0b77b3c", + "created_at": "2021-12-16T14:38:09.649Z", + "created_by": { + "email": "", + "full_name": "", + "username": "elastic" + }, + "owner": "securitySolution", + "payload": { + "comment": { + "comment": "and another comment!", + "owner": "securitySolution", + "type": "user" + } + }, + "sub_case_id": "", + "type": "comment" + } + ] +-------------------------------------------------- \ No newline at end of file diff --git a/docs/api/cases/cases-api-get-tags.asciidoc b/docs/api/cases/cases-api-get-tags.asciidoc new file mode 100644 index 0000000000000..b97fa23df06e8 --- /dev/null +++ b/docs/api/cases/cases-api-get-tags.asciidoc @@ -0,0 +1,64 @@ +[[cases-api-get-tag]] +== Get tags API +++++ +Get tags +++++ + +Aggregates and returns all unique tags from all cases. + +=== Request + +`GET :/api/cases/tags` + +`GET :/s//api/cases/tags` + +=== Prerequisite + +You must have `read` privileges for the *Cases* feature in the *Management*, +*{observability}*, or *Security* section of the +<>, depending on the +`owner` of the cases you're seeking. + +=== Path parameters + +``:: +(Required, string) An identifier for the case to retrieve. Use +<> to retrieve case IDs. + +``:: +(Optional, string) An identifier for the space. If it is not specified, the +default space is used. + +=== Query parameters + +`owner`:: +(Optional, string) Specifies the set of applications to limit the retrieved +tags. If not specified, the response contains all tags that the user has access +to read. + +==== Response code + +`200`:: + Indicates a successful call. + +==== Example + +Gets all tags for all cases: + +[source,sh] +-------------------------------------------------- +GET api/cases/tags +-------------------------------------------------- +// KIBANA + +The API returns a JSON object with all tags for all cases. For example: + +[source,json] +-------------------------------------------------- +[ + "windows", + "phishing", + "social engineering", + "bubblegum" +] +-------------------------------------------------- \ No newline at end of file diff --git a/docs/developer/advanced/sharing-saved-objects.asciidoc b/docs/developer/advanced/sharing-saved-objects.asciidoc index 59bab55724089..69ffab1910b5e 100644 --- a/docs/developer/advanced/sharing-saved-objects.asciidoc +++ b/docs/developer/advanced/sharing-saved-objects.asciidoc @@ -447,13 +447,17 @@ const shareToSpaceFlyoutProps: ShareToSpaceFlyoutProps = { onClose: () => setShowFlyout(false), }; +const canAssignSpaces = !capabilities || !!capabilities.savedObjectsManagement.shareIntoSpace; +const clickProperties = canAssignSpaces + ? { cursorStyle: 'pointer', listOnClick: () => setShowFlyout(true) } + : { cursorStyle: 'not-allowed' }; return ( <> - listOnClick={() => setShowFlyout(true)} + {...clickProperties} /> {showFlyout && } diff --git a/docs/setup/settings.asciidoc b/docs/setup/settings.asciidoc index 23487f1ff3d88..b0f238124a008 100644 --- a/docs/setup/settings.asciidoc +++ b/docs/setup/settings.asciidoc @@ -675,7 +675,7 @@ out through *Advanced Settings*. *Default: `true`* sources and images. When false, Vega can only get data from {es}. *Default: `false`* | `xpack.ccr.ui.enabled` -Set this value to false to disable the Cross-Cluster Replication UI. +| Set this value to false to disable the Cross-Cluster Replication UI. *Default: `true`* |[[settings-explore-data-in-context]] `xpack.discoverEnhanced.actions.` diff --git a/package.json b/package.json index 8552d400e412c..d809bb2e025f7 100644 --- a/package.json +++ b/package.json @@ -11,7 +11,7 @@ "dashboarding" ], "private": true, - "version": "8.2.0", + "version": "8.3.0", "branch": "main", "types": "./kibana.d.ts", "tsdocMetadata": "./build/tsdoc-metadata.json", diff --git a/src/core/public/mocks.ts b/src/core/public/mocks.ts index 6399b55c8a894..855e3e6c18345 100644 --- a/src/core/public/mocks.ts +++ b/src/core/public/mocks.ts @@ -26,10 +26,11 @@ import { savedObjectsServiceMock } from './saved_objects/saved_objects_service.m import { injectedMetadataServiceMock } from './injected_metadata/injected_metadata_service.mock'; import { deprecationsServiceMock } from './deprecations/deprecations_service.mock'; import { themeServiceMock } from './theme/theme_service.mock'; +import { executionContextServiceMock } from './execution_context/execution_context_service.mock'; export { chromeServiceMock } from './chrome/chrome_service.mock'; export { docLinksServiceMock } from './doc_links/doc_links_service.mock'; -import { executionContextServiceMock } from './execution_context/execution_context_service.mock'; +export { executionContextServiceMock } from './execution_context/execution_context_service.mock'; export { fatalErrorsServiceMock } from './fatal_errors/fatal_errors_service.mock'; export { httpServiceMock } from './http/http_service.mock'; export { i18nServiceMock } from './i18n/i18n_service.mock'; diff --git a/src/core/server/saved_objects/migrations/integration_tests/type_registrations.test.ts b/src/core/server/saved_objects/migrations/integration_tests/type_registrations.test.ts index 7f8d10b50edf5..96ce7a1fdc097 100644 --- a/src/core/server/saved_objects/migrations/integration_tests/type_registrations.test.ts +++ b/src/core/server/saved_objects/migrations/integration_tests/type_registrations.test.ts @@ -56,6 +56,7 @@ const previouslyRegisteredTypes = [ 'fleet-preconfiguration-deletion-record', 'graph-workspace', 'index-pattern', + 'infrastructure-monitoring-log-view', 'infrastructure-ui-source', 'ingest-agent-policies', 'ingest-outputs', diff --git a/src/core/server/saved_objects/validation/integration_tests/validator.test.ts b/src/core/server/saved_objects/validation/integration_tests/validator.test.ts index 21e8973769710..41b23f917afd2 100644 --- a/src/core/server/saved_objects/validation/integration_tests/validator.test.ts +++ b/src/core/server/saved_objects/validation/integration_tests/validator.test.ts @@ -191,7 +191,7 @@ describe('validates saved object types when a schema is provided', () => { { migrationVersion: { foo: '7.16.0' } } ); }).rejects.toThrowErrorMatchingInlineSnapshot( - `"Migration function for version 8.2.0 threw an error"` + `"Migration function for version 8.3.0 threw an error"` ); }); diff --git a/src/core/server/status/plugins_status.test.ts b/src/core/server/status/plugins_status.test.ts index c07624826ff83..8130698379eda 100644 --- a/src/core/server/status/plugins_status.test.ts +++ b/src/core/server/status/plugins_status.test.ts @@ -285,6 +285,32 @@ describe('PluginStatusService', () => { ]); }); + it('updates when a plugin status observable emits with the same level but a different summary', async () => { + const service = new PluginsStatusService({ + core$: coreAllAvailable$, + pluginDependencies: new Map([['a', []]]), + }); + const statusUpdates: Array> = []; + const subscription = service + .getAll$() + // the first emission happens right after core services emit (see explanation above) + .pipe(skip(1)) + .subscribe((pluginStatuses) => statusUpdates.push(pluginStatuses)); + + const aStatus$ = new BehaviorSubject({ + level: ServiceStatusLevels.available, + summary: 'summary initial', + }); + service.set('a', aStatus$); + aStatus$.next({ level: ServiceStatusLevels.available, summary: 'summary updated' }); + subscription.unsubscribe(); + + expect(statusUpdates).toEqual([ + { a: { level: ServiceStatusLevels.available, summary: 'summary initial' } }, + { a: { level: ServiceStatusLevels.available, summary: 'summary updated' } }, + ]); + }); + it('emits an unavailable status if first emission times out, then continues future emissions', async () => { const service = new PluginsStatusService( { diff --git a/src/core/server/status/plugins_status.ts b/src/core/server/status/plugins_status.ts index 8d042d4cba3f9..d77529f06ddec 100644 --- a/src/core/server/status/plugins_status.ts +++ b/src/core/server/status/plugins_status.ts @@ -71,7 +71,12 @@ export class PluginsStatusService { this.coreSubscription = deps.core$ .pipe(debounceTime(10)) - .subscribe((coreStatus: CoreStatus) => this.updateCoreAndPluginStatuses(coreStatus)); + .subscribe((coreStatus: CoreStatus) => { + this.coreStatus = coreStatus; + this.updateRootPluginsStatuses(); + this.updateDependantStatuses(this.rootPlugins); + this.emitCurrentStatus(); + }); } /** @@ -96,8 +101,19 @@ export class PluginsStatusService { this.reportedStatusSubscriptions[plugin] = status$ // Set a timeout for externally-defined status Observables - .pipe(timeoutWith(this.statusTimeoutMs, status$.pipe(startWith(defaultStatus)))) - .subscribe((status) => this.updatePluginReportedStatus(plugin, status)); + .pipe( + timeoutWith(this.statusTimeoutMs, status$.pipe(startWith(defaultStatus))), + distinctUntilChanged() + ) + .subscribe((status) => { + const levelChanged = this.updatePluginReportedStatus(plugin, status); + + if (levelChanged) { + this.updateDependantStatuses([plugin]); + } + + this.emitCurrentStatus(); + }); } /** @@ -233,16 +249,14 @@ export class PluginsStatusService { } /** - * Updates the core services statuses and plugins' statuses - * according to the latest status reported by core services. - * @param {CoreStatus} coreStatus the latest status of core services + * Updates the root plugins statuses according to the current core services status */ - private updateCoreAndPluginStatuses(coreStatus: CoreStatus): void { - this.coreStatus = coreStatus!; + private updateRootPluginsStatuses(): void { const derivedStatus = getSummaryStatus(Object.entries(this.coreStatus), { allAvailableSummary: `All dependencies are available`, }); + // note that the derived status is the same for all root plugins this.rootPlugins.forEach((plugin) => { this.pluginData[plugin].derivedStatus = derivedStatus; if (!this.isReportingStatus[plugin]) { @@ -250,18 +264,18 @@ export class PluginsStatusService { this.pluginStatus[plugin] = derivedStatus; } }); - - this.updatePluginsStatuses(this.rootPlugins); } /** - * Determine the derived statuses of the specified plugins and their dependencies, - * updating them on the pluginData structure - * Optionally, if the plugins have not registered a custom status Observable, update their "current" status as well. - * @param {PluginName[]} plugins The names of the plugins to be updated + * Update the derived statuses of the specified plugins' dependant plugins, + * If impacted plugins have not registered a custom status Observable, update their "current" status as well. + * @param {PluginName[]} plugins The names of the plugins whose dependant plugins must be updated */ - private updatePluginsStatuses(plugins: PluginName[]): void { - const toCheck = new Set(plugins); + private updateDependantStatuses(plugins: PluginName[]): void { + const toCheck = new Set(); + plugins.forEach((plugin) => + this.pluginData[plugin].reverseDependencies.forEach((revDep) => toCheck.add(revDep)) + ); // Note that we are updating the plugins in an ordered fashion. // This way, when updating plugin X (at depth = N), @@ -276,9 +290,6 @@ export class PluginsStatusService { this.pluginData[current].reverseDependencies.forEach((revDep) => toCheck.add(revDep)); } } - - this.pluginData$.next(this.pluginData); - this.pluginStatus$.next({ ...this.pluginStatus }); } /** @@ -328,15 +339,23 @@ export class PluginsStatusService { * Updates the reported status for the given plugin, along with the status of its dependencies tree. * @param {PluginName} plugin The name of the plugin whose reported status must be updated * @param {ServiceStatus} reportedStatus The newly reported status for that plugin + * @return {boolean} true if the level of the reported status changed */ - private updatePluginReportedStatus(plugin: PluginName, reportedStatus: ServiceStatus): void { - const previousReportedLevel = this.pluginData[plugin].reportedStatus?.level; + private updatePluginReportedStatus(plugin: PluginName, reportedStatus: ServiceStatus): boolean { + const previousReportedStatus = this.pluginData[plugin].reportedStatus; this.pluginData[plugin].reportedStatus = reportedStatus; this.pluginStatus[plugin] = reportedStatus; - if (reportedStatus.level !== previousReportedLevel) { - this.updatePluginsStatuses([plugin]); - } + return previousReportedStatus?.level !== reportedStatus.level; + } + + /** + * Emit the current status to internal Subjects, effectively propagating it to observers. + */ + private emitCurrentStatus(): void { + this.pluginData$.next(this.pluginData); + // we must clone the plugin status to prevent future modifications from updating current emission + this.pluginStatus$.next({ ...this.pluginStatus }); } } diff --git a/src/plugins/chart_expressions/expression_gauge/common/expression_functions/__snapshots__/gauge_function.test.ts.snap b/src/plugins/chart_expressions/expression_gauge/common/expression_functions/__snapshots__/gauge_function.test.ts.snap index 5bb924a71a2a1..bb2fe700f6f19 100644 --- a/src/plugins/chart_expressions/expression_gauge/common/expression_functions/__snapshots__/gauge_function.test.ts.snap +++ b/src/plugins/chart_expressions/expression_gauge/common/expression_functions/__snapshots__/gauge_function.test.ts.snap @@ -49,6 +49,7 @@ Object { "min": "col-1-2", "palette": undefined, "percentageMode": false, + "respectRanges": false, "shape": "arc", "ticksPosition": "auto", }, @@ -100,6 +101,7 @@ Object { "min": "col-1-2", "palette": undefined, "percentageMode": false, + "respectRanges": false, "shape": "arc", "ticksPosition": "auto", }, @@ -149,6 +151,7 @@ Object { "min": "col-1-2", "palette": undefined, "percentageMode": false, + "respectRanges": false, "shape": "horizontalBullet", "ticksPosition": "auto", }, @@ -198,6 +201,7 @@ Object { "min": "col-1-2", "palette": undefined, "percentageMode": false, + "respectRanges": false, "shape": "horizontalBullet", "ticksPosition": "auto", }, @@ -247,6 +251,7 @@ Object { "min": "col-1-2", "palette": undefined, "percentageMode": false, + "respectRanges": false, "shape": "horizontalBullet", "ticksPosition": "bands", }, @@ -298,6 +303,7 @@ Object { "min": "col-1-2", "palette": undefined, "percentageMode": false, + "respectRanges": false, "shape": "circle", "ticksPosition": "auto", }, @@ -349,6 +355,7 @@ Object { "min": "col-1-2", "palette": undefined, "percentageMode": false, + "respectRanges": false, "shape": "circle", "ticksPosition": "auto", }, @@ -398,6 +405,7 @@ Object { "min": "col-1-2", "palette": undefined, "percentageMode": false, + "respectRanges": false, "shape": "horizontalBullet", "ticksPosition": "auto", }, @@ -447,6 +455,7 @@ Object { "min": "col-1-2", "palette": undefined, "percentageMode": false, + "respectRanges": false, "shape": "horizontalBullet", "ticksPosition": "hidden", }, @@ -496,6 +505,7 @@ Object { "min": "col-1-2", "palette": undefined, "percentageMode": false, + "respectRanges": false, "shape": "horizontalBullet", "ticksPosition": "auto", }, @@ -545,6 +555,7 @@ Object { "min": "col-1-2", "palette": undefined, "percentageMode": false, + "respectRanges": false, "shape": "horizontalBullet", "ticksPosition": "auto", }, @@ -594,6 +605,7 @@ Object { "min": "col-1-2", "palette": undefined, "percentageMode": false, + "respectRanges": false, "shape": "horizontalBullet", "ticksPosition": "auto", }, @@ -643,6 +655,7 @@ Object { "min": "col-1-2", "palette": undefined, "percentageMode": false, + "respectRanges": false, "shape": "horizontalBullet", "ticksPosition": "auto", }, @@ -692,6 +705,7 @@ Object { "min": "col-1-2", "palette": undefined, "percentageMode": false, + "respectRanges": false, "shape": "verticalBullet", "ticksPosition": "auto", }, diff --git a/src/plugins/chart_expressions/expression_gauge/common/expression_functions/gauge_function.ts b/src/plugins/chart_expressions/expression_gauge/common/expression_functions/gauge_function.ts index ba40821948526..c2ce20163e86a 100644 --- a/src/plugins/chart_expressions/expression_gauge/common/expression_functions/gauge_function.ts +++ b/src/plugins/chart_expressions/expression_gauge/common/expression_functions/gauge_function.ts @@ -160,6 +160,13 @@ export const gaugeFunction = (): GaugeExpressionFunctionDefinition => ({ defaultMessage: 'Enables relative precentage mode', }), }, + respectRanges: { + types: ['boolean'], + default: false, + help: i18n.translate('expressionGauge.functions.gauge.respectRanges.help', { + defaultMessage: 'Respect max and min values from ranges', + }), + }, commonLabel: { types: ['string'], help: i18n.translate('expressionGauge.functions.gauge.args.commonLabel.help', { @@ -173,7 +180,6 @@ export const gaugeFunction = (): GaugeExpressionFunctionDefinition => ({ }), }, }, - fn(data, args, handlers) { validateAccessor(args.metric, data.columns); validateAccessor(args.min, data.columns); diff --git a/src/plugins/chart_expressions/expression_gauge/common/types/expression_functions.ts b/src/plugins/chart_expressions/expression_gauge/common/types/expression_functions.ts index b6add118a6747..b2696acda6c7d 100644 --- a/src/plugins/chart_expressions/expression_gauge/common/types/expression_functions.ts +++ b/src/plugins/chart_expressions/expression_gauge/common/types/expression_functions.ts @@ -47,6 +47,7 @@ export interface GaugeState { shape: GaugeShape; /** @deprecated This field is deprecated and going to be removed in the futher release versions. */ percentageMode?: boolean; + respectRanges?: boolean; commonLabel?: string; } diff --git a/src/plugins/chart_expressions/expression_gauge/public/components/gauge_component.tsx b/src/plugins/chart_expressions/expression_gauge/public/components/gauge_component.tsx index 8258063dfdd69..efaea7dd24954 100644 --- a/src/plugins/chart_expressions/expression_gauge/public/components/gauge_component.tsx +++ b/src/plugins/chart_expressions/expression_gauge/public/components/gauge_component.tsx @@ -303,8 +303,8 @@ export const GaugeComponent: FC = memo( } const goal = accessors.goal ? getValueFromAccessor(accessors.goal, row) : undefined; - const min = getMinValue(row, accessors); - const max = getMaxValue(row, accessors); + const min = getMinValue(row, accessors, palette?.params, args.respectRanges); + const max = getMaxValue(row, accessors, palette?.params, args.respectRanges); if (min === max) { return ( diff --git a/src/plugins/chart_expressions/expression_gauge/public/components/utils/accessors.test.ts b/src/plugins/chart_expressions/expression_gauge/public/components/utils/accessors.test.ts index 966916e8bacaf..10100ca84065b 100644 --- a/src/plugins/chart_expressions/expression_gauge/public/components/utils/accessors.test.ts +++ b/src/plugins/chart_expressions/expression_gauge/public/components/utils/accessors.test.ts @@ -46,6 +46,10 @@ describe('expression gauge utils', () => { expect(getMaxValue({ min: 0 }, localAccessors)).toEqual(100); expect(getMaxValue({}, localAccessors)).toEqual(100); }); + it('returns correct value if isRespectRanges is true and color palette was provided', () => { + expect(getMaxValue({ metric: 10 }, accessors, { rangeMax: 5 }, true)).toEqual(10); + expect(getMaxValue({ metric: 2 }, accessors, { rangeMax: 5 }, true)).toEqual(5); + }); it('returns correct value for multiple cases', () => { const localAccessors = { ...accessors, max: 'max' }; expect(getMaxValue({ metric: 10 }, localAccessors)).toEqual(15); @@ -76,6 +80,13 @@ describe('expression gauge utils', () => { expect(getMinValue({ metric: -1000 }, localAccessors)).toEqual(-1010); expect(getMinValue({ max: 1000, metric: 1.5 }, localAccessors)).toEqual(0); }); + it('returns correct value if isRespectRanges is true and color palette was provided', () => { + const accessors = { + metric: 'metric', + }; + expect(getMinValue({ metric: 10 }, accessors, { rangeMin: 5 }, true)).toEqual(5); + expect(getMinValue({ metric: 2 }, accessors, { rangeMin: 5 }, true)).toEqual(2); + }); }); describe('getGoalValue', () => { it('returns correct value', () => { diff --git a/src/plugins/chart_expressions/expression_gauge/public/components/utils/accessors.ts b/src/plugins/chart_expressions/expression_gauge/public/components/utils/accessors.ts index 8848c7646a5f0..31a2ff61ceaa7 100644 --- a/src/plugins/chart_expressions/expression_gauge/public/components/utils/accessors.ts +++ b/src/plugins/chart_expressions/expression_gauge/public/components/utils/accessors.ts @@ -8,7 +8,7 @@ import type { DatatableColumn, DatatableRow } from 'src/plugins/expressions'; import { getAccessorByDimension } from '../../../../../visualizations/common/utils'; -import { Accessors, GaugeArguments } from '../../../common'; +import { Accessors, GaugeArguments, CustomPaletteParams } from '../../../common'; export const getValueFromAccessor = ( accessor: string, @@ -54,17 +54,30 @@ function getNiceNumber(localRange: number) { return niceFraction * Math.pow(10, exponent); } -export const getMaxValue = (row?: DatatableRow, accessors?: Accessors): number => { +export const getMaxValue = ( + row?: DatatableRow, + accessors?: Accessors, + paletteParams?: CustomPaletteParams, + isRespectRanges?: boolean +): number => { const FALLBACK_VALUE = 100; const currentValue = accessors?.max ? getValueFromAccessor(accessors.max, row) : undefined; if (currentValue !== undefined && currentValue !== null) { return currentValue; } + + if (isRespectRanges && paletteParams?.rangeMax) { + const metricValue = accessors?.metric ? getValueFromAccessor(accessors.metric, row) : undefined; + return !metricValue || metricValue < paletteParams?.rangeMax + ? paletteParams?.rangeMax + : metricValue; + } + if (row && accessors) { const { metric, goal } = accessors; const metricValue = metric && row[metric]; const goalValue = goal && row[goal]; - const minValue = getMinValue(row, accessors); + const minValue = getMinValue(row, accessors, paletteParams, isRespectRanges); if (metricValue != null) { const numberValues = [minValue, goalValue, metricValue].filter((v) => typeof v === 'number'); const maxValue = Math.max(...numberValues); @@ -74,11 +87,24 @@ export const getMaxValue = (row?: DatatableRow, accessors?: Accessors): number = return FALLBACK_VALUE; }; -export const getMinValue = (row?: DatatableRow, accessors?: Accessors) => { +export const getMinValue = ( + row?: DatatableRow, + accessors?: Accessors, + paletteParams?: CustomPaletteParams, + isRespectRanges?: boolean +) => { const currentValue = accessors?.min ? getValueFromAccessor(accessors.min, row) : undefined; if (currentValue !== undefined && currentValue !== null) { return currentValue; } + + if (isRespectRanges && paletteParams?.rangeMin) { + const metricValue = accessors?.metric ? getValueFromAccessor(accessors.metric, row) : undefined; + return !metricValue || metricValue > paletteParams?.rangeMin + ? paletteParams?.rangeMin + : metricValue; + } + const FALLBACK_VALUE = 0; if (row && accessors) { const { metric, max } = accessors; diff --git a/src/plugins/controls/public/control_group/control_group.scss b/src/plugins/controls/public/control_group/control_group.scss index bd8974a4b7b06..efcb3d7af810a 100644 --- a/src/plugins/controls/public/control_group/control_group.scss +++ b/src/plugins/controls/public/control_group/control_group.scss @@ -7,36 +7,9 @@ $controlMinWidth: $euiSize * 14; min-height: $euiSize * 4; } -.controlsWrapper { - &--empty { - display: flex; - @include euiBreakpoint('m', 'l', 'xl') { - .addControlButton { - text-align: center; - } - .emptyStateText { - padding-left: $euiSize * 2; - } - height: $euiSize * 4; - overflow: hidden; - } - @include euiBreakpoint('xs', 's') { - .addControlButton { - text-align: center; - } - .emptyStateText { - text-align: center; - } - .controlsIllustration__container { - margin-bottom: 0 !important; - } - } - } - - &--twoLine { - .groupEditActions { - padding-top: $euiSize; - } +.controlsWrapper--twoLine { + .groupEditActions { + padding-top: $euiSize; } } @@ -75,7 +48,8 @@ $controlMinWidth: $euiSize * 14; @include euiFontSizeXS; } - .controlFrame__formControlLayout, .controlFrame__draggable { + .controlFrame__formControlLayout, + .controlFrame__draggable { .controlFrame__dragHandle { cursor: grabbing; } @@ -83,7 +57,7 @@ $controlMinWidth: $euiSize * 14; } .controlFrame__labelToolTip { - max-width: 50%; + max-width: 40%; } .controlFrameWrapper { @@ -105,7 +79,7 @@ $controlMinWidth: $euiSize * 14; .controlFrame__formControlLayout { width: 100%; min-width: $controlMinWidth; - transition:background-color .1s, color .1s; + transition: background-color .1s, color .1s; &Label { @include euiTextTruncate; @@ -163,7 +137,6 @@ $controlMinWidth: $euiSize * 14; &--insertBefore { .controlFrame__formControlLayout:after { left: -$euiSizeXS - 1; - } } @@ -184,7 +157,7 @@ $controlMinWidth: $euiSize * 14; position: absolute; &--oneLine { - right:$euiSizeXS; + right: $euiSizeXS; top: -$euiSizeL; padding: $euiSizeXS; border-radius: $euiBorderRadius; @@ -193,14 +166,14 @@ $controlMinWidth: $euiSize * 14; } &--twoLine { - right:$euiSizeXS; + right: $euiSizeXS; top: -$euiSizeXS; } } &:hover { .controlFrameFloatingActions { - transition:visibility .1s, opacity .1s; + transition: visibility .1s, opacity .1s; visibility: visible; opacity: 1; } @@ -224,4 +197,4 @@ $controlMinWidth: $euiSize * 14; } } } -} \ No newline at end of file +} diff --git a/src/plugins/controls/public/control_group/embeddable/control_group_chaining_system.ts b/src/plugins/controls/public/control_group/embeddable/control_group_chaining_system.ts index f0acf9ca811e8..6f0f3e1a23218 100644 --- a/src/plugins/controls/public/control_group/embeddable/control_group_chaining_system.ts +++ b/src/plugins/controls/public/control_group/embeddable/control_group_chaining_system.ts @@ -67,7 +67,7 @@ export const ControlGroupChainingSystems: { const nextOrder = childOrder.IdsToOrder[childOutputChangedId] + 1; if (nextOrder >= childOrder.idsInOrder.length) return; setTimeout( - () => getChild(childOrder.idsInOrder[nextOrder]).refreshInputFromParent(), + () => getChild(childOrder.idsInOrder[nextOrder])?.refreshInputFromParent(), 1 // run on next tick ); }, diff --git a/src/plugins/controls/public/control_group/embeddable/control_group_container.tsx b/src/plugins/controls/public/control_group/embeddable/control_group_container.tsx index 064dfb8a0d7a1..7abcfbb5af6a3 100644 --- a/src/plugins/controls/public/control_group/embeddable/control_group_container.tsx +++ b/src/plugins/controls/public/control_group/embeddable/control_group_container.tsx @@ -296,6 +296,19 @@ export class ControlGroupContainer extends Container< } as ControlPanelState; } + protected onRemoveEmbeddable(idToRemove: string) { + const newPanels = super.onRemoveEmbeddable(idToRemove) as ControlsPanels; + const removedOrder = this.childOrderCache.IdsToOrder[idToRemove]; + for (let i = removedOrder + 1; i < this.childOrderCache.idsInOrder.length; i++) { + const currentOrder = newPanels[this.childOrderCache.idsInOrder[i]].order; + newPanels[this.childOrderCache.idsInOrder[i]] = { + ...newPanels[this.childOrderCache.idsInOrder[i]], + order: currentOrder - 1, + }; + } + return newPanels; + } + protected getInheritedInput(id: string): ControlInput { const { filters, query, ignoreParentSettings, timeRange, chainingSystem } = this.getInput(); diff --git a/src/plugins/controls/public/control_types/options_list/options_list_embeddable_factory.tsx b/src/plugins/controls/public/control_types/options_list/options_list_embeddable_factory.tsx index 8c6b533fa06e9..9548c45cadd4e 100644 --- a/src/plugins/controls/public/control_types/options_list/options_list_embeddable_factory.tsx +++ b/src/plugins/controls/public/control_types/options_list/options_list_embeddable_factory.tsx @@ -51,7 +51,7 @@ export class OptionsListEmbeddableFactory public isEditable = () => Promise.resolve(false); public getDisplayName = () => OptionsListStrings.getDisplayName(); - public getIconType = () => 'list'; + public getIconType = () => 'editorChecklist'; public getDescription = () => OptionsListStrings.getDescription(); public inject = createOptionsListInject(); diff --git a/src/plugins/controls/public/control_types/range_slider/range_slider.scss b/src/plugins/controls/public/control_types/range_slider/range_slider.scss index 82d892cd0b9c5..d1a360b465962 100644 --- a/src/plugins/controls/public/control_types/range_slider/range_slider.scss +++ b/src/plugins/controls/public/control_types/range_slider/range_slider.scss @@ -31,6 +31,7 @@ .rangeSliderAnchor__delimiter { background-color: unset; + padding: $euiSizeS*1.5 0; } .rangeSliderAnchor__fieldNumber { font-weight: $euiFontWeightBold; diff --git a/src/plugins/controls/public/control_types/range_slider/range_slider_editor.tsx b/src/plugins/controls/public/control_types/range_slider/range_slider_editor.tsx index d2dbef62f2b0f..bb8d58a1e51d2 100644 --- a/src/plugins/controls/public/control_types/range_slider/range_slider_editor.tsx +++ b/src/plugins/controls/public/control_types/range_slider/range_slider_editor.tsx @@ -35,6 +35,8 @@ export const RangeSliderEditor = ({ initialInput, setValidState, setDefaultTitle, + getRelevantDataViewId, + setLastUsedDataViewId, }: ControlEditorProps) => { // Controls Services Context const { dataViews } = pluginServices.getHooks(); @@ -50,7 +52,8 @@ export const RangeSliderEditor = ({ if (state.fieldName) setDefaultTitle(state.fieldName); (async () => { const dataViewListItems = await getIdsWithTitle(); - const initialId = initialInput?.dataViewId ?? (await getDefaultId()); + const initialId = + initialInput?.dataViewId ?? getRelevantDataViewId?.() ?? (await getDefaultId()); let dataView: DataView | undefined; if (initialId) { onChange({ dataViewId: initialId }); @@ -77,6 +80,7 @@ export const RangeSliderEditor = ({ dataViews={state.dataViewListItems} selectedDataViewId={dataView?.id} onChangeDataViewId={(dataViewId) => { + setLastUsedDataViewId?.(dataViewId); onChange({ dataViewId }); get(dataViewId).then((newDataView) => setState((s) => ({ ...s, dataView: newDataView })) diff --git a/src/plugins/controls/public/control_types/range_slider/range_slider_embeddable.tsx b/src/plugins/controls/public/control_types/range_slider/range_slider_embeddable.tsx index ef4bc41abeefc..965eb2da18e93 100644 --- a/src/plugins/controls/public/control_types/range_slider/range_slider_embeddable.tsx +++ b/src/plugins/controls/public/control_types/range_slider/range_slider_embeddable.tsx @@ -264,8 +264,10 @@ export class RangeSliderEmbeddable extends Embeddable { const { value: [selectedMin, selectedMax] = ['', ''], ignoreParentSettings } = this.getInput(); + const availableMin = this.componentState.min; + const availableMax = this.componentState.max; - const hasData = !isEmpty(this.componentState.min) && !isEmpty(this.componentState.max); + const hasData = !isEmpty(availableMin) && !isEmpty(availableMax); const hasLowerSelection = !isEmpty(selectedMin); const hasUpperSelection = !isEmpty(selectedMax); const hasEitherSelection = hasLowerSelection || hasUpperSelection; @@ -275,9 +277,9 @@ export class RangeSliderEmbeddable extends Embeddable parseFloat(selectedMax); const isLowerSelectionOutOfRange = - hasLowerSelection && parseFloat(selectedMin) > parseFloat(this.componentState.max); + hasLowerSelection && parseFloat(selectedMin) > parseFloat(availableMax); const isUpperSelectionOutOfRange = - hasUpperSelection && parseFloat(selectedMax) < parseFloat(this.componentState.min); + hasUpperSelection && parseFloat(selectedMax) < parseFloat(availableMin); const isSelectionOutOfRange = (!ignoreParentSettings?.ignoreValidations && hasData && isLowerSelectionOutOfRange) || isUpperSelectionOutOfRange; @@ -292,15 +294,18 @@ export class RangeSliderEmbeddable extends Embeddable = ({ className="rangeSliderAnchor__button" data-test-subj={`range-slider-control-${id}`} > - + = ({ panelClassName="rangeSlider__panelOverride" closePopover={() => setIsPopoverOpen(false)} anchorPosition="downCenter" - initialFocus={false} - repositionOnScroll + attachToAnchor={false} disableFocusTrap onPanelResize={() => { if (rangeRef?.current) { @@ -192,6 +191,7 @@ export const RangeSliderPopover: FC = ({ className="rangeSlider__actions" gutterSize="none" data-test-subj="rangeSlider-control-actions" + responsive={false} > ) => { // Controls Services Context const { dataViews } = pluginServices.getHooks(); @@ -49,7 +51,8 @@ export const TimeSliderEditor = ({ if (state.fieldName) setDefaultTitle(state.fieldName); (async () => { const dataViewListItems = await getIdsWithTitle(); - const initialId = initialInput?.dataViewId ?? (await getDefaultId()); + const initialId = + initialInput?.dataViewId ?? getRelevantDataViewId?.() ?? (await getDefaultId()); let dataView: DataView | undefined; if (initialId) { onChange({ dataViewId: initialId }); @@ -76,6 +79,7 @@ export const TimeSliderEditor = ({ dataViews={state.dataViewListItems} selectedDataViewId={dataView?.id} onChangeDataViewId={(dataViewId) => { + setLastUsedDataViewId?.(dataViewId); onChange({ dataViewId }); get(dataViewId).then((newDataView) => setState((s) => ({ ...s, dataView: newDataView })) diff --git a/src/plugins/controls/public/control_types/time_slider/time_slider_embeddable_factory.tsx b/src/plugins/controls/public/control_types/time_slider/time_slider_embeddable_factory.tsx index d1bd1508a45cb..23003a9e90641 100644 --- a/src/plugins/controls/public/control_types/time_slider/time_slider_embeddable_factory.tsx +++ b/src/plugins/controls/public/control_types/time_slider/time_slider_embeddable_factory.tsx @@ -53,6 +53,7 @@ export class TimesliderEmbeddableFactory public isEditable = () => Promise.resolve(false); public getDisplayName = () => TimeSliderStrings.getDisplayName(); + public getIconType = () => 'clock'; public getDescription = () => TimeSliderStrings.getDescription(); public inject = createOptionsListInject(); diff --git a/src/plugins/controls/public/controls_callout/controls_callout.scss b/src/plugins/controls/public/controls_callout/controls_callout.scss new file mode 100644 index 0000000000000..e0f7e1481d156 --- /dev/null +++ b/src/plugins/controls/public/controls_callout/controls_callout.scss @@ -0,0 +1,36 @@ +@include euiBreakpoint('xs', 's') { + .controlsIllustration { + display: none; + } +} + +.controlsWrapper { + &--empty { + display: flex; + overflow: hidden; + margin: 0 $euiSizeS 0 $euiSizeS; + + .addControlButton { + text-align: center; + } + + @include euiBreakpoint('m', 'l', 'xl') { + height: $euiSize * 4; + + .emptyStateText { + padding-left: $euiSize * 2; + } + } + @include euiBreakpoint('xs', 's') { + min-height: $euiSize * 4; + + .emptyStateText { + padding-left: 0; + text-align: center; + } + .controlsIllustration__container { + margin-bottom: 0 !important; + } + } + } +} diff --git a/src/plugins/controls/public/controls_callout/controls_callout.tsx b/src/plugins/controls/public/controls_callout/controls_callout.tsx index 096d47b470a9d..708b224187e1c 100644 --- a/src/plugins/controls/public/controls_callout/controls_callout.tsx +++ b/src/plugins/controls/public/controls_callout/controls_callout.tsx @@ -9,8 +9,8 @@ import { EuiFlexGroup, EuiFlexItem, EuiText, EuiButtonEmpty, EuiPanel } from '@elastic/eui'; import React from 'react'; import useLocalStorage from 'react-use/lib/useLocalStorage'; -import classNames from 'classnames'; +import './controls_callout.scss'; import { ControlGroupStrings } from '../control_group/control_group_strings'; import { ControlsIllustration } from './controls_illustration'; @@ -32,15 +32,10 @@ export const ControlsCallout = ({ getCreateControlButton }: CalloutProps) => { if (controlsCalloutDismissed) return null; return ( - + - + @@ -49,13 +44,15 @@ export const ControlsCallout = ({ getCreateControlButton }: CalloutProps) => {

{ControlGroupStrings.emptyState.getCallToAction()}

 - {getCreateControlButton ? ( - {getCreateControlButton()} - ) : null} - - {ControlGroupStrings.emptyState.getDismissButton()} - + + {getCreateControlButton && {getCreateControlButton()}} + + + {ControlGroupStrings.emptyState.getDismissButton()} + + + diff --git a/src/plugins/controls/public/controls_callout/controls_illustration.scss b/src/plugins/controls/public/controls_callout/controls_illustration.scss deleted file mode 100644 index 589a584add493..0000000000000 --- a/src/plugins/controls/public/controls_callout/controls_illustration.scss +++ /dev/null @@ -1,6 +0,0 @@ -@include euiBreakpoint('xs', 's') { - .controlsIllustration { - width: $euiSize * 6; - height: $euiSize * 6; - } -} diff --git a/src/plugins/controls/public/controls_callout/controls_illustration.tsx b/src/plugins/controls/public/controls_callout/controls_illustration.tsx index 4b285ffcf17a8..925dd90fc8700 100644 --- a/src/plugins/controls/public/controls_callout/controls_illustration.tsx +++ b/src/plugins/controls/public/controls_callout/controls_illustration.tsx @@ -6,7 +6,6 @@ * Side Public License, v 1. */ -import './controls_illustration.scss'; import React from 'react'; export const ControlsIllustration = () => ( diff --git a/src/plugins/custom_integrations/kibana.json b/src/plugins/custom_integrations/kibana.json index cd58c1aec1ecb..7c11f47f4d82a 100755 --- a/src/plugins/custom_integrations/kibana.json +++ b/src/plugins/custom_integrations/kibana.json @@ -9,11 +9,8 @@ "description": "Add custom data integrations so they can be displayed in the Fleet integrations app", "ui": true, "server": true, - "extraPublicDirs": [ - "common" - ], - "requiredPlugins": [ - "presentationUtil" - ], + "extraPublicDirs": ["common"], + "requiredPlugins": [], + "requiredBundles": ["presentationUtil"], "optionalPlugins": [] } diff --git a/src/plugins/custom_integrations/public/types.ts b/src/plugins/custom_integrations/public/types.ts index 946115329e2b5..d4123cd2f1e13 100755 --- a/src/plugins/custom_integrations/public/types.ts +++ b/src/plugins/custom_integrations/public/types.ts @@ -6,8 +6,6 @@ * Side Public License, v 1. */ -import type { PresentationUtilPluginStart } from '../../presentation_util/public'; - import { CustomIntegration } from '../common'; export interface CustomIntegrationsSetup { @@ -19,6 +17,5 @@ export interface CustomIntegrationsStart { ContextProvider: React.FC; } -export interface CustomIntegrationsStartDependencies { - presentationUtil: PresentationUtilPluginStart; -} +// eslint-disable-next-line @typescript-eslint/no-empty-interface +export interface CustomIntegrationsStartDependencies {} diff --git a/src/plugins/dashboard/public/application/lib/dashboard_control_group.ts b/src/plugins/dashboard/public/application/lib/dashboard_control_group.ts index ba60af8d02aea..ef8e2785b8a45 100644 --- a/src/plugins/dashboard/public/application/lib/dashboard_control_group.ts +++ b/src/plugins/dashboard/public/application/lib/dashboard_control_group.ts @@ -9,7 +9,7 @@ import { Subscription } from 'rxjs'; import deepEqual from 'fast-deep-equal'; import { compareFilters, COMPARE_ALL_OPTIONS, type Filter } from '@kbn/es-query'; -import { distinctUntilChanged, distinctUntilKeyChanged } from 'rxjs/operators'; +import { debounceTime, distinctUntilChanged, distinctUntilKeyChanged } from 'rxjs/operators'; import { pick } from 'lodash'; import { DashboardContainer, DashboardContainerControlGroupInput } from '..'; @@ -118,7 +118,7 @@ export const syncDashboardControlGroup = async ({ subscriptions.add( dashboardContainer .getInput$() - .pipe(distinctUntilKeyChanged('controlGroupInput')) + .pipe(debounceTime(10), distinctUntilKeyChanged('controlGroupInput')) .subscribe(() => { if (!isControlGroupInputEqual()) { if (!dashboardContainer.getInput().controlGroupInput) { diff --git a/src/plugins/data/kibana.json b/src/plugins/data/kibana.json index 3d70d138d80ed..e3369c2d571a6 100644 --- a/src/plugins/data/kibana.json +++ b/src/plugins/data/kibana.json @@ -5,7 +5,7 @@ "ui": true, "requiredPlugins": ["bfetch", "expressions", "uiActions", "share", "inspector", "fieldFormats", "dataViews"], "serviceFolders": ["search", "query", "autocomplete", "ui"], - "optionalPlugins": ["usageCollection"], + "optionalPlugins": ["usageCollection", "taskManager", "security"], "extraPublicDirs": ["common"], "requiredBundles": ["kibanaUtils", "kibanaReact", "inspector"], "owner": { diff --git a/src/plugins/data/public/query/timefilter/timefilter.test.ts b/src/plugins/data/public/query/timefilter/timefilter.test.ts index e3fc3ac582d80..c7cd5318730af 100644 --- a/src/plugins/data/public/query/timefilter/timefilter.test.ts +++ b/src/plugins/data/public/query/timefilter/timefilter.test.ts @@ -137,6 +137,17 @@ describe('setRefreshInterval', () => { autoRefreshSub.unsubscribe(); }); + test('isRefreshIntervalTouched is initially set to false', () => { + expect(timefilter.isRefreshIntervalTouched()).toBe(false); + }); + + test('should register changes to the initial interval', () => { + timefilter.setRefreshInterval(timefilterConfig.refreshIntervalDefaults); + expect(timefilter.isRefreshIntervalTouched()).toBe(false); + timefilter.setRefreshInterval({ pause: false, value: 1000 }); + expect(timefilter.isRefreshIntervalTouched()).toBe(true); + }); + test('should update refresh interval', () => { timefilter.setRefreshInterval({ pause: true, value: 10 }); expect(timefilter.getRefreshInterval()).toEqual({ pause: true, value: 10 }); diff --git a/src/plugins/data/public/query/timefilter/timefilter.ts b/src/plugins/data/public/query/timefilter/timefilter.ts index d289a90149fdd..b81a95618b815 100644 --- a/src/plugins/data/public/query/timefilter/timefilter.ts +++ b/src/plugins/data/public/query/timefilter/timefilter.ts @@ -41,6 +41,8 @@ export class Timefilter { // Denotes whether setTime has been called, can be used to determine if the constructor defaults are being used. private _isTimeTouched: boolean = false; private _refreshInterval!: RefreshInterval; + // Denotes whether the refresh interval defaults were overriden. + private _isRefreshIntervalTouched: boolean = false; private _history: TimeHistoryContract; private _isTimeRangeSelectorEnabled: boolean = false; @@ -76,6 +78,10 @@ export class Timefilter { return this._isTimeTouched; } + public isRefreshIntervalTouched() { + return this._isRefreshIntervalTouched; + } + public getEnabledUpdated$ = () => { return this.enabledUpdated$.asObservable(); }; @@ -156,12 +162,18 @@ export class Timefilter { if (prevRefreshInterval?.value > 0 && newRefreshInterval.value <= 0) { shouldUnpauseRefreshLoop = false; } + + this._isRefreshIntervalTouched = + this._isRefreshIntervalTouched || + areRefreshIntervalsDifferent(this.refreshIntervalDefaults, newRefreshInterval); + // If the refresh interval is <= 0 handle that as a paused refresh // unless the user has un-paused the refresh loop and the value is not going from > 0 to 0 if (newRefreshInterval.value <= 0) { newRefreshInterval.value = 0; newRefreshInterval.pause = shouldUnpauseRefreshLoop ? false : true; } + this._refreshInterval = { value: newRefreshInterval.value, pause: newRefreshInterval.pause, diff --git a/src/plugins/data/public/query/timefilter/timefilter_service.mock.ts b/src/plugins/data/public/query/timefilter/timefilter_service.mock.ts index 53d9aeeec9afe..ec5caae031498 100644 --- a/src/plugins/data/public/query/timefilter/timefilter_service.mock.ts +++ b/src/plugins/data/public/query/timefilter/timefilter_service.mock.ts @@ -18,6 +18,7 @@ const createSetupContractMock = () => { isAutoRefreshSelectorEnabled: jest.fn(), isTimeRangeSelectorEnabled: jest.fn(), isTimeTouched: jest.fn(), + isRefreshIntervalTouched: jest.fn(), getEnabledUpdated$: jest.fn(), getTimeUpdate$: jest.fn(), getRefreshIntervalUpdate$: jest.fn(), diff --git a/src/plugins/data_view_management/public/components/index_pattern_table/index_pattern_table.tsx b/src/plugins/data_view_management/public/components/index_pattern_table/index_pattern_table.tsx index a07be274f34ba..2de06c20c4040 100644 --- a/src/plugins/data_view_management/public/components/index_pattern_table/index_pattern_table.tsx +++ b/src/plugins/data_view_management/public/components/index_pattern_table/index_pattern_table.tsx @@ -70,6 +70,7 @@ export const IndexPatternTable = ({ setBreadcrumbs, uiSettings, indexPatternManagementStart, + application, chrome, dataViews, IndexPatternEditor, @@ -231,6 +232,7 @@ export const IndexPatternTable = ({ return spaces ? ( = ({ spacesApi, spaceIds, id, title, refresh }) => { +export const SpacesList: FC = ({ + spacesApi, + capabilities, + spaceIds, + id, + title, + refresh, +}) => { const [showFlyout, setShowFlyout] = useState(false); function onClose() { @@ -49,13 +58,17 @@ export const SpacesList: FC = ({ spacesApi, spaceIds, id, title, refresh onClose, }; + const canAssignSpaces = !capabilities || !!capabilities.savedObjectsManagement.shareIntoSpace; + const clickProperties = canAssignSpaces + ? { cursorStyle: 'pointer', listOnClick: () => setShowFlyout(true) } + : { cursorStyle: 'not-allowed' }; return ( <> setShowFlyout(true)} + {...clickProperties} /> {showFlyout && } diff --git a/src/plugins/data_view_management/public/management_app/mount_management_section.tsx b/src/plugins/data_view_management/public/management_app/mount_management_section.tsx index 1b5ae606bb19b..0b5275f2e2fae 100644 --- a/src/plugins/data_view_management/public/management_app/mount_management_section.tsx +++ b/src/plugins/data_view_management/public/management_app/mount_management_section.tsx @@ -39,7 +39,7 @@ export async function mountManagementSection( params: ManagementAppMountParams ) { const [ - { chrome, uiSettings, notifications, overlays, http, docLinks, theme }, + { application, chrome, uiSettings, notifications, overlays, http, docLinks, theme }, { data, dataViewFieldEditor, dataViewEditor, dataViews, fieldFormats, spaces }, indexPatternManagementStart, ] = await getStartServices(); @@ -50,6 +50,7 @@ export async function mountManagementSection( } const deps: IndexPatternManagmentContext = { + application, chrome, uiSettings, notifications, diff --git a/src/plugins/data_view_management/public/mocks.ts b/src/plugins/data_view_management/public/mocks.ts index 54c1900d37f4c..e19d7bb299120 100644 --- a/src/plugins/data_view_management/public/mocks.ts +++ b/src/plugins/data_view_management/public/mocks.ts @@ -55,13 +55,14 @@ const docLinks = { const createIndexPatternManagmentContext = (): { [key in keyof IndexPatternManagmentContext]: any; } => { - const { chrome, uiSettings, notifications, overlays } = coreMock.createStart(); + const { application, chrome, uiSettings, notifications, overlays } = coreMock.createStart(); const { http } = coreMock.createSetup(); const data = dataPluginMock.createStartContract(); const dataViewFieldEditor = indexPatternFieldEditorPluginMock.createStartContract(); const dataViews = dataViewPluginMocks.createStartContract(); return { + application, chrome, uiSettings, notifications, diff --git a/src/plugins/data_view_management/public/types.ts b/src/plugins/data_view_management/public/types.ts index 257d07cd478db..0cea57c1bcd72 100644 --- a/src/plugins/data_view_management/public/types.ts +++ b/src/plugins/data_view_management/public/types.ts @@ -13,6 +13,7 @@ import { NotificationsStart, DocLinksStart, HttpSetup, + ApplicationStart, } from 'src/core/public'; import { DataPublicPluginStart } from 'src/plugins/data/public'; import { ManagementAppMountParams } from '../../management/public'; @@ -25,6 +26,7 @@ import { FieldFormatsStart } from '../../field_formats/public'; import { SpacesPluginStart } from '../../../../x-pack/plugins/spaces/public'; export interface IndexPatternManagmentContext { + application: ApplicationStart; chrome: ChromeStart; uiSettings: IUiSettingsClient; notifications: NotificationsStart; diff --git a/src/plugins/discover/public/application/main/components/no_results/no_results.test.tsx b/src/plugins/discover/public/application/main/components/no_results/no_results.test.tsx index 4dc1a5feda5dc..cbfd6e05cb646 100644 --- a/src/plugins/discover/public/application/main/components/no_results/no_results.test.tsx +++ b/src/plugins/discover/public/application/main/components/no_results/no_results.test.tsx @@ -34,10 +34,11 @@ function mountAndFindSubjects(props: Omit { Object { "adjustFilters": false, "adjustSearch": false, + "adjustTimeRange": false, + "checkIndices": true, "disableFiltersButton": false, "errorMsg": false, "mainMsg": true, - "timeFieldMsg": false, } `); }); @@ -68,10 +70,11 @@ describe('DiscoverNoResults', () => { Object { "adjustFilters": false, "adjustSearch": false, + "adjustTimeRange": true, + "checkIndices": false, "disableFiltersButton": false, "errorMsg": false, "mainMsg": true, - "timeFieldMsg": true, } `); }); @@ -101,10 +104,11 @@ describe('DiscoverNoResults', () => { Object { "adjustFilters": false, "adjustSearch": false, + "adjustTimeRange": false, + "checkIndices": false, "disableFiltersButton": false, "errorMsg": true, "mainMsg": false, - "timeFieldMsg": false, } `); }); diff --git a/src/plugins/discover/public/application/main/components/no_results/no_results.tsx b/src/plugins/discover/public/application/main/components/no_results/no_results.tsx index aaaad49b1f611..223938dedf303 100644 --- a/src/plugins/discover/public/application/main/components/no_results/no_results.tsx +++ b/src/plugins/discover/public/application/main/components/no_results/no_results.tsx @@ -17,7 +17,7 @@ import { EuiTitle, } from '@elastic/eui'; import { DataPublicPluginStart } from '../../../../../../data/public'; -import { AdjustSearch, getTimeFieldMessage } from './no_results_helper'; +import { NoResultsSuggestions } from './no_results_suggestions'; import './_no_results.scss'; import { NoResultsIllustration } from './assets/no_results_illustration'; @@ -54,14 +54,12 @@ export function DiscoverNoResults({ - {isTimeBased && getTimeFieldMessage()} - {(hasFilters || hasQuery) && ( - - )} + diff --git a/src/plugins/discover/public/application/main/components/no_results/no_results_helper.tsx b/src/plugins/discover/public/application/main/components/no_results/no_results_helper.tsx deleted file mode 100644 index b5a52d40e1939..0000000000000 --- a/src/plugins/discover/public/application/main/components/no_results/no_results_helper.tsx +++ /dev/null @@ -1,102 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0 and the Server Side Public License, v 1; you may not use this file except - * in compliance with, at your election, the Elastic License 2.0 or the Server - * Side Public License, v 1. - */ - -import React, { Fragment } from 'react'; -import { FormattedMessage } from '@kbn/i18n-react'; -import { - EuiDescriptionList, - EuiDescriptionListTitle, - EuiLink, - EuiDescriptionListDescription, - EuiSpacer, -} from '@elastic/eui'; - -export function getTimeFieldMessage() { - return ( - - - - - - - - - - - ); -} - -interface AdjustSearchProps { - onDisableFilters: () => void; - hasFilters?: boolean; - hasQuery?: boolean; -} - -export function AdjustSearch({ hasFilters, hasQuery, onDisableFilters }: AdjustSearchProps) { - return ( - - {hasQuery && ( - <> - - - - - - - - - - - )} - {hasFilters && ( - <> - - - - - - - - - - ), - }} - /> - - - - )} - - ); -} diff --git a/src/plugins/discover/public/application/main/components/no_results/no_results_suggestions/index.ts b/src/plugins/discover/public/application/main/components/no_results/no_results_suggestions/index.ts new file mode 100644 index 0000000000000..89b11a4f9d66e --- /dev/null +++ b/src/plugins/discover/public/application/main/components/no_results/no_results_suggestions/index.ts @@ -0,0 +1,9 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +export { NoResultsSuggestions } from './no_results_suggestions'; diff --git a/src/plugins/discover/public/application/main/components/no_results/no_results_suggestions/no_results_suggestion_default.tsx b/src/plugins/discover/public/application/main/components/no_results/no_results_suggestions/no_results_suggestion_default.tsx new file mode 100644 index 0000000000000..b232b4138ea69 --- /dev/null +++ b/src/plugins/discover/public/application/main/components/no_results/no_results_suggestions/no_results_suggestion_default.tsx @@ -0,0 +1,24 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +import React from 'react'; +import { FormattedMessage } from '@kbn/i18n-react'; +import { EuiDescriptionList, EuiDescriptionListDescription } from '@elastic/eui'; + +export function NoResultsSuggestionDefault() { + return ( + + + + + + ); +} diff --git a/src/plugins/discover/public/application/main/components/no_results/no_results_suggestions/no_results_suggestion_when_filters.tsx b/src/plugins/discover/public/application/main/components/no_results/no_results_suggestions/no_results_suggestion_when_filters.tsx new file mode 100644 index 0000000000000..b153f6046b104 --- /dev/null +++ b/src/plugins/discover/public/application/main/components/no_results/no_results_suggestions/no_results_suggestion_when_filters.tsx @@ -0,0 +1,51 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +import React from 'react'; +import { FormattedMessage } from '@kbn/i18n-react'; +import { + EuiDescriptionList, + EuiDescriptionListTitle, + EuiLink, + EuiDescriptionListDescription, +} from '@elastic/eui'; + +export interface NoResultsSuggestionWhenFiltersProps { + onDisableFilters: () => void; +} + +export function NoResultsSuggestionWhenFilters({ + onDisableFilters, +}: NoResultsSuggestionWhenFiltersProps) { + return ( + + + + + + + + + ), + }} + /> + + + ); +} diff --git a/src/plugins/discover/public/application/main/components/no_results/no_results_suggestions/no_results_suggestion_when_query.tsx b/src/plugins/discover/public/application/main/components/no_results/no_results_suggestions/no_results_suggestion_when_query.tsx new file mode 100644 index 0000000000000..166b2a7f742cd --- /dev/null +++ b/src/plugins/discover/public/application/main/components/no_results/no_results_suggestions/no_results_suggestion_when_query.tsx @@ -0,0 +1,31 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +import React from 'react'; +import { FormattedMessage } from '@kbn/i18n-react'; +import { + EuiDescriptionList, + EuiDescriptionListTitle, + EuiDescriptionListDescription, +} from '@elastic/eui'; + +export function NoResultsSuggestionWhenQuery() { + return ( + + + + + + + + + ); +} diff --git a/src/plugins/discover/public/application/main/components/no_results/no_results_suggestions/no_results_suggestion_when_time_range.tsx b/src/plugins/discover/public/application/main/components/no_results/no_results_suggestions/no_results_suggestion_when_time_range.tsx new file mode 100644 index 0000000000000..434d6025b950e --- /dev/null +++ b/src/plugins/discover/public/application/main/components/no_results/no_results_suggestions/no_results_suggestion_when_time_range.tsx @@ -0,0 +1,34 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +import React from 'react'; +import { FormattedMessage } from '@kbn/i18n-react'; +import { + EuiDescriptionList, + EuiDescriptionListTitle, + EuiDescriptionListDescription, +} from '@elastic/eui'; + +export function NoResultsSuggestionWhenTimeRange() { + return ( + + + + + + + + + ); +} diff --git a/src/plugins/discover/public/application/main/components/no_results/no_results_suggestions/no_results_suggestions.tsx b/src/plugins/discover/public/application/main/components/no_results/no_results_suggestions/no_results_suggestions.tsx new file mode 100644 index 0000000000000..595ca61225ebb --- /dev/null +++ b/src/plugins/discover/public/application/main/components/no_results/no_results_suggestions/no_results_suggestions.tsx @@ -0,0 +1,55 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +import React from 'react'; +import { EuiSpacer } from '@elastic/eui'; +import { NoResultsSuggestionDefault } from './no_results_suggestion_default'; +import { + NoResultsSuggestionWhenFilters, + NoResultsSuggestionWhenFiltersProps, +} from './no_results_suggestion_when_filters'; +import { NoResultsSuggestionWhenQuery } from './no_results_suggestion_when_query'; +import { NoResultsSuggestionWhenTimeRange } from './no_results_suggestion_when_time_range'; + +interface NoResultsSuggestionProps { + hasFilters?: boolean; + hasQuery?: boolean; + isTimeBased?: boolean; + onDisableFilters: NoResultsSuggestionWhenFiltersProps['onDisableFilters']; +} + +export function NoResultsSuggestions({ + isTimeBased, + hasFilters, + hasQuery, + onDisableFilters, +}: NoResultsSuggestionProps) { + const canAdjustSearchCriteria = isTimeBased || hasFilters || hasQuery; + + if (canAdjustSearchCriteria) { + return ( + <> + {isTimeBased && } + {hasQuery && ( + <> + + + + )} + {hasFilters && ( + <> + + + + )} + + ); + } + + return ; +} diff --git a/src/plugins/embeddable/public/lib/containers/container.ts b/src/plugins/embeddable/public/lib/containers/container.ts index 39549cb4623c5..88ff7f196f984 100644 --- a/src/plugins/embeddable/public/lib/containers/container.ts +++ b/src/plugins/embeddable/public/lib/containers/container.ts @@ -135,9 +135,19 @@ export abstract class Container< public removeEmbeddable(embeddableId: string) { // Just a shortcut for removing the panel from input state, all internal state will get cleaned up naturally // by the listener. + const panels = this.onRemoveEmbeddable(embeddableId); + this.updateInput({ panels } as Partial); + } + + /** + * Control the panels that are pushed to the input stream when an embeddable is + * removed. This can be used if removing one embeddable has knock-on effects, like + * re-ordering embeddables that come after it. + */ + protected onRemoveEmbeddable(embeddableId: string): ContainerInput['panels'] { const panels = { ...this.input.panels }; delete panels[embeddableId]; - this.updateInput({ panels } as Partial); + return panels; } public getChildIds(): string[] { diff --git a/src/plugins/home/tsconfig.json b/src/plugins/home/tsconfig.json index 17d0fc7bd91ac..613bb8c08d448 100644 --- a/src/plugins/home/tsconfig.json +++ b/src/plugins/home/tsconfig.json @@ -10,7 +10,7 @@ "include": ["common/**/*", "public/**/*", "server/**/*", "config.ts"], "references": [ { "path": "../../core/tsconfig.json" }, - { "path": "../data/tsconfig.json" }, + { "path": "../data_views/tsconfig.json" }, { "path": "../custom_integrations/tsconfig.json" }, { "path": "../kibana_react/tsconfig.json" }, { "path": "../share/tsconfig.json" }, diff --git a/src/plugins/presentation_util/public/components/solution_toolbar/solution_toolbar.tsx b/src/plugins/presentation_util/public/components/solution_toolbar/solution_toolbar.tsx index 141a5c16d7d95..219c582f26a3a 100644 --- a/src/plugins/presentation_util/public/components/solution_toolbar/solution_toolbar.tsx +++ b/src/plugins/presentation_util/public/components/solution_toolbar/solution_toolbar.tsx @@ -53,7 +53,7 @@ export const SolutionToolbar = ({ isDarkModeEnabled, children }: Props) => { > {primaryActionButton} - + {quickButtonGroup ? {quickButtonGroup} : null} {extra} diff --git a/src/plugins/saved_objects_management/public/services/columns/share_saved_objects_to_space_column.tsx b/src/plugins/saved_objects_management/public/services/columns/share_saved_objects_to_space_column.tsx index 3ce8b82f98acf..ed99aeccf00ce 100644 --- a/src/plugins/saved_objects_management/public/services/columns/share_saved_objects_to_space_column.tsx +++ b/src/plugins/saved_objects_management/public/services/columns/share_saved_objects_to_space_column.tsx @@ -10,7 +10,7 @@ import React, { useMemo, useState } from 'react'; import { i18n } from '@kbn/i18n'; -import type { SavedObjectsNamespaceType } from 'src/core/public'; +import type { Capabilities, SavedObjectsNamespaceType } from 'src/core/public'; import { EuiIconTip, EuiToolTip } from '@elastic/eui'; import type { @@ -26,6 +26,7 @@ interface WrapperProps { objectType: string; objectNamespaceType: SavedObjectsNamespaceType; spacesApiUi: SpacesApiUi; + capabilities: Capabilities | undefined; spaceListProps: SpaceListProps; flyoutProps: ShareToSpaceFlyoutProps; } @@ -71,6 +72,7 @@ const Wrapper = ({ objectType, objectNamespaceType, spacesApiUi, + capabilities, spaceListProps, flyoutProps, }: WrapperProps) => { @@ -114,9 +116,13 @@ const Wrapper = ({ ); } + const canAssignSpaces = !capabilities || !!capabilities.savedObjectsManagement.shareIntoSpace; + const clickProperties = canAssignSpaces + ? { cursorStyle: 'pointer', listOnClick } + : { cursorStyle: 'not-allowed' }; return ( <> - + {showFlyout && } ); @@ -155,6 +161,7 @@ export class ShareToSpaceSavedObjectsManagementColumn extends SavedObjectsManage objectType={record.type} objectNamespaceType={record.meta.namespaceType} spacesApiUi={this.spacesApiUi} + capabilities={this.columnContext?.capabilities} spaceListProps={spaceListProps} flyoutProps={flyoutProps} /> diff --git a/src/plugins/vis_default_editor/public/components/__snapshots__/agg_group.test.tsx.snap b/src/plugins/vis_default_editor/public/components/__snapshots__/agg_group.test.tsx.snap index c9c7b91e8fc13..d2645f9dd54db 100644 --- a/src/plugins/vis_default_editor/public/components/__snapshots__/agg_group.test.tsx.snap +++ b/src/plugins/vis_default_editor/public/components/__snapshots__/agg_group.test.tsx.snap @@ -19,6 +19,7 @@ exports[`DefaultEditorAgg component should init with the default set of props 1` size="s" /> )} - + <> {group.map((agg: IAggConfig, index: number) => ( = (vis, params) centralMajorMode, ...(centralMajorMode === 'custom' ? { labelMinor: style.subText } : {}), percentageMode, + respectRanges: true, commonLabel: schemas.metric?.[0]?.label, }); diff --git a/test/functional/apps/dashboard_elements/controls/range_slider.ts b/test/functional/apps/dashboard_elements/controls/range_slider.ts index b2132e1919bd6..5f9183140f999 100644 --- a/test/functional/apps/dashboard_elements/controls/range_slider.ts +++ b/test/functional/apps/dashboard_elements/controls/range_slider.ts @@ -66,7 +66,11 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { describe('create and edit', async () => { it('can create a new range slider control from a blank state', async () => { - await dashboardControls.createRangeSliderControl({ fieldName: 'bytes', width: 'small' }); + await dashboardControls.createRangeSliderControl({ + dataViewTitle: 'logstash-*', + fieldName: 'bytes', + width: 'small', + }); expect(await dashboardControls.getControlsCount()).to.be(1); }); @@ -184,7 +188,11 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { }); it('disables inputs when no data available', async () => { - await dashboardControls.createRangeSliderControl({ fieldName: 'bytes', width: 'small' }); + await dashboardControls.createRangeSliderControl({ + dataViewTitle: 'logstash-*', + fieldName: 'bytes', + width: 'small', + }); const secondId = (await dashboardControls.getAllControlIds())[1]; expect( await dashboardControls.rangeSliderGetLowerBoundAttribute(secondId, 'disabled') diff --git a/x-pack/package.json b/x-pack/package.json index ccfad71a4f7b3..182ee65c1d12e 100644 --- a/x-pack/package.json +++ b/x-pack/package.json @@ -1,6 +1,6 @@ { "name": "x-pack", - "version": "8.2.0", + "version": "8.3.0", "author": "Elastic", "private": true, "license": "Elastic-License", diff --git a/x-pack/plugins/cases/common/api/cases/case.ts b/x-pack/plugins/cases/common/api/cases/case.ts index 1bc14fa8d3ab9..251c02d931fcd 100644 --- a/x-pack/plugins/cases/common/api/cases/case.ts +++ b/x-pack/plugins/cases/common/api/cases/case.ts @@ -154,6 +154,10 @@ export const CasesFindRequestRt = rt.partial({ * The fields in the entity to return in the response */ fields: rt.union([rt.array(rt.string), rt.string]), + /** + * A KQL date. If used all cases created after (gte) the from date will be returned + */ + from: rt.string, /** * The page of objects to return */ @@ -180,11 +184,17 @@ export const CasesFindRequestRt = rt.partial({ * The order to sort by */ sortOrder: rt.union([rt.literal('desc'), rt.literal('asc')]), + + /** + * A KQL date. If used all cases created before (lte) the to date will be returned. + */ + to: rt.string, /** * The owner(s) to filter by. The user making the request must have privileges to retrieve cases of that * ownership or they will be ignored. If no owner is included, then all ownership types will be included in the response * that the user has access to. */ + owner: rt.union([rt.array(rt.string), rt.string]), }); diff --git a/x-pack/plugins/cases/common/api/cases/status.ts b/x-pack/plugins/cases/common/api/cases/status.ts index d37e68007a21d..fa3b584f07286 100644 --- a/x-pack/plugins/cases/common/api/cases/status.ts +++ b/x-pack/plugins/cases/common/api/cases/status.ts @@ -28,6 +28,14 @@ export const CasesStatusResponseRt = rt.type({ }); export const CasesStatusRequestRt = rt.partial({ + /** + * A KQL date. If used all cases created after (gte) the from date will be returned + */ + from: rt.string, + /** + * A KQL date. If used all cases created before (lte) the to date will be returned. + */ + to: rt.string, /** * The owner of the cases to retrieve the status stats from. If no owner is provided the stats for all cases * that the user has access to will be returned. diff --git a/x-pack/plugins/cases/common/constants.ts b/x-pack/plugins/cases/common/constants.ts index 122234d473d13..a1ac829b33cce 100644 --- a/x-pack/plugins/cases/common/constants.ts +++ b/x-pack/plugins/cases/common/constants.ts @@ -51,6 +51,7 @@ export const SAVED_OBJECT_TYPES = [ */ export const CASES_URL = '/api/cases' as const; +export const CASE_FIND_URL = `${CASES_URL}/_find` as const; export const CASE_DETAILS_URL = `${CASES_URL}/{case_id}` as const; export const CASE_CONFIGURE_URL = `${CASES_URL}/configure` as const; export const CASE_CONFIGURE_DETAILS_URL = `${CASES_URL}/configure/{configuration_id}` as const; diff --git a/x-pack/plugins/cases/public/client/api/index.test.ts b/x-pack/plugins/cases/public/client/api/index.test.ts index 6e52649d1e680..9dd5245c03dd4 100644 --- a/x-pack/plugins/cases/public/client/api/index.test.ts +++ b/x-pack/plugins/cases/public/client/api/index.test.ts @@ -7,16 +7,16 @@ import { httpServiceMock } from '../../../../../../src/core/public/mocks'; import { createClientAPI } from '.'; +import { allCases, casesStatus } from '../../containers/mock'; describe('createClientAPI', () => { - const http = httpServiceMock.createStartContract({ basePath: '' }); - const api = createClientAPI({ http }); - beforeEach(() => { jest.clearAllMocks(); }); describe('getRelatedCases', () => { + const http = httpServiceMock.createStartContract({ basePath: '' }); + const api = createClientAPI({ http }); const res = [ { id: 'test-id', @@ -43,4 +43,40 @@ describe('createClientAPI', () => { }); }); }); + + describe('cases', () => { + describe('find', () => { + const http = httpServiceMock.createStartContract({ basePath: '' }); + const api = createClientAPI({ http }); + http.get.mockResolvedValue(allCases); + + it('should return the correct response', async () => { + expect(await api.cases.find({ from: 'now-1d' })).toEqual(allCases); + }); + + it('should have been called with the correct path', async () => { + await api.cases.find({ perPage: 10 }); + expect(http.get).toHaveBeenCalledWith('/api/cases/_find', { + query: { perPage: 10 }, + }); + }); + }); + + describe('getAllCasesMetrics', () => { + const http = httpServiceMock.createStartContract({ basePath: '' }); + const api = createClientAPI({ http }); + http.get.mockResolvedValue(casesStatus); + + it('should return the correct response', async () => { + expect(await api.cases.getAllCasesMetrics({ from: 'now-1d' })).toEqual(casesStatus); + }); + + it('should have been called with the correct path', async () => { + await api.cases.getAllCasesMetrics({ from: 'now-1d' }); + expect(http.get).toHaveBeenCalledWith('/api/cases/status', { + query: { from: 'now-1d' }, + }); + }); + }); + }); }); diff --git a/x-pack/plugins/cases/public/client/api/index.ts b/x-pack/plugins/cases/public/client/api/index.ts index 0f98812649276..b35fff84fdb09 100644 --- a/x-pack/plugins/cases/public/client/api/index.ts +++ b/x-pack/plugins/cases/public/client/api/index.ts @@ -6,7 +6,16 @@ */ import { HttpStart } from 'kibana/public'; -import { CasesByAlertId, CasesByAlertIDRequest, getCasesFromAlertsUrl } from '../../../common/api'; +import { + CasesByAlertId, + CasesByAlertIDRequest, + CasesFindRequest, + getCasesFromAlertsUrl, + CasesResponse, + CasesStatusRequest, + CasesStatusResponse, +} from '../../../common/api'; +import { CASE_FIND_URL, CASE_STATUS_URL } from '../../../common/constants'; import { CasesUiStart } from '../../types'; export const createClientAPI = ({ http }: { http: HttpStart }): CasesUiStart['api'] => { @@ -16,5 +25,11 @@ export const createClientAPI = ({ http }: { http: HttpStart }): CasesUiStart['ap query: CasesByAlertIDRequest ): Promise => http.get(getCasesFromAlertsUrl(alertId), { query }), + cases: { + find: (query: CasesFindRequest): Promise => + http.get(CASE_FIND_URL, { query }), + getAllCasesMetrics: (query: CasesStatusRequest): Promise => + http.get(CASE_STATUS_URL, { query }), + }, }; }; diff --git a/x-pack/plugins/cases/public/components/all_cases/all_cases_list.tsx b/x-pack/plugins/cases/public/components/all_cases/all_cases_list.tsx index eae099404d318..ffcb7a1abe416 100644 --- a/x-pack/plugins/cases/public/components/all_cases/all_cases_list.tsx +++ b/x-pack/plugins/cases/public/components/all_cases/all_cases_list.tsx @@ -260,6 +260,8 @@ export const AllCasesList = React.memo( }} setFilterRefetch={setFilterRefetch} hiddenStatuses={hiddenStatuses} + displayCreateCaseButton={isSelectorView} + onCreateCasePressed={onRowClick} /> { expect(onFilterChanged).toBeCalledWith({ owner: [SECURITY_SOLUTION_OWNER] }); }); + + describe('create case button', () => { + it('should not render the create case button when displayCreateCaseButton and onCreateCasePressed are not passed', () => { + const wrapper = mount( + + + + ); + expect(wrapper.find(`[data-test-subj="cases-table-add-case-filter-bar"]`).length).toBe(0); + }); + + it('should render the create case button when displayCreateCaseButton and onCreateCasePressed are passed', () => { + const onCreateCasePressed = jest.fn(); + const wrapper = mount( + + + + ); + expect(wrapper.find(`[data-test-subj="cases-table-add-case-filter-bar"]`)).toBeTruthy(); + }); + + it('should call the onCreateCasePressed when create case is clicked', () => { + const onCreateCasePressed = jest.fn(); + const wrapper = mount( + + + + ); + wrapper.find(`[data-test-subj="cases-table-add-case-filter-bar"]`).first().simulate('click'); + wrapper.update(); + // NOTE: intentionally checking no arguments are passed + expect(onCreateCasePressed).toHaveBeenCalledWith(); + }); + }); }); diff --git a/x-pack/plugins/cases/public/components/all_cases/table_filters.tsx b/x-pack/plugins/cases/public/components/all_cases/table_filters.tsx index f75cebf88933c..faee469d1c4bc 100644 --- a/x-pack/plugins/cases/public/components/all_cases/table_filters.tsx +++ b/x-pack/plugins/cases/public/components/all_cases/table_filters.tsx @@ -8,7 +8,7 @@ import React, { useCallback, useEffect, useState, useMemo } from 'react'; import { isEqual } from 'lodash/fp'; import styled from 'styled-components'; -import { EuiFlexGroup, EuiFlexItem, EuiFieldSearch, EuiFilterGroup } from '@elastic/eui'; +import { EuiFlexGroup, EuiFlexItem, EuiFieldSearch, EuiFilterGroup, EuiButton } from '@elastic/eui'; import { StatusAll, CaseStatusWithAllStatus } from '../../../common/ui/types'; import { CaseStatuses } from '../../../common/api'; @@ -17,8 +17,8 @@ import { useGetTags } from '../../containers/use_get_tags'; import { useGetReporters } from '../../containers/use_get_reporters'; import { FilterPopover } from '../filter_popover'; import { StatusFilter } from './status_filter'; - import * as i18n from './translations'; + interface CasesTableFiltersProps { countClosedCases: number | null; countInProgressCases: number | null; @@ -28,6 +28,8 @@ interface CasesTableFiltersProps { setFilterRefetch: (val: () => void) => void; hiddenStatuses?: CaseStatusWithAllStatus[]; availableSolutions: string[]; + displayCreateCaseButton?: boolean; + onCreateCasePressed?: () => void; } // Fix the width of the status dropdown to prevent hiding long text items @@ -61,6 +63,8 @@ const CasesTableFiltersComponent = ({ setFilterRefetch, hiddenStatuses, availableSolutions, + displayCreateCaseButton, + onCreateCasePressed, }: CasesTableFiltersProps) => { const [selectedReporters, setSelectedReporters] = useState( initial.reporters.map((r) => r.full_name ?? r.username ?? '') @@ -157,6 +161,12 @@ const CasesTableFiltersComponent = ({ [countClosedCases, countInProgressCases, countOpenCases] ); + const handleOnCreateCasePressed = useCallback(() => { + if (onCreateCasePressed) { + onCreateCasePressed(); + } + }, [onCreateCasePressed]); + return ( @@ -207,6 +217,18 @@ const CasesTableFiltersComponent = ({ )} + {displayCreateCaseButton && onCreateCasePressed ? ( + + + {i18n.CREATE_CASE_TITLE} + + + ) : null} ); }; diff --git a/x-pack/plugins/cases/public/mocks.ts b/x-pack/plugins/cases/public/mocks.ts index fd34e9ae4940b..f8c0eaaaef7de 100644 --- a/x-pack/plugins/cases/public/mocks.ts +++ b/x-pack/plugins/cases/public/mocks.ts @@ -10,6 +10,7 @@ import { CasesUiStart } from './types'; const apiMock: jest.Mocked = { getRelatedCases: jest.fn(), + cases: { find: jest.fn(), getAllCasesMetrics: jest.fn() }, }; const uiMock: jest.Mocked = { diff --git a/x-pack/plugins/cases/public/types.ts b/x-pack/plugins/cases/public/types.ts index 6013a27830931..63c767f412456 100644 --- a/x-pack/plugins/cases/public/types.ts +++ b/x-pack/plugins/cases/public/types.ts @@ -23,6 +23,10 @@ import type { TriggersAndActionsUIPublicPluginStart as TriggersActionsStart } fr import { CasesByAlertId, CasesByAlertIDRequest, + CasesFindRequest, + CasesResponse, + CasesStatusRequest, + CasesStatusResponse, CommentRequestAlertType, CommentRequestUserType, } from '../common/api'; @@ -74,6 +78,10 @@ export interface RenderAppProps { export interface CasesUiStart { api: { getRelatedCases: (alertId: string, query: CasesByAlertIDRequest) => Promise; + cases: { + find: (query: CasesFindRequest) => Promise; + getAllCasesMetrics: (query: CasesStatusRequest) => Promise; + }; }; ui: { /** diff --git a/x-pack/plugins/cases/server/client/attachments/add.ts b/x-pack/plugins/cases/server/client/attachments/add.ts index c0999b25ebf7d..b503c79e3f362 100644 --- a/x-pack/plugins/cases/server/client/attachments/add.ts +++ b/x-pack/plugins/cases/server/client/attachments/add.ts @@ -10,62 +10,17 @@ import { pipe } from 'fp-ts/lib/pipeable'; import { fold } from 'fp-ts/lib/Either'; import { identity } from 'fp-ts/lib/function'; -import { - SavedObjectsClientContract, - Logger, - SavedObjectsUtils, -} from '../../../../../../src/core/server'; -import { LensServerPluginSetup } from '../../../../lens/server'; +import { SavedObjectsUtils } from '../../../../../../src/core/server'; -import { - Actions, - ActionTypes, - CaseResponse, - CommentRequest, - CommentRequestRt, - CommentType, - throwErrors, - User, -} from '../../../common/api'; +import { CaseResponse, CommentRequest, CommentRequestRt, throwErrors } from '../../../common/api'; -import { AttachmentService, CasesService } from '../../services'; -import { CommentableCase } from '../../common/models'; +import { CaseCommentModel } from '../../common/models'; import { createCaseError } from '../../common/error'; -import { createAlertUpdateRequest } from '../../common/utils'; -import { CasesClientArgs, CasesClientInternal } from '..'; +import { CasesClientArgs } from '..'; import { decodeCommentRequest } from '../utils'; import { Operations } from '../../authorization'; -async function createCommentableCase({ - caseService, - attachmentService, - unsecuredSavedObjectsClient, - id, - logger, - lensEmbeddableFactory, -}: { - caseService: CasesService; - attachmentService: AttachmentService; - unsecuredSavedObjectsClient: SavedObjectsClientContract; - id: string; - logger: Logger; - lensEmbeddableFactory: LensServerPluginSetup['lensEmbeddableFactory']; -}): Promise { - const caseInfo = await caseService.getCase({ - id, - }); - - return new CommentableCase({ - logger, - caseInfo, - caseService, - attachmentService, - unsecuredSavedObjectsClient, - lensEmbeddableFactory, - }); -} - /** * The arguments needed for creating a new attachment to a case. */ @@ -87,8 +42,7 @@ export interface AddArgs { */ export const addComment = async ( addArgs: AddArgs, - clientArgs: CasesClientArgs, - casesClientInternal: CasesClientInternal + clientArgs: CasesClientArgs ): Promise => { const { comment, caseId } = addArgs; const query = pipe( @@ -96,17 +50,7 @@ export const addComment = async ( fold(throwErrors(Boom.badRequest), identity) ); - const { - unsecuredSavedObjectsClient, - caseService, - userActionService, - attachmentService, - user, - logger, - lensEmbeddableFactory, - authorization, - alertsService, - } = clientArgs; + const { logger, authorization } = clientArgs; decodeCommentRequest(comment); try { @@ -119,53 +63,15 @@ export const addComment = async ( const createdDate = new Date().toISOString(); - const combinedCase = await createCommentableCase({ - caseService, - attachmentService, - unsecuredSavedObjectsClient, - id: caseId, - logger, - lensEmbeddableFactory, - }); - - // eslint-disable-next-line @typescript-eslint/naming-convention - const { username, full_name, email } = user; - const userInfo: User = { - username, - full_name, - email, - }; + const model = await CaseCommentModel.create(caseId, clientArgs); - const { comment: newComment, commentableCase: updatedCase } = await combinedCase.createComment({ + const updatedModel = await model.createComment({ createdDate, - user: userInfo, commentReq: query, id: savedObjectID, }); - if (newComment.attributes.type === CommentType.alert && updatedCase.settings.syncAlerts) { - const alertsToUpdate = createAlertUpdateRequest({ - comment: query, - status: updatedCase.status, - }); - - await alertsService.updateAlertsStatus(alertsToUpdate); - } - - await userActionService.createUserAction({ - type: ActionTypes.comment, - action: Actions.create, - unsecuredSavedObjectsClient, - caseId, - attachmentId: newComment.id, - payload: { - attachment: query, - }, - user, - owner: newComment.attributes.owner, - }); - - return updatedCase.encode(); + return await updatedModel.encodeWithComments(); } catch (error) { throw createCaseError({ message: `Failed while adding a comment to case id: ${caseId} error: ${error}`, diff --git a/x-pack/plugins/cases/server/client/attachments/client.ts b/x-pack/plugins/cases/server/client/attachments/client.ts index d71496b764824..ab77ae3f01836 100644 --- a/x-pack/plugins/cases/server/client/attachments/client.ts +++ b/x-pack/plugins/cases/server/client/attachments/client.ts @@ -76,7 +76,7 @@ export const createAttachmentsSubClient = ( casesClientInternal: CasesClientInternal ): AttachmentsSubClient => { const attachmentSubClient: AttachmentsSubClient = { - add: (params: AddArgs) => addComment(params, clientArgs, casesClientInternal), + add: (params: AddArgs) => addComment(params, clientArgs), deleteAll: (deleteAllArgs: DeleteAllArgs) => deleteAll(deleteAllArgs, clientArgs), delete: (deleteArgs: DeleteArgs) => deleteComment(deleteArgs, clientArgs), find: (findArgs: FindArgs) => find(findArgs, clientArgs), diff --git a/x-pack/plugins/cases/server/client/attachments/update.ts b/x-pack/plugins/cases/server/client/attachments/update.ts index bd91827a9c852..0ac03a5b96c09 100644 --- a/x-pack/plugins/cases/server/client/attachments/update.ts +++ b/x-pack/plugins/cases/server/client/attachments/update.ts @@ -7,13 +7,10 @@ import Boom from '@hapi/boom'; -import { SavedObjectsClientContract, Logger } from 'kibana/server'; -import { LensServerPluginSetup } from '../../../../lens/server'; -import { CommentableCase } from '../../common/models'; +import { CaseCommentModel } from '../../common/models'; import { createCaseError } from '../../common/error'; -import { Actions, ActionTypes, CaseResponse, CommentPatchRequest } from '../../../common/api'; +import { CaseResponse, CommentPatchRequest } from '../../../common/api'; import { CASE_SAVED_OBJECT } from '../../../common/constants'; -import { AttachmentService, CasesService } from '../../services'; import { CasesClientArgs } from '..'; import { decodeCommentRequest } from '../utils'; import { Operations } from '../../authorization'; @@ -32,37 +29,6 @@ export interface UpdateArgs { updateRequest: CommentPatchRequest; } -interface CombinedCaseParams { - attachmentService: AttachmentService; - caseService: CasesService; - unsecuredSavedObjectsClient: SavedObjectsClientContract; - caseID: string; - logger: Logger; - lensEmbeddableFactory: LensServerPluginSetup['lensEmbeddableFactory']; -} - -async function createCommentableCase({ - attachmentService, - caseService, - unsecuredSavedObjectsClient, - caseID, - logger, - lensEmbeddableFactory, -}: CombinedCaseParams) { - const caseInfo = await caseService.getCase({ - id: caseID, - }); - - return new CommentableCase({ - attachmentService, - caseService, - caseInfo, - unsecuredSavedObjectsClient, - logger, - lensEmbeddableFactory, - }); -} - /** * Update an attachment. * @@ -72,16 +38,7 @@ export async function update( { caseID, updateRequest: queryParams }: UpdateArgs, clientArgs: CasesClientArgs ): Promise { - const { - attachmentService, - caseService, - unsecuredSavedObjectsClient, - logger, - lensEmbeddableFactory, - user, - userActionService, - authorization, - } = clientArgs; + const { attachmentService, unsecuredSavedObjectsClient, logger, authorization } = clientArgs; try { const { @@ -92,15 +49,6 @@ export async function update( decodeCommentRequest(queryRestAttributes); - const commentableCase = await createCommentableCase({ - attachmentService, - caseService, - unsecuredSavedObjectsClient, - caseID, - logger, - lensEmbeddableFactory, - }); - const myComment = await attachmentService.get({ unsecuredSavedObjectsClient, attachmentId: queryCommentId, @@ -115,6 +63,8 @@ export async function update( operation: Operations.updateComment, }); + const model = await CaseCommentModel.create(caseID, clientArgs); + if (myComment.attributes.type !== queryRestAttributes.type) { throw Boom.badRequest(`You cannot change the type of the comment.`); } @@ -124,9 +74,9 @@ export async function update( } const caseRef = myComment.references.find((c) => c.type === CASE_SAVED_OBJECT); - if (caseRef == null || (caseRef != null && caseRef.id !== commentableCase.id)) { + if (caseRef == null || (caseRef != null && caseRef.id !== model.savedObject.id)) { throw Boom.notFound( - `This comment ${queryCommentId} does not exist in ${commentableCase.id}).` + `This comment ${queryCommentId} does not exist in ${model.savedObject.id}).` ); } @@ -137,25 +87,14 @@ export async function update( } const updatedDate = new Date().toISOString(); - const { comment: updatedComment, commentableCase: updatedCase } = - await commentableCase.updateComment({ - updateRequest: queryParams, - updatedAt: updatedDate, - user, - }); - - await userActionService.createUserAction({ - type: ActionTypes.comment, - action: Actions.update, - unsecuredSavedObjectsClient, - caseId: caseID, - attachmentId: updatedComment.id, - payload: { attachment: queryRestAttributes }, - user, + + const updatedModel = await model.updateComment({ + updateRequest: queryParams, + updatedAt: updatedDate, owner: myComment.attributes.owner, }); - return await updatedCase.encode(); + return await updatedModel.encodeWithComments(); } catch (error) { throw createCaseError({ message: `Failed to patch comment case id: ${caseID}: ${error}`, diff --git a/x-pack/plugins/cases/server/client/cases/find.ts b/x-pack/plugins/cases/server/client/cases/find.ts index 26ac4603c51e5..b5d3cee05ced6 100644 --- a/x-pack/plugins/cases/server/client/cases/find.ts +++ b/x-pack/plugins/cases/server/client/cases/find.ts @@ -54,6 +54,8 @@ export const find = async ( sortByField: queryParams.sortField, status: queryParams.status, owner: queryParams.owner, + from: queryParams.from, + to: queryParams.to, }; const statusStatsOptions = constructQueryOptions({ diff --git a/x-pack/plugins/cases/server/client/metrics/get_cases_metrics.ts b/x-pack/plugins/cases/server/client/metrics/get_cases_metrics.ts index 82c3a52a10d63..e02f882820fa7 100644 --- a/x-pack/plugins/cases/server/client/metrics/get_cases_metrics.ts +++ b/x-pack/plugins/cases/server/client/metrics/get_cases_metrics.ts @@ -41,6 +41,8 @@ export async function getStatusTotalsByType( const options = constructQueryOptions({ owner: queryParams.owner, + from: queryParams.from, + to: queryParams.to, authorizationFilter, }); diff --git a/x-pack/plugins/cases/server/client/utils.test.ts b/x-pack/plugins/cases/server/client/utils.test.ts index 4db98f7618715..0210ce9eaf3d4 100644 --- a/x-pack/plugins/cases/server/client/utils.test.ts +++ b/x-pack/plugins/cases/server/client/utils.test.ts @@ -8,31 +8,32 @@ import { CaseConnector, ConnectorTypes } from '../../common/api'; import { newCase } from '../routes/api/__mocks__/request_responses'; import { transformNewCase } from '../common/utils'; -import { sortToSnake } from './utils'; +import { buildRangeFilter, sortToSnake } from './utils'; +import { toElasticsearchQuery } from '@kbn/es-query'; describe('utils', () => { describe('sortToSnake', () => { - it('it transforms status correctly', () => { + it('transforms status correctly', () => { expect(sortToSnake('status')).toBe('status'); }); - it('it transforms createdAt correctly', () => { + it('transforms createdAt correctly', () => { expect(sortToSnake('createdAt')).toBe('created_at'); }); - it('it transforms created_at correctly', () => { + it('transforms created_at correctly', () => { expect(sortToSnake('created_at')).toBe('created_at'); }); - it('it transforms closedAt correctly', () => { + it('transforms closedAt correctly', () => { expect(sortToSnake('closedAt')).toBe('closed_at'); }); - it('it transforms closed_at correctly', () => { + it('transforms closed_at correctly', () => { expect(sortToSnake('closed_at')).toBe('closed_at'); }); - it('it transforms default correctly', () => { + it('transforms default correctly', () => { expect(sortToSnake('not-exist')).toBe('created_at'); }); }); @@ -103,4 +104,154 @@ describe('utils', () => { `); }); }); + + describe('buildRangeFilter', () => { + it('returns undefined if both the from and or are undefined', () => { + const node = buildRangeFilter({}); + expect(node).toBeFalsy(); + }); + + it('returns undefined if both the from and or are null', () => { + // @ts-expect-error + const node = buildRangeFilter({ from: null, to: null }); + expect(node).toBeFalsy(); + }); + + it('returns undefined if the from is malformed', () => { + expect(() => buildRangeFilter({ from: '<' })).toThrowError( + 'Invalid "from" and/or "to" query parameters' + ); + }); + + it('returns undefined if the to is malformed', () => { + expect(() => buildRangeFilter({ to: '<' })).toThrowError( + 'Invalid "from" and/or "to" query parameters' + ); + }); + + it('creates a range filter with only the from correctly', () => { + const node = buildRangeFilter({ from: 'now-1M' }); + expect(toElasticsearchQuery(node!)).toMatchInlineSnapshot(` + Object { + "bool": Object { + "minimum_should_match": 1, + "should": Array [ + Object { + "range": Object { + "cases.attributes.created_at": Object { + "gte": "now-1M", + }, + }, + }, + ], + }, + } + `); + }); + + it('creates a range filter with only the to correctly', () => { + const node = buildRangeFilter({ to: 'now' }); + expect(toElasticsearchQuery(node!)).toMatchInlineSnapshot(` + Object { + "bool": Object { + "minimum_should_match": 1, + "should": Array [ + Object { + "range": Object { + "cases.attributes.created_at": Object { + "lte": "now", + }, + }, + }, + ], + }, + } + `); + }); + + it('creates a range filter correctly', () => { + const node = buildRangeFilter({ from: 'now-1M', to: 'now' }); + expect(toElasticsearchQuery(node!)).toMatchInlineSnapshot(` + Object { + "bool": Object { + "filter": Array [ + Object { + "bool": Object { + "minimum_should_match": 1, + "should": Array [ + Object { + "range": Object { + "cases.attributes.created_at": Object { + "gte": "now-1M", + }, + }, + }, + ], + }, + }, + Object { + "bool": Object { + "minimum_should_match": 1, + "should": Array [ + Object { + "range": Object { + "cases.attributes.created_at": Object { + "lte": "now", + }, + }, + }, + ], + }, + }, + ], + }, + } + `); + }); + + it('creates a range filter with different field and saved object type provided', () => { + const node = buildRangeFilter({ + from: 'now-1M', + to: 'now', + field: 'test', + savedObjectType: 'test-type', + }); + expect(toElasticsearchQuery(node!)).toMatchInlineSnapshot(` + Object { + "bool": Object { + "filter": Array [ + Object { + "bool": Object { + "minimum_should_match": 1, + "should": Array [ + Object { + "range": Object { + "test-type.attributes.test": Object { + "gte": "now-1M", + }, + }, + }, + ], + }, + }, + Object { + "bool": Object { + "minimum_should_match": 1, + "should": Array [ + Object { + "range": Object { + "test-type.attributes.test": Object { + "lte": "now", + }, + }, + }, + ], + }, + }, + ], + }, + } + `); + }); + }); }); diff --git a/x-pack/plugins/cases/server/client/utils.ts b/x-pack/plugins/cases/server/client/utils.ts index 24f661b5f41fe..0c78118e3285b 100644 --- a/x-pack/plugins/cases/server/client/utils.ts +++ b/x-pack/plugins/cases/server/client/utils.ts @@ -183,6 +183,35 @@ export function stringToKueryNode(expression?: string): KueryNode | undefined { return fromKueryExpression(expression); } +export const buildRangeFilter = ({ + from, + to, + field = 'created_at', + savedObjectType = CASE_SAVED_OBJECT, +}: { + from?: string; + to?: string; + field?: string; + savedObjectType?: string; +}): KueryNode | undefined => { + if (from == null && to == null) { + return; + } + + try { + const fromKQL = from != null ? `${savedObjectType}.attributes.${field} >= ${from}` : undefined; + const toKQL = to != null ? `${savedObjectType}.attributes.${field} <= ${to}` : undefined; + + const rangeKQLQuery = `${fromKQL != null ? fromKQL : ''} ${ + fromKQL != null && toKQL != null ? 'and' : '' + } ${toKQL != null ? toKQL : ''}`; + + return stringToKueryNode(rangeKQLQuery); + } catch (error) { + throw badRequest('Invalid "from" and/or "to" query parameters'); + } +}; + export const constructQueryOptions = ({ tags, reporters, @@ -190,6 +219,8 @@ export const constructQueryOptions = ({ sortByField, owner, authorizationFilter, + from, + to, }: { tags?: string | string[]; reporters?: string | string[]; @@ -197,6 +228,8 @@ export const constructQueryOptions = ({ sortByField?: string; owner?: string | string[]; authorizationFilter?: KueryNode; + from?: string; + to?: string; }): SavedObjectFindOptionsKueryNode => { const kueryNodeExists = (filter: KueryNode | null | undefined): filter is KueryNode => filter != null; @@ -211,10 +244,15 @@ export const constructQueryOptions = ({ const ownerFilter = buildFilter({ filters: owner ?? [], field: OWNER_FIELD, operator: 'or' }); const statusFilter = status != null ? addStatusFilter({ status }) : undefined; - - const filters: KueryNode[] = [statusFilter, tagsFilter, reportersFilter, ownerFilter].filter( - kueryNodeExists - ); + const rangeFilter = buildRangeFilter({ from, to }); + + const filters: KueryNode[] = [ + statusFilter, + tagsFilter, + reportersFilter, + rangeFilter, + ownerFilter, + ].filter(kueryNodeExists); const caseFilters = filters.length > 1 ? nodeBuilder.and(filters) : filters[0]; diff --git a/x-pack/plugins/cases/server/common/models/case_with_comments.ts b/x-pack/plugins/cases/server/common/models/case_with_comments.ts new file mode 100644 index 0000000000000..14c0b6aec5eac --- /dev/null +++ b/x-pack/plugins/cases/server/common/models/case_with_comments.ts @@ -0,0 +1,325 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import Boom from '@hapi/boom'; + +import { + SavedObject, + SavedObjectReference, + SavedObjectsUpdateOptions, + SavedObjectsUpdateResponse, +} from 'src/core/server'; +import { + CaseResponse, + CaseResponseRt, + CaseStatuses, + CommentAttributes, + CommentPatchRequest, + CommentRequest, + CommentType, + CommentRequestUserType, + CaseAttributes, + ActionTypes, + Actions, +} from '../../../common/api'; +import { CASE_SAVED_OBJECT, MAX_DOCS_PER_PAGE } from '../../../common/constants'; +import { CasesClientArgs } from '../../client'; +import { createCaseError } from '../error'; +import { + countAlertsForID, + flattenCommentSavedObjects, + transformNewComment, + getOrUpdateLensReferences, + createAlertUpdateRequest, +} from '../utils'; + +type CaseCommentModelParams = Omit; + +/** + * This class represents a case that can have a comment attached to it. + */ +export class CaseCommentModel { + private readonly params: CaseCommentModelParams; + private readonly caseInfo: SavedObject; + + private constructor(caseInfo: SavedObject, params: CaseCommentModelParams) { + this.caseInfo = caseInfo; + this.params = params; + } + + public static async create( + id: string, + options: CaseCommentModelParams + ): Promise { + const savedObject = await options.caseService.getCase({ + id, + }); + + return new CaseCommentModel(savedObject, options); + } + + public get savedObject(): SavedObject { + return this.caseInfo; + } + + /** + * Update a comment and update the corresponding case's update_at and updated_by fields. + */ + public async updateComment({ + updateRequest, + updatedAt, + owner, + }: { + updateRequest: CommentPatchRequest; + updatedAt: string; + owner: string; + }): Promise { + try { + const { id, version, ...queryRestAttributes } = updateRequest; + const options: SavedObjectsUpdateOptions = { + version, + }; + + if (queryRestAttributes.type === CommentType.user && queryRestAttributes?.comment) { + const currentComment = (await this.params.attachmentService.get({ + unsecuredSavedObjectsClient: this.params.unsecuredSavedObjectsClient, + attachmentId: id, + })) as SavedObject; + + const updatedReferences = getOrUpdateLensReferences( + this.params.lensEmbeddableFactory, + queryRestAttributes.comment, + currentComment + ); + options.references = updatedReferences; + } + + const [comment, commentableCase] = await Promise.all([ + this.params.attachmentService.update({ + unsecuredSavedObjectsClient: this.params.unsecuredSavedObjectsClient, + attachmentId: id, + updatedAttributes: { + ...queryRestAttributes, + updated_at: updatedAt, + updated_by: this.params.user, + }, + options, + }), + this.updateCaseUserAndDate(updatedAt), + ]); + + await commentableCase.createUpdateCommentUserAction(comment, updateRequest, owner); + + return commentableCase; + } catch (error) { + throw createCaseError({ + message: `Failed to update comment in commentable case, case id: ${this.caseInfo.id}: ${error}`, + error, + logger: this.params.logger, + }); + } + } + + private async updateCaseUserAndDate(date: string): Promise { + try { + const updatedCase = await this.params.caseService.patchCase({ + originalCase: this.caseInfo, + caseId: this.caseInfo.id, + updatedAttributes: { + updated_at: date, + updated_by: { ...this.params.user }, + }, + version: this.caseInfo.version, + }); + + return this.newObjectWithInfo({ + ...this.caseInfo, + attributes: { + ...this.caseInfo.attributes, + ...updatedCase.attributes, + }, + version: updatedCase.version ?? this.caseInfo.version, + }); + } catch (error) { + throw createCaseError({ + message: `Failed to update commentable case, case id: ${this.caseInfo.id}: ${error}`, + error, + logger: this.params.logger, + }); + } + } + + private newObjectWithInfo(caseInfo: SavedObject): CaseCommentModel { + return new CaseCommentModel(caseInfo, this.params); + } + + private async createUpdateCommentUserAction( + comment: SavedObjectsUpdateResponse, + updateRequest: CommentPatchRequest, + owner: string + ) { + const { id, version, ...queryRestAttributes } = updateRequest; + + await this.params.userActionService.createUserAction({ + type: ActionTypes.comment, + action: Actions.update, + unsecuredSavedObjectsClient: this.params.unsecuredSavedObjectsClient, + caseId: this.caseInfo.id, + attachmentId: comment.id, + payload: { attachment: queryRestAttributes }, + user: this.params.user, + owner, + }); + } + + /** + * Create a new comment on the appropriate case. This updates the case's updated_at and updated_by fields. + */ + public async createComment({ + createdDate, + commentReq, + id, + }: { + createdDate: string; + commentReq: CommentRequest; + id: string; + }): Promise { + try { + this.validateCreateCommentRequest(commentReq); + + let references = this.buildRefsToCase(); + + if (commentReq.type === CommentType.user && commentReq?.comment) { + const commentStringReferences = getOrUpdateLensReferences( + this.params.lensEmbeddableFactory, + commentReq.comment + ); + references = [...references, ...commentStringReferences]; + } + + const [comment, commentableCase] = await Promise.all([ + this.params.attachmentService.create({ + unsecuredSavedObjectsClient: this.params.unsecuredSavedObjectsClient, + attributes: transformNewComment({ + createdDate, + ...commentReq, + ...this.params.user, + }), + references, + id, + }), + this.updateCaseUserAndDate(createdDate), + ]); + + await Promise.all([ + commentableCase.handleAlertComments(comment, commentReq), + this.createCommentUserAction(comment, commentReq), + ]); + + return commentableCase; + } catch (error) { + throw createCaseError({ + message: `Failed creating a comment on a commentable case, case id: ${this.caseInfo.id}: ${error}`, + error, + logger: this.params.logger, + }); + } + } + + private validateCreateCommentRequest(req: CommentRequest) { + if (req.type === CommentType.alert && this.caseInfo.attributes.status === CaseStatuses.closed) { + throw Boom.badRequest('Alert cannot be attached to a closed case'); + } + + if (req.owner !== this.caseInfo.attributes.owner) { + throw Boom.badRequest('The owner field of the comment must match the case'); + } + } + + private buildRefsToCase(): SavedObjectReference[] { + return [ + { + type: CASE_SAVED_OBJECT, + name: `associated-${CASE_SAVED_OBJECT}`, + id: this.caseInfo.id, + }, + ]; + } + + private async handleAlertComments(comment: SavedObject, req: CommentRequest) { + if ( + comment.attributes.type === CommentType.alert && + this.caseInfo.attributes.settings.syncAlerts + ) { + await this.updateAlertsStatus(req); + } + } + + private async updateAlertsStatus(req: CommentRequest) { + const alertsToUpdate = createAlertUpdateRequest({ + comment: req, + status: this.caseInfo.attributes.status, + }); + + await this.params.alertsService.updateAlertsStatus(alertsToUpdate); + } + + private async createCommentUserAction( + comment: SavedObject, + req: CommentRequest + ) { + await this.params.userActionService.createUserAction({ + type: ActionTypes.comment, + action: Actions.create, + unsecuredSavedObjectsClient: this.params.unsecuredSavedObjectsClient, + caseId: this.caseInfo.id, + attachmentId: comment.id, + payload: { + attachment: req, + }, + user: this.params.user, + owner: comment.attributes.owner, + }); + } + + private formatForEncoding(totalComment: number) { + return { + id: this.caseInfo.id, + version: this.caseInfo.version ?? '0', + totalComment, + ...this.caseInfo.attributes, + }; + } + + public async encodeWithComments(): Promise { + try { + const comments = await this.params.caseService.getAllCaseComments({ + id: this.caseInfo.id, + options: { + fields: [], + page: 1, + perPage: MAX_DOCS_PER_PAGE, + }, + }); + + const totalAlerts = countAlertsForID({ comments, id: this.caseInfo.id }) ?? 0; + + const caseResponse = { + comments: flattenCommentSavedObjects(comments.saved_objects), + totalAlerts, + ...this.formatForEncoding(comments.total), + }; + + return CaseResponseRt.encode(caseResponse); + } catch (error) { + throw createCaseError({ + message: `Failed encoding the commentable case, case id: ${this.caseInfo.id}: ${error}`, + error, + logger: this.params.logger, + }); + } + } +} diff --git a/x-pack/plugins/cases/server/common/models/commentable_case.ts b/x-pack/plugins/cases/server/common/models/commentable_case.ts deleted file mode 100644 index a56e55670ec83..0000000000000 --- a/x-pack/plugins/cases/server/common/models/commentable_case.ts +++ /dev/null @@ -1,309 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ -import Boom from '@hapi/boom'; - -import { - SavedObject, - SavedObjectReference, - SavedObjectsClientContract, - SavedObjectsUpdateOptions, - SavedObjectsUpdateResponse, - Logger, -} from 'src/core/server'; -import { LensServerPluginSetup } from '../../../../lens/server'; -import { - CaseResponse, - CaseResponseRt, - CaseSettings, - CaseStatuses, - CommentAttributes, - CommentPatchRequest, - CommentRequest, - CommentType, - User, - CommentRequestUserType, - CaseAttributes, -} from '../../../common/api'; -import { CASE_SAVED_OBJECT, MAX_DOCS_PER_PAGE } from '../../../common/constants'; -import { AttachmentService, CasesService } from '../../services'; -import { createCaseError } from '../error'; -import { - countAlertsForID, - flattenCommentSavedObjects, - transformNewComment, - getOrUpdateLensReferences, -} from '../utils'; - -interface UpdateCommentResp { - comment: SavedObjectsUpdateResponse; - commentableCase: CommentableCase; -} - -interface NewCommentResp { - comment: SavedObject; - commentableCase: CommentableCase; -} - -interface CommentableCaseParams { - caseInfo: SavedObject; - unsecuredSavedObjectsClient: SavedObjectsClientContract; - caseService: CasesService; - attachmentService: AttachmentService; - logger: Logger; - lensEmbeddableFactory: LensServerPluginSetup['lensEmbeddableFactory']; -} - -/** - * This class represents a case that can have a comment attached to it. - */ -export class CommentableCase { - private readonly caseInfo: SavedObject; - private readonly unsecuredSavedObjectsClient: SavedObjectsClientContract; - private readonly caseService: CasesService; - private readonly attachmentService: AttachmentService; - private readonly logger: Logger; - private readonly lensEmbeddableFactory: LensServerPluginSetup['lensEmbeddableFactory']; - - constructor({ - caseInfo, - unsecuredSavedObjectsClient, - caseService, - attachmentService, - logger, - lensEmbeddableFactory, - }: CommentableCaseParams) { - this.caseInfo = caseInfo; - this.unsecuredSavedObjectsClient = unsecuredSavedObjectsClient; - this.caseService = caseService; - this.attachmentService = attachmentService; - this.logger = logger; - this.lensEmbeddableFactory = lensEmbeddableFactory; - } - - public get status(): CaseStatuses { - return this.caseInfo.attributes.status; - } - - public get id(): string { - return this.caseInfo.id; - } - - public get settings(): CaseSettings { - return this.caseInfo.attributes.settings; - } - - public get caseId(): string { - return this.caseInfo.id; - } - - private get owner(): string { - return this.caseInfo.attributes.owner; - } - - private buildRefsToCase(): SavedObjectReference[] { - return [ - { - type: CASE_SAVED_OBJECT, - name: `associated-${CASE_SAVED_OBJECT}`, - id: this.caseInfo.id, - }, - ]; - } - - private async update({ date, user }: { date: string; user: User }): Promise { - try { - const updatedCase = await this.caseService.patchCase({ - originalCase: this.caseInfo, - caseId: this.caseInfo.id, - updatedAttributes: { - updated_at: date, - updated_by: { ...user }, - }, - version: this.caseInfo.version, - }); - - return new CommentableCase({ - caseInfo: { - ...this.caseInfo, - attributes: { - ...this.caseInfo.attributes, - ...updatedCase.attributes, - }, - version: updatedCase.version ?? this.caseInfo.version, - }, - unsecuredSavedObjectsClient: this.unsecuredSavedObjectsClient, - caseService: this.caseService, - attachmentService: this.attachmentService, - logger: this.logger, - lensEmbeddableFactory: this.lensEmbeddableFactory, - }); - } catch (error) { - throw createCaseError({ - message: `Failed to update commentable case, case id: ${this.caseId}: ${error}`, - error, - logger: this.logger, - }); - } - } - - /** - * Update a comment and update the corresponding case's update_at and updated_by fields. - */ - public async updateComment({ - updateRequest, - updatedAt, - user, - }: { - updateRequest: CommentPatchRequest; - updatedAt: string; - user: User; - }): Promise { - try { - const { id, version, ...queryRestAttributes } = updateRequest; - const options: SavedObjectsUpdateOptions = { - version, - }; - - if (queryRestAttributes.type === CommentType.user && queryRestAttributes?.comment) { - const currentComment = (await this.attachmentService.get({ - unsecuredSavedObjectsClient: this.unsecuredSavedObjectsClient, - attachmentId: id, - })) as SavedObject; - - const updatedReferences = getOrUpdateLensReferences( - this.lensEmbeddableFactory, - queryRestAttributes.comment, - currentComment - ); - options.references = updatedReferences; - } - - const [comment, commentableCase] = await Promise.all([ - this.attachmentService.update({ - unsecuredSavedObjectsClient: this.unsecuredSavedObjectsClient, - attachmentId: id, - updatedAttributes: { - ...queryRestAttributes, - updated_at: updatedAt, - updated_by: user, - }, - options, - }), - this.update({ date: updatedAt, user }), - ]); - return { - comment, - commentableCase, - }; - } catch (error) { - throw createCaseError({ - message: `Failed to update comment in commentable case, case id: ${this.caseId}: ${error}`, - error, - logger: this.logger, - }); - } - } - - /** - * Create a new comment on the appropriate case. This updates the case's updated_at and updated_by fields. - */ - public async createComment({ - createdDate, - user, - commentReq, - id, - }: { - createdDate: string; - user: User; - commentReq: CommentRequest; - id: string; - }): Promise { - try { - if (commentReq.type === CommentType.alert) { - if (this.status === CaseStatuses.closed) { - throw Boom.badRequest('Alert cannot be attached to a closed case'); - } - } - - if (commentReq.owner !== this.owner) { - throw Boom.badRequest('The owner field of the comment must match the case'); - } - - let references = this.buildRefsToCase(); - - if (commentReq.type === CommentType.user && commentReq?.comment) { - const commentStringReferences = getOrUpdateLensReferences( - this.lensEmbeddableFactory, - commentReq.comment - ); - references = [...references, ...commentStringReferences]; - } - - const [comment, commentableCase] = await Promise.all([ - this.attachmentService.create({ - unsecuredSavedObjectsClient: this.unsecuredSavedObjectsClient, - attributes: transformNewComment({ - createdDate, - ...commentReq, - ...user, - }), - references, - id, - }), - this.update({ date: createdDate, user }), - ]); - return { - comment, - commentableCase, - }; - } catch (error) { - throw createCaseError({ - message: `Failed creating a comment on a commentable case, case id: ${this.caseId}: ${error}`, - error, - logger: this.logger, - }); - } - } - - private formatForEncoding(totalComment: number) { - return { - id: this.caseInfo.id, - version: this.caseInfo.version ?? '0', - totalComment, - ...this.caseInfo.attributes, - }; - } - - public async encode(): Promise { - try { - const comments = await this.caseService.getAllCaseComments({ - id: this.caseInfo.id, - options: { - fields: [], - page: 1, - perPage: MAX_DOCS_PER_PAGE, - }, - }); - - const totalAlerts = countAlertsForID({ comments, id: this.caseInfo.id }) ?? 0; - - const caseResponse = { - comments: flattenCommentSavedObjects(comments.saved_objects), - totalAlerts, - ...this.formatForEncoding(comments.total), - }; - - return CaseResponseRt.encode(caseResponse); - } catch (error) { - throw createCaseError({ - message: `Failed encoding the commentable case, case id: ${this.caseId}: ${error}`, - error, - logger: this.logger, - }); - } - } -} diff --git a/x-pack/plugins/cases/server/common/models/index.ts b/x-pack/plugins/cases/server/common/models/index.ts index 189090c91c81c..1c1295b77d647 100644 --- a/x-pack/plugins/cases/server/common/models/index.ts +++ b/x-pack/plugins/cases/server/common/models/index.ts @@ -5,4 +5,4 @@ * 2.0. */ -export * from './commentable_case'; +export * from './case_with_comments'; diff --git a/x-pack/plugins/cross_cluster_replication/public/app/index.tsx b/x-pack/plugins/cross_cluster_replication/public/app/index.tsx index d6dc16a55a99f..cee244c2de006 100644 --- a/x-pack/plugins/cross_cluster_replication/public/app/index.tsx +++ b/x-pack/plugins/cross_cluster_replication/public/app/index.tsx @@ -17,25 +17,48 @@ import { ApplicationStart, DocLinksStart, CoreTheme, + ExecutionContextStart, } from 'src/core/public'; -import { KibanaThemeProvider } from '../shared_imports'; +import { KibanaThemeProvider, useExecutionContext } from '../shared_imports'; import { init as initBreadcrumbs, SetBreadcrumbs } from './services/breadcrumbs'; import { init as initDocumentation } from './services/documentation_links'; import { App } from './app'; import { ccrStore } from './store'; +const AppWithExecutionContext = ({ + history, + executionContext, + getUrlForApp, +}: { + history: ScopedHistory; + getUrlForApp: ApplicationStart['getUrlForApp']; + executionContext: ExecutionContextStart; +}) => { + useExecutionContext(executionContext, { + type: 'application', + page: 'crossClusterReplication', + }); + + return ; +}; + const renderApp = ( element: Element, I18nContext: I18nStart['Context'], history: ScopedHistory, getUrlForApp: ApplicationStart['getUrlForApp'], - theme$: Observable + theme$: Observable, + executionContext: ExecutionContextStart ): UnmountCallback => { render( - + , @@ -53,6 +76,7 @@ export async function mountApp({ history, getUrlForApp, theme$, + executionContext, }: { element: Element; setBreadcrumbs: SetBreadcrumbs; @@ -61,11 +85,12 @@ export async function mountApp({ history: ScopedHistory; getUrlForApp: ApplicationStart['getUrlForApp']; theme$: Observable; + executionContext: ExecutionContextStart; }): Promise { // Import and initialize additional services here instead of in plugin.ts to reduce the size of the // initial bundle as much as possible. initBreadcrumbs(setBreadcrumbs); initDocumentation(docLinks); - return renderApp(element, I18nContext, history, getUrlForApp, theme$); + return renderApp(element, I18nContext, history, getUrlForApp, theme$, executionContext); } diff --git a/x-pack/plugins/cross_cluster_replication/public/plugin.ts b/x-pack/plugins/cross_cluster_replication/public/plugin.ts index bc2546bdacb2a..87b8c93119624 100644 --- a/x-pack/plugins/cross_cluster_replication/public/plugin.ts +++ b/x-pack/plugins/cross_cluster_replication/public/plugin.ts @@ -50,6 +50,7 @@ export class CrossClusterReplicationPlugin implements Plugin { i18n: { Context: I18nContext }, docLinks, application: { getUrlForApp }, + executionContext, } = coreStart; docTitle.change(PLUGIN.TITLE); @@ -62,6 +63,7 @@ export class CrossClusterReplicationPlugin implements Plugin { history, getUrlForApp, theme$, + executionContext, }); return () => { diff --git a/x-pack/plugins/cross_cluster_replication/public/shared_imports.ts b/x-pack/plugins/cross_cluster_replication/public/shared_imports.ts index f850e054f9667..d9a0db5cd1a7d 100644 --- a/x-pack/plugins/cross_cluster_replication/public/shared_imports.ts +++ b/x-pack/plugins/cross_cluster_replication/public/shared_imports.ts @@ -13,6 +13,9 @@ export { PageLoading, } from '../../../../src/plugins/es_ui_shared/public'; -export { KibanaThemeProvider } from '../../../../src/plugins/kibana_react/public'; +export { + KibanaThemeProvider, + useExecutionContext, +} from '../../../../src/plugins/kibana_react/public'; export { APP_WRAPPER_CLASS } from '../../../../src/core/public'; diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_details_page/components/agent_dashboard_link.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_details_page/components/agent_dashboard_link.tsx index df7a85c98e4fa..9449e5370b7cd 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_details_page/components/agent_dashboard_link.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_details_page/components/agent_dashboard_link.tsx @@ -54,7 +54,7 @@ export const AgentDashboardLink: React.FunctionComponent<{ content={ } > diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/settings/components/logstash_instructions/helpers.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/settings/components/logstash_instructions/helpers.tsx index afb1919dcf03f..e6326eeb1ecc2 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/settings/components/logstash_instructions/helpers.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/settings/components/logstash_instructions/helpers.tsx @@ -26,7 +26,8 @@ output { hosts => "" api_key => "" data_stream => true - # ca_cert: + ssl => true + # cacert: } }`.replace('', apiKey || ''); } diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/settings/components/logstash_instructions/index.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/settings/components/logstash_instructions/index.tsx index 2e7924711e55a..19ff2cbc61d77 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/settings/components/logstash_instructions/index.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/settings/components/logstash_instructions/index.tsx @@ -194,7 +194,7 @@ const LogstashInstructionSteps = () => { diff --git a/x-pack/plugins/fleet/public/components/enrollment_instructions/manual/index.tsx b/x-pack/plugins/fleet/public/components/enrollment_instructions/manual/index.tsx index 62b7cb6fac5a1..020ca9dc053a7 100644 --- a/x-pack/plugins/fleet/public/components/enrollment_instructions/manual/index.tsx +++ b/x-pack/plugins/fleet/public/components/enrollment_instructions/manual/index.tsx @@ -45,6 +45,7 @@ sudo ./elastic-agent install ${enrollArgs}`; const windowsCommand = `wget https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-${kibanaVersion}-windows-x86_64.zip -OutFile elastic-agent-${kibanaVersion}-windows-x86_64.zip Expand-Archive .\\elastic-agent-${kibanaVersion}-windows-x86_64.zip +cd elastic-agent-${kibanaVersion}-windows-x86_64 .\\elastic-agent.exe install ${enrollArgs}`; const linuxDebCommand = `curl -L -O https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-${kibanaVersion}-amd64.deb diff --git a/x-pack/plugins/fleet/server/integration_tests/cloud_preconfiguration.test.ts b/x-pack/plugins/fleet/server/integration_tests/cloud_preconfiguration.test.ts index 5fa3bb118b0ed..f3a4e045d042d 100644 --- a/x-pack/plugins/fleet/server/integration_tests/cloud_preconfiguration.test.ts +++ b/x-pack/plugins/fleet/server/integration_tests/cloud_preconfiguration.test.ts @@ -18,8 +18,7 @@ import { CLOUD_KIBANA_CONFIG } from './fixtures/cloud_kibana_config'; const logFilePath = Path.join(__dirname, 'logs.log'); -// FLAKY: https://github.com/elastic/kibana/issues/127076 -describe.skip('Fleet preconfiguration reset', () => { +describe('Fleet preconfiguration reset', () => { let esServer: kbnTestServer.TestElasticsearchUtils; let kbnServer: kbnTestServer.TestKibanaUtils; @@ -108,8 +107,7 @@ describe.skip('Fleet preconfiguration reset', () => { await stopServers(); }); - // FLAKY: https://github.com/elastic/kibana/issues/127077 - describe.skip('Preconfigred cloud policy', () => { + describe('Preconfigred cloud policy', () => { it('Works and preconfigure correctly agent policies', async () => { const agentPolicies = await kbnServer.coreStart.savedObjects .createInternalRepository() diff --git a/x-pack/plugins/index_lifecycle_management/__jest__/client_integration/app/app.helpers.tsx b/x-pack/plugins/index_lifecycle_management/__jest__/client_integration/app/app.helpers.tsx index 153f1c09c53a9..7c6d891042493 100644 --- a/x-pack/plugins/index_lifecycle_management/__jest__/client_integration/app/app.helpers.tsx +++ b/x-pack/plugins/index_lifecycle_management/__jest__/client_integration/app/app.helpers.tsx @@ -8,7 +8,7 @@ import React from 'react'; import { act } from 'react-dom/test-utils'; import { registerTestBed, TestBed, TestBedConfig } from '@kbn/test-jest-helpers'; -import { docLinksServiceMock } from 'src/core/public/mocks'; +import { docLinksServiceMock, executionContextServiceMock } from 'src/core/public/mocks'; import { KibanaContextProvider } from '../../../../../../src/plugins/kibana_react/public'; import { createBreadcrumbsMock } from '../../../public/application/services/breadcrumbs.mock'; import { licensingMock } from '../../../../licensing/public/mocks'; @@ -23,6 +23,7 @@ const AppWithContext = (props: any) => { breadcrumbService, license: licensingMock.createLicense(), docLinks: docLinksServiceMock.createStartContract(), + executionContext: executionContextServiceMock.createStartContract(), }} > diff --git a/x-pack/plugins/index_lifecycle_management/public/application/app.tsx b/x-pack/plugins/index_lifecycle_management/public/application/app.tsx index 89d19bb7edad5..0e41b2043e8e0 100644 --- a/x-pack/plugins/index_lifecycle_management/public/application/app.tsx +++ b/x-pack/plugins/index_lifecycle_management/public/application/app.tsx @@ -10,6 +10,7 @@ import { Router, Switch, Route, Redirect } from 'react-router-dom'; import { ScopedHistory } from 'kibana/public'; import { METRIC_TYPE } from '@kbn/analytics'; +import { useKibana, useExecutionContext } from '../shared_imports'; import { UIM_APP_LOAD } from './constants'; import { EditPolicy } from './sections/edit_policy'; import { PolicyList } from './sections/policy_list'; @@ -17,8 +18,17 @@ import { trackUiMetric } from './services/ui_metric'; import { ROUTES } from './services/navigation'; export const App = ({ history }: { history: ScopedHistory }) => { + const { + services: { executionContext }, + } = useKibana(); + useEffect(() => trackUiMetric(METRIC_TYPE.LOADED, UIM_APP_LOAD), []); + useExecutionContext(executionContext!, { + type: 'application', + page: 'indexLifecycleManagement', + }); + return ( diff --git a/x-pack/plugins/index_lifecycle_management/public/application/index.tsx b/x-pack/plugins/index_lifecycle_management/public/application/index.tsx index 5dd0ca5f1c409..b9323a56529a3 100644 --- a/x-pack/plugins/index_lifecycle_management/public/application/index.tsx +++ b/x-pack/plugins/index_lifecycle_management/public/application/index.tsx @@ -15,7 +15,7 @@ import { UnmountCallback, CoreTheme, } from 'src/core/public'; -import { DocLinksStart } from 'kibana/public'; +import { DocLinksStart, ExecutionContextStart } from 'kibana/public'; import { CloudSetup, @@ -37,6 +37,7 @@ export const renderApp = ( license: ILicense, theme$: Observable, docLinks: DocLinksStart, + executionContext: ExecutionContextStart, cloud?: CloudSetup ): UnmountCallback => { const { getUrlForApp } = application; @@ -45,7 +46,14 @@ export const renderApp = ( diff --git a/x-pack/plugins/index_lifecycle_management/public/plugin.tsx b/x-pack/plugins/index_lifecycle_management/public/plugin.tsx index 7700518506cea..3ab758c05b6e9 100644 --- a/x-pack/plugins/index_lifecycle_management/public/plugin.tsx +++ b/x-pack/plugins/index_lifecycle_management/public/plugin.tsx @@ -56,6 +56,7 @@ export class IndexLifecycleManagementPlugin i18n: { Context: I18nContext }, application, docLinks, + executionContext, } = coreStart; const license = await licensing.license$.pipe(first()).toPromise(); @@ -74,6 +75,7 @@ export class IndexLifecycleManagementPlugin license, theme$, docLinks, + executionContext, cloud ); diff --git a/x-pack/plugins/index_lifecycle_management/public/shared_imports.ts b/x-pack/plugins/index_lifecycle_management/public/shared_imports.ts index e94f09e138693..f5a4356b9323e 100644 --- a/x-pack/plugins/index_lifecycle_management/public/shared_imports.ts +++ b/x-pack/plugins/index_lifecycle_management/public/shared_imports.ts @@ -48,6 +48,7 @@ export { KibanaContextProvider, KibanaThemeProvider, RedirectAppLinks, + useExecutionContext, } from '../../../../src/plugins/kibana_react/public'; export { APP_WRAPPER_CLASS } from '../../../../src/core/public'; diff --git a/x-pack/plugins/index_management/__jest__/client_integration/helpers/setup_environment.tsx b/x-pack/plugins/index_management/__jest__/client_integration/helpers/setup_environment.tsx index c5b077ef00333..b469b0293123d 100644 --- a/x-pack/plugins/index_management/__jest__/client_integration/helpers/setup_environment.tsx +++ b/x-pack/plugins/index_management/__jest__/client_integration/helpers/setup_environment.tsx @@ -14,6 +14,7 @@ import { notificationServiceMock, docLinksServiceMock, uiSettingsServiceMock, + executionContextServiceMock, } from '../../../../../../src/core/public/mocks'; import { GlobalFlyout } from '../../../../../../src/plugins/es_ui_shared/public'; import { createKibanaReactContext } from '../../../../../../src/plugins/kibana_react/public'; @@ -48,7 +49,10 @@ setUiMetricService(services.uiMetricService); const appDependencies = { services, - core: { getUrlForApp: () => {} }, + core: { + getUrlForApp: () => {}, + executionContext: executionContextServiceMock.createStartContract(), + }, plugins: {}, } as any; diff --git a/x-pack/plugins/index_management/__jest__/components/index_table.test.js b/x-pack/plugins/index_management/__jest__/components/index_table.test.js index f98c891e5f4f5..bf5ab6541bad8 100644 --- a/x-pack/plugins/index_management/__jest__/components/index_table.test.js +++ b/x-pack/plugins/index_management/__jest__/components/index_table.test.js @@ -35,8 +35,10 @@ import { setExtensionsService } from '../../public/application/store/selectors/e import { ExtensionsService } from '../../public/services'; import { kibanaVersion } from '../client_integration/helpers'; -/* eslint-disable @kbn/eslint/no-restricted-paths */ -import { notificationServiceMock } from '../../../../../src/core/public/notifications/notifications_service.mock'; +import { + notificationServiceMock, + executionContextServiceMock, +} from '../../../../../src/core/public/mocks'; const mockHttpClient = axios.create({ adapter: axiosXhrAdapter }); @@ -164,7 +166,14 @@ describe('index table', () => { store = indexManagementStore(services); - const appDependencies = { services, core: {}, plugins: {} }; + const appDependencies = { + services, + core: { + getUrlForApp: () => {}, + executionContext: executionContextServiceMock.createStartContract(), + }, + plugins: {}, + }; component = ( diff --git a/x-pack/plugins/index_management/common/constants/plugin.ts b/x-pack/plugins/index_management/common/constants/plugin.ts index 482661045b3fa..64619afcfb11b 100644 --- a/x-pack/plugins/index_management/common/constants/plugin.ts +++ b/x-pack/plugins/index_management/common/constants/plugin.ts @@ -22,4 +22,4 @@ export const PLUGIN = { // "PluginInitializerContext.env.packageInfo.version". In some cases it is not possible // to dynamically inject that version without a huge refactor on the code base. // We will then keep this single constant to declare on which major branch we are. -export const MAJOR_VERSION = '8.2.0'; +export const MAJOR_VERSION = '8.3.0'; diff --git a/x-pack/plugins/index_management/public/application/app.tsx b/x-pack/plugins/index_management/public/application/app.tsx index eeeba390c09db..f52479f41708b 100644 --- a/x-pack/plugins/index_management/public/application/app.tsx +++ b/x-pack/plugins/index_management/public/application/app.tsx @@ -12,11 +12,12 @@ import { Router, Switch, Route, Redirect } from 'react-router-dom'; import { ScopedHistory } from 'kibana/public'; import { UIM_APP_LOAD } from '../../common/constants'; +import { useExecutionContext } from '../shared_imports'; import { IndexManagementHome, homeSections } from './sections/home'; import { TemplateCreate } from './sections/template_create'; import { TemplateClone } from './sections/template_clone'; import { TemplateEdit } from './sections/template_edit'; -import { useServices } from './app_context'; +import { useAppContext } from './app_context'; import { ComponentTemplateCreate, ComponentTemplateEdit, @@ -24,8 +25,16 @@ import { } from './components'; export const App = ({ history }: { history: ScopedHistory }) => { - const { uiMetricService } = useServices(); - useEffect(() => uiMetricService.trackMetric(METRIC_TYPE.LOADED, UIM_APP_LOAD), [uiMetricService]); + const { core, services } = useAppContext(); + useEffect( + () => services.uiMetricService.trackMetric(METRIC_TYPE.LOADED, UIM_APP_LOAD), + [services.uiMetricService] + ); + + useExecutionContext(core.executionContext, { + type: 'application', + page: 'indexManagement', + }); return ( diff --git a/x-pack/plugins/index_management/public/application/app_context.tsx b/x-pack/plugins/index_management/public/application/app_context.tsx index b41e37a5f441c..e5120fff11627 100644 --- a/x-pack/plugins/index_management/public/application/app_context.tsx +++ b/x-pack/plugins/index_management/public/application/app_context.tsx @@ -17,6 +17,7 @@ import { ScopedHistory, DocLinksStart, IUiSettingsClient, + ExecutionContextStart, } from 'src/core/public'; import { SharePluginStart } from 'src/plugins/share/public'; @@ -29,6 +30,7 @@ export interface AppDependencies { core: { fatalErrors: FatalErrorsStart; getUrlForApp: ApplicationStart['getUrlForApp']; + executionContext: ExecutionContextStart; }; plugins: { usageCollection: UsageCollectionSetup; diff --git a/x-pack/plugins/index_management/public/application/components/component_templates/__jest__/client_integration/helpers/setup_environment.tsx b/x-pack/plugins/index_management/public/application/components/component_templates/__jest__/client_integration/helpers/setup_environment.tsx index 9c2017ad651f1..b3da9622ce984 100644 --- a/x-pack/plugins/index_management/public/application/components/component_templates/__jest__/client_integration/helpers/setup_environment.tsx +++ b/x-pack/plugins/index_management/public/application/components/component_templates/__jest__/client_integration/helpers/setup_environment.tsx @@ -12,6 +12,7 @@ import { notificationServiceMock, docLinksServiceMock, applicationServiceMock, + executionContextServiceMock, } from '../../../../../../../../../../src/core/public/mocks'; import { GlobalFlyout } from '../../../../../../../../../../src/plugins/es_ui_shared/public'; @@ -37,6 +38,7 @@ export const componentTemplatesDependencies = (httpSetup: HttpSetup) => ({ toasts: notificationServiceMock.createSetupContract().toasts, setBreadcrumbs: () => {}, getUrlForApp: applicationServiceMock.createStartContract().getUrlForApp, + executionContext: executionContextServiceMock.createInternalStartContract(), }); export const setupEnvironment = initHttpRequests; diff --git a/x-pack/plugins/index_management/public/application/components/component_templates/component_template_list/component_template_list_container.tsx b/x-pack/plugins/index_management/public/application/components/component_templates/component_template_list/component_template_list_container.tsx index 3124258d036e9..fea0eb8545b76 100644 --- a/x-pack/plugins/index_management/public/application/components/component_templates/component_template_list/component_template_list_container.tsx +++ b/x-pack/plugins/index_management/public/application/components/component_templates/component_template_list/component_template_list_container.tsx @@ -8,6 +8,8 @@ import React from 'react'; import { RouteComponentProps } from 'react-router-dom'; +import { useExecutionContext } from '../shared_imports'; +import { useComponentTemplatesContext } from '../component_templates_context'; import { ComponentTemplatesAuthProvider } from './auth_provider'; import { ComponentTemplatesWithPrivileges } from './with_privileges'; import { ComponentTemplateList } from './component_template_list'; @@ -24,6 +26,13 @@ export const ComponentTemplateListContainer: React.FunctionComponent< }, history, }) => { + const { executionContext } = useComponentTemplatesContext(); + + useExecutionContext(executionContext, { + type: 'application', + page: 'indexManagementComponentTemplatesTab', + }); + return ( diff --git a/x-pack/plugins/index_management/public/application/components/component_templates/component_templates_context.tsx b/x-pack/plugins/index_management/public/application/components/component_templates/component_templates_context.tsx index 89b4e90741410..d652cca47e1d1 100644 --- a/x-pack/plugins/index_management/public/application/components/component_templates/component_templates_context.tsx +++ b/x-pack/plugins/index_management/public/application/components/component_templates/component_templates_context.tsx @@ -8,7 +8,13 @@ import React, { createContext, useContext } from 'react'; import { UiCounterMetricType } from '@kbn/analytics'; -import { HttpSetup, DocLinksStart, NotificationsSetup, CoreStart } from 'src/core/public'; +import { + HttpSetup, + DocLinksStart, + NotificationsSetup, + CoreStart, + ExecutionContextStart, +} from 'src/core/public'; import { ManagementAppMountParams } from 'src/plugins/management/public'; import { getApi, getUseRequest, getSendRequest, getDocumentation, getBreadcrumbs } from './lib'; @@ -22,6 +28,7 @@ interface Props { toasts: NotificationsSetup['toasts']; setBreadcrumbs: ManagementAppMountParams['setBreadcrumbs']; getUrlForApp: CoreStart['application']['getUrlForApp']; + executionContext: ExecutionContextStart; } interface Context { @@ -33,6 +40,7 @@ interface Context { trackMetric: (type: UiCounterMetricType, eventName: string) => void; toasts: NotificationsSetup['toasts']; getUrlForApp: CoreStart['application']['getUrlForApp']; + executionContext: ExecutionContextStart; } export const ComponentTemplatesProvider = ({ @@ -42,8 +50,16 @@ export const ComponentTemplatesProvider = ({ value: Props; children: React.ReactNode; }) => { - const { httpClient, apiBasePath, trackMetric, docLinks, toasts, setBreadcrumbs, getUrlForApp } = - value; + const { + httpClient, + apiBasePath, + trackMetric, + docLinks, + toasts, + setBreadcrumbs, + getUrlForApp, + executionContext, + } = value; const useRequest = getUseRequest(httpClient); const sendRequest = getSendRequest(httpClient); @@ -63,6 +79,7 @@ export const ComponentTemplatesProvider = ({ apiBasePath, breadcrumbs, getUrlForApp, + executionContext, }} > {children} diff --git a/x-pack/plugins/index_management/public/application/components/component_templates/shared_imports.ts b/x-pack/plugins/index_management/public/application/components/component_templates/shared_imports.ts index 2f5b98e59bb22..d205a7436d00e 100644 --- a/x-pack/plugins/index_management/public/application/components/component_templates/shared_imports.ts +++ b/x-pack/plugins/index_management/public/application/components/component_templates/shared_imports.ts @@ -72,4 +72,7 @@ export type { export { serializeComponentTemplate } from '../../../../common/lib'; -export { reactRouterNavigate } from '../../../../../../../src/plugins/kibana_react/public'; +export { + reactRouterNavigate, + useExecutionContext, +} from '../../../../../../../src/plugins/kibana_react/public'; diff --git a/x-pack/plugins/index_management/public/application/index.tsx b/x-pack/plugins/index_management/public/application/index.tsx index 409bd7443532d..5477e7702ef6f 100644 --- a/x-pack/plugins/index_management/public/application/index.tsx +++ b/x-pack/plugins/index_management/public/application/index.tsx @@ -35,7 +35,7 @@ export const renderApp = ( return () => undefined; } - const { i18n, docLinks, notifications, application } = core; + const { i18n, docLinks, notifications, application, executionContext } = core; const { Context: I18nContext } = i18n; const { services, history, setBreadcrumbs, uiSettings, kibanaVersion, theme$ } = dependencies; @@ -56,6 +56,7 @@ export const renderApp = ( toasts: notifications.toasts, setBreadcrumbs, getUrlForApp: application.getUrlForApp, + executionContext, }; render( diff --git a/x-pack/plugins/index_management/public/application/mount_management_section.ts b/x-pack/plugins/index_management/public/application/mount_management_section.ts index cd9d2de55ff0e..7562f5e410750 100644 --- a/x-pack/plugins/index_management/public/application/mount_management_section.ts +++ b/x-pack/plugins/index_management/public/application/mount_management_section.ts @@ -62,6 +62,7 @@ export async function mountManagementSection( application, chrome: { docTitle }, uiSettings, + executionContext, } = core; const { url } = startDependencies.share; @@ -79,6 +80,7 @@ export async function mountManagementSection( core: { fatalErrors, getUrlForApp: application.getUrlForApp, + executionContext, }, plugins: { usageCollection, diff --git a/x-pack/plugins/index_management/public/application/sections/home/data_stream_list/data_stream_list.tsx b/x-pack/plugins/index_management/public/application/sections/home/data_stream_list/data_stream_list.tsx index f483a37a42d1b..a9e21c4d28bbb 100644 --- a/x-pack/plugins/index_management/public/application/sections/home/data_stream_list/data_stream_list.tsx +++ b/x-pack/plugins/index_management/public/application/sections/home/data_stream_list/data_stream_list.tsx @@ -30,6 +30,7 @@ import { extractQueryParams, attemptToURIDecode, APP_WRAPPER_CLASS, + useExecutionContext, } from '../../../../shared_imports'; import { useAppContext } from '../../../app_context'; import { useLoadDataStreams } from '../../../services/api'; @@ -56,10 +57,15 @@ export const DataStreamList: React.FunctionComponent = ({ history }) => { + const { + core: { executionContext }, + } = useAppContext(); + + useExecutionContext(executionContext, { + type: 'application', + page: 'indexManagementIndicesTab', + }); + return (
diff --git a/x-pack/plugins/index_management/public/application/sections/home/template_list/template_list.tsx b/x-pack/plugins/index_management/public/application/sections/home/template_list/template_list.tsx index 8c4828da5f04a..c29fbfde16f5d 100644 --- a/x-pack/plugins/index_management/public/application/sections/home/template_list/template_list.tsx +++ b/x-pack/plugins/index_management/public/application/sections/home/template_list/template_list.tsx @@ -30,11 +30,12 @@ import { PageError, attemptToURIDecode, reactRouterNavigate, + useExecutionContext, } from '../../../../shared_imports'; import { LegacyIndexTemplatesDeprecation } from '../../../components'; import { useLoadIndexTemplates } from '../../../services/api'; import { documentationService } from '../../../services/documentation'; -import { useServices } from '../../../app_context'; +import { useAppContext, useServices } from '../../../app_context'; import { getTemplateEditLink, getTemplateListLink, @@ -68,8 +69,17 @@ export const TemplateList: React.FunctionComponent { const { uiMetricService } = useServices(); + const { + core: { executionContext }, + } = useAppContext(); + const { error, isLoading, data: allTemplates, resendRequest: reload } = useLoadIndexTemplates(); + useExecutionContext(executionContext, { + type: 'application', + page: 'indexManagementIndexTemplatesTab', + }); + const [filters, setFilters] = useState>({ managed: { name: i18n.translate('xpack.idxMgmt.indexTemplatesList.viewManagedTemplateLabel', { diff --git a/x-pack/plugins/index_management/public/shared_imports.ts b/x-pack/plugins/index_management/public/shared_imports.ts index c2d76a50fa1ac..210eb30cc82da 100644 --- a/x-pack/plugins/index_management/public/shared_imports.ts +++ b/x-pack/plugins/index_management/public/shared_imports.ts @@ -64,4 +64,5 @@ export { reactRouterNavigate, useKibana, KibanaThemeProvider, + useExecutionContext, } from '../../../../src/plugins/kibana_react/public'; diff --git a/x-pack/plugins/infra/.storybook/preview.js b/x-pack/plugins/infra/.storybook/preview.js new file mode 100644 index 0000000000000..59df773136b79 --- /dev/null +++ b/x-pack/plugins/infra/.storybook/preview.js @@ -0,0 +1,14 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export const parameters = { + docs: { + source: { + type: 'code', // without this, stories in mdx documents freeze the browser + }, + }, +}; diff --git a/x-pack/plugins/infra/common/http_api/log_entries/highlights.ts b/x-pack/plugins/infra/common/http_api/log_entries/highlights.ts index be3a8f50922f7..ec3a6b8a2d2ec 100644 --- a/x-pack/plugins/infra/common/http_api/log_entries/highlights.ts +++ b/x-pack/plugins/infra/common/http_api/log_entries/highlights.ts @@ -7,7 +7,7 @@ import * as rt from 'io-ts'; import { logEntryCursorRT, logEntryRT } from '../../log_entry'; -import { logSourceColumnConfigurationRT } from '../../log_sources/log_source_configuration'; +import { logViewColumnConfigurationRT } from '../../log_views'; export const LOG_ENTRIES_HIGHLIGHTS_PATH = '/api/log_entries/highlights'; @@ -21,7 +21,7 @@ export const logEntriesHighlightsBaseRequestRT = rt.intersection([ rt.partial({ query: rt.union([rt.string, rt.null]), size: rt.number, - columns: rt.array(logSourceColumnConfigurationRT), + columns: rt.array(logViewColumnConfigurationRT), }), ]); diff --git a/x-pack/plugins/infra/common/http_api/log_sources/common.ts b/x-pack/plugins/infra/common/http_api/log_sources/common.ts deleted file mode 100644 index 3a30e94e9a153..0000000000000 --- a/x-pack/plugins/infra/common/http_api/log_sources/common.ts +++ /dev/null @@ -1,11 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -export const LOG_SOURCE_CONFIGURATION_PATH_PREFIX = '/api/infra/log_source_configurations'; -export const LOG_SOURCE_CONFIGURATION_PATH = `${LOG_SOURCE_CONFIGURATION_PATH_PREFIX}/{sourceId}`; -export const getLogSourceConfigurationPath = (sourceId: string) => - `${LOG_SOURCE_CONFIGURATION_PATH_PREFIX}/${sourceId}`; diff --git a/x-pack/plugins/infra/common/http_api/log_sources/get_log_source_configuration.ts b/x-pack/plugins/infra/common/http_api/log_sources/get_log_source_configuration.ts deleted file mode 100644 index bbecc642fd7ab..0000000000000 --- a/x-pack/plugins/infra/common/http_api/log_sources/get_log_source_configuration.ts +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import * as rt from 'io-ts'; -import { badRequestErrorRT, forbiddenErrorRT, routeTimingMetadataRT } from '../shared'; -import { logSourceConfigurationRT } from '../../log_sources/log_source_configuration'; - -/** - * request - */ - -export const getLogSourceConfigurationRequestParamsRT = rt.type({ - // the id of the source configuration - sourceId: rt.string, -}); - -export type GetLogSourceConfigurationRequestParams = rt.TypeOf< - typeof getLogSourceConfigurationRequestParamsRT ->; - -/** - * response - */ - -export const getLogSourceConfigurationSuccessResponsePayloadRT = rt.intersection([ - rt.type({ - data: logSourceConfigurationRT, - }), - rt.partial({ - timing: routeTimingMetadataRT, - }), -]); - -export type GetLogSourceConfigurationSuccessResponsePayload = rt.TypeOf< - typeof getLogSourceConfigurationSuccessResponsePayloadRT ->; - -export const getLogSourceConfigurationErrorResponsePayloadRT = rt.union([ - badRequestErrorRT, - forbiddenErrorRT, -]); - -export type GetLogSourceConfigurationErrorReponsePayload = rt.TypeOf< - typeof getLogSourceConfigurationErrorResponsePayloadRT ->; - -export const getLogSourceConfigurationResponsePayloadRT = rt.union([ - getLogSourceConfigurationSuccessResponsePayloadRT, - getLogSourceConfigurationErrorResponsePayloadRT, -]); - -export type GetLogSourceConfigurationReponsePayload = rt.TypeOf< - typeof getLogSourceConfigurationResponsePayloadRT ->; diff --git a/x-pack/plugins/infra/common/http_api/log_sources/get_log_source_status.ts b/x-pack/plugins/infra/common/http_api/log_sources/get_log_source_status.ts deleted file mode 100644 index dafc904b93b1d..0000000000000 --- a/x-pack/plugins/infra/common/http_api/log_sources/get_log_source_status.ts +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import * as rt from 'io-ts'; -import { routeTimingMetadataRT } from '../shared'; -import { getLogSourceConfigurationPath, LOG_SOURCE_CONFIGURATION_PATH } from './common'; - -export const LOG_SOURCE_STATUS_PATH_SUFFIX = 'status'; -export const LOG_SOURCE_STATUS_PATH = `${LOG_SOURCE_CONFIGURATION_PATH}/${LOG_SOURCE_STATUS_PATH_SUFFIX}`; -export const getLogSourceStatusPath = (sourceId: string) => - `${getLogSourceConfigurationPath(sourceId)}/${LOG_SOURCE_STATUS_PATH_SUFFIX}`; - -/** - * request - */ - -export const getLogSourceStatusRequestParamsRT = rt.type({ - // the id of the source configuration - sourceId: rt.string, -}); - -export type GetLogSourceStatusRequestParams = rt.TypeOf; - -/** - * response - */ - -const logIndexFieldRT = rt.strict({ - name: rt.string, - type: rt.string, - searchable: rt.boolean, - aggregatable: rt.boolean, -}); - -export type LogIndexField = rt.TypeOf; - -const logIndexStatusRT = rt.keyof({ - missing: null, - empty: null, - available: null, -}); - -export type LogIndexStatus = rt.TypeOf; - -const logSourceStatusRT = rt.strict({ - logIndexStatus: logIndexStatusRT, - indices: rt.string, -}); - -export type LogSourceStatus = rt.TypeOf; - -export const getLogSourceStatusSuccessResponsePayloadRT = rt.intersection([ - rt.type({ - data: logSourceStatusRT, - }), - rt.partial({ - timing: routeTimingMetadataRT, - }), -]); - -export type GetLogSourceStatusSuccessResponsePayload = rt.TypeOf< - typeof getLogSourceStatusSuccessResponsePayloadRT ->; diff --git a/x-pack/plugins/infra/common/http_api/log_sources/patch_log_source_configuration.ts b/x-pack/plugins/infra/common/http_api/log_sources/patch_log_source_configuration.ts deleted file mode 100644 index a16f0651e7e5d..0000000000000 --- a/x-pack/plugins/infra/common/http_api/log_sources/patch_log_source_configuration.ts +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import * as rt from 'io-ts'; -import { badRequestErrorRT, forbiddenErrorRT } from '../shared'; -import { getLogSourceConfigurationSuccessResponsePayloadRT } from './get_log_source_configuration'; -import { logSourceConfigurationPropertiesRT } from '../../log_sources/log_source_configuration'; - -/** - * request - */ - -export const patchLogSourceConfigurationRequestParamsRT = rt.type({ - // the id of the source configuration - sourceId: rt.string, -}); - -export type PatchLogSourceConfigurationRequestParams = rt.TypeOf< - typeof patchLogSourceConfigurationRequestParamsRT ->; - -const logSourceConfigurationProperiesPatchRT = rt.partial({ - ...logSourceConfigurationPropertiesRT.type.props, - fields: rt.partial(logSourceConfigurationPropertiesRT.type.props.fields.type.props), -}); - -export type LogSourceConfigurationPropertiesPatch = rt.TypeOf< - typeof logSourceConfigurationProperiesPatchRT ->; - -export const patchLogSourceConfigurationRequestBodyRT = rt.type({ - data: logSourceConfigurationProperiesPatchRT, -}); - -export type PatchLogSourceConfigurationRequestBody = rt.TypeOf< - typeof patchLogSourceConfigurationRequestBodyRT ->; - -/** - * response - */ - -export const patchLogSourceConfigurationSuccessResponsePayloadRT = - getLogSourceConfigurationSuccessResponsePayloadRT; - -export type PatchLogSourceConfigurationSuccessResponsePayload = rt.TypeOf< - typeof patchLogSourceConfigurationSuccessResponsePayloadRT ->; - -export const patchLogSourceConfigurationResponsePayloadRT = rt.union([ - patchLogSourceConfigurationSuccessResponsePayloadRT, - badRequestErrorRT, - forbiddenErrorRT, -]); - -export type PatchLogSourceConfigurationReponsePayload = rt.TypeOf< - typeof patchLogSourceConfigurationResponsePayloadRT ->; diff --git a/x-pack/plugins/infra/common/http_api/log_views/common.ts b/x-pack/plugins/infra/common/http_api/log_views/common.ts new file mode 100644 index 0000000000000..b280fa254ffb6 --- /dev/null +++ b/x-pack/plugins/infra/common/http_api/log_views/common.ts @@ -0,0 +1,10 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export const LOG_VIEW_URL_PREFIX = '/api/infra/log_views'; +export const LOG_VIEW_URL = `${LOG_VIEW_URL_PREFIX}/{logViewId}`; +export const getLogViewUrl = (logViewId: string) => `${LOG_VIEW_URL_PREFIX}/${logViewId}`; diff --git a/x-pack/plugins/infra/common/http_api/log_views/get_log_view.ts b/x-pack/plugins/infra/common/http_api/log_views/get_log_view.ts new file mode 100644 index 0000000000000..6135d7b31bc82 --- /dev/null +++ b/x-pack/plugins/infra/common/http_api/log_views/get_log_view.ts @@ -0,0 +1,18 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import * as rt from 'io-ts'; +import { logViewRT } from '../../log_views'; + +export const getLogViewRequestParamsRT = rt.type({ + // the id of the log view + logViewId: rt.string, +}); + +export const getLogViewResponsePayloadRT = rt.type({ + data: logViewRT, +}); diff --git a/x-pack/plugins/infra/common/http_api/log_views/index.ts b/x-pack/plugins/infra/common/http_api/log_views/index.ts new file mode 100644 index 0000000000000..a39f939eb5e98 --- /dev/null +++ b/x-pack/plugins/infra/common/http_api/log_views/index.ts @@ -0,0 +1,10 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export { getLogViewUrl, LOG_VIEW_URL } from './common'; +export * from './get_log_view'; +export * from './put_log_view'; diff --git a/x-pack/plugins/infra/common/http_api/log_views/put_log_view.ts b/x-pack/plugins/infra/common/http_api/log_views/put_log_view.ts new file mode 100644 index 0000000000000..22451aa3645c6 --- /dev/null +++ b/x-pack/plugins/infra/common/http_api/log_views/put_log_view.ts @@ -0,0 +1,22 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import * as rt from 'io-ts'; +import { logViewAttributesRT, logViewRT } from '../../log_views'; + +export const putLogViewRequestParamsRT = rt.type({ + logViewId: rt.string, +}); + +export const putLogViewRequestPayloadRT = rt.type({ + attributes: rt.partial(logViewAttributesRT.type.props), +}); +export type PutLogViewRequestPayload = rt.TypeOf; + +export const putLogViewResponsePayloadRT = rt.type({ + data: logViewRT, +}); diff --git a/x-pack/plugins/infra/common/inventory_models/types.ts b/x-pack/plugins/infra/common/inventory_models/types.ts index 2d4348ddde5de..9384f2fb793c1 100644 --- a/x-pack/plugins/infra/common/inventory_models/types.ts +++ b/x-pack/plugins/infra/common/inventory_models/types.ts @@ -349,7 +349,7 @@ export type SnapshotMetricType = rt.TypeOf; export interface InventoryMetrics { tsvb: { [name: string]: TSVBMetricModelCreator }; - snapshot: { [name: string]: MetricsUIAggregation }; + snapshot: { [name: string]: MetricsUIAggregation | undefined }; defaultSnapshot: SnapshotMetricType; /** This is used by the inventory view to calculate the appropriate amount of time for the metrics detail page. Some metris like awsS3 require multiple days where others like host only need an hour.*/ defaultTimeRangeInSeconds: number; diff --git a/x-pack/plugins/infra/common/log_sources/log_source_configuration.ts b/x-pack/plugins/infra/common/log_sources/log_source_configuration.ts deleted file mode 100644 index 5d46ce59457da..0000000000000 --- a/x-pack/plugins/infra/common/log_sources/log_source_configuration.ts +++ /dev/null @@ -1,91 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import * as rt from 'io-ts'; - -export const logSourceConfigurationOriginRT = rt.keyof({ - fallback: null, - internal: null, - stored: null, -}); - -export type LogSourceConfigurationOrigin = rt.TypeOf; - -const logSourceFieldsConfigurationRT = rt.strict({ - message: rt.array(rt.string), -}); - -const logSourceCommonColumnConfigurationRT = rt.strict({ - id: rt.string, -}); - -const logSourceTimestampColumnConfigurationRT = rt.strict({ - timestampColumn: logSourceCommonColumnConfigurationRT, -}); - -const logSourceMessageColumnConfigurationRT = rt.strict({ - messageColumn: logSourceCommonColumnConfigurationRT, -}); - -export const logSourceFieldColumnConfigurationRT = rt.strict({ - fieldColumn: rt.intersection([ - logSourceCommonColumnConfigurationRT, - rt.strict({ - field: rt.string, - }), - ]), -}); - -export const logSourceColumnConfigurationRT = rt.union([ - logSourceTimestampColumnConfigurationRT, - logSourceMessageColumnConfigurationRT, - logSourceFieldColumnConfigurationRT, -]); -export type LogSourceColumnConfiguration = rt.TypeOf; - -// Kibana index pattern -export const logIndexPatternReferenceRT = rt.type({ - type: rt.literal('index_pattern'), - indexPatternId: rt.string, -}); -export type LogIndexPatternReference = rt.TypeOf; - -// Legacy support -export const logIndexNameReferenceRT = rt.type({ - type: rt.literal('index_name'), - indexName: rt.string, -}); -export type LogIndexNameReference = rt.TypeOf; - -export const logIndexReferenceRT = rt.union([logIndexPatternReferenceRT, logIndexNameReferenceRT]); -export type LogIndexReference = rt.TypeOf; - -export const logSourceConfigurationPropertiesRT = rt.strict({ - name: rt.string, - description: rt.string, - logIndices: logIndexReferenceRT, - fields: logSourceFieldsConfigurationRT, - logColumns: rt.array(logSourceColumnConfigurationRT), -}); - -export type LogSourceConfigurationProperties = rt.TypeOf; - -export const logSourceConfigurationRT = rt.exact( - rt.intersection([ - rt.type({ - id: rt.string, - origin: logSourceConfigurationOriginRT, - configuration: logSourceConfigurationPropertiesRT, - }), - rt.partial({ - updatedAt: rt.number, - version: rt.string, - }), - ]) -); - -export type LogSourceConfiguration = rt.TypeOf; diff --git a/x-pack/plugins/infra/common/log_sources/resolved_log_source_configuration.ts b/x-pack/plugins/infra/common/log_sources/resolved_log_source_configuration.ts deleted file mode 100644 index 914c55824373a..0000000000000 --- a/x-pack/plugins/infra/common/log_sources/resolved_log_source_configuration.ts +++ /dev/null @@ -1,109 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; -import { DataView, DataViewsContract } from '../../../../../src/plugins/data_views/common'; -import { TIMESTAMP_FIELD, TIEBREAKER_FIELD } from '../constants'; -import { ResolveLogSourceConfigurationError } from './errors'; -import { - LogSourceColumnConfiguration, - LogSourceConfigurationProperties, -} from './log_source_configuration'; - -export interface ResolvedLogSourceConfiguration { - name: string; - description: string; - indices: string; - timestampField: string; - tiebreakerField: string; - messageField: string[]; - fields: DataView['fields']; - runtimeMappings: estypes.MappingRuntimeFields; - columns: LogSourceColumnConfiguration[]; -} - -export const resolveLogSourceConfiguration = async ( - sourceConfiguration: LogSourceConfigurationProperties, - indexPatternsService: DataViewsContract -): Promise => { - if (sourceConfiguration.logIndices.type === 'index_name') { - return await resolveLegacyReference(sourceConfiguration, indexPatternsService); - } else { - return await resolveKibanaIndexPatternReference(sourceConfiguration, indexPatternsService); - } -}; - -const resolveLegacyReference = async ( - sourceConfiguration: LogSourceConfigurationProperties, - indexPatternsService: DataViewsContract -): Promise => { - if (sourceConfiguration.logIndices.type !== 'index_name') { - throw new Error('This function can only resolve legacy references'); - } - - const indices = sourceConfiguration.logIndices.indexName; - - const fields = await indexPatternsService - .getFieldsForWildcard({ - pattern: indices, - allowNoIndex: true, - }) - .catch((error) => { - throw new ResolveLogSourceConfigurationError( - `Failed to fetch fields for indices "${indices}": ${error}`, - error - ); - }); - - return { - indices: sourceConfiguration.logIndices.indexName, - timestampField: TIMESTAMP_FIELD, - tiebreakerField: TIEBREAKER_FIELD, - messageField: sourceConfiguration.fields.message, - // @ts-ignore - fields, - runtimeMappings: {}, - columns: sourceConfiguration.logColumns, - name: sourceConfiguration.name, - description: sourceConfiguration.description, - }; -}; - -const resolveKibanaIndexPatternReference = async ( - sourceConfiguration: LogSourceConfigurationProperties, - indexPatternsService: DataViewsContract -): Promise => { - if (sourceConfiguration.logIndices.type !== 'index_pattern') { - throw new Error('This function can only resolve Kibana Index Pattern references'); - } - - const { indexPatternId } = sourceConfiguration.logIndices; - - const indexPattern = await indexPatternsService.get(indexPatternId).catch((error) => { - throw new ResolveLogSourceConfigurationError( - `Failed to fetch index pattern "${indexPatternId}": ${error}`, - error - ); - }); - - return { - indices: indexPattern.title, - timestampField: indexPattern.timeFieldName ?? TIMESTAMP_FIELD, - tiebreakerField: TIEBREAKER_FIELD, - messageField: ['message'], - fields: indexPattern.fields, - runtimeMappings: resolveRuntimeMappings(indexPattern), - columns: sourceConfiguration.logColumns, - name: sourceConfiguration.name, - description: sourceConfiguration.description, - }; -}; - -// this might take other sources of runtime fields into account in the future -const resolveRuntimeMappings = (indexPattern: DataView): estypes.MappingRuntimeFields => { - return indexPattern.getRuntimeMappings(); -}; diff --git a/x-pack/plugins/infra/common/log_views/defaults.ts b/x-pack/plugins/infra/common/log_views/defaults.ts new file mode 100644 index 0000000000000..5ea5207a25c11 --- /dev/null +++ b/x-pack/plugins/infra/common/log_views/defaults.ts @@ -0,0 +1,42 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { defaultSourceConfiguration } from '../source_configuration/defaults'; +import { LogViewAttributes, LogViewsStaticConfig } from './types'; + +export const defaultLogViewId = 'default'; + +export const defaultLogViewAttributes: LogViewAttributes = { + name: 'Log View', + description: 'A default log view', + logIndices: { + type: 'index_name', + indexName: 'logs-*,filebeat-*', + }, + logColumns: [ + { + timestampColumn: { + id: '5e7f964a-be8a-40d8-88d2-fbcfbdca0e2f', + }, + }, + { + fieldColumn: { + id: 'eb9777a8-fcd3-420e-ba7d-172fff6da7a2', + field: 'event.dataset', + }, + }, + { + messageColumn: { + id: 'b645d6da-824b-4723-9a2a-e8cece1645c0', + }, + }, + ], +}; + +export const defaultLogViewsStaticConfig: LogViewsStaticConfig = { + messageFields: defaultSourceConfiguration.fields.message, +}; diff --git a/x-pack/plugins/infra/common/log_sources/errors.ts b/x-pack/plugins/infra/common/log_views/errors.ts similarity index 65% rename from x-pack/plugins/infra/common/log_sources/errors.ts rename to x-pack/plugins/infra/common/log_views/errors.ts index d715e8ea616cf..67e5df22406de 100644 --- a/x-pack/plugins/infra/common/log_sources/errors.ts +++ b/x-pack/plugins/infra/common/log_views/errors.ts @@ -7,34 +7,34 @@ /* eslint-disable max-classes-per-file */ -export class ResolveLogSourceConfigurationError extends Error { +export class ResolveLogViewError extends Error { constructor(message: string, public cause?: Error) { super(message); Object.setPrototypeOf(this, new.target.prototype); - this.name = 'ResolveLogSourceConfigurationError'; + this.name = 'ResolveLogViewError'; } } -export class FetchLogSourceConfigurationError extends Error { +export class FetchLogViewError extends Error { constructor(message: string, public cause?: Error) { super(message); Object.setPrototypeOf(this, new.target.prototype); - this.name = 'FetchLogSourceConfigurationError'; + this.name = 'FetchLogViewError'; } } -export class FetchLogSourceStatusError extends Error { +export class FetchLogViewStatusError extends Error { constructor(message: string, public cause?: Error) { super(message); Object.setPrototypeOf(this, new.target.prototype); - this.name = 'FetchLogSourceStatusError'; + this.name = 'FetchLogViewStatusError'; } } -export class PatchLogSourceConfigurationError extends Error { +export class PutLogViewError extends Error { constructor(message: string, public cause?: Error) { super(message); Object.setPrototypeOf(this, new.target.prototype); - this.name = 'PatchLogSourceConfigurationError'; + this.name = 'PutLogViewError'; } } diff --git a/x-pack/plugins/infra/common/log_sources/index.ts b/x-pack/plugins/infra/common/log_views/index.ts similarity index 74% rename from x-pack/plugins/infra/common/log_sources/index.ts rename to x-pack/plugins/infra/common/log_views/index.ts index a2d200544f45e..dd0cdaece4316 100644 --- a/x-pack/plugins/infra/common/log_sources/index.ts +++ b/x-pack/plugins/infra/common/log_views/index.ts @@ -5,6 +5,7 @@ * 2.0. */ +export * from './defaults'; export * from './errors'; -export * from './log_source_configuration'; -export * from './resolved_log_source_configuration'; +export * from './resolved_log_view'; +export * from './types'; diff --git a/x-pack/plugins/infra/common/log_views/log_view.mock.ts b/x-pack/plugins/infra/common/log_views/log_view.mock.ts new file mode 100644 index 0000000000000..37fff51a49b08 --- /dev/null +++ b/x-pack/plugins/infra/common/log_views/log_view.mock.ts @@ -0,0 +1,26 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { defaultLogViewAttributes } from './defaults'; +import { LogView, LogViewAttributes, LogViewOrigin } from './types'; + +export const createLogViewMock = ( + id: string, + origin: LogViewOrigin = 'stored', + attributeOverrides: Partial = {}, + updatedAt?: number, + version?: string +): LogView => ({ + id, + origin, + attributes: { + ...defaultLogViewAttributes, + ...attributeOverrides, + }, + updatedAt, + version, +}); diff --git a/x-pack/plugins/infra/common/log_views/resolved_log_view.mock.ts b/x-pack/plugins/infra/common/log_views/resolved_log_view.mock.ts new file mode 100644 index 0000000000000..a951f88f0c2a5 --- /dev/null +++ b/x-pack/plugins/infra/common/log_views/resolved_log_view.mock.ts @@ -0,0 +1,55 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { DataViewsContract, fieldList } from 'src/plugins/data_views/common'; +import { createStubDataView } from 'src/plugins/data_views/common/stubs'; +import { defaultLogViewsStaticConfig } from './defaults'; +import { ResolvedLogView, resolveLogView } from './resolved_log_view'; +import { LogViewAttributes } from './types'; + +export const createResolvedLogViewMock = ( + resolvedLogViewOverrides: Partial = {} +): ResolvedLogView => ({ + name: 'LOG VIEW', + description: 'LOG VIEW DESCRIPTION', + indices: 'log-indices-*', + timestampField: 'TIMESTAMP_FIELD', + tiebreakerField: 'TIEBREAKER_FIELD', + messageField: ['MESSAGE_FIELD'], + fields: fieldList(), + runtimeMappings: { + runtime_field: { + type: 'keyword', + script: { + source: 'emit("runtime value")', + }, + }, + }, + columns: [ + { timestampColumn: { id: 'TIMESTAMP_COLUMN_ID' } }, + { + fieldColumn: { + id: 'DATASET_COLUMN_ID', + field: 'event.dataset', + }, + }, + { + messageColumn: { id: 'MESSAGE_COLUMN_ID' }, + }, + ], + ...resolvedLogViewOverrides, +}); + +export const createResolvedLogViewMockFromAttributes = (logViewAttributes: LogViewAttributes) => + resolveLogView( + logViewAttributes, + { + get: async () => createStubDataView({ spec: {} }), + getFieldsForWildcard: async () => [], + } as unknown as DataViewsContract, + defaultLogViewsStaticConfig + ); diff --git a/x-pack/plugins/infra/common/log_views/resolved_log_view.ts b/x-pack/plugins/infra/common/log_views/resolved_log_view.ts new file mode 100644 index 0000000000000..19369a022a923 --- /dev/null +++ b/x-pack/plugins/infra/common/log_views/resolved_log_view.ts @@ -0,0 +1,110 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; +import { + DataView, + DataViewsContract, + FieldSpec, +} from '../../../../../src/plugins/data_views/common'; +import { TIEBREAKER_FIELD, TIMESTAMP_FIELD } from '../constants'; +import { ResolveLogViewError } from './errors'; +import { LogViewAttributes, LogViewColumnConfiguration, LogViewsStaticConfig } from './types'; + +export type ResolvedLogViewField = FieldSpec; + +export interface ResolvedLogView { + name: string; + description: string; + indices: string; + timestampField: string; + tiebreakerField: string; + messageField: string[]; + fields: ResolvedLogViewField[]; + runtimeMappings: estypes.MappingRuntimeFields; + columns: LogViewColumnConfiguration[]; +} + +export const resolveLogView = async ( + logViewAttributes: LogViewAttributes, + dataViewsService: DataViewsContract, + config: LogViewsStaticConfig +): Promise => { + if (logViewAttributes.logIndices.type === 'index_name') { + return await resolveLegacyReference(logViewAttributes, dataViewsService, config); + } else { + return await resolveDataViewReference(logViewAttributes, dataViewsService); + } +}; + +const resolveLegacyReference = async ( + logViewAttributes: LogViewAttributes, + dataViewsService: DataViewsContract, + config: LogViewsStaticConfig +): Promise => { + if (logViewAttributes.logIndices.type !== 'index_name') { + throw new Error('This function can only resolve legacy references'); + } + + const indices = logViewAttributes.logIndices.indexName; + + const fields = await dataViewsService + .getFieldsForWildcard({ + pattern: indices, + allowNoIndex: true, + }) + .catch((error) => { + throw new ResolveLogViewError( + `Failed to fetch fields for indices "${indices}": ${error}`, + error + ); + }); + + return { + indices: logViewAttributes.logIndices.indexName, + timestampField: TIMESTAMP_FIELD, + tiebreakerField: TIEBREAKER_FIELD, + messageField: config.messageFields, + fields, + runtimeMappings: {}, + columns: logViewAttributes.logColumns, + name: logViewAttributes.name, + description: logViewAttributes.description, + }; +}; + +const resolveDataViewReference = async ( + logViewAttributes: LogViewAttributes, + dataViewsService: DataViewsContract +): Promise => { + if (logViewAttributes.logIndices.type !== 'data_view') { + throw new Error('This function can only resolve Kibana data view references'); + } + + const { dataViewId } = logViewAttributes.logIndices; + + const dataView = await dataViewsService.get(dataViewId).catch((error) => { + throw new ResolveLogViewError(`Failed to fetch data view "${dataViewId}": ${error}`, error); + }); + + return { + indices: dataView.title, + timestampField: dataView.timeFieldName ?? TIMESTAMP_FIELD, + tiebreakerField: TIEBREAKER_FIELD, + messageField: ['message'], + fields: dataView.fields, + runtimeMappings: resolveRuntimeMappings(dataView), + columns: logViewAttributes.logColumns, + name: logViewAttributes.name, + description: logViewAttributes.description, + }; +}; + +// this might take other sources of runtime fields into account in the future +const resolveRuntimeMappings = (dataView: DataView): estypes.MappingRuntimeFields => { + return dataView.getRuntimeMappings(); +}; diff --git a/x-pack/plugins/infra/common/log_views/types.ts b/x-pack/plugins/infra/common/log_views/types.ts new file mode 100644 index 0000000000000..c8dd7f5174657 --- /dev/null +++ b/x-pack/plugins/infra/common/log_views/types.ts @@ -0,0 +1,103 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import * as rt from 'io-ts'; + +export interface LogViewsStaticConfig { + messageFields: string[]; +} + +export const logViewOriginRT = rt.keyof({ + stored: null, + internal: null, + 'infra-source-stored': null, + 'infra-source-internal': null, + 'infra-source-fallback': null, +}); +export type LogViewOrigin = rt.TypeOf; + +// Kibana data views +export const logDataViewReferenceRT = rt.type({ + type: rt.literal('data_view'), + dataViewId: rt.string, +}); + +export type LogDataViewReference = rt.TypeOf; + +// Index name +export const logIndexNameReferenceRT = rt.type({ + type: rt.literal('index_name'), + indexName: rt.string, +}); +export type LogIndexNameReference = rt.TypeOf; + +export const logIndexReferenceRT = rt.union([logDataViewReferenceRT, logIndexNameReferenceRT]); +export type LogIndexReference = rt.TypeOf; + +const logViewCommonColumnConfigurationRT = rt.strict({ + id: rt.string, +}); + +const logViewTimestampColumnConfigurationRT = rt.strict({ + timestampColumn: logViewCommonColumnConfigurationRT, +}); + +const logViewMessageColumnConfigurationRT = rt.strict({ + messageColumn: logViewCommonColumnConfigurationRT, +}); + +export const logViewFieldColumnConfigurationRT = rt.strict({ + fieldColumn: rt.intersection([ + logViewCommonColumnConfigurationRT, + rt.strict({ + field: rt.string, + }), + ]), +}); + +export const logViewColumnConfigurationRT = rt.union([ + logViewTimestampColumnConfigurationRT, + logViewMessageColumnConfigurationRT, + logViewFieldColumnConfigurationRT, +]); +export type LogViewColumnConfiguration = rt.TypeOf; + +export const logViewAttributesRT = rt.strict({ + name: rt.string, + description: rt.string, + logIndices: logIndexReferenceRT, + logColumns: rt.array(logViewColumnConfigurationRT), +}); +export type LogViewAttributes = rt.TypeOf; + +export const logViewRT = rt.exact( + rt.intersection([ + rt.type({ + id: rt.string, + origin: logViewOriginRT, + attributes: logViewAttributesRT, + }), + rt.partial({ + updatedAt: rt.number, + version: rt.string, + }), + ]) +); +export type LogView = rt.TypeOf; + +export const logViewIndexStatusRT = rt.keyof({ + available: null, + empty: null, + missing: null, + unknown: null, +}); +export type LogViewIndexStatus = rt.TypeOf; + +export const logViewStatusRT = rt.strict({ + index: logViewIndexStatusRT, +}); +export type LogViewStatus = rt.TypeOf; diff --git a/x-pack/plugins/infra/common/plugin_config_types.ts b/x-pack/plugins/infra/common/plugin_config_types.ts new file mode 100644 index 0000000000000..59ed36c9b3279 --- /dev/null +++ b/x-pack/plugins/infra/common/plugin_config_types.ts @@ -0,0 +1,37 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export interface InfraConfig { + alerting: { + inventory_threshold: { + group_by_page_size: number; + }; + metric_threshold: { + group_by_page_size: number; + }; + }; + inventory: { + compositeSize: number; + }; + sources?: { + default?: { + fields?: { + message?: string[]; + }; + }; + }; +} + +export const publicConfigKeys = { + sources: true, +} as const; + +export type InfraPublicConfigKey = keyof { + [K in keyof typeof publicConfigKeys as typeof publicConfigKeys[K] extends true ? K : never]: true; +}; + +export type InfraPublicConfig = Pick; diff --git a/x-pack/plugins/infra/common/search_strategies/log_entries/log_entries.ts b/x-pack/plugins/infra/common/search_strategies/log_entries/log_entries.ts index 4e115cda6a8e6..65bcec8c98e6a 100644 --- a/x-pack/plugins/infra/common/search_strategies/log_entries/log_entries.ts +++ b/x-pack/plugins/infra/common/search_strategies/log_entries/log_entries.ts @@ -5,15 +5,15 @@ * 2.0. */ -import * as rt from 'io-ts'; import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; -import { logSourceColumnConfigurationRT } from '../../log_sources/log_source_configuration'; +import * as rt from 'io-ts'; import { logEntryAfterCursorRT, logEntryBeforeCursorRT, logEntryCursorRT, logEntryRT, } from '../../log_entry'; +import { logViewColumnConfigurationRT } from '../../log_views'; import { jsonObjectRT } from '../../typed_json'; import { searchStrategyErrorRT } from '../common/errors'; @@ -28,7 +28,7 @@ const logEntriesBaseSearchRequestParamsRT = rt.intersection([ }), rt.partial({ query: jsonObjectRT, - columns: rt.array(logSourceColumnConfigurationRT), + columns: rt.array(logViewColumnConfigurationRT), highlightPhrase: rt.string, }), ]); diff --git a/x-pack/plugins/infra/common/source_configuration/defaults.ts b/x-pack/plugins/infra/common/source_configuration/defaults.ts new file mode 100644 index 0000000000000..a18cec903b60b --- /dev/null +++ b/x-pack/plugins/infra/common/source_configuration/defaults.ts @@ -0,0 +1,43 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { LOGS_INDEX_PATTERN, METRICS_INDEX_PATTERN } from '../constants'; +import { InfraSourceConfiguration } from './source_configuration'; + +export const defaultSourceConfiguration: InfraSourceConfiguration = { + name: 'Default', + description: '', + metricAlias: METRICS_INDEX_PATTERN, + logIndices: { + type: 'index_name', + indexName: LOGS_INDEX_PATTERN, + }, + fields: { + message: ['message', '@message'], + }, + inventoryDefaultView: '0', + metricsExplorerDefaultView: '0', + logColumns: [ + { + timestampColumn: { + id: '5e7f964a-be8a-40d8-88d2-fbcfbdca0e2f', + }, + }, + { + fieldColumn: { + id: ' eb9777a8-fcd3-420e-ba7d-172fff6da7a2', + field: 'event.dataset', + }, + }, + { + messageColumn: { + id: 'b645d6da-824b-4723-9a2a-e8cece1645c0', + }, + }, + ], + anomalyThreshold: 50, +}; diff --git a/x-pack/plugins/infra/common/source_configuration/source_configuration.ts b/x-pack/plugins/infra/common/source_configuration/source_configuration.ts index 0c30c3d678b2a..f6ea22792e48c 100644 --- a/x-pack/plugins/infra/common/source_configuration/source_configuration.ts +++ b/x-pack/plugins/infra/common/source_configuration/source_configuration.ts @@ -22,7 +22,6 @@ import * as rt from 'io-ts'; import moment from 'moment'; import { pipe } from 'fp-ts/lib/pipeable'; import { chain } from 'fp-ts/lib/Either'; -import { logIndexReferenceRT } from '../log_sources'; export const TimestampFromString = new rt.Type( 'TimestampFromString', @@ -103,6 +102,27 @@ export const SourceConfigurationColumnRuntimeType = rt.union([ export type InfraSourceConfigurationColumn = rt.TypeOf; +/** + * Log indices + */ + +// Kibana index pattern +export const logIndexPatternReferenceRT = rt.type({ + type: rt.literal('index_pattern'), + indexPatternId: rt.string, +}); +export type LogIndexPatternReference = rt.TypeOf; + +// Legacy support +export const logIndexNameReferenceRT = rt.type({ + type: rt.literal('index_name'), + indexName: rt.string, +}); +export type LogIndexNameReference = rt.TypeOf; + +export const logIndexReferenceRT = rt.union([logIndexPatternReferenceRT, logIndexNameReferenceRT]); +export type LogIndexReference = rt.TypeOf; + /** * Fields */ diff --git a/x-pack/plugins/infra/common/utility_types.ts b/x-pack/plugins/infra/common/utility_types.ts index 49d60c31a71ef..8c7280ff54a85 100644 --- a/x-pack/plugins/infra/common/utility_types.ts +++ b/x-pack/plugins/infra/common/utility_types.ts @@ -48,3 +48,5 @@ export type ObjectValues = Array; export type ObjectEntry = [keyof T, T[keyof T]]; export type ObjectEntries = Array>; + +export type UnwrapPromise> = T extends Promise ? Value : never; diff --git a/x-pack/plugins/infra/kibana.json b/x-pack/plugins/infra/kibana.json index 833183ae88276..c70099e331492 100644 --- a/x-pack/plugins/infra/kibana.json +++ b/x-pack/plugins/infra/kibana.json @@ -10,6 +10,7 @@ "embeddable", "data", "dataEnhanced", + "dataViews", "visTypeTimeseries", "alerting", "triggersActionsUi", diff --git a/x-pack/plugins/infra/public/alerting/common/group_by_expression/group_by_expression.tsx b/x-pack/plugins/infra/public/alerting/common/group_by_expression/group_by_expression.tsx index 02bc04e29f970..5a162ef1d6941 100644 --- a/x-pack/plugins/infra/public/alerting/common/group_by_expression/group_by_expression.tsx +++ b/x-pack/plugins/infra/public/alerting/common/group_by_expression/group_by_expression.tsx @@ -5,21 +5,21 @@ * 2.0. */ -import React, { useState, useMemo } from 'react'; -import { DataViewField } from 'src/plugins/data_views/common'; -import { i18n } from '@kbn/i18n'; import { - EuiPopoverTitle, - EuiFlexItem, + EuiExpression, EuiFlexGroup, + EuiFlexItem, EuiPopover, - EuiExpression, + EuiPopoverTitle, } from '@elastic/eui'; +import { i18n } from '@kbn/i18n'; +import React, { useMemo, useState } from 'react'; +import { FieldSpec } from 'src/plugins/data_views/common'; import { GroupBySelector } from './selector'; interface Props { selectedGroups?: string[]; - fields: DataViewField[]; + fields: FieldSpec[]; onChange: (groupBy: string[]) => void; label?: string; } diff --git a/x-pack/plugins/infra/public/alerting/common/group_by_expression/selector.tsx b/x-pack/plugins/infra/public/alerting/common/group_by_expression/selector.tsx index c1426908e40f8..4e5a574d67e9b 100644 --- a/x-pack/plugins/infra/public/alerting/common/group_by_expression/selector.tsx +++ b/x-pack/plugins/infra/public/alerting/common/group_by_expression/selector.tsx @@ -7,12 +7,12 @@ import { EuiComboBox } from '@elastic/eui'; import React, { useCallback, useMemo } from 'react'; -import { DataViewField } from 'src/plugins/data_views/common'; +import { FieldSpec } from 'src/plugins/data_views/common'; interface Props { selectedGroups?: string[]; onChange: (groupBy: string[]) => void; - fields: DataViewField[]; + fields: FieldSpec[]; label: string; placeholder: string; } diff --git a/x-pack/plugins/infra/public/alerting/log_threshold/components/expression_editor/criteria.tsx b/x-pack/plugins/infra/public/alerting/log_threshold/components/expression_editor/criteria.tsx index a746fc5371af0..311df76ce7400 100644 --- a/x-pack/plugins/infra/public/alerting/log_threshold/components/expression_editor/criteria.tsx +++ b/x-pack/plugins/infra/public/alerting/log_threshold/components/expression_editor/criteria.tsx @@ -9,7 +9,7 @@ import React, { useCallback } from 'react'; import { EuiFlexItem, EuiFlexGroup, EuiButtonEmpty, EuiAccordion, EuiSpacer } from '@elastic/eui'; import { FormattedMessage } from '@kbn/i18n-react'; import { i18n } from '@kbn/i18n'; -import { DataViewField } from 'src/plugins/data_views/common'; +import type { ResolvedLogViewField } from '../../../../../common/log_views'; import { Criterion } from './criterion'; import { PartialRuleParams, @@ -34,7 +34,7 @@ const QueryBText = i18n.translate('xpack.infra.logs.alerting.threshold.ratioCrit }); interface SharedProps { - fields: DataViewField[]; + fields: ResolvedLogViewField[]; criteria?: PartialCriteriaType; defaultCriterion: PartialCriterionType; errors: Errors['criteria']; diff --git a/x-pack/plugins/infra/public/alerting/log_threshold/components/expression_editor/criterion.tsx b/x-pack/plugins/infra/public/alerting/log_threshold/components/expression_editor/criterion.tsx index b257c54765a75..2c279f6413353 100644 --- a/x-pack/plugins/infra/public/alerting/log_threshold/components/expression_editor/criterion.tsx +++ b/x-pack/plugins/infra/public/alerting/log_threshold/components/expression_editor/criterion.tsx @@ -5,30 +5,29 @@ * 2.0. */ -import React, { useState, useMemo, useCallback } from 'react'; import { - EuiPopoverTitle, - EuiFlexItem, - EuiFlexGroup, - EuiPopover, - EuiSelect, - EuiFieldNumber, + EuiButtonIcon, + EuiComboBox, EuiExpression, + EuiFieldNumber, EuiFieldText, - EuiButtonIcon, + EuiFlexGroup, + EuiFlexItem, EuiFormRow, - EuiComboBox, + EuiPopover, + EuiPopoverTitle, + EuiSelect, } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; -import { DataViewField } from 'src/plugins/data_views/common'; -import { isNumber, isFinite } from 'lodash'; -// eslint-disable-next-line @kbn/eslint/no-restricted-paths -import { IErrorObject } from '../../../../../../triggers_actions_ui/public/types'; +import { isFinite, isNumber } from 'lodash'; +import React, { useCallback, useMemo, useState } from 'react'; +import type { IErrorObject } from '../../../../../../triggers_actions_ui/public'; import { Comparator, - Criterion as CriterionType, ComparatorToi18nMap, + Criterion as CriterionType, } from '../../../../../common/alerting/logs/log_threshold/types'; +import type { ResolvedLogViewField } from '../../../../../common/log_views'; const firstCriterionFieldPrefix = i18n.translate( 'xpack.infra.logs.alertFlyout.firstCriterionFieldPrefix', @@ -55,7 +54,7 @@ const criterionComparatorValueTitle = i18n.translate( } ); -const getCompatibleComparatorsForField = (fieldInfo: DataViewField | undefined) => { +const getCompatibleComparatorsForField = (fieldInfo: ResolvedLogViewField | undefined) => { if (fieldInfo?.type === 'number') { return [ { value: Comparator.GT, text: ComparatorToi18nMap[Comparator.GT] }, @@ -83,7 +82,10 @@ const getCompatibleComparatorsForField = (fieldInfo: DataViewField | undefined) } }; -const getFieldInfo = (fields: DataViewField[], fieldName: string): DataViewField | undefined => { +const getFieldInfo = ( + fields: ResolvedLogViewField[], + fieldName: string +): ResolvedLogViewField | undefined => { return fields.find((field) => { return field.name === fieldName; }); @@ -91,7 +93,7 @@ const getFieldInfo = (fields: DataViewField[], fieldName: string): DataViewField interface Props { idx: number; - fields: DataViewField[]; + fields: ResolvedLogViewField[]; criterion: Partial; updateCriterion: (idx: number, params: Partial) => void; removeCriterion: (idx: number) => void; @@ -117,7 +119,7 @@ export const Criterion: React.FC = ({ }); }, [fields]); - const fieldInfo: DataViewField | undefined = useMemo(() => { + const fieldInfo: ResolvedLogViewField | undefined = useMemo(() => { if (criterion.field) { return getFieldInfo(fields, criterion.field); } else { diff --git a/x-pack/plugins/infra/public/alerting/log_threshold/components/expression_editor/editor.tsx b/x-pack/plugins/infra/public/alerting/log_threshold/components/expression_editor/editor.tsx index bdd6961ec86f2..920c3cbf1e873 100644 --- a/x-pack/plugins/infra/public/alerting/log_threshold/components/expression_editor/editor.tsx +++ b/x-pack/plugins/infra/public/alerting/log_threshold/components/expression_editor/editor.tsx @@ -9,30 +9,27 @@ import { EuiButton, EuiCallOut, EuiLoadingSpinner, EuiSpacer } from '@elastic/eu import { i18n } from '@kbn/i18n'; import React, { useCallback, useMemo, useState } from 'react'; import useMount from 'react-use/lib/useMount'; -import { useKibana } from '../../../../../../../../src/plugins/kibana_react/public'; +import { ResolvedLogViewField } from '../../../../../common/log_views'; import { - RuleTypeParamsExpressionProps, ForLastExpression, + RuleTypeParamsExpressionProps, } from '../../../../../../triggers_actions_ui/public'; import { Comparator, + isOptimizableGroupedThreshold, isRatioRule, - PartialRuleParams, PartialCountRuleParams, PartialCriteria as PartialCriteriaType, PartialRatioRuleParams, + PartialRuleParams, ThresholdType, timeUnitRT, - isOptimizableGroupedThreshold, } from '../../../../../common/alerting/logs/log_threshold/types'; import { decodeOrThrow } from '../../../../../common/runtime_types'; import { ObjectEntries } from '../../../../../common/utility_types'; -import { - LogIndexField, - LogSourceProvider, - useLogSourceContext, -} from '../../../../containers/logs/log_source'; import { useSourceId } from '../../../../containers/source_id'; +import { useKibanaContextForPlugin } from '../../../../hooks/use_kibana'; +import { LogViewProvider, useLogViewContext } from '../../../../hooks/use_log_view'; import { GroupByExpression } from '../../../common/group_by_expression/group_by_expression'; import { errorsRT } from '../../validation'; import { Criteria } from './criteria'; @@ -57,7 +54,7 @@ const DEFAULT_BASE_EXPRESSION = { const DEFAULT_FIELD = 'log.level'; const createDefaultCriterion = ( - availableFields: LogIndexField[], + availableFields: ResolvedLogViewField[], value: ExpressionCriteria['value'] ) => availableFields.some((availableField) => availableField.name === DEFAULT_FIELD) @@ -65,7 +62,7 @@ const createDefaultCriterion = ( : { field: undefined, comparator: undefined, value: undefined }; const createDefaultCountRuleParams = ( - availableFields: LogIndexField[] + availableFields: ResolvedLogViewField[] ): PartialCountRuleParams => ({ ...DEFAULT_BASE_EXPRESSION, count: { @@ -76,7 +73,7 @@ const createDefaultCountRuleParams = ( }); const createDefaultRatioRuleParams = ( - availableFields: LogIndexField[] + availableFields: ResolvedLogViewField[] ): PartialRatioRuleParams => ({ ...DEFAULT_BASE_EXPRESSION, count: { @@ -93,8 +90,10 @@ export const ExpressionEditor: React.FC< RuleTypeParamsExpressionProps > = (props) => { const isInternal = props.metadata?.isInternal ?? false; - const [sourceId] = useSourceId(); - const { http } = useKibana().services; + const [logViewId] = useSourceId(); + const { + services: { http, logViews }, + } = useKibanaContextForPlugin(); // injected during alert registration return ( <> @@ -103,42 +102,28 @@ export const ExpressionEditor: React.FC< ) : ( - + - + )} ); }; export const SourceStatusWrapper: React.FC = ({ children }) => { - const { - initialize, - loadSource, - isLoadingSourceConfiguration, - hasFailedLoadingSource, - isUninitialized, - } = useLogSourceContext(); - - useMount(() => { - initialize(); - }); + const { load, isLoading, hasFailedLoading, isUninitialized } = useLogViewContext(); return ( <> - {isLoadingSourceConfiguration || isUninitialized ? ( + {isLoading || isUninitialized ? (
- ) : hasFailedLoadingSource ? ( + ) : hasFailedLoading ? ( { color="danger" iconType="alert" > - + {i18n.translate('xpack.infra.logs.alertFlyout.sourceStatusErrorTryAgain', { defaultMessage: 'Try again', })} @@ -164,7 +149,7 @@ export const Editor: React.FC { const { setRuleParams, ruleParams, errors } = props; const [hasSetDefaults, setHasSetDefaults] = useState(false); - const { sourceId, resolvedSourceConfiguration } = useLogSourceContext(); + const { logViewId, resolvedLogView } = useLogViewContext(); const { criteria: criteriaErrors, @@ -174,24 +159,24 @@ export const Editor: React.FC decodeOrThrow(errorsRT)(errors), [errors]); const supportedFields = useMemo(() => { - if (resolvedSourceConfiguration?.fields) { - return resolvedSourceConfiguration.fields.filter((field) => { + if (resolvedLogView?.fields) { + return resolvedLogView.fields.filter((field) => { return (field.type === 'string' || field.type === 'number') && field.searchable; }); } else { return []; } - }, [resolvedSourceConfiguration]); + }, [resolvedLogView]); const groupByFields = useMemo(() => { - if (resolvedSourceConfiguration?.fields) { - return resolvedSourceConfiguration.fields.filter((field) => { + if (resolvedLogView?.fields) { + return resolvedLogView.fields.filter((field) => { return field.type === 'string' && field.aggregatable; }); } else { return []; } - }, [resolvedSourceConfiguration]); + }, [resolvedLogView]); const updateThreshold = useCallback( (thresholdParams) => { @@ -276,7 +261,7 @@ export const Editor: React.FC ) : null; diff --git a/x-pack/plugins/infra/public/alerting/log_threshold/log_threshold_rule_type.ts b/x-pack/plugins/infra/public/alerting/log_threshold/log_threshold_rule_type.tsx similarity index 80% rename from x-pack/plugins/infra/public/alerting/log_threshold/log_threshold_rule_type.ts rename to x-pack/plugins/infra/public/alerting/log_threshold/log_threshold_rule_type.tsx index a6c1eaaa07e1b..7d89dac681743 100644 --- a/x-pack/plugins/infra/public/alerting/log_threshold/log_threshold_rule_type.ts +++ b/x-pack/plugins/infra/public/alerting/log_threshold/log_threshold_rule_type.tsx @@ -6,16 +6,24 @@ */ import { i18n } from '@kbn/i18n'; -import React from 'react'; import { ObservabilityRuleTypeModel } from '../../../../observability/public'; import { LOG_DOCUMENT_COUNT_RULE_TYPE_ID, PartialRuleParams, } from '../../../common/alerting/logs/log_threshold'; +import { createLazyComponentWithKibanaContext } from '../../hooks/use_kibana'; +import { InfraClientCoreSetup } from '../../types'; import { formatRuleData } from './rule_data_formatters'; import { validateExpression } from './validation'; -export function createLogThresholdRuleType(): ObservabilityRuleTypeModel { +export function createLogThresholdRuleType( + core: InfraClientCoreSetup +): ObservabilityRuleTypeModel { + const ruleParamsExpression = createLazyComponentWithKibanaContext( + core, + () => import('./components/expression_editor/editor') + ); + return { id: LOG_DOCUMENT_COUNT_RULE_TYPE_ID, description: i18n.translate('xpack.infra.logs.alertFlyout.alertDescription', { @@ -25,7 +33,7 @@ export function createLogThresholdRuleType(): ObservabilityRuleTypeModel import('./components/expression_editor/editor')), + ruleParamsExpression, validate: validateExpression, defaultActionMessage: i18n.translate( 'xpack.infra.logs.alerting.threshold.defaultActionMessage', diff --git a/x-pack/plugins/infra/public/apps/common_providers.tsx b/x-pack/plugins/infra/public/apps/common_providers.tsx index cdfe338fa38b3..2463485137ba3 100644 --- a/x-pack/plugins/infra/public/apps/common_providers.tsx +++ b/x-pack/plugins/infra/public/apps/common_providers.tsx @@ -6,7 +6,7 @@ */ import { AppMountParameters, CoreStart } from 'kibana/public'; -import React, { useMemo } from 'react'; +import React from 'react'; import { EuiThemeProvider } from '../../../../../src/plugins/kibana_react/common'; import { KibanaContextProvider, @@ -14,11 +14,11 @@ import { useUiSetting$, } from '../../../../../src/plugins/kibana_react/public'; import { Storage } from '../../../../../src/plugins/kibana_utils/public'; +import { NavigationWarningPromptProvider } from '../../../observability/public'; import { TriggersAndActionsUIPublicPluginStart } from '../../../triggers_actions_ui/public'; -import { createKibanaContextForPlugin } from '../hooks/use_kibana'; -import { InfraClientStartDeps } from '../types'; +import { useKibanaContextForPluginProvider } from '../hooks/use_kibana'; +import { InfraClientStartDeps, InfraClientStartExports } from '../types'; import { HeaderActionMenuProvider } from '../utils/header_action_menu_provider'; -import { NavigationWarningPromptProvider } from '../../../observability/public'; import { TriggersActionsProvider } from '../utils/triggers_actions_context'; export const CommonInfraProviders: React.FC<{ @@ -45,6 +45,7 @@ export const CommonInfraProviders: React.FC<{ export interface CoreProvidersProps { core: CoreStart; + pluginStart: InfraClientStartExports; plugins: InfraClientStartDeps; theme$: AppMountParameters['theme$']; } @@ -52,16 +53,18 @@ export interface CoreProvidersProps { export const CoreProviders: React.FC = ({ children, core, + pluginStart, plugins, theme$, }) => { - const { Provider: KibanaContextProviderForPlugin } = useMemo( - () => createKibanaContextForPlugin(core, plugins), - [core, plugins] + const KibanaContextProviderForPlugin = useKibanaContextForPluginProvider( + core, + plugins, + pluginStart ); return ( - + {children} diff --git a/x-pack/plugins/infra/public/apps/logs_app.tsx b/x-pack/plugins/infra/public/apps/logs_app.tsx index 4e9936ad4123f..fd507ef822893 100644 --- a/x-pack/plugins/infra/public/apps/logs_app.tsx +++ b/x-pack/plugins/infra/public/apps/logs_app.tsx @@ -16,13 +16,14 @@ import '../index.scss'; import { NotFoundPage } from '../pages/404'; import { LinkToLogsPage } from '../pages/link_to/link_to_logs'; import { LogsPage } from '../pages/logs'; -import { InfraClientStartDeps } from '../types'; +import { InfraClientStartDeps, InfraClientStartExports } from '../types'; import { CommonInfraProviders, CoreProviders } from './common_providers'; import { prepareMountElement } from './common_styles'; export const renderApp = ( core: CoreStart, plugins: InfraClientStartDeps, + pluginStart: InfraClientStartExports, { element, history, setHeaderActionMenu, theme$ }: AppMountParameters ) => { const storage = new Storage(window.localStorage); @@ -35,6 +36,7 @@ export const renderApp = ( storage={storage} history={history} plugins={plugins} + pluginStart={pluginStart} setHeaderActionMenu={setHeaderActionMenu} theme$={theme$} />, @@ -49,15 +51,16 @@ export const renderApp = ( const LogsApp: React.FC<{ core: CoreStart; history: History; + pluginStart: InfraClientStartExports; plugins: InfraClientStartDeps; setHeaderActionMenu: AppMountParameters['setHeaderActionMenu']; storage: Storage; theme$: AppMountParameters['theme$']; -}> = ({ core, history, plugins, setHeaderActionMenu, storage, theme$ }) => { +}> = ({ core, history, pluginStart, plugins, setHeaderActionMenu, storage, theme$ }) => { const uiCapabilities = core.application.capabilities; return ( - + { const storage = new Storage(window.localStorage); @@ -35,6 +36,7 @@ export const renderApp = ( core={core} history={history} plugins={plugins} + pluginStart={pluginStart} setHeaderActionMenu={setHeaderActionMenu} storage={storage} theme$={theme$} @@ -50,15 +52,16 @@ export const renderApp = ( const MetricsApp: React.FC<{ core: CoreStart; history: History; + pluginStart: InfraClientStartExports; plugins: InfraClientStartDeps; setHeaderActionMenu: AppMountParameters['setHeaderActionMenu']; storage: Storage; theme$: AppMountParameters['theme$']; -}> = ({ core, history, plugins, setHeaderActionMenu, storage, theme$ }) => { +}> = ({ core, history, pluginStart, plugins, setHeaderActionMenu, storage, theme$ }) => { const uiCapabilities = core.application.capabilities; return ( - + { describe('createLazyContainerMetricsTable', () => { it('should lazily load and render the table', async () => { - const { coreProvidersPropsMock, fetch } = createCoreProvidersPropsMock(fetchMock); - const LazyContainerMetricsTable = createLazyContainerMetricsTable(coreProvidersPropsMock); + const { fetch, getStartServices } = createStartServicesAccessorMock(fetchMock); + const LazyContainerMetricsTable = createLazyContainerMetricsTable(getStartServices); render(); @@ -62,7 +62,7 @@ describe('ContainerMetricsTable', () => { describe('IntegratedContainerMetricsTable', () => { it('should render a single row of data', async () => { - const { coreProvidersPropsMock, fetch } = createCoreProvidersPropsMock(fetchMock); + const { coreProvidersPropsMock, fetch } = createStartServicesAccessorMock(fetchMock); const { findByText } = render( import('./integrated_container_metrics_table') ); -export function createLazyContainerMetricsTable(coreProvidersProps: CoreProvidersProps) { +export function createLazyContainerMetricsTable(getStartServices: () => InfraClientStartServices) { return ({ timerange, filterClauseDsl, sourceId, - }: UseNodeMetricsTableOptions & Partial) => ( - - - - ); + }: UseNodeMetricsTableOptions & Partial) => { + const [core, plugins, pluginStart] = getStartServices(); + + return ( + + + + ); + }; } diff --git a/x-pack/plugins/infra/public/components/infrastructure_node_metrics_tables/host/create_lazy_host_metrics_table.tsx b/x-pack/plugins/infra/public/components/infrastructure_node_metrics_tables/host/create_lazy_host_metrics_table.tsx index 39980ebf3604b..7041d7daeeb08 100644 --- a/x-pack/plugins/infra/public/components/infrastructure_node_metrics_tables/host/create_lazy_host_metrics_table.tsx +++ b/x-pack/plugins/infra/public/components/infrastructure_node_metrics_tables/host/create_lazy_host_metrics_table.tsx @@ -6,24 +6,31 @@ */ import React, { lazy, Suspense } from 'react'; -import type { CoreProvidersProps } from '../../../apps/common_providers'; +import { InfraClientStartServices } from '../../../types'; import type { SourceProviderProps, UseNodeMetricsTableOptions } from '../shared'; const LazyIntegratedHostMetricsTable = lazy(() => import('./integrated_host_metrics_table')); -export function createLazyHostMetricsTable(coreProvidersProps: CoreProvidersProps) { +export function createLazyHostMetricsTable(getStartServices: () => InfraClientStartServices) { return ({ timerange, filterClauseDsl, sourceId, - }: UseNodeMetricsTableOptions & Partial) => ( - - - - ); + }: UseNodeMetricsTableOptions & Partial) => { + const [core, plugins, pluginStart] = getStartServices(); + + return ( + + + + ); + }; } diff --git a/x-pack/plugins/infra/public/components/infrastructure_node_metrics_tables/host/host_metrics_table.test.tsx b/x-pack/plugins/infra/public/components/infrastructure_node_metrics_tables/host/host_metrics_table.test.tsx index fd2a010e32321..63b6b87202776 100644 --- a/x-pack/plugins/infra/public/components/infrastructure_node_metrics_tables/host/host_metrics_table.test.tsx +++ b/x-pack/plugins/infra/public/components/infrastructure_node_metrics_tables/host/host_metrics_table.test.tsx @@ -13,7 +13,7 @@ import type { NodeMetricsTableFetchMock, SourceResponseMock, } from '../test_helpers'; -import { createCoreProvidersPropsMock } from '../test_helpers'; +import { createStartServicesAccessorMock } from '../test_helpers'; import { createLazyHostMetricsTable } from './create_lazy_host_metrics_table'; import IntegratedHostMetricsTable from './integrated_host_metrics_table'; import { metricByField } from './use_host_metrics_table'; @@ -41,8 +41,8 @@ describe('HostMetricsTable', () => { describe('createLazyHostMetricsTable', () => { it('should lazily load and render the table', async () => { - const { coreProvidersPropsMock, fetch } = createCoreProvidersPropsMock(fetchMock); - const LazyHostMetricsTable = createLazyHostMetricsTable(coreProvidersPropsMock); + const { fetch, getStartServices } = createStartServicesAccessorMock(fetchMock); + const LazyHostMetricsTable = createLazyHostMetricsTable(getStartServices); render(); @@ -62,7 +62,7 @@ describe('HostMetricsTable', () => { describe('IntegratedHostMetricsTable', () => { it('should render a single row of data', async () => { - const { coreProvidersPropsMock, fetch } = createCoreProvidersPropsMock(fetchMock); + const { coreProvidersPropsMock, fetch } = createStartServicesAccessorMock(fetchMock); const { findByText } = render( import('./integrated_pod_metrics_table')); -export function createLazyPodMetricsTable(coreProvidersProps: CoreProvidersProps) { +export function createLazyPodMetricsTable(getStartServices: () => InfraClientStartServices) { return ({ timerange, filterClauseDsl, sourceId, - }: UseNodeMetricsTableOptions & Partial) => ( - - - - ); + }: UseNodeMetricsTableOptions & Partial) => { + const [core, plugins, pluginStart] = getStartServices(); + + return ( + + + + ); + }; } diff --git a/x-pack/plugins/infra/public/components/infrastructure_node_metrics_tables/pod/pod_metrics_table.test.tsx b/x-pack/plugins/infra/public/components/infrastructure_node_metrics_tables/pod/pod_metrics_table.test.tsx index ab4b449f5331b..21d26bd42827c 100644 --- a/x-pack/plugins/infra/public/components/infrastructure_node_metrics_tables/pod/pod_metrics_table.test.tsx +++ b/x-pack/plugins/infra/public/components/infrastructure_node_metrics_tables/pod/pod_metrics_table.test.tsx @@ -13,7 +13,7 @@ import type { NodeMetricsTableFetchMock, SourceResponseMock, } from '../test_helpers'; -import { createCoreProvidersPropsMock } from '../test_helpers'; +import { createStartServicesAccessorMock } from '../test_helpers'; import { createLazyPodMetricsTable } from './create_lazy_pod_metrics_table'; import IntegratedPodMetricsTable from './integrated_pod_metrics_table'; import { metricByField } from './use_pod_metrics_table'; @@ -41,8 +41,8 @@ describe('PodMetricsTable', () => { describe('createLazyPodMetricsTable', () => { it('should lazily load and render the table', async () => { - const { coreProvidersPropsMock, fetch } = createCoreProvidersPropsMock(fetchMock); - const LazyPodMetricsTable = createLazyPodMetricsTable(coreProvidersPropsMock); + const { fetch, getStartServices } = createStartServicesAccessorMock(fetchMock); + const LazyPodMetricsTable = createLazyPodMetricsTable(getStartServices); render(); @@ -62,7 +62,7 @@ describe('PodMetricsTable', () => { describe('IntegratedPodMetricsTable', () => { it('should render a single row of data', async () => { - const { coreProvidersPropsMock, fetch } = createCoreProvidersPropsMock(fetchMock); + const { coreProvidersPropsMock, fetch } = createStartServicesAccessorMock(fetchMock); const { findByText } = render( ; export type DataResponseMock = DeepPartial; @@ -20,19 +24,26 @@ export type NodeMetricsTableFetchMock = ( options: HttpFetchOptions ) => Promise; -export function createCoreProvidersPropsMock(fetchMock: NodeMetricsTableFetchMock) { +export function createStartServicesAccessorMock(fetchMock: NodeMetricsTableFetchMock) { const core = coreMock.createStart(); // @ts-expect-error core.http.fetch has overloads, Jest/TypeScript only picks the first definition when mocking core.http.fetch.mockImplementation(fetchMock); const coreProvidersPropsMock: CoreProvidersProps = { core, + pluginStart: {} as InfraClientStartExports, plugins: {} as InfraClientStartDeps, theme$: core.theme.theme$, }; + const getStartServices = (): InfraClientStartServices => [ + coreProvidersPropsMock.core, + coreProvidersPropsMock.plugins, + coreProvidersPropsMock.pluginStart, + ]; return { coreProvidersPropsMock, fetch: core.http.fetch, + getStartServices, }; } diff --git a/x-pack/plugins/infra/public/components/log_stream/log_stream.stories.mdx b/x-pack/plugins/infra/public/components/log_stream/log_stream.stories.mdx index f11430586764d..c442ce31f347a 100644 --- a/x-pack/plugins/infra/public/components/log_stream/log_stream.stories.mdx +++ b/x-pack/plugins/infra/public/components/log_stream/log_stream.stories.mdx @@ -1,158 +1,6 @@ import { Meta, Story, Canvas, ArgsTable } from '@storybook/addon-docs/blocks'; -import { defer, of, Subject } from 'rxjs'; -import { delay } from 'rxjs/operators'; - -import { I18nProvider } from '@kbn/i18n-react'; -import { KBN_FIELD_TYPES } from '../../../../../../src/plugins/data/public'; -import { KibanaContextProvider } from '../../../../../../src/plugins/kibana_react/public'; -import { LOG_ENTRIES_SEARCH_STRATEGY } from '../../../common/search_strategies/log_entries/log_entries'; -import { createIndexPatternMock, createIndexPatternsMock } from '../../hooks/use_kibana_index_patterns.mock'; -import { DEFAULT_SOURCE_CONFIGURATION } from '../../test_utils/source_configuration'; -import { generateFakeEntries, ENTRIES_EMPTY } from '../../test_utils/entries'; -import { decorateWithGlobalStorybookThemeProviders } from '../../test_utils/use_global_storybook_theme'; - -import { LogStream } from './'; - - - -export const startTimestamp = 1595145600000; -export const endTimestamp = startTimestamp + 15 * 60 * 1000; - -export const dataMock = { - indexPatterns: createIndexPatternsMock(500, [ - createIndexPatternMock({ - id: 'some-test-id', - title: 'mock-index-pattern-*', - timeFieldName: '@timestamp', - fields: [ - { - name: '@timestamp', - type: KBN_FIELD_TYPES.DATE, - searchable: true, - aggregatable: true, - }, - { - name: 'event.dataset', - type: KBN_FIELD_TYPES.STRING, - searchable: true, - aggregatable: true, - }, - { - name: 'host.name', - type: KBN_FIELD_TYPES.STRING, - searchable: true, - aggregatable: true, - }, - { - name: 'log.level', - type: KBN_FIELD_TYPES.STRING, - searchable: true, - aggregatable: true, - }, - { - name: 'message', - type: KBN_FIELD_TYPES.STRING, - searchable: true, - aggregatable: true, - }, - ], - }) - ]), - search: { - search: ({ params }, options) => { - return defer(() => { - switch (options.strategy) { - case LOG_ENTRIES_SEARCH_STRATEGY: - if (params.after?.time === params.endTimestamp || params.before?.time === params.startTimestamp) { - return of({ - id: 'EMPTY_FAKE_RESPONSE', - total: 1, - loaded: 1, - isRunning: false, - isPartial: false, - rawResponse: ENTRIES_EMPTY, - }); - } else { - const entries = generateFakeEntries( - 200, - params.startTimestamp, - params.endTimestamp, - params.columns || DEFAULT_SOURCE_CONFIGURATION.data.configuration.logColumns - ); - return of({ - id: 'FAKE_RESPONSE', - total: 1, - loaded: 1, - isRunning: false, - isPartial: false, - rawResponse: { - data: { - entries, - topCursor: entries[0].cursor, - bottomCursor: entries[entries.length - 1].cursor, - hasMoreBefore: false, - }, - errors: [], - } - }); - } - default: - return of({ - id: 'FAKE_RESPONSE', - rawResponse: {}, - }); - } - }).pipe(delay(2000)); - }, - }, -}; - - -export const fetch = async function (url, params) { - switch (url) { - case '/api/infra/log_source_configurations/default': - return DEFAULT_SOURCE_CONFIGURATION; - case '/api/infra/log_source_configurations/default/status': - return { - data: { - logIndexStatus: 'available', - } - }; - default: - return {}; - } -}; - -export const uiSettings = { - get: (setting) => { - switch (setting) { - case 'dateFormat': - return 'MMM D, YYYY @ HH:mm:ss.SSS'; - case 'dateFormat:scaled': - return [['', 'HH:mm:ss.SSS']]; - } - }, - get$: () => { - return new Subject(); - }, -}; - -export const Template = (args) => ; - - ( - - - {story()} - - - ), - decorateWithGlobalStorybookThemeProviders, - ]} -/> + + # Embeddable `` component @@ -187,11 +35,7 @@ const startTimestamp = endTimestamp - 15 * 60 * 1000; // 15 minutes This will show a list of log entries between the specified timestamps. - - - {Template.bind({})} - - + ## Query log entries @@ -246,14 +90,7 @@ By default the component will load at the bottom of the list, showing the newest /> ``` - - - {Template.bind({})} - - + ## Highlight a specific entry @@ -263,11 +100,7 @@ The component can highlight a specific line via the `highlight` prop. It takes t ``` - - - {Template.bind({})} - - + ## Column configuration @@ -298,23 +131,7 @@ The easiest way is to specify what columns you want with the `columns` prop. /> ``` - - - {Template.bind({})} - - + The rendering of the column headers and the cell contents can also be customized with the following properties: @@ -389,57 +206,25 @@ The rendering of the column headers and the cell contents can also be customized /> ``` - - { - switch (value) { - case 'debug': - return '🐞'; - case 'info': - return 'ℹ️'; - case 'warn': - return '⚠️'; - case 'error': - return '❌'; - } - }, - }, - { type: 'message' }, - ], - }} - > - {Template.bind({})} - - + -### With a source configuration +### With a static log view configuration -The infra plugin has the concept of a "source configuration", a collection of settings that apply to the logs and metrics UIs. The component uses the source configuration to determine which indices to query or what columns to show. +The infra plugin has the concept of a "log view", a collection of settings that apply to the logs UI. The component uses the log view to determine which indices to query or what columns to show. -The `` component will use the `"default"` source configuration. If you want to use your own configuration, you need to first create it when you initialize your plugin, and then specify it in the `` component with the `sourceId` prop. +The `` component will use the `"default"` log view. If you want to use your own log view, you need to first create it when you initialize your plugin, and then specify it in the `` component with the `sourceId` prop. ```tsx // Your `server/plugin.ts` class MyPlugin { // ... setup(core, plugins) { - plugins.infra.defineInternalSourceConfiguration( - 'my_source', // ID for your source configuration + plugins.infra.logViews.defineInternalLogView( + 'my_log_view', // ID for your log view { name: 'some-name', description: 'some description', - logIndices: { // Also accepts an `index_pattern` type with `indexPatternId` + logIndices: { // Also accepts a `data_view` type with `dataViewId` type: 'index_name', indexName: 'some-index', }, @@ -463,4 +248,4 @@ class MyPlugin { ### Setting component height -It's possible to pass a `height` prop, e.g. `60vh` or `300px`, to specify how much vertical space the component should consume. +It's possible to pass a `height` prop, e.g. `60vh` or `300px`, to specify how much vertical space the component should consume. \ No newline at end of file diff --git a/x-pack/plugins/infra/public/components/log_stream/log_stream.stories.tsx b/x-pack/plugins/infra/public/components/log_stream/log_stream.stories.tsx new file mode 100644 index 0000000000000..d98f9dfd53fe9 --- /dev/null +++ b/x-pack/plugins/infra/public/components/log_stream/log_stream.stories.tsx @@ -0,0 +1,83 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { I18nProvider } from '@kbn/i18n-react'; +import type { Meta, Story } from '@storybook/react'; +import React from 'react'; +import { decorateWithGlobalStorybookThemeProviders } from '../../test_utils/use_global_storybook_theme'; +import { LogStream, LogStreamProps } from './log_stream'; +import { decorateWithKibanaContext } from './log_stream.story_decorators'; + +const startTimestamp = 1595145600000; +const endTimestamp = startTimestamp + 15 * 60 * 1000; + +export default { + title: 'infra/LogStream', + component: LogStream, + decorators: [ + (wrappedStory) => {wrappedStory()}, + decorateWithKibanaContext, + decorateWithGlobalStorybookThemeProviders, + ], + parameters: { + layout: 'padded', + }, + args: { + startTimestamp, + endTimestamp, + }, +} as Meta; + +const LogStreamStoryTemplate: Story = (args) => ; + +export const BasicDateRange = LogStreamStoryTemplate.bind({}); + +export const CenteredOnLogEntry = LogStreamStoryTemplate.bind({}); +CenteredOnLogEntry.args = { + center: { time: 1595146275000, tiebreaker: 150 }, +}; + +export const HighlightedLogEntry = LogStreamStoryTemplate.bind({}); +HighlightedLogEntry.args = { + highlight: 'entry-197', +}; + +export const CustomColumns = LogStreamStoryTemplate.bind({}); +CustomColumns.args = { + columns: [ + { type: 'timestamp' }, + { type: 'field', field: 'log.level' }, + { type: 'field', field: 'host.name' }, + { type: 'message' }, + ], +}; + +export const CustomColumnRendering = LogStreamStoryTemplate.bind({}); +CustomColumnRendering.args = { + columns: [ + { type: 'timestamp', header: 'When?' }, + { + type: 'field', + field: 'log.level', + header: false, + width: 24, + render: (value) => { + switch (value) { + case 'debug': + return '🐞'; + case 'info': + return 'ℹ️'; + case 'warn': + return '⚠️'; + case 'error': + return '❌'; + } + }, + }, + { type: 'message' }, + ], +}; diff --git a/x-pack/plugins/infra/public/components/log_stream/log_stream.story_decorators.tsx b/x-pack/plugins/infra/public/components/log_stream/log_stream.story_decorators.tsx new file mode 100644 index 0000000000000..d8c9b0ac4fac0 --- /dev/null +++ b/x-pack/plugins/infra/public/components/log_stream/log_stream.story_decorators.tsx @@ -0,0 +1,151 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { StoryContext } from '@storybook/react'; +import React from 'react'; +import { defer, of, Subject } from 'rxjs'; +import { delay } from 'rxjs/operators'; +import { + ENHANCED_ES_SEARCH_STRATEGY, + ES_SEARCH_STRATEGY, + FieldSpec, +} from '../../../../../../src/plugins/data/common'; +import { + IEsSearchResponse, + IKibanaSearchRequest, + IKibanaSearchResponse, + ISearchOptions, +} from '../../../../../../src/plugins/data/public'; +import { KibanaContextProvider } from '../../../../../../src/plugins/kibana_react/public'; +import { getLogViewResponsePayloadRT } from '../../../common/http_api/log_views'; +import { defaultLogViewAttributes } from '../../../common/log_views'; +import { + LogEntriesSearchResponsePayload, + LOG_ENTRIES_SEARCH_STRATEGY, +} from '../../../common/search_strategies/log_entries/log_entries'; +import { ENTRIES_EMPTY, generateFakeEntries } from '../../test_utils/entries'; + +export const decorateWithKibanaContext = ( + wrappedStory: () => StoryFnReactReturnType, + _storyContext: StoryContext +) => { + const data = { + dataViews: { + getFieldsForWildcard: async (): Promise => { + return []; + }, + }, + search: { + search: ({ params }: IKibanaSearchRequest, options?: ISearchOptions) => { + return defer(() => { + switch (options?.strategy) { + case LOG_ENTRIES_SEARCH_STRATEGY: + if ( + params.after?.time === params.endTimestamp || + params.before?.time === params.startTimestamp + ) { + return of>({ + id: 'MOCK_LOG_ENTRIES_RESPONSE', + total: 1, + loaded: 1, + isRunning: false, + isPartial: false, + rawResponse: ENTRIES_EMPTY, + }); + } else { + const entries = generateFakeEntries( + 200, + params.startTimestamp, + params.endTimestamp, + params.columns || defaultLogViewAttributes.logColumns + ); + return of>({ + id: 'MOCK_LOG_ENTRIES_RESPONSE', + total: 1, + loaded: 1, + isRunning: false, + isPartial: false, + rawResponse: { + data: { + entries, + topCursor: entries[0].cursor, + bottomCursor: entries[entries.length - 1].cursor, + hasMoreBefore: false, + }, + errors: [], + }, + }); + } + case undefined: + case ES_SEARCH_STRATEGY: + case ENHANCED_ES_SEARCH_STRATEGY: + return of({ + id: 'MOCK_INDEX_CHECK_RESPONSE', + total: 1, + loaded: 1, + isRunning: false, + isPartial: false, + rawResponse: { + _shards: { + failed: 0, + successful: 1, + total: 1, + }, + hits: { + hits: [], + total: 1, + }, + timed_out: false, + took: 1, + }, + }); + default: + return of({ + id: 'FAKE_RESPONSE', + rawResponse: {}, + }); + } + }).pipe(delay(2000)); + }, + }, + }; + + const http = { + get: async (path: string) => { + switch (path) { + case '/api/infra/log_views/default': + return getLogViewResponsePayloadRT.encode({ + data: { + id: 'default', + origin: 'stored', + attributes: defaultLogViewAttributes, + }, + }); + default: + return {}; + } + }, + }; + + const uiSettings = { + get: (setting: string) => { + switch (setting) { + case 'dateFormat': + return 'MMM D, YYYY @ HH:mm:ss.SSS'; + case 'dateFormat:scaled': + return [['', 'HH:mm:ss.SSS']]; + } + }, + get$: () => new Subject(), + }; + + return ( + + {wrappedStory()} + + ); +}; diff --git a/x-pack/plugins/infra/public/components/log_stream/log_stream.tsx b/x-pack/plugins/infra/public/components/log_stream/log_stream.tsx index 02e595628d783..9561e7b684657 100644 --- a/x-pack/plugins/infra/public/components/log_stream/log_stream.tsx +++ b/x-pack/plugins/infra/public/components/log_stream/log_stream.tsx @@ -13,8 +13,10 @@ import { DataPublicPluginStart } from '../../../../../../src/plugins/data/public import { euiStyled } from '../../../../../../src/plugins/kibana_react/common'; import { useKibana } from '../../../../../../src/plugins/kibana_react/public'; import { LogEntryCursor } from '../../../common/log_entry'; -import { useLogSource } from '../../containers/logs/log_source'; +import { defaultLogViewsStaticConfig } from '../../../common/log_views'; import { BuiltEsQuery, useLogStream } from '../../containers/logs/log_stream'; +import { useLogView } from '../../hooks/use_log_view'; +import { LogViewsClient } from '../../services/log_views'; import { LogColumnRenderConfiguration } from '../../utils/log_column_render_configuration'; import { useKibanaQuerySettings } from '../../utils/use_kibana_query_settings'; import { ScrollableLogTextStreamView } from '../logging/log_text_stream'; @@ -97,9 +99,10 @@ export const LogStreamContent: React.FC = ({ [columns] ); - // source boilerplate - const { services } = useKibana(); - if (!services?.http?.fetch || !services?.data?.indexPatterns) { + const { + services: { http, data }, + } = useKibana(); + if (http == null || data == null) { throw new Error( ` cannot access kibana core services. @@ -111,32 +114,37 @@ Read more at https://github.com/elastic/kibana/blob/main/src/plugins/kibana_reac const kibanaQuerySettings = useKibanaQuerySettings(); + const logViews = useMemo( + () => new LogViewsClient(data.dataViews, http, data.search.search, defaultLogViewsStaticConfig), + [data.dataViews, data.search.search, http] + ); + const { - derivedIndexPattern, - isLoading: isLoadingSource, - loadSource, - sourceConfiguration, - } = useLogSource({ - sourceId, - fetch: services.http.fetch, - indexPatternsService: services.data.indexPatterns, + derivedDataView, + isLoading: isLoadingLogView, + load: loadLogView, + resolvedLogView, + } = useLogView({ + logViewId: sourceId, + logViews, + fetch: http.fetch, }); const parsedQuery = useMemo(() => { if (typeof query === 'object' && 'bool' in query) { return mergeBoolQueries( query, - buildEsQuery(derivedIndexPattern, [], filters ?? [], kibanaQuerySettings) + buildEsQuery(derivedDataView, [], filters ?? [], kibanaQuerySettings) ); } else { return buildEsQuery( - derivedIndexPattern, + derivedDataView, coerceToQueries(query), filters ?? [], kibanaQuerySettings ); } - }, [derivedIndexPattern, filters, kibanaQuerySettings, query]); + }, [derivedDataView, filters, kibanaQuerySettings, query]); // Internal state const { @@ -158,8 +166,8 @@ Read more at https://github.com/elastic/kibana/blob/main/src/plugins/kibana_reac }); const columnConfigurations = useMemo(() => { - return sourceConfiguration ? customColumns ?? sourceConfiguration.configuration.logColumns : []; - }, [sourceConfiguration, customColumns]); + return resolvedLogView ? customColumns ?? resolvedLogView.columns : []; + }, [resolvedLogView, customColumns]); const streamItems = useMemo( () => @@ -173,8 +181,8 @@ Read more at https://github.com/elastic/kibana/blob/main/src/plugins/kibana_reac // Component lifetime useEffect(() => { - loadSource(); - }, [loadSource]); + loadLogView(); + }, [loadLogView]); useEffect(() => { fetchEntries(); @@ -207,7 +215,7 @@ Read more at https://github.com/elastic/kibana/blob/main/src/plugins/kibana_reac items={streamItems} scale="medium" wrap={true} - isReloading={isLoadingSource || isLoadingEntries} + isReloading={isLoadingLogView || isLoadingEntries} isLoadingMore={isLoadingMore} hasMoreBeforeStart={hasMoreBefore} hasMoreAfterEnd={hasMoreAfter} diff --git a/x-pack/plugins/infra/public/components/log_stream/log_stream_embeddable.tsx b/x-pack/plugins/infra/public/components/log_stream/log_stream_embeddable.tsx index 39e58fb518b02..a834bc0af02a8 100644 --- a/x-pack/plugins/infra/public/components/log_stream/log_stream_embeddable.tsx +++ b/x-pack/plugins/infra/public/components/log_stream/log_stream_embeddable.tsx @@ -18,7 +18,7 @@ import { } from '../../../../../../src/plugins/embeddable/public'; import { EuiThemeProvider } from '../../../../../../src/plugins/kibana_react/common'; import { CoreProviders } from '../../apps/common_providers'; -import { InfraClientStartDeps } from '../../types'; +import { InfraClientStartDeps, InfraClientStartExports } from '../../types'; import { datemathToEpochMillis } from '../../utils/datemath'; import { LazyLogStreamWrapper } from './lazy_log_stream_wrapper'; @@ -38,6 +38,7 @@ export class LogStreamEmbeddable extends Embeddable { constructor( private core: CoreStart, private pluginDeps: InfraClientStartDeps, + private pluginStart: InfraClientStartExports, initialInput: LogStreamEmbeddableInput, parent?: IContainer ) { @@ -78,7 +79,12 @@ export class LogStreamEmbeddable extends Embeddable { } ReactDOM.render( - +
) {} + constructor(private getStartServices: InfraClientStartServicesAccessor) {} public async isEditable() { const [{ application }] = await this.getStartServices(); @@ -31,8 +30,8 @@ export class LogStreamEmbeddableFactoryDefinition } public async create(initialInput: LogStreamEmbeddableInput, parent?: IContainer) { - const [core, plugins] = await this.getStartServices(); - return new LogStreamEmbeddable(core, plugins, initialInput, parent); + const [core, plugins, pluginStart] = await this.getStartServices(); + return new LogStreamEmbeddable(core, plugins, pluginStart, initialInput, parent); } public getDisplayName() { diff --git a/x-pack/plugins/infra/public/components/logging/log_source_error_page.tsx b/x-pack/plugins/infra/public/components/logging/log_source_error_page.tsx index 23718bf16b401..ab4d763ab1f95 100644 --- a/x-pack/plugins/infra/public/components/logging/log_source_error_page.tsx +++ b/x-pack/plugins/infra/public/components/logging/log_source_error_page.tsx @@ -9,12 +9,12 @@ import { EuiButton, EuiButtonEmpty, EuiCallOut, EuiEmptyPrompt, EuiSpacer } from import { FormattedMessage } from '@kbn/i18n-react'; import React from 'react'; import { SavedObjectNotFound } from '../../../../../../src/plugins/kibana_utils/common'; -import { - FetchLogSourceConfigurationError, - FetchLogSourceStatusError, - ResolveLogSourceConfigurationError, -} from '../../../common/log_sources'; import { useLinkProps } from '../../../../observability/public'; +import { + FetchLogViewStatusError, + FetchLogViewError, + ResolveLogViewError, +} from '../../../common/log_views'; import { LogsPageTemplate } from '../../pages/logs/page_template'; export const LogSourceErrorPage: React.FC<{ @@ -72,7 +72,7 @@ export const LogSourceErrorPage: React.FC<{ }; const LogSourceErrorMessage: React.FC<{ error: Error }> = ({ error }) => { - if (error instanceof ResolveLogSourceConfigurationError) { + if (error instanceof ResolveLogViewError) { return ( = ({ error }) => { )} ); - } else if (error instanceof FetchLogSourceConfigurationError) { + } else if (error instanceof FetchLogViewError) { return ( = ({ error }) => { {`${error.cause?.message ?? error.message}`} ); - } else if (error instanceof FetchLogSourceStatusError) { + } else if (error instanceof FetchLogViewStatusError) { return ( { - const response = await fetch(getLogSourceConfigurationPath(sourceId), { - method: 'GET', - }).catch((error) => { - throw new FetchLogSourceConfigurationError( - `Failed to fetch log source configuration "${sourceId}": ${error}`, - error - ); - }); - - return decodeOrThrow( - getLogSourceConfigurationSuccessResponsePayloadRT, - (message: string) => - new FetchLogSourceConfigurationError( - `Failed to decode log source configuration "${sourceId}": ${message}` - ) - )(response); -}; diff --git a/x-pack/plugins/infra/public/containers/logs/log_source/api/fetch_log_source_status.ts b/x-pack/plugins/infra/public/containers/logs/log_source/api/fetch_log_source_status.ts deleted file mode 100644 index 38e4378b88571..0000000000000 --- a/x-pack/plugins/infra/public/containers/logs/log_source/api/fetch_log_source_status.ts +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { HttpHandler } from 'src/core/public'; -import { - getLogSourceStatusPath, - getLogSourceStatusSuccessResponsePayloadRT, -} from '../../../../../common/http_api/log_sources'; -import { FetchLogSourceStatusError } from '../../../../../common/log_sources'; -import { decodeOrThrow } from '../../../../../common/runtime_types'; - -export const callFetchLogSourceStatusAPI = async (sourceId: string, fetch: HttpHandler) => { - const response = await fetch(getLogSourceStatusPath(sourceId), { - method: 'GET', - }).catch((error) => { - throw new FetchLogSourceStatusError( - `Failed to fetch status for log source "${sourceId}": ${error}`, - error - ); - }); - - return decodeOrThrow( - getLogSourceStatusSuccessResponsePayloadRT, - (message: string) => - new FetchLogSourceStatusError( - `Failed to decode status for log source "${sourceId}": ${message}` - ) - )(response); -}; diff --git a/x-pack/plugins/infra/public/containers/logs/log_source/api/patch_log_source_configuration.ts b/x-pack/plugins/infra/public/containers/logs/log_source/api/patch_log_source_configuration.ts deleted file mode 100644 index f469d2ab33421..0000000000000 --- a/x-pack/plugins/infra/public/containers/logs/log_source/api/patch_log_source_configuration.ts +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { HttpHandler } from 'src/core/public'; -import { - getLogSourceConfigurationPath, - patchLogSourceConfigurationSuccessResponsePayloadRT, - patchLogSourceConfigurationRequestBodyRT, - LogSourceConfigurationPropertiesPatch, -} from '../../../../../common/http_api/log_sources'; -import { PatchLogSourceConfigurationError } from '../../../../../common/log_sources'; -import { decodeOrThrow } from '../../../../../common/runtime_types'; - -export const callPatchLogSourceConfigurationAPI = async ( - sourceId: string, - patchedProperties: LogSourceConfigurationPropertiesPatch, - fetch: HttpHandler -) => { - const response = await fetch(getLogSourceConfigurationPath(sourceId), { - method: 'PATCH', - body: JSON.stringify( - patchLogSourceConfigurationRequestBodyRT.encode({ - data: patchedProperties, - }) - ), - }).catch((error) => { - throw new PatchLogSourceConfigurationError( - `Failed to update log source configuration "${sourceId}": ${error}`, - error - ); - }); - - return decodeOrThrow( - patchLogSourceConfigurationSuccessResponsePayloadRT, - (message: string) => - new PatchLogSourceConfigurationError( - `Failed to decode log source configuration "${sourceId}": ${message}` - ) - )(response); -}; diff --git a/x-pack/plugins/infra/public/containers/logs/log_source/log_source.mock.ts b/x-pack/plugins/infra/public/containers/logs/log_source/log_source.mock.ts deleted file mode 100644 index ad649ade7345a..0000000000000 --- a/x-pack/plugins/infra/public/containers/logs/log_source/log_source.mock.ts +++ /dev/null @@ -1,85 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { LogSourceConfiguration, LogSourceStatus, useLogSource } from './log_source'; - -type CreateUseLogSource = (sourceConfiguration?: { sourceId?: string }) => typeof useLogSource; - -const defaultSourceId = 'default'; - -export const createUninitializedUseLogSourceMock: CreateUseLogSource = - ({ sourceId = defaultSourceId } = {}) => - () => ({ - derivedIndexPattern: { - fields: [], - title: 'unknown', - }, - hasFailedLoading: false, - hasFailedLoadingSource: false, - hasFailedLoadingSourceStatus: false, - hasFailedResolvingSource: false, - initialize: jest.fn(), - isLoading: false, - isLoadingSourceConfiguration: false, - isLoadingSourceStatus: false, - isResolvingSourceConfiguration: false, - isUninitialized: true, - loadSource: jest.fn(), - loadSourceConfiguration: jest.fn(), - latestLoadSourceFailures: [], - resolveSourceFailureMessage: undefined, - loadSourceStatus: jest.fn(), - sourceConfiguration: undefined, - sourceId, - sourceStatus: undefined, - updateSource: jest.fn(), - resolvedSourceConfiguration: undefined, - loadResolveLogSourceConfiguration: jest.fn(), - }); - -export const createLoadingUseLogSourceMock: CreateUseLogSource = - ({ sourceId = defaultSourceId } = {}) => - (args) => ({ - ...createUninitializedUseLogSourceMock({ sourceId })(args), - isLoading: true, - isLoadingSourceConfiguration: true, - isLoadingSourceStatus: true, - isResolvingSourceConfiguration: true, - }); - -export const createLoadedUseLogSourceMock: CreateUseLogSource = - ({ sourceId = defaultSourceId } = {}) => - (args) => ({ - ...createUninitializedUseLogSourceMock({ sourceId })(args), - sourceConfiguration: createBasicSourceConfiguration(sourceId), - sourceStatus: { - indices: 'test-index', - logIndexStatus: 'available', - }, - }); - -export const createBasicSourceConfiguration = (sourceId: string): LogSourceConfiguration => ({ - id: sourceId, - origin: 'stored', - configuration: { - description: `description for ${sourceId}`, - logIndices: { - type: 'index_pattern', - indexPatternId: 'some-id', - }, - logColumns: [], - fields: { - message: ['MESSAGE_FIELD'], - }, - name: sourceId, - }, -}); - -export const createAvailableSourceStatus = (): LogSourceStatus => ({ - indices: 'test-index', - logIndexStatus: 'available', -}); diff --git a/x-pack/plugins/infra/public/containers/logs/log_source/log_source.ts b/x-pack/plugins/infra/public/containers/logs/log_source/log_source.ts deleted file mode 100644 index 54f3f70b98a4b..0000000000000 --- a/x-pack/plugins/infra/public/containers/logs/log_source/log_source.ts +++ /dev/null @@ -1,209 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import createContainer from 'constate'; -import { useCallback, useMemo, useState } from 'react'; -import type { HttpHandler } from 'src/core/public'; -import { DataViewsContract } from '../../../../../../../src/plugins/data_views/public'; -import { - LogIndexField, - LogSourceConfigurationPropertiesPatch, - LogSourceStatus, -} from '../../../../common/http_api/log_sources'; -import { - LogSourceConfiguration, - LogSourceConfigurationProperties, - ResolvedLogSourceConfiguration, - resolveLogSourceConfiguration, - ResolveLogSourceConfigurationError, -} from '../../../../common/log_sources'; -import { isRejectedPromiseState, useTrackedPromise } from '../../../utils/use_tracked_promise'; -import { callFetchLogSourceConfigurationAPI } from './api/fetch_log_source_configuration'; -import { callFetchLogSourceStatusAPI } from './api/fetch_log_source_status'; -import { callPatchLogSourceConfigurationAPI } from './api/patch_log_source_configuration'; - -export type { - LogIndexField, - LogSourceConfiguration, - LogSourceConfigurationProperties, - LogSourceConfigurationPropertiesPatch, - LogSourceStatus, -}; -export { ResolveLogSourceConfigurationError }; - -export const useLogSource = ({ - sourceId, - fetch, - indexPatternsService, -}: { - sourceId: string; - fetch: HttpHandler; - indexPatternsService: DataViewsContract; -}) => { - const [sourceConfiguration, setSourceConfiguration] = useState< - LogSourceConfiguration | undefined - >(undefined); - - const [resolvedSourceConfiguration, setResolvedSourceConfiguration] = useState< - ResolvedLogSourceConfiguration | undefined - >(undefined); - - const [sourceStatus, setSourceStatus] = useState(undefined); - - const [loadSourceConfigurationRequest, loadSourceConfiguration] = useTrackedPromise( - { - cancelPreviousOn: 'resolution', - createPromise: async () => { - return (await callFetchLogSourceConfigurationAPI(sourceId, fetch)).data; - }, - onResolve: setSourceConfiguration, - }, - [sourceId, fetch, indexPatternsService] - ); - - const [resolveSourceConfigurationRequest, resolveSourceConfiguration] = useTrackedPromise( - { - cancelPreviousOn: 'resolution', - createPromise: async (unresolvedSourceConfiguration: LogSourceConfigurationProperties) => { - return await resolveLogSourceConfiguration( - unresolvedSourceConfiguration, - indexPatternsService - ); - }, - onResolve: setResolvedSourceConfiguration, - }, - [indexPatternsService] - ); - - const [updateSourceConfigurationRequest, updateSourceConfiguration] = useTrackedPromise( - { - cancelPreviousOn: 'resolution', - createPromise: async (patchedProperties: LogSourceConfigurationPropertiesPatch) => { - return (await callPatchLogSourceConfigurationAPI(sourceId, patchedProperties, fetch)).data; - }, - onResolve: setSourceConfiguration, - }, - [sourceId, fetch, indexPatternsService] - ); - - const [loadSourceStatusRequest, loadSourceStatus] = useTrackedPromise( - { - cancelPreviousOn: 'resolution', - createPromise: async () => { - return await callFetchLogSourceStatusAPI(sourceId, fetch); - }, - onResolve: ({ data }) => setSourceStatus(data), - }, - [sourceId, fetch] - ); - - const derivedIndexPattern = useMemo( - () => ({ - fields: resolvedSourceConfiguration?.fields ?? [], - title: resolvedSourceConfiguration?.indices ?? 'unknown', - }), - [resolvedSourceConfiguration] - ); - - const isLoadingSourceConfiguration = loadSourceConfigurationRequest.state === 'pending'; - const isResolvingSourceConfiguration = resolveSourceConfigurationRequest.state === 'pending'; - const isLoadingSourceStatus = loadSourceStatusRequest.state === 'pending'; - const isUpdatingSourceConfiguration = updateSourceConfigurationRequest.state === 'pending'; - - const isLoading = - isLoadingSourceConfiguration || - isResolvingSourceConfiguration || - isLoadingSourceStatus || - isUpdatingSourceConfiguration; - - const isUninitialized = - loadSourceConfigurationRequest.state === 'uninitialized' || - resolveSourceConfigurationRequest.state === 'uninitialized' || - loadSourceStatusRequest.state === 'uninitialized'; - - const hasFailedLoadingSource = loadSourceConfigurationRequest.state === 'rejected'; - const hasFailedResolvingSource = resolveSourceConfigurationRequest.state === 'rejected'; - const hasFailedLoadingSourceStatus = loadSourceStatusRequest.state === 'rejected'; - - const latestLoadSourceFailures = [ - loadSourceConfigurationRequest, - resolveSourceConfigurationRequest, - loadSourceStatusRequest, - ] - .filter(isRejectedPromiseState) - .map(({ value }) => (value instanceof Error ? value : new Error(`${value}`))); - - const hasFailedLoading = latestLoadSourceFailures.length > 0; - - const loadSource = useCallback(async () => { - const loadSourceConfigurationPromise = loadSourceConfiguration(); - const loadSourceStatusPromise = loadSourceStatus(); - const resolveSourceConfigurationPromise = resolveSourceConfiguration( - (await loadSourceConfigurationPromise).configuration - ); - - return await Promise.all([ - loadSourceConfigurationPromise, - resolveSourceConfigurationPromise, - loadSourceStatusPromise, - ]); - }, [loadSourceConfiguration, loadSourceStatus, resolveSourceConfiguration]); - - const updateSource = useCallback( - async (patchedProperties: LogSourceConfigurationPropertiesPatch) => { - const updatedSourceConfiguration = await updateSourceConfiguration(patchedProperties); - const resolveSourceConfigurationPromise = resolveSourceConfiguration( - updatedSourceConfiguration.configuration - ); - const loadSourceStatusPromise = loadSourceStatus(); - - return await Promise.all([ - updatedSourceConfiguration, - resolveSourceConfigurationPromise, - loadSourceStatusPromise, - ]); - }, - [loadSourceStatus, resolveSourceConfiguration, updateSourceConfiguration] - ); - - const initialize = useCallback(async () => { - if (!isUninitialized) { - return; - } - - return await loadSource(); - }, [isUninitialized, loadSource]); - - return { - sourceId, - initialize, - isUninitialized, - derivedIndexPattern, - // Failure states - hasFailedLoading, - hasFailedLoadingSource, - hasFailedLoadingSourceStatus, - hasFailedResolvingSource, - latestLoadSourceFailures, - // Loading states - isLoading, - isLoadingSourceConfiguration, - isLoadingSourceStatus, - isResolvingSourceConfiguration, - // Source status (denotes the state of the indices, e.g. missing) - sourceStatus, - loadSourceStatus, - // Source configuration (represents the raw attributes of the source configuration) - loadSource, - sourceConfiguration, - updateSource, - // Resolved source configuration (represents a fully resolved state, you would use this for the vast majority of "read" scenarios) - resolvedSourceConfiguration, - }; -}; - -export const [LogSourceProvider, useLogSourceContext] = createContainer(useLogSource); diff --git a/x-pack/plugins/infra/public/containers/logs/log_stream/index.ts b/x-pack/plugins/infra/public/containers/logs/log_stream/index.ts index dc9ab56aa9e86..2a81afa234729 100644 --- a/x-pack/plugins/infra/public/containers/logs/log_stream/index.ts +++ b/x-pack/plugins/infra/public/containers/logs/log_stream/index.ts @@ -12,8 +12,8 @@ import { useCallback, useEffect, useMemo, useState } from 'react'; import usePrevious from 'react-use/lib/usePrevious'; import useSetState from 'react-use/lib/useSetState'; import { LogEntry, LogEntryCursor } from '../../../../common/log_entry'; +import { LogViewColumnConfiguration } from '../../../../common/log_views'; import { useSubscription } from '../../../utils/use_observable'; -import { LogSourceConfigurationProperties } from '../log_source'; import { useFetchLogEntriesAfter } from './use_fetch_log_entries_after'; import { useFetchLogEntriesAround } from './use_fetch_log_entries_around'; import { useFetchLogEntriesBefore } from './use_fetch_log_entries_before'; @@ -26,7 +26,7 @@ interface LogStreamProps { endTimestamp: number; query?: BuiltEsQuery; center?: LogEntryCursor; - columns?: LogSourceConfigurationProperties['logColumns']; + columns?: LogViewColumnConfiguration[]; } interface LogStreamState { diff --git a/x-pack/plugins/infra/public/containers/logs/log_stream/use_fetch_log_entries_after.ts b/x-pack/plugins/infra/public/containers/logs/log_stream/use_fetch_log_entries_after.ts index ea2162cb96e36..b4bdd72b3c5ee 100644 --- a/x-pack/plugins/infra/public/containers/logs/log_stream/use_fetch_log_entries_after.ts +++ b/x-pack/plugins/infra/public/containers/logs/log_stream/use_fetch_log_entries_after.ts @@ -5,13 +5,13 @@ * 2.0. */ +import { JsonObject } from '@kbn/utility-types'; import { useCallback } from 'react'; import { Observable } from 'rxjs'; import { exhaustMap } from 'rxjs/operators'; -import { JsonObject } from '@kbn/utility-types'; import { IKibanaSearchRequest } from '../../../../../../../src/plugins/data/public'; -import { LogSourceColumnConfiguration } from '../../../../common/log_sources'; import { LogEntryAfterCursor } from '../../../../common/log_entry'; +import { LogViewColumnConfiguration } from '../../../../common/log_views'; import { decodeOrThrow } from '../../../../common/runtime_types'; import { logEntriesSearchRequestParamsRT, @@ -37,7 +37,7 @@ export const useLogEntriesAfterRequest = ({ sourceId, startTimestamp, }: { - columnOverrides?: LogSourceColumnConfiguration[]; + columnOverrides?: LogViewColumnConfiguration[]; endTimestamp: number; highlightPhrase?: string; query?: LogEntriesSearchRequestQuery; @@ -110,7 +110,7 @@ export const useFetchLogEntriesAfter = ({ sourceId, startTimestamp, }: { - columnOverrides?: LogSourceColumnConfiguration[]; + columnOverrides?: LogViewColumnConfiguration[]; endTimestamp: number; highlightPhrase?: string; query?: LogEntriesSearchRequestQuery; diff --git a/x-pack/plugins/infra/public/containers/logs/log_stream/use_fetch_log_entries_around.ts b/x-pack/plugins/infra/public/containers/logs/log_stream/use_fetch_log_entries_around.ts index d2b014c22ad1b..748281d5517a7 100644 --- a/x-pack/plugins/infra/public/containers/logs/log_stream/use_fetch_log_entries_around.ts +++ b/x-pack/plugins/infra/public/containers/logs/log_stream/use_fetch_log_entries_around.ts @@ -8,8 +8,8 @@ import { useCallback } from 'react'; import { combineLatest, Observable, ReplaySubject } from 'rxjs'; import { last, map, startWith, switchMap } from 'rxjs/operators'; -import { LogSourceColumnConfiguration } from '../../../../common/log_sources'; import { LogEntryCursor } from '../../../../common/log_entry'; +import { LogViewColumnConfiguration } from '../../../../common/log_views'; import { LogEntriesSearchRequestQuery } from '../../../../common/search_strategies/log_entries/log_entries'; import { flattenDataSearchResponseDescriptor } from '../../../utils/data_search'; import { useObservable, useObservableState } from '../../../utils/use_observable'; @@ -24,7 +24,7 @@ export const useFetchLogEntriesAround = ({ sourceId, startTimestamp, }: { - columnOverrides?: LogSourceColumnConfiguration[]; + columnOverrides?: LogViewColumnConfiguration[]; endTimestamp: number; highlightPhrase?: string; query?: LogEntriesSearchRequestQuery; diff --git a/x-pack/plugins/infra/public/containers/logs/log_stream/use_fetch_log_entries_before.ts b/x-pack/plugins/infra/public/containers/logs/log_stream/use_fetch_log_entries_before.ts index 7d99b3069d973..b9acb0bb38692 100644 --- a/x-pack/plugins/infra/public/containers/logs/log_stream/use_fetch_log_entries_before.ts +++ b/x-pack/plugins/infra/public/containers/logs/log_stream/use_fetch_log_entries_before.ts @@ -5,13 +5,13 @@ * 2.0. */ +import { JsonObject } from '@kbn/utility-types'; import { useCallback } from 'react'; import { Observable } from 'rxjs'; import { exhaustMap } from 'rxjs/operators'; -import { JsonObject } from '@kbn/utility-types'; import { IKibanaSearchRequest } from '../../../../../../../src/plugins/data/public'; -import { LogSourceColumnConfiguration } from '../../../../common/log_sources'; import { LogEntryBeforeCursor } from '../../../../common/log_entry'; +import { LogViewColumnConfiguration } from '../../../../common/log_views'; import { decodeOrThrow } from '../../../../common/runtime_types'; import { logEntriesSearchRequestParamsRT, @@ -37,7 +37,7 @@ export const useLogEntriesBeforeRequest = ({ sourceId, startTimestamp, }: { - columnOverrides?: LogSourceColumnConfiguration[]; + columnOverrides?: LogViewColumnConfiguration[]; endTimestamp: number; highlightPhrase?: string; query?: LogEntriesSearchRequestQuery; @@ -109,7 +109,7 @@ export const useFetchLogEntriesBefore = ({ sourceId, startTimestamp, }: { - columnOverrides?: LogSourceColumnConfiguration[]; + columnOverrides?: LogViewColumnConfiguration[]; endTimestamp: number; highlightPhrase?: string; query?: LogEntriesSearchRequestQuery; diff --git a/x-pack/plugins/infra/public/containers/logs/log_summary/with_summary.ts b/x-pack/plugins/infra/public/containers/logs/log_summary/with_summary.ts index 9204c81816e83..1b6d9f850187a 100644 --- a/x-pack/plugins/infra/public/containers/logs/log_summary/with_summary.ts +++ b/x-pack/plugins/infra/public/containers/logs/log_summary/with_summary.ts @@ -7,10 +7,10 @@ import { useContext } from 'react'; import useThrottle from 'react-use/lib/useThrottle'; +import { useLogViewContext } from '../../../hooks/use_log_view'; import { RendererFunction } from '../../../utils/typed_react'; import { LogFilterState } from '../log_filter'; import { LogPositionState } from '../log_position'; -import { useLogSourceContext } from '../log_source'; import { LogSummaryBuckets, useLogSummary } from './log_summary'; const FETCH_THROTTLE_INTERVAL = 3000; @@ -24,7 +24,7 @@ export const WithSummary = ({ end: number | null; }>; }) => { - const { sourceId } = useLogSourceContext(); + const { logViewId } = useLogViewContext(); const { filterQuery } = useContext(LogFilterState.Context); const { startTimestamp, endTimestamp } = useContext(LogPositionState.Context); @@ -33,7 +33,7 @@ export const WithSummary = ({ const throttledEndTimestamp = useThrottle(endTimestamp, FETCH_THROTTLE_INTERVAL); const { buckets, start, end } = useLogSummary( - sourceId, + logViewId, throttledStartTimestamp, throttledEndTimestamp, filterQuery?.serializedQuery ?? null diff --git a/x-pack/plugins/infra/public/hooks/use_kibana.ts b/x-pack/plugins/infra/public/hooks/use_kibana.ts deleted file mode 100644 index 1d21f352a9ea4..0000000000000 --- a/x-pack/plugins/infra/public/hooks/use_kibana.ts +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { CoreStart } from '../../../../../src/core/public'; -import { - createKibanaReactContext, - KibanaReactContextValue, - useKibana, -} from '../../../../../src/plugins/kibana_react/public'; -import { InfraClientStartDeps } from '../types'; - -export type PluginKibanaContextValue = CoreStart & InfraClientStartDeps; - -export const createKibanaContextForPlugin = (core: CoreStart, pluginsStart: InfraClientStartDeps) => - createKibanaReactContext({ - ...core, - ...pluginsStart, - }); - -export const useKibanaContextForPlugin = - useKibana as () => KibanaReactContextValue; diff --git a/x-pack/plugins/infra/public/hooks/use_kibana.tsx b/x-pack/plugins/infra/public/hooks/use_kibana.tsx new file mode 100644 index 0000000000000..e7f9295a09bae --- /dev/null +++ b/x-pack/plugins/infra/public/hooks/use_kibana.tsx @@ -0,0 +1,65 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { PropsOf } from '@elastic/eui'; +import React, { useMemo } from 'react'; +import { CoreStart } from '../../../../../src/core/public'; +import { + createKibanaReactContext, + KibanaReactContextValue, + useKibana, +} from '../../../../../src/plugins/kibana_react/public'; +import { InfraClientCoreSetup, InfraClientStartDeps, InfraClientStartExports } from '../types'; + +export type PluginKibanaContextValue = CoreStart & InfraClientStartDeps & InfraClientStartExports; + +export const createKibanaContextForPlugin = ( + core: CoreStart, + plugins: InfraClientStartDeps, + pluginStart: InfraClientStartExports +) => + createKibanaReactContext({ + ...core, + ...plugins, + ...pluginStart, + }); + +export const useKibanaContextForPlugin = + useKibana as () => KibanaReactContextValue; + +export const useKibanaContextForPluginProvider = ( + core: CoreStart, + plugins: InfraClientStartDeps, + pluginStart: InfraClientStartExports +) => { + const { Provider } = useMemo( + () => createKibanaContextForPlugin(core, plugins, pluginStart), + [core, pluginStart, plugins] + ); + + return Provider; +}; + +export const createLazyComponentWithKibanaContext = >( + coreSetup: InfraClientCoreSetup, + lazyComponentFactory: () => Promise<{ default: T }> +) => + React.lazy(() => + Promise.all([lazyComponentFactory(), coreSetup.getStartServices()]).then( + ([{ default: LazilyLoadedComponent }, [core, plugins, pluginStart]]) => { + const { Provider } = createKibanaContextForPlugin(core, plugins, pluginStart); + + return { + default: (props: PropsOf) => ( + + + + ), + }; + } + ) + ); diff --git a/x-pack/plugins/infra/public/hooks/use_log_view.mock.ts b/x-pack/plugins/infra/public/hooks/use_log_view.mock.ts new file mode 100644 index 0000000000000..daebfb82b4564 --- /dev/null +++ b/x-pack/plugins/infra/public/hooks/use_log_view.mock.ts @@ -0,0 +1,66 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { createLogViewMock } from '../../common/log_views/log_view.mock'; +import { createResolvedLogViewMockFromAttributes } from '../../common/log_views/resolved_log_view.mock'; +import { useLogView } from './use_log_view'; + +type UseLogView = typeof useLogView; +type IUseLogView = ReturnType; + +const defaultLogViewId = 'default'; + +export const createUninitializedUseLogViewMock = + (logViewId: string = defaultLogViewId) => + (): IUseLogView => ({ + derivedDataView: { + fields: [], + title: 'unknown', + }, + hasFailedLoading: false, + hasFailedLoadingLogView: false, + hasFailedLoadingLogViewStatus: false, + hasFailedResolvingLogView: false, + isLoading: false, + isLoadingLogView: false, + isLoadingLogViewStatus: false, + isResolvingLogView: false, + isUninitialized: true, + latestLoadLogViewFailures: [], + load: jest.fn(), + logView: undefined, + logViewId, + logViewStatus: undefined, + resolvedLogView: undefined, + update: jest.fn(), + }); + +export const createLoadingUseLogViewMock = + (logViewId: string = defaultLogViewId) => + (): IUseLogView => ({ + ...createUninitializedUseLogViewMock(logViewId)(), + isLoading: true, + isLoadingLogView: true, + isLoadingLogViewStatus: true, + isResolvingLogView: true, + }); + +export const createLoadedUseLogViewMock = async (logViewId: string = defaultLogViewId) => { + const logView = createLogViewMock(logViewId); + const resolvedLogView = await createResolvedLogViewMockFromAttributes(logView.attributes); + + return (): IUseLogView => { + return { + ...createUninitializedUseLogViewMock(logViewId)(), + logView, + resolvedLogView, + logViewStatus: { + index: 'available', + }, + }; + }; +}; diff --git a/x-pack/plugins/infra/public/hooks/use_log_view.ts b/x-pack/plugins/infra/public/hooks/use_log_view.ts new file mode 100644 index 0000000000000..95363d12a9135 --- /dev/null +++ b/x-pack/plugins/infra/public/hooks/use_log_view.ts @@ -0,0 +1,150 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import createContainer from 'constate'; +import { useCallback, useEffect, useMemo, useState } from 'react'; +import type { HttpHandler } from 'src/core/public'; +import { LogView, LogViewAttributes, LogViewStatus, ResolvedLogView } from '../../common/log_views'; +import type { ILogViewsClient } from '../services/log_views'; +import { isRejectedPromiseState, useTrackedPromise } from '../utils/use_tracked_promise'; + +export const useLogView = ({ + logViewId, + logViews, + fetch, +}: { + logViewId: string; + logViews: ILogViewsClient; + fetch: HttpHandler; +}) => { + const [logView, setLogView] = useState(undefined); + + const [resolvedLogView, setResolvedLogView] = useState(undefined); + + const [logViewStatus, setLogViewStatus] = useState(undefined); + + const [loadLogViewRequest, loadLogView] = useTrackedPromise( + { + cancelPreviousOn: 'resolution', + createPromise: logViews.getLogView.bind(logViews), + onResolve: setLogView, + }, + [logViews] + ); + + const [resolveLogViewRequest, resolveLogView] = useTrackedPromise( + { + cancelPreviousOn: 'resolution', + createPromise: logViews.resolveLogView.bind(logViews), + onResolve: setResolvedLogView, + }, + [logViews] + ); + + const [updateLogViewRequest, updateLogView] = useTrackedPromise( + { + cancelPreviousOn: 'resolution', + createPromise: logViews.putLogView.bind(logViews), + onResolve: setLogView, + }, + [logViews] + ); + + const [loadLogViewStatusRequest, loadLogViewStatus] = useTrackedPromise( + { + cancelPreviousOn: 'resolution', + createPromise: logViews.getResolvedLogViewStatus.bind(logViews), + onResolve: setLogViewStatus, + }, + [logViews] + ); + + const derivedDataView = useMemo( + () => ({ + fields: resolvedLogView?.fields ?? [], + title: resolvedLogView?.indices ?? 'unknown', + }), + [resolvedLogView] + ); + + const isLoadingLogView = loadLogViewRequest.state === 'pending'; + const isResolvingLogView = resolveLogViewRequest.state === 'pending'; + const isLoadingLogViewStatus = loadLogViewStatusRequest.state === 'pending'; + const isUpdatingLogView = updateLogViewRequest.state === 'pending'; + + const isLoading = + isLoadingLogView || isResolvingLogView || isLoadingLogViewStatus || isUpdatingLogView; + + const isUninitialized = loadLogViewRequest.state === 'uninitialized'; + + const hasFailedLoadingLogView = loadLogViewRequest.state === 'rejected'; + const hasFailedResolvingLogView = resolveLogViewRequest.state === 'rejected'; + const hasFailedLoadingLogViewStatus = loadLogViewStatusRequest.state === 'rejected'; + + const latestLoadLogViewFailures = [ + loadLogViewRequest, + resolveLogViewRequest, + loadLogViewStatusRequest, + ] + .filter(isRejectedPromiseState) + .map(({ value }) => (value instanceof Error ? value : new Error(`${value}`))); + + const hasFailedLoading = latestLoadLogViewFailures.length > 0; + + const load = useCallback(async () => { + const loadedLogView = await loadLogView(logViewId); + const resolvedLoadedLogView = await resolveLogView(loadedLogView.attributes); + const resolvedLogViewStatus = await loadLogViewStatus(resolvedLoadedLogView); + + return [loadedLogView, resolvedLoadedLogView, resolvedLogViewStatus]; + }, [logViewId, loadLogView, loadLogViewStatus, resolveLogView]); + + const update = useCallback( + async (logViewAttributes: Partial) => { + const updatedLogView = await updateLogView(logViewId, logViewAttributes); + const resolvedUpdatedLogView = await resolveLogView(updatedLogView.attributes); + const resolvedLogViewStatus = await loadLogViewStatus(resolvedUpdatedLogView); + + return [updatedLogView, resolvedUpdatedLogView, resolvedLogViewStatus]; + }, + [logViewId, loadLogViewStatus, resolveLogView, updateLogView] + ); + + useEffect(() => { + load(); + }, [load]); + + return { + logViewId, + isUninitialized, + derivedDataView, + + // Failure states + hasFailedLoading, + hasFailedLoadingLogView, + hasFailedLoadingLogViewStatus, + hasFailedResolvingLogView, + latestLoadLogViewFailures, + + // Loading states + isLoading, + isLoadingLogView, + isLoadingLogViewStatus, + isResolvingLogView, + + // data + logView, + resolvedLogView, + logViewStatus, + + // actions + load, + update, + }; +}; + +export const [LogViewProvider, useLogViewContext] = createContainer(useLogView); diff --git a/x-pack/plugins/infra/public/metrics_overview_fetchers.test.ts b/x-pack/plugins/infra/public/metrics_overview_fetchers.test.ts index 806947b1e5c3f..2f09fde24cada 100644 --- a/x-pack/plugins/infra/public/metrics_overview_fetchers.test.ts +++ b/x-pack/plugins/infra/public/metrics_overview_fetchers.test.ts @@ -5,21 +5,24 @@ * 2.0. */ -import { coreMock } from 'src/core/public/mocks'; -import { createMetricsHasData, createMetricsFetchData } from './metrics_overview_fetchers'; import { CoreStart } from 'kibana/public'; -import { InfraClientStartDeps, InfraClientStartExports } from './types'; import moment from 'moment'; +import { coreMock } from 'src/core/public/mocks'; +import { createMetricsFetchData, createMetricsHasData } from './metrics_overview_fetchers'; +import { createInfraPluginStartMock } from './mocks'; import { FAKE_OVERVIEW_RESPONSE } from './test_utils'; +import { InfraClientStartDeps, InfraClientStartExports } from './types'; function setup() { const core = coreMock.createStart(); + const pluginStart = createInfraPluginStartMock(); + const mockedGetStartServices = jest.fn(() => { const deps = {}; return Promise.resolve([ core as CoreStart, deps as InfraClientStartDeps, - {} as InfraClientStartExports, + pluginStart, ]) as Promise<[CoreStart, InfraClientStartDeps, InfraClientStartExports]>; }); return { core, mockedGetStartServices }; diff --git a/x-pack/plugins/infra/public/metrics_overview_fetchers.ts b/x-pack/plugins/infra/public/metrics_overview_fetchers.ts index 1f4130368578d..831d05fee58a2 100644 --- a/x-pack/plugins/infra/public/metrics_overview_fetchers.ts +++ b/x-pack/plugins/infra/public/metrics_overview_fetchers.ts @@ -15,11 +15,11 @@ import { FetchDataParams, MetricsFetchDataResponse } from '../../observability/public'; import { TopNodesRequest, TopNodesResponse } from '../common/http_api/overview_api'; -import { InfraClientCoreSetup } from './types'; import { InfraStaticSourceConfiguration } from '../common/source_configuration/source_configuration'; +import { InfraClientStartServicesAccessor } from './types'; export const createMetricsHasData = - (getStartServices: InfraClientCoreSetup['getStartServices']) => async () => { + (getStartServices: InfraClientStartServicesAccessor) => async () => { const [coreServices] = await getStartServices(); const { http } = coreServices; const results = await http.get<{ @@ -30,7 +30,7 @@ export const createMetricsHasData = }; export const createMetricsFetchData = - (getStartServices: InfraClientCoreSetup['getStartServices']) => + (getStartServices: InfraClientStartServicesAccessor) => async ({ absoluteTime, intervalString }: FetchDataParams): Promise => { const [coreServices] = await getStartServices(); const { http } = coreServices; diff --git a/x-pack/plugins/infra/public/mocks.tsx b/x-pack/plugins/infra/public/mocks.tsx new file mode 100644 index 0000000000000..1f6496ab569ab --- /dev/null +++ b/x-pack/plugins/infra/public/mocks.tsx @@ -0,0 +1,19 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React from 'react'; +import { createLogViewsServiceStartMock } from './services/log_views/log_views_service.mock'; +import { InfraClientStartExports } from './types'; + +export const createInfraPluginStartMock = () => ({ + logViews: createLogViewsServiceStartMock(), + ContainerMetricsTable: () =>
, + HostMetricsTable: () =>
, + PodMetricsTable: () =>
, +}); + +export const _ensureTypeCompatibility = (): InfraClientStartExports => createInfraPluginStartMock(); diff --git a/x-pack/plugins/infra/public/pages/link_to/link_to_logs.test.tsx b/x-pack/plugins/infra/public/pages/link_to/link_to_logs.test.tsx index cfcf8db771b78..ae564622c1ba2 100644 --- a/x-pack/plugins/infra/public/pages/link_to/link_to_logs.test.tsx +++ b/x-pack/plugins/infra/public/pages/link_to/link_to_logs.test.tsx @@ -11,22 +11,22 @@ import React from 'react'; import { Route, Router, Switch } from 'react-router-dom'; import { httpServiceMock } from 'src/core/public/mocks'; import { KibanaContextProvider, KibanaPageTemplate } from 'src/plugins/kibana_react/public'; -import { useLogSource } from '../../containers/logs/log_source'; +import { useLogView } from '../../hooks/use_log_view'; import { - createLoadedUseLogSourceMock, - createLoadingUseLogSourceMock, -} from '../../containers/logs/log_source/log_source.mock'; + createLoadedUseLogViewMock, + createLoadingUseLogViewMock, +} from '../../hooks/use_log_view.mock'; import { LinkToLogsPage } from './link_to_logs'; -jest.mock('../../containers/logs/log_source'); -const useLogSourceMock = useLogSource as jest.MockedFunction; +jest.mock('../../hooks/use_log_view'); +const useLogViewMock = useLogView as jest.MockedFunction; const renderRoutes = (routes: React.ReactElement) => { const history = createMemoryHistory(); const services = { http: httpServiceMock.createStartContract(), - data: { - indexPatterns: {}, + logViews: { + client: {}, }, observability: { navigation: { @@ -48,12 +48,12 @@ const renderRoutes = (routes: React.ReactElement) => { }; describe('LinkToLogsPage component', () => { - beforeEach(() => { - useLogSourceMock.mockImplementation(createLoadedUseLogSourceMock()); + beforeEach(async () => { + useLogViewMock.mockImplementation(await createLoadedUseLogViewMock()); }); afterEach(() => { - useLogSourceMock.mockRestore(); + useLogViewMock.mockRestore(); }); describe('default route', () => { @@ -199,7 +199,7 @@ describe('LinkToLogsPage component', () => { }); it('renders a loading page while loading the source configuration', async () => { - useLogSourceMock.mockImplementation(createLoadingUseLogSourceMock()); + useLogViewMock.mockImplementation(createLoadingUseLogViewMock()); const { history, queryByTestId } = renderRoutes( @@ -209,7 +209,7 @@ describe('LinkToLogsPage component', () => { history.push('/link-to/host-logs/HOST_NAME'); await waitFor(() => { - expect(queryByTestId('nodeLoadingPage-host')).not.toBeEmpty(); + expect(queryByTestId('nodeLoadingPage-host')).not.toBeEmptyDOMElement(); }); }); }); @@ -258,7 +258,7 @@ describe('LinkToLogsPage component', () => { }); it('renders a loading page while loading the source configuration', () => { - useLogSourceMock.mockImplementation(createLoadingUseLogSourceMock()); + useLogViewMock.mockImplementation(createLoadingUseLogViewMock()); const { history, queryByTestId } = renderRoutes( @@ -268,7 +268,7 @@ describe('LinkToLogsPage component', () => { history.push('/link-to/container-logs/CONTAINER_ID'); - expect(queryByTestId('nodeLoadingPage-container')).not.toBeEmpty(); + expect(queryByTestId('nodeLoadingPage-container')).not.toBeEmptyDOMElement(); }); }); @@ -314,7 +314,7 @@ describe('LinkToLogsPage component', () => { }); it('renders a loading page while loading the source configuration', () => { - useLogSourceMock.mockImplementation(createLoadingUseLogSourceMock()); + useLogViewMock.mockImplementation(createLoadingUseLogViewMock()); const { history, queryByTestId } = renderRoutes( @@ -324,7 +324,7 @@ describe('LinkToLogsPage component', () => { history.push('/link-to/pod-logs/POD_UID'); - expect(queryByTestId('nodeLoadingPage-pod')).not.toBeEmpty(); + expect(queryByTestId('nodeLoadingPage-pod')).not.toBeEmptyDOMElement(); }); }); }); diff --git a/x-pack/plugins/infra/public/pages/link_to/redirect_to_node_logs.tsx b/x-pack/plugins/infra/public/pages/link_to/redirect_to_node_logs.tsx index 8aaac2f1b9a46..c8bd111402d46 100644 --- a/x-pack/plugins/infra/public/pages/link_to/redirect_to_node_logs.tsx +++ b/x-pack/plugins/infra/public/pages/link_to/redirect_to_node_logs.tsx @@ -6,20 +6,20 @@ */ import { i18n } from '@kbn/i18n'; +import { flowRight } from 'lodash'; import React from 'react'; import { Redirect, RouteComponentProps } from 'react-router-dom'; import useMount from 'react-use/lib/useMount'; -import { flowRight } from 'lodash'; +import { LinkDescriptor } from '../../../../observability/public'; import { findInventoryFields } from '../../../common/inventory_models'; import { InventoryItemType } from '../../../common/inventory_models/types'; import { LoadingPage } from '../../components/loading_page'; import { replaceLogFilterInQueryString } from '../../containers/logs/log_filter'; import { replaceLogPositionInQueryString } from '../../containers/logs/log_position'; -import { useLogSource } from '../../containers/logs/log_source'; import { replaceSourceIdInQueryString } from '../../containers/source_id'; -import { LinkDescriptor } from '../../../../observability/public'; -import { getFilterFromLocation, getTimeFromLocation } from './query_params'; import { useKibanaContextForPlugin } from '../../hooks/use_kibana'; +import { useLogView } from '../../hooks/use_log_view'; +import { getFilterFromLocation, getTimeFromLocation } from './query_params'; type RedirectToNodeLogsType = RouteComponentProps<{ nodeId: string; @@ -34,14 +34,14 @@ export const RedirectToNodeLogs = ({ location, }: RedirectToNodeLogsType) => { const { services } = useKibanaContextForPlugin(); - const { isLoading, loadSource } = useLogSource({ + const { isLoading, load } = useLogView({ fetch: services.http.fetch, - sourceId, - indexPatternsService: services.data.indexPatterns, + logViewId: sourceId, + logViews: services.logViews.client, }); useMount(() => { - loadSource(); + load(); }); if (isLoading) { diff --git a/x-pack/plugins/infra/public/pages/logs/log_entry_categories/page_content.tsx b/x-pack/plugins/infra/public/pages/logs/log_entry_categories/page_content.tsx index 542b1dcd21d80..252d4ff737c15 100644 --- a/x-pack/plugins/infra/public/pages/logs/log_entry_categories/page_content.tsx +++ b/x-pack/plugins/infra/public/pages/logs/log_entry_categories/page_content.tsx @@ -7,6 +7,7 @@ import { i18n } from '@kbn/i18n'; import React, { useCallback, useEffect } from 'react'; +import type { LazyObservabilityPageTemplateProps } from '../../../../../observability/public'; import { isJobStatusWithResults } from '../../../../common/log_analysis'; import { LoadingPage } from '../../../components/loading_page'; import { @@ -21,11 +22,10 @@ import { import { SubscriptionSplashPage } from '../../../components/subscription_splash_content'; import { useLogAnalysisCapabilitiesContext } from '../../../containers/logs/log_analysis'; import { useLogEntryCategoriesModuleContext } from '../../../containers/logs/log_analysis/modules/log_entry_categories'; +import { useLogViewContext } from '../../../hooks/use_log_view'; +import { LogsPageTemplate } from '../page_template'; import { LogEntryCategoriesResultsContent } from './page_results_content'; import { LogEntryCategoriesSetupContent } from './page_setup_content'; -import { LogsPageTemplate } from '../page_template'; -import type { LazyObservabilityPageTemplateProps } from '../../../../../observability/public'; -import { useLogSourceContext } from '../../../containers/logs/log_source'; const logCategoriesTitle = i18n.translate('xpack.infra.logs.logCategoriesTitle', { defaultMessage: 'Categories', @@ -115,10 +115,10 @@ const CategoriesPageTemplate: React.FC = ({ children, ...rest }) => { - const { sourceStatus } = useLogSourceContext(); + const { logViewStatus } = useLogViewContext(); return ( { const { hasFailedLoading, isLoading, isUninitialized, - latestLoadSourceFailures, - loadSource, - resolvedSourceConfiguration, - sourceId, - } = useLogSourceContext(); + latestLoadLogViewFailures, + load, + resolvedLogView, + logViewId, + } = useLogViewContext(); const { space } = useActiveKibanaSpace(); // This is a rather crude way of guarding the dependent providers against @@ -31,17 +31,17 @@ export const LogEntryCategoriesPageProviders: React.FunctionComponent = ({ child if (space == null) { return null; } else if (hasFailedLoading) { - return ; + return ; } else if (isLoading || isUninitialized) { return ; - } else if (resolvedSourceConfiguration != null) { + } else if (resolvedLogView != null) { return ( {children} diff --git a/x-pack/plugins/infra/public/pages/logs/log_entry_categories/page_results_content.tsx b/x-pack/plugins/infra/public/pages/logs/log_entry_categories/page_results_content.tsx index 190050b504ee3..bba95b0fffb05 100644 --- a/x-pack/plugins/infra/public/pages/logs/log_entry_categories/page_results_content.tsx +++ b/x-pack/plugins/infra/public/pages/logs/log_entry_categories/page_results_content.tsx @@ -11,13 +11,21 @@ import { i18n } from '@kbn/i18n'; import moment from 'moment'; import React, { useCallback, useEffect, useMemo, useState } from 'react'; import useInterval from 'react-use/lib/useInterval'; -import { useKibana } from '../../../../../../../src/plugins/kibana_react/public'; import { euiStyled } from '../../../../../../../src/plugins/kibana_react/common'; +import { useKibana } from '../../../../../../../src/plugins/kibana_react/public'; +import { MLJobsAwaitingNodeWarning, ML_PAGES, useMlHref } from '../../../../../ml/public'; import { useTrackPageview } from '../../../../../observability/public'; import { TimeRange } from '../../../../common/time/time_range'; import { CategoryJobNoticesSection } from '../../../components/logging/log_analysis_job_status'; +import { AnalyzeInMlButton } from '../../../components/logging/log_analysis_results'; +import { DatasetsSelector } from '../../../components/logging/log_analysis_results/datasets_selector'; +import { RecreateJobButton } from '../../../components/logging/log_analysis_setup/create_job_button'; +import { useLogAnalysisCapabilitiesContext } from '../../../containers/logs/log_analysis/log_analysis_capabilities'; import { useLogEntryCategoriesModuleContext } from '../../../containers/logs/log_analysis/modules/log_entry_categories'; import { ViewLogInContext } from '../../../containers/logs/view_log_in_context'; +import { useKibanaContextForPlugin } from '../../../hooks/use_kibana'; +import { useLogViewContext } from '../../../hooks/use_log_view'; +import { LogsPageTemplate } from '../page_template'; import { PageViewLogInContext } from '../stream/page_view_log_in_context'; import { TopCategoriesSection } from './sections/top_categories'; import { useLogEntryCategoriesResults } from './use_log_entry_categories_results'; @@ -25,15 +33,6 @@ import { StringTimeRange, useLogEntryCategoriesResultsUrlState, } from './use_log_entry_categories_results_url_state'; -import { useLogAnalysisCapabilitiesContext } from '../../../containers/logs/log_analysis/log_analysis_capabilities'; -import { useKibanaContextForPlugin } from '../../../hooks/use_kibana'; -import { LogsPageTemplate } from '../page_template'; -import { RecreateJobButton } from '../../../components/logging/log_analysis_setup/create_job_button'; -import { AnalyzeInMlButton } from '../../../components/logging/log_analysis_results'; -import { useMlHref, ML_PAGES } from '../../../../../ml/public'; -import { DatasetsSelector } from '../../../components/logging/log_analysis_results/datasets_selector'; -import { useLogSourceContext } from '../../../containers/logs/log_source'; -import { MLJobsAwaitingNodeWarning } from '../../../../../ml/public'; const JOB_STATUS_POLLING_INTERVAL = 30000; @@ -52,7 +51,7 @@ export const LogEntryCategoriesResultsContent: React.FunctionComponent< services: { ml, http }, } = useKibanaContextForPlugin(); - const { sourceStatus } = useLogSourceContext(); + const { logViewStatus } = useLogViewContext(); const { hasLogAnalysisSetupCapabilities } = useLogAnalysisCapabilitiesContext(); const { @@ -212,7 +211,7 @@ export const LogEntryCategoriesResultsContent: React.FunctionComponent< endTimestamp={categoryQueryTimeRange.timeRange.endTime} > = ({ children, ...rest }) => { - const { sourceStatus } = useLogSourceContext(); + const { logViewStatus } = useLogViewContext(); return ( { const { hasFailedLoading, isLoading, isUninitialized, - latestLoadSourceFailures, - loadSource, - resolvedSourceConfiguration, - sourceId, - } = useLogSourceContext(); + latestLoadLogViewFailures, + load, + logViewId, + resolvedLogView, + } = useLogViewContext(); const { space } = useActiveKibanaSpace(); // This is a rather crude way of guarding the dependent providers against @@ -35,23 +35,23 @@ export const LogEntryRatePageProviders: React.FunctionComponent = ({ children }) } else if (isLoading || isUninitialized) { return ; } else if (hasFailedLoading) { - return ; - } else if (resolvedSourceConfiguration != null) { + return ; + } else if (resolvedLogView != null) { return ( {children} diff --git a/x-pack/plugins/infra/public/pages/logs/log_entry_rate/page_results_content.tsx b/x-pack/plugins/infra/public/pages/logs/log_entry_rate/page_results_content.tsx index a68432472c245..cf7a4789a687d 100644 --- a/x-pack/plugins/infra/public/pages/logs/log_entry_rate/page_results_content.tsx +++ b/x-pack/plugins/infra/public/pages/logs/log_entry_rate/page_results_content.tsx @@ -6,34 +6,34 @@ */ import { EuiFlexGroup, EuiFlexItem, EuiSuperDatePicker } from '@elastic/eui'; +import type { Query } from '@kbn/es-query'; import moment from 'moment'; import { stringify } from 'query-string'; import React, { useCallback, useMemo } from 'react'; import { encode, RisonValue } from 'rison-node'; -import type { Query } from '@kbn/es-query'; import { useKibana } from '../../../../../../../src/plugins/kibana_react/public'; +import { MLJobsAwaitingNodeWarning } from '../../../../../ml/public'; import { useTrackPageview } from '../../../../../observability/public'; +import { isJobStatusWithResults } from '../../../../common/log_analysis'; import { TimeKey } from '../../../../common/time'; import { CategoryJobNoticesSection, LogAnalysisJobProblemIndicator, } from '../../../components/logging/log_analysis_job_status'; import { DatasetsSelector } from '../../../components/logging/log_analysis_results/datasets_selector'; +import { ManageJobsButton } from '../../../components/logging/log_analysis_setup/manage_jobs_button'; import { useLogAnalysisSetupFlyoutStateContext } from '../../../components/logging/log_analysis_setup/setup_flyout'; import { LogEntryFlyout } from '../../../components/logging/log_entry_flyout'; import { useLogAnalysisCapabilitiesContext } from '../../../containers/logs/log_analysis/log_analysis_capabilities'; import { useLogEntryCategoriesModuleContext } from '../../../containers/logs/log_analysis/modules/log_entry_categories'; import { useLogEntryRateModuleContext } from '../../../containers/logs/log_analysis/modules/log_entry_rate'; import { useLogEntryFlyoutContext } from '../../../containers/logs/log_flyout'; -import { useLogSourceContext } from '../../../containers/logs/log_source'; +import { useLogViewContext } from '../../../hooks/use_log_view'; +import { LogsPageTemplate } from '../page_template'; import { AnomaliesResults } from './sections/anomalies'; import { useDatasetFiltering } from './use_dataset_filtering'; import { useLogEntryAnomaliesResults } from './use_log_entry_anomalies_results'; import { useLogAnalysisResultsUrlState } from './use_log_entry_rate_results_url_state'; -import { isJobStatusWithResults } from '../../../../common/log_analysis'; -import { LogsPageTemplate } from '../page_template'; -import { ManageJobsButton } from '../../../components/logging/log_analysis_setup/manage_jobs_button'; -import { MLJobsAwaitingNodeWarning } from '../../../../../ml/public'; export const SORT_DEFAULTS = { direction: 'desc' as const, @@ -52,7 +52,7 @@ export const LogEntryRateResultsContent: React.FunctionComponent<{ const navigateToApp = useKibana().services.application?.navigateToApp; - const { sourceId, sourceStatus } = useLogSourceContext(); + const { logViewId, logViewStatus } = useLogViewContext(); const { hasLogAnalysisSetupCapabilities } = useLogAnalysisCapabilitiesContext(); @@ -142,7 +142,7 @@ export const LogEntryRateResultsContent: React.FunctionComponent<{ datasets, isLoadingDatasets, } = useLogEntryAnomaliesResults({ - sourceId, + sourceId: logViewId, startTime: timeRange.value.startTime, endTime: timeRange.value.endTime, defaultSortOptions: SORT_DEFAULTS, @@ -196,7 +196,7 @@ export const LogEntryRateResultsContent: React.FunctionComponent<{ return ( ], @@ -272,7 +272,7 @@ export const LogEntryRateResultsContent: React.FunctionComponent<{ logEntryId={flyoutLogEntryId} onCloseFlyout={closeLogEntryFlyout} onSetFieldFilter={linkToLogStream} - sourceId={sourceId} + sourceId={logViewId} /> ) : null} diff --git a/x-pack/plugins/infra/public/pages/logs/log_entry_rate/sections/anomalies/expanded_row.tsx b/x-pack/plugins/infra/public/pages/logs/log_entry_rate/sections/anomalies/expanded_row.tsx index a5eb5e2219460..85f96884fbae5 100644 --- a/x-pack/plugins/infra/public/pages/logs/log_entry_rate/sections/anomalies/expanded_row.tsx +++ b/x-pack/plugins/infra/public/pages/logs/log_entry_rate/sections/anomalies/expanded_row.tsx @@ -11,10 +11,10 @@ import { i18n } from '@kbn/i18n'; import React from 'react'; import useMount from 'react-use/lib/useMount'; import { euiStyled } from '../../../../../../../../../src/plugins/kibana_react/common'; -import { LogEntryAnomaly, isCategoryAnomaly } from '../../../../../../common/log_analysis'; +import { isCategoryAnomaly, LogEntryAnomaly } from '../../../../../../common/log_analysis'; import { TimeRange } from '../../../../../../common/time/time_range'; import { LogEntryExampleMessages } from '../../../../../components/logging/log_entry_examples/log_entry_examples'; -import { useLogSourceContext } from '../../../../../containers/logs/log_source'; +import { useLogViewContext } from '../../../../../hooks/use_log_view'; import { useLogEntryExamples } from '../../use_log_entry_examples'; import { LogEntryExampleMessage, LogEntryExampleMessageHeaders } from './log_entry_example'; @@ -28,7 +28,7 @@ export const AnomaliesTableExpandedRow: React.FunctionComponent<{ anomaly: LogEntryAnomaly; timeRange: TimeRange; }> = ({ anomaly, timeRange }) => { - const { sourceId } = useLogSourceContext(); + const { logViewId } = useLogViewContext(); const { getLogEntryExamples, @@ -39,7 +39,7 @@ export const AnomaliesTableExpandedRow: React.FunctionComponent<{ dataset: anomaly.dataset, endTime: anomaly.startTime + anomaly.duration, exampleCount: EXAMPLE_COUNT, - sourceId, + sourceId: logViewId, startTime: anomaly.startTime, categoryId: isCategoryAnomaly(anomaly) ? anomaly.categoryId : undefined, }); diff --git a/x-pack/plugins/infra/public/pages/logs/page_content.tsx b/x-pack/plugins/infra/public/pages/logs/page_content.tsx index 9643483fd199b..785a1d5f691da 100644 --- a/x-pack/plugins/infra/public/pages/logs/page_content.tsx +++ b/x-pack/plugins/infra/public/pages/logs/page_content.tsx @@ -5,41 +5,31 @@ * 2.0. */ -import { EuiHeaderLinks, EuiHeaderLink } from '@elastic/eui'; +import { EuiHeaderLink, EuiHeaderLinks } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import React, { useContext } from 'react'; import { Route, Switch } from 'react-router-dom'; -import useMount from 'react-use/lib/useMount'; - -import { AlertDropdown } from '../../alerting/log_threshold'; import { useKibana } from '../../../../../../src/plugins/kibana_react/public'; +import { HeaderMenuPortal, useLinkProps } from '../../../../observability/public'; +import { AlertDropdown } from '../../alerting/log_threshold'; import { DocumentTitle } from '../../components/document_title'; import { HelpCenterContent } from '../../components/help_center_content'; -import { useLogSourceContext } from '../../containers/logs/log_source'; +import { useReadOnlyBadge } from '../../hooks/use_readonly_badge'; +import { HeaderActionMenuContext } from '../../utils/header_action_menu_provider'; import { RedirectWithQueryParams } from '../../utils/redirect_with_query_params'; import { LogEntryCategoriesPage } from './log_entry_categories'; import { LogEntryRatePage } from './log_entry_rate'; import { LogsSettingsPage } from './settings'; import { StreamPage } from './stream'; -import { HeaderMenuPortal } from '../../../../observability/public'; -import { HeaderActionMenuContext } from '../../utils/header_action_menu_provider'; -import { useLinkProps } from '../../../../observability/public'; -import { useReadOnlyBadge } from '../../hooks/use_readonly_badge'; export const LogsPageContent: React.FunctionComponent = () => { const uiCapabilities = useKibana().services.application?.capabilities; const { setHeaderActionMenu, theme$ } = useContext(HeaderActionMenuContext); - const { initialize } = useLogSourceContext(); - const kibana = useKibana(); useReadOnlyBadge(!uiCapabilities?.logs?.save); - useMount(() => { - initialize(); - }); - // !! Need to be kept in sync with the deepLinks in x-pack/plugins/infra/public/plugin.ts const streamTab = { app: 'logs', diff --git a/x-pack/plugins/infra/public/pages/logs/page_providers.tsx b/x-pack/plugins/infra/public/pages/logs/page_providers.tsx index 34ff237a9bd03..00f4935dc601b 100644 --- a/x-pack/plugins/infra/public/pages/logs/page_providers.tsx +++ b/x-pack/plugins/infra/public/pages/logs/page_providers.tsx @@ -6,21 +6,21 @@ */ import React from 'react'; -import { useKibanaContextForPlugin } from '../../hooks/use_kibana'; import { LogAnalysisCapabilitiesProvider } from '../../containers/logs/log_analysis'; -import { LogSourceProvider } from '../../containers/logs/log_source'; import { useSourceId } from '../../containers/source_id'; +import { useKibanaContextForPlugin } from '../../hooks/use_kibana'; +import { LogViewProvider } from '../../hooks/use_log_view'; export const LogsPageProviders: React.FunctionComponent = ({ children }) => { const [sourceId] = useSourceId(); const { services } = useKibanaContextForPlugin(); return ( - {children} - + ); }; diff --git a/x-pack/plugins/infra/public/pages/logs/settings/index_names_configuration_panel.tsx b/x-pack/plugins/infra/public/pages/logs/settings/index_names_configuration_panel.tsx index 5da03d9cb22c1..20b40f5599976 100644 --- a/x-pack/plugins/infra/public/pages/logs/settings/index_names_configuration_panel.tsx +++ b/x-pack/plugins/infra/public/pages/logs/settings/index_names_configuration_panel.tsx @@ -9,7 +9,7 @@ import { EuiCode, EuiDescribedFormGroup, EuiFieldText, EuiFormRow } from '@elast import { FormattedMessage } from '@kbn/i18n-react'; import React from 'react'; import { useTrackPageview } from '../../../../../observability/public'; -import { LogIndexNameReference } from '../../../../common/log_sources'; +import { LogIndexNameReference } from '../../../../common/log_views'; import { FormElement } from './form_elements'; import { getFormRowProps, getInputFieldProps } from './form_field_props'; import { FormValidationError } from './validation_errors'; diff --git a/x-pack/plugins/infra/public/pages/logs/settings/index_pattern_configuration_panel.tsx b/x-pack/plugins/infra/public/pages/logs/settings/index_pattern_configuration_panel.tsx index 2d1c407595f61..0b9f9ceae99cf 100644 --- a/x-pack/plugins/infra/public/pages/logs/settings/index_pattern_configuration_panel.tsx +++ b/x-pack/plugins/infra/public/pages/logs/settings/index_pattern_configuration_panel.tsx @@ -9,7 +9,7 @@ import { EuiDescribedFormGroup, EuiFormRow, EuiLink, EuiSpacer } from '@elastic/ import { FormattedMessage } from '@kbn/i18n-react'; import React, { useCallback, useMemo } from 'react'; import { useTrackPageview } from '../../../../../observability/public'; -import { LogIndexPatternReference } from '../../../../common/log_sources'; +import { LogDataViewReference } from '../../../../common/log_views'; import { useLinkProps } from '../../../../../observability/public'; import { FormElement } from './form_elements'; import { getFormRowProps } from './form_field_props'; @@ -19,7 +19,7 @@ import { FormValidationError } from './validation_errors'; export const IndexPatternConfigurationPanel: React.FC<{ isLoading: boolean; isReadOnly: boolean; - indexPatternFormElement: FormElement; + indexPatternFormElement: FormElement; }> = ({ isLoading, isReadOnly, indexPatternFormElement }) => { useTrackPageview({ app: 'infra_logs', path: 'log_source_configuration_index_pattern' }); useTrackPageview({ @@ -29,11 +29,11 @@ export const IndexPatternConfigurationPanel: React.FC<{ }); const changeIndexPatternId = useCallback( - (indexPatternId: string | undefined) => { - if (indexPatternId != null) { + (dataViewId: string | undefined) => { + if (dataViewId != null) { indexPatternFormElement.updateValue(() => ({ - type: 'index_pattern', - indexPatternId, + type: 'data_view', + dataViewId, })); } else { indexPatternFormElement.updateValue(() => undefined); @@ -78,7 +78,7 @@ export const IndexPatternConfigurationPanel: React.FC<{ diff --git a/x-pack/plugins/infra/public/pages/logs/settings/indices_configuration_form_state.ts b/x-pack/plugins/infra/public/pages/logs/settings/indices_configuration_form_state.ts index 1136524cf6c8d..8ebf2bed2b8df 100644 --- a/x-pack/plugins/infra/public/pages/logs/settings/indices_configuration_form_state.ts +++ b/x-pack/plugins/infra/public/pages/logs/settings/indices_configuration_form_state.ts @@ -6,13 +6,13 @@ */ import { useMemo } from 'react'; -import { SavedObjectNotFound } from '../../../../../../../src/plugins/kibana_utils/common'; -import { useUiTracker } from '../../../../../observability/public'; import { + LogDataViewReference, LogIndexNameReference, logIndexNameReferenceRT, - LogIndexPatternReference, -} from '../../../../common/log_sources'; +} from '../../../../common/log_views'; +import { SavedObjectNotFound } from '../../../../../../../src/plugins/kibana_utils/common'; +import { useUiTracker } from '../../../../../observability/public'; import { useKibanaIndexPatternService } from '../../../hooks/use_kibana_index_patterns'; import { useFormElement } from './form_elements'; import { @@ -21,7 +21,7 @@ import { validateStringNotEmpty, } from './validation_errors'; -export type LogIndicesFormState = LogIndexNameReference | LogIndexPatternReference | undefined; +export type LogIndicesFormState = LogIndexNameReference | LogDataViewReference | undefined; export const useLogIndicesFormElement = (initialValue: LogIndicesFormState) => { const indexPatternService = useKibanaIndexPatternService(); @@ -37,23 +37,20 @@ export const useLogIndicesFormElement = (initialValue: LogIndicesFormState) => { } else if (logIndexNameReferenceRT.is(logIndices)) { return validateStringNotEmpty('log indices', logIndices.indexName); } else { - const emptyStringErrors = validateStringNotEmpty( - 'log data view', - logIndices.indexPatternId - ); + const emptyStringErrors = validateStringNotEmpty('log data view', logIndices.dataViewId); if (emptyStringErrors.length > 0) { return emptyStringErrors; } const indexPatternErrors = await indexPatternService - .get(logIndices.indexPatternId) + .get(logIndices.dataViewId) .then(validateIndexPattern, (error): FormValidationError[] => { if (error instanceof SavedObjectNotFound) { return [ { type: 'missing_index_pattern' as const, - indexPatternId: logIndices.indexPatternId, + indexPatternId: logIndices.dataViewId, }, ]; } else { diff --git a/x-pack/plugins/infra/public/pages/logs/settings/indices_configuration_panel.tsx b/x-pack/plugins/infra/public/pages/logs/settings/indices_configuration_panel.tsx index 46af94989f259..4127299d8db3b 100644 --- a/x-pack/plugins/infra/public/pages/logs/settings/indices_configuration_panel.tsx +++ b/x-pack/plugins/infra/public/pages/logs/settings/indices_configuration_panel.tsx @@ -11,10 +11,10 @@ import React, { useCallback } from 'react'; import { useUiTracker } from '../../../../../observability/public'; import { logIndexNameReferenceRT, - LogIndexPatternReference, - logIndexPatternReferenceRT, + LogDataViewReference, + logDataViewReferenceRT, LogIndexReference, -} from '../../../../common/log_sources'; +} from '../../../../common/log_views'; import { FormElement, isFormElementForType } from './form_elements'; import { IndexNamesConfigurationPanel } from './index_names_configuration_panel'; import { IndexPatternConfigurationPanel } from './index_pattern_configuration_panel'; @@ -28,7 +28,7 @@ export const IndicesConfigurationPanel = React.memo<{ const trackChangeIndexSourceType = useUiTracker({ app: 'infra_logs' }); const changeToIndexPatternType = useCallback(() => { - if (indicesFormElement.initialValue?.type === 'index_pattern') { + if (logDataViewReferenceRT.is(indicesFormElement.initialValue)) { indicesFormElement.updateValue(() => indicesFormElement.initialValue); } else { indicesFormElement.updateValue(() => undefined); @@ -83,11 +83,11 @@ export const IndicesConfigurationPanel = React.memo<{ } name="dataView" value="dataView" - checked={isIndexPatternFormElement(indicesFormElement)} + checked={isDataViewFormElement(indicesFormElement)} onChange={changeToIndexPatternType} disabled={isReadOnly} > - {isIndexPatternFormElement(indicesFormElement) && ( + {isDataViewFormElement(indicesFormElement) && ( - value == null || logIndexPatternReferenceRT.is(value) +const isDataViewFormElement = isFormElementForType( + (value): value is LogDataViewReference | undefined => + value == null || logDataViewReferenceRT.is(value) ); const isIndexNamesFormElement = isFormElementForType(logIndexNameReferenceRT.is); diff --git a/x-pack/plugins/infra/public/pages/logs/settings/source_configuration_form_state.tsx b/x-pack/plugins/infra/public/pages/logs/settings/source_configuration_form_state.tsx index 6523708d18ee0..24537aadf183d 100644 --- a/x-pack/plugins/infra/public/pages/logs/settings/source_configuration_form_state.tsx +++ b/x-pack/plugins/infra/public/pages/logs/settings/source_configuration_form_state.tsx @@ -6,30 +6,28 @@ */ import { useMemo } from 'react'; -import { LogSourceConfigurationProperties } from '../../../containers/logs/log_source'; +import { LogViewAttributes } from '../../../../common/log_views'; import { useCompositeFormElement } from './form_elements'; import { useLogIndicesFormElement } from './indices_configuration_form_state'; import { useLogColumnsFormElement } from './log_columns_configuration_form_state'; import { useNameFormElement } from './name_configuration_form_state'; -export const useLogSourceConfigurationFormState = ( - configuration?: LogSourceConfigurationProperties -) => { - const nameFormElement = useNameFormElement(configuration?.name ?? ''); +export const useLogSourceConfigurationFormState = (logViewAttributes?: LogViewAttributes) => { + const nameFormElement = useNameFormElement(logViewAttributes?.name ?? ''); const logIndicesFormElement = useLogIndicesFormElement( useMemo( () => - configuration?.logIndices ?? { + logViewAttributes?.logIndices ?? { type: 'index_name', indexName: '', }, - [configuration] + [logViewAttributes] ) ); const logColumnsFormElement = useLogColumnsFormElement( - useMemo(() => configuration?.logColumns ?? [], [configuration]) + useMemo(() => logViewAttributes?.logColumns ?? [], [logViewAttributes]) ); const sourceConfigurationFormElement = useCompositeFormElement( diff --git a/x-pack/plugins/infra/public/pages/logs/settings/source_configuration_settings.tsx b/x-pack/plugins/infra/public/pages/logs/settings/source_configuration_settings.tsx index daf4e73847163..afb8e1346bed6 100644 --- a/x-pack/plugins/infra/public/pages/logs/settings/source_configuration_settings.tsx +++ b/x-pack/plugins/infra/public/pages/logs/settings/source_configuration_settings.tsx @@ -17,18 +17,17 @@ import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; import React, { useCallback, useMemo } from 'react'; import { useKibana } from '../../../../../../../src/plugins/kibana_react/public'; -import { useTrackPageview } from '../../../../../observability/public'; -import { useLogsBreadcrumbs } from '../../../hooks/use_logs_breadcrumbs'; +import { Prompt, useTrackPageview } from '../../../../../observability/public'; import { SourceLoadingPage } from '../../../components/source_loading_page'; -import { useLogSourceContext } from '../../../containers/logs/log_source'; -import { Prompt } from '../../../../../observability/public'; +import { useLogsBreadcrumbs } from '../../../hooks/use_logs_breadcrumbs'; +import { useLogViewContext } from '../../../hooks/use_log_view'; +import { settingsTitle } from '../../../translations'; +import { LogsPageTemplate } from '../page_template'; import { IndicesConfigurationPanel } from './indices_configuration_panel'; import { LogColumnsConfigurationPanel } from './log_columns_configuration_panel'; import { NameConfigurationPanel } from './name_configuration_panel'; import { LogSourceConfigurationFormErrors } from './source_configuration_form_errors'; import { useLogSourceConfigurationFormState } from './source_configuration_form_state'; -import { LogsPageTemplate } from '../page_template'; -import { settingsTitle } from '../../../translations'; export const LogsSettingsPage = () => { const uiCapabilities = useKibana().services.application?.capabilities; @@ -47,18 +46,12 @@ export const LogsSettingsPage = () => { }, ]); - const { - sourceConfiguration: source, - hasFailedLoadingSource, - isLoading, - isUninitialized, - updateSource, - resolvedSourceConfiguration, - } = useLogSourceContext(); + const { logView, hasFailedLoadingLogView, isLoading, isUninitialized, update, resolvedLogView } = + useLogViewContext(); const availableFields = useMemo( - () => resolvedSourceConfiguration?.fields.map((field) => field.name) ?? [], - [resolvedSourceConfiguration] + () => resolvedLogView?.fields.map((field) => field.name) ?? [], + [resolvedLogView] ); const { @@ -67,22 +60,22 @@ export const LogsSettingsPage = () => { logIndicesFormElement, logColumnsFormElement, nameFormElement, - } = useLogSourceConfigurationFormState(source?.configuration); + } = useLogSourceConfigurationFormState(logView?.attributes); const persistUpdates = useCallback(async () => { - await updateSource(formState); + await update(formState); sourceConfigurationFormElement.resetValue(); - }, [updateSource, sourceConfigurationFormElement, formState]); + }, [update, sourceConfigurationFormElement, formState]); const isWriteable = useMemo( - () => shouldAllowEdit && source && source.origin !== 'internal', - [shouldAllowEdit, source] + () => shouldAllowEdit && logView && logView.origin !== 'internal', + [shouldAllowEdit, logView] ); - if ((isLoading || isUninitialized) && !resolvedSourceConfiguration) { + if ((isLoading || isUninitialized) && !resolvedLogView) { return ; } - if (hasFailedLoadingSource) { + if (hasFailedLoadingLogView) { return null; } diff --git a/x-pack/plugins/infra/public/pages/logs/stream/page_content.tsx b/x-pack/plugins/infra/public/pages/logs/stream/page_content.tsx index 7f8ed4fa6a951..3b59e097e7f97 100644 --- a/x-pack/plugins/infra/public/pages/logs/stream/page_content.tsx +++ b/x-pack/plugins/infra/public/pages/logs/stream/page_content.tsx @@ -5,15 +5,15 @@ * 2.0. */ -import React from 'react'; import { i18n } from '@kbn/i18n'; +import React from 'react'; +import { APP_WRAPPER_CLASS } from '../../../../../../../src/core/public'; +import { euiStyled } from '../../../../../../../src/plugins/kibana_react/common'; import { LogSourceErrorPage } from '../../../components/logging/log_source_error_page'; import { SourceLoadingPage } from '../../../components/source_loading_page'; -import { useLogSourceContext } from '../../../containers/logs/log_source'; -import { LogsPageLogsContent } from './page_logs_content'; +import { useLogViewContext } from '../../../hooks/use_log_view'; import { LogsPageTemplate } from '../page_template'; -import { euiStyled } from '../../../../../../../src/plugins/kibana_react/common'; -import { APP_WRAPPER_CLASS } from '../../../../../../../src/core/public'; +import { LogsPageLogsContent } from './page_logs_content'; const streamTitle = i18n.translate('xpack.infra.logs.streamPageTitle', { defaultMessage: 'Stream', @@ -24,20 +24,20 @@ export const StreamPageContent: React.FunctionComponent = () => { hasFailedLoading, isLoading, isUninitialized, - loadSource, - latestLoadSourceFailures, - sourceStatus, - } = useLogSourceContext(); + latestLoadLogViewFailures, + load, + logViewStatus, + } = useLogViewContext(); if (isLoading || isUninitialized) { return ; } else if (hasFailedLoading) { - return ; + return ; } else { return ( { - const { resolvedSourceConfiguration, sourceConfiguration, sourceId } = useLogSourceContext(); + const { resolvedLogView, logView, logViewId } = useLogViewContext(); const { textScale, textWrap } = useContext(LogViewConfiguration.Context); const { surroundingLogsId, @@ -216,14 +216,12 @@ export const LogsPageLogsContent: React.FunctionComponent = () => { logEntryId={flyoutLogEntryId} onCloseFlyout={closeLogEntryFlyout} onSetFieldFilter={setFilter} - sourceId={sourceId} + sourceId={logViewId} /> ) : null} - + { - const { derivedIndexPattern } = useLogSourceContext(); + const { derivedDataView } = useLogViewContext(); + return ( - + {children} @@ -28,7 +28,7 @@ const LogFilterStateProvider: React.FC = ({ children }) => { const ViewLogInContextProvider: React.FC = ({ children }) => { const { startTimestamp, endTimestamp } = useContext(LogPositionState.Context); - const { sourceId } = useLogSourceContext(); + const { logViewId } = useLogViewContext(); if (!startTimestamp || !endTimestamp) { return null; @@ -38,7 +38,7 @@ const ViewLogInContextProvider: React.FC = ({ children }) => { {children} @@ -46,7 +46,7 @@ const ViewLogInContextProvider: React.FC = ({ children }) => { }; const LogEntriesStateProvider: React.FC = ({ children }) => { - const { sourceId } = useLogSourceContext(); + const { logViewId } = useLogViewContext(); const { startTimestamp, endTimestamp, targetPosition, isInitialized } = useContext( LogPositionState.Context ); @@ -65,7 +65,7 @@ const LogEntriesStateProvider: React.FC = ({ children }) => { return ( { }; const LogHighlightsStateProvider: React.FC = ({ children }) => { - const { sourceId, sourceConfiguration } = useLogSourceContext(); + const { logViewId, logView } = useLogViewContext(); const { topCursor, bottomCursor, entries } = useLogStreamContext(); const { filterQuery } = useContext(LogFilterState.Context); const highlightsProps = { - sourceId, - sourceVersion: sourceConfiguration?.version, + sourceId: logViewId, + sourceVersion: logView?.version, entriesStart: topCursor, entriesEnd: bottomCursor, centerCursor: entries.length > 0 ? entries[Math.floor(entries.length / 2)].cursor : null, @@ -94,10 +94,10 @@ const LogHighlightsStateProvider: React.FC = ({ children }) => { }; export const LogsPageProviders: React.FunctionComponent = ({ children }) => { - const { sourceStatus } = useLogSourceContext(); + const { logViewStatus } = useLogViewContext(); // The providers assume the source is loaded, so short-circuit them otherwise - if (sourceStatus?.logIndexStatus === 'missing') { + if (logViewStatus?.index === 'missing') { return <>{children}; } diff --git a/x-pack/plugins/infra/public/pages/logs/stream/page_toolbar.tsx b/x-pack/plugins/infra/public/pages/logs/stream/page_toolbar.tsx index fe036fd613fc9..706e8a98e997a 100644 --- a/x-pack/plugins/infra/public/pages/logs/stream/page_toolbar.tsx +++ b/x-pack/plugins/infra/public/pages/logs/stream/page_toolbar.tsx @@ -6,10 +6,11 @@ */ import { EuiFlexGroup, EuiFlexItem } from '@elastic/eui'; +import { Query } from '@kbn/es-query'; import { i18n } from '@kbn/i18n'; import React, { useContext } from 'react'; -import { Query } from '@kbn/es-query'; import { QueryStringInput } from '../../../../../../../src/plugins/data/public'; +import { euiStyled } from '../../../../../../../src/plugins/kibana_react/common'; import { LogCustomizationMenu } from '../../../components/logging/log_customization_menu'; import { LogDatepicker } from '../../../components/logging/log_datepicker'; import { LogHighlightsMenu } from '../../../components/logging/log_highlights_menu'; @@ -19,12 +20,11 @@ import { LogFilterState } from '../../../containers/logs/log_filter'; import { LogFlyout } from '../../../containers/logs/log_flyout'; import { LogHighlightsState } from '../../../containers/logs/log_highlights/log_highlights'; import { LogPositionState } from '../../../containers/logs/log_position'; -import { useLogSourceContext } from '../../../containers/logs/log_source'; import { LogViewConfiguration } from '../../../containers/logs/log_view_configuration'; -import { euiStyled } from '../../../../../../../src/plugins/kibana_react/common'; +import { useLogViewContext } from '../../../hooks/use_log_view'; export const LogsToolbar = () => { - const { derivedIndexPattern } = useLogSourceContext(); + const { derivedDataView } = useLogViewContext(); const { availableTextScales, setTextScale, setTextWrap, textScale, textWrap } = useContext( LogViewConfiguration.Context ); @@ -57,7 +57,7 @@ export const LogsToolbar = () => { { setSurroundingLogsId(null); diff --git a/x-pack/plugins/infra/public/plugin.ts b/x-pack/plugins/infra/public/plugin.ts index 6a125c75ab396..623fab62f6286 100644 --- a/x-pack/plugins/infra/public/plugin.ts +++ b/x-pack/plugins/infra/public/plugin.ts @@ -10,10 +10,11 @@ import { AppMountParameters, PluginInitializerContext } from 'kibana/public'; import { from } from 'rxjs'; import { map } from 'rxjs/operators'; import { DEFAULT_APP_CATEGORIES } from '../../../../src/core/public'; +import { defaultLogViewsStaticConfig } from '../common/log_views'; +import { InfraPublicConfig } from '../common/plugin_config_types'; import { createInventoryMetricRuleType } from './alerting/inventory'; import { createLogThresholdRuleType } from './alerting/log_threshold'; import { createMetricThresholdRuleType } from './alerting/metric_threshold'; -import type { CoreProvidersProps } from './apps/common_providers'; import { createLazyContainerMetricsTable } from './components/infrastructure_node_metrics_tables/container/create_lazy_container_metrics_table'; import { createLazyHostMetricsTable } from './components/infrastructure_node_metrics_tables/host/create_lazy_host_metrics_table'; import { createLazyPodMetricsTable } from './components/infrastructure_node_metrics_tables/pod/create_lazy_pod_metrics_table'; @@ -21,17 +22,29 @@ import { LOG_STREAM_EMBEDDABLE } from './components/log_stream/log_stream_embedd import { LogStreamEmbeddableFactoryDefinition } from './components/log_stream/log_stream_embeddable_factory'; import { createMetricsFetchData, createMetricsHasData } from './metrics_overview_fetchers'; import { registerFeatures } from './register_feature'; +import { LogViewsService } from './services/log_views'; import { InfraClientCoreSetup, InfraClientCoreStart, InfraClientPluginClass, InfraClientSetupDeps, InfraClientStartDeps, + InfraClientStartExports, + InfraClientStartServices, } from './types'; import { getLogsHasDataFetcher, getLogsOverviewDataFetcher } from './utils/logs_overview_fetchers'; export class Plugin implements InfraClientPluginClass { - constructor(_context: PluginInitializerContext) {} + public config: InfraPublicConfig; + private logViews: LogViewsService; + + constructor(context: PluginInitializerContext) { + this.config = context.config.get(); + this.logViews = new LogViewsService({ + messageFields: + this.config.sources?.default?.fields?.message ?? defaultLogViewsStaticConfig.messageFields, + }); + } setup(core: InfraClientCoreSetup, pluginsSetup: InfraClientSetupDeps) { if (pluginsSetup.home) { @@ -42,7 +55,9 @@ export class Plugin implements InfraClientPluginClass { createInventoryMetricRuleType() ); - pluginsSetup.observability.observabilityRuleTypeRegistry.register(createLogThresholdRuleType()); + pluginsSetup.observability.observabilityRuleTypeRegistry.register( + createLogThresholdRuleType(core) + ); pluginsSetup.observability.observabilityRuleTypeRegistry.register( createMetricThresholdRuleType() ); @@ -144,10 +159,10 @@ export class Plugin implements InfraClientPluginClass { category: DEFAULT_APP_CATEGORIES.observability, mount: async (params: AppMountParameters) => { // mount callback should not use setup dependencies, get start dependencies instead - const [coreStart, pluginsStart] = await core.getStartServices(); + const [coreStart, pluginsStart, pluginStart] = await core.getStartServices(); const { renderApp } = await import('./apps/logs_app'); - return renderApp(coreStart, pluginsStart, params); + return renderApp(coreStart, pluginsStart, pluginStart, params); }, }); @@ -186,10 +201,10 @@ export class Plugin implements InfraClientPluginClass { ], mount: async (params: AppMountParameters) => { // mount callback should not use setup dependencies, get start dependencies instead - const [coreStart, pluginsStart] = await core.getStartServices(); + const [coreStart, pluginsStart, pluginStart] = await core.getStartServices(); const { renderApp } = await import('./apps/metrics_app'); - return renderApp(coreStart, pluginsStart, params); + return renderApp(coreStart, pluginsStart, pluginStart, params); }, }); @@ -209,17 +224,22 @@ export class Plugin implements InfraClientPluginClass { } start(core: InfraClientCoreStart, plugins: InfraClientStartDeps) { - const coreProvidersProps: CoreProvidersProps = { - core, - plugins, - theme$: core.theme.theme$, - }; + const getStartServices = (): InfraClientStartServices => [core, plugins, startContract]; + + const logViews = this.logViews.start({ + http: core.http, + dataViews: plugins.dataViews, + search: plugins.data.search, + }); - return { - ContainerMetricsTable: createLazyContainerMetricsTable(coreProvidersProps), - HostMetricsTable: createLazyHostMetricsTable(coreProvidersProps), - PodMetricsTable: createLazyPodMetricsTable(coreProvidersProps), + const startContract: InfraClientStartExports = { + logViews, + ContainerMetricsTable: createLazyContainerMetricsTable(getStartServices), + HostMetricsTable: createLazyHostMetricsTable(getStartServices), + PodMetricsTable: createLazyPodMetricsTable(getStartServices), }; + + return startContract; } stop() {} diff --git a/x-pack/plugins/infra/server/routes/log_sources/index.ts b/x-pack/plugins/infra/public/services/log_views/index.ts similarity index 72% rename from x-pack/plugins/infra/server/routes/log_sources/index.ts rename to x-pack/plugins/infra/public/services/log_views/index.ts index 75163863db9e7..07bb7bfa88476 100644 --- a/x-pack/plugins/infra/server/routes/log_sources/index.ts +++ b/x-pack/plugins/infra/public/services/log_views/index.ts @@ -5,5 +5,6 @@ * 2.0. */ -export * from './configuration'; -export * from './status'; +export * from './log_views_client'; +export * from './log_views_service'; +export * from './types'; diff --git a/x-pack/plugins/infra/public/services/log_views/log_views_client.mock.ts b/x-pack/plugins/infra/public/services/log_views/log_views_client.mock.ts new file mode 100644 index 0000000000000..d2f8ada43c705 --- /dev/null +++ b/x-pack/plugins/infra/public/services/log_views/log_views_client.mock.ts @@ -0,0 +1,16 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { ILogViewsClient } from './types'; + +export const createLogViewsClientMock = (): jest.Mocked => ({ + getLogView: jest.fn(), + getResolvedLogView: jest.fn(), + getResolvedLogViewStatus: jest.fn(), + putLogView: jest.fn(), + resolveLogView: jest.fn(), +}); diff --git a/x-pack/plugins/infra/public/services/log_views/log_views_client.ts b/x-pack/plugins/infra/public/services/log_views/log_views_client.ts new file mode 100644 index 0000000000000..75974e50351c6 --- /dev/null +++ b/x-pack/plugins/infra/public/services/log_views/log_views_client.ts @@ -0,0 +1,132 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import * as rt from 'io-ts'; +import { HttpStart } from 'src/core/public'; +import { ISearchGeneric } from 'src/plugins/data/public'; +import { DataViewsContract } from 'src/plugins/data_views/public'; +import { + getLogViewResponsePayloadRT, + getLogViewUrl, + putLogViewRequestPayloadRT, +} from '../../../common/http_api/log_views'; +import { + FetchLogViewError, + FetchLogViewStatusError, + LogView, + LogViewAttributes, + LogViewsStaticConfig, + LogViewStatus, + PutLogViewError, + ResolvedLogView, + resolveLogView, +} from '../../../common/log_views'; +import { decodeOrThrow } from '../../../common/runtime_types'; +import { ILogViewsClient } from './types'; + +export class LogViewsClient implements ILogViewsClient { + constructor( + private readonly dataViews: DataViewsContract, + private readonly http: HttpStart, + private readonly search: ISearchGeneric, + private readonly config: LogViewsStaticConfig + ) {} + + public async getLogView(logViewId: string): Promise { + const response = await this.http.get(getLogViewUrl(logViewId)).catch((error) => { + throw new FetchLogViewError(`Failed to fetch log view "${logViewId}": ${error}`); + }); + + const { data } = decodeOrThrow( + getLogViewResponsePayloadRT, + (message: string) => + new FetchLogViewError(`Failed to decode log view "${logViewId}": ${message}"`) + )(response); + + return data; + } + + public async getResolvedLogView(logViewId: string): Promise { + const logView = await this.getLogView(logViewId); + const resolvedLogView = await this.resolveLogView(logView.attributes); + return resolvedLogView; + } + + public async getResolvedLogViewStatus(resolvedLogView: ResolvedLogView): Promise { + const indexStatus = await this.search({ + params: { + ignore_unavailable: true, + allow_no_indices: true, + index: resolvedLogView.indices, + size: 0, + terminate_after: 1, + track_total_hits: 1, + }, + }) + .toPromise() + .then( + ({ rawResponse }) => { + if (rawResponse._shards.total <= 0) { + return 'missing' as const; + } + + const totalHits = decodeTotalHits(rawResponse.hits.total); + if (typeof totalHits === 'number' ? totalHits > 0 : totalHits.value > 0) { + return 'available' as const; + } + + return 'empty' as const; + }, + (err) => { + if (err.status === 404) { + return 'missing' as const; + } + throw new FetchLogViewStatusError( + `Failed to check status of log indices of "${resolvedLogView.indices}": ${err}` + ); + } + ); + + return { + index: indexStatus, + }; + } + + public async putLogView( + logViewId: string, + logViewAttributes: Partial + ): Promise { + const response = await this.http + .put(getLogViewUrl(logViewId), { + body: JSON.stringify(putLogViewRequestPayloadRT.encode({ attributes: logViewAttributes })), + }) + .catch((error) => { + throw new PutLogViewError(`Failed to write log view "${logViewId}": ${error}`); + }); + + const { data } = decodeOrThrow( + getLogViewResponsePayloadRT, + (message: string) => + new PutLogViewError(`Failed to decode written log view "${logViewId}": ${message}"`) + )(response); + + return data; + } + + public async resolveLogView(logViewAttributes: LogViewAttributes): Promise { + return await resolveLogView(logViewAttributes, this.dataViews, this.config); + } +} + +const decodeTotalHits = decodeOrThrow( + rt.union([ + rt.number, + rt.type({ + value: rt.number, + }), + ]) +); diff --git a/x-pack/plugins/infra/public/services/log_views/log_views_service.mock.ts b/x-pack/plugins/infra/public/services/log_views/log_views_service.mock.ts new file mode 100644 index 0000000000000..2c0132447d0a8 --- /dev/null +++ b/x-pack/plugins/infra/public/services/log_views/log_views_service.mock.ts @@ -0,0 +1,16 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { createLogViewsClientMock } from './log_views_client.mock'; +import { LogViewsServiceStart } from './types'; + +export const createLogViewsServiceStartMock = () => ({ + client: createLogViewsClientMock(), +}); + +export const _ensureTypeCompatibility = (): LogViewsServiceStart => + createLogViewsServiceStartMock(); diff --git a/x-pack/plugins/infra/public/services/log_views/log_views_service.ts b/x-pack/plugins/infra/public/services/log_views/log_views_service.ts new file mode 100644 index 0000000000000..9e081a8df5028 --- /dev/null +++ b/x-pack/plugins/infra/public/services/log_views/log_views_service.ts @@ -0,0 +1,24 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { LogViewsStaticConfig } from '../../../common/log_views'; +import { LogViewsClient } from './log_views_client'; +import { LogViewsServiceStartDeps, LogViewsServiceSetup, LogViewsServiceStart } from './types'; + +export class LogViewsService { + constructor(private readonly config: LogViewsStaticConfig) {} + + public setup(): LogViewsServiceSetup {} + + public start({ dataViews, http, search }: LogViewsServiceStartDeps): LogViewsServiceStart { + const client = new LogViewsClient(dataViews, http, search.search, this.config); + + return { + client, + }; + } +} diff --git a/x-pack/plugins/infra/public/services/log_views/types.ts b/x-pack/plugins/infra/public/services/log_views/types.ts new file mode 100644 index 0000000000000..12dac93af6fa9 --- /dev/null +++ b/x-pack/plugins/infra/public/services/log_views/types.ts @@ -0,0 +1,36 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { HttpStart } from 'src/core/public'; +import { ISearchStart } from 'src/plugins/data/public'; +import { DataViewsContract } from 'src/plugins/data_views/public'; +import { + LogView, + LogViewAttributes, + LogViewStatus, + ResolvedLogView, +} from '../../../common/log_views'; + +export type LogViewsServiceSetup = void; + +export interface LogViewsServiceStart { + client: ILogViewsClient; +} + +export interface LogViewsServiceStartDeps { + dataViews: DataViewsContract; + http: HttpStart; + search: ISearchStart; +} + +export interface ILogViewsClient { + getLogView(logViewId: string): Promise; + getResolvedLogViewStatus(resolvedLogView: ResolvedLogView): Promise; + getResolvedLogView(logViewId: string): Promise; + putLogView(logViewId: string, logViewAttributes: Partial): Promise; + resolveLogView(logViewAttributes: LogViewAttributes): Promise; +} diff --git a/x-pack/plugins/infra/public/test_utils/entries.ts b/x-pack/plugins/infra/public/test_utils/entries.ts index f27ccae13cc81..4dc3732fd49d5 100644 --- a/x-pack/plugins/infra/public/test_utils/entries.ts +++ b/x-pack/plugins/infra/public/test_utils/entries.ts @@ -7,7 +7,7 @@ import faker from 'faker'; import { LogEntry } from '../../common/log_entry'; -import { LogSourceConfiguration } from '../containers/logs/log_source'; +import { LogViewColumnConfiguration } from '../../common/log_views'; export const ENTRIES_EMPTY = { data: { @@ -21,7 +21,7 @@ export function generateFakeEntries( count: number, startTimestamp: number, endTimestamp: number, - columns: LogSourceConfiguration['configuration']['logColumns'] + columns: LogViewColumnConfiguration[] ): LogEntry[] { const entries: LogEntry[] = []; const timestampStep = Math.floor((endTimestamp - startTimestamp) / count); diff --git a/x-pack/plugins/infra/public/test_utils/source_configuration.ts b/x-pack/plugins/infra/public/test_utils/source_configuration.ts deleted file mode 100644 index b327b76fc1d73..0000000000000 --- a/x-pack/plugins/infra/public/test_utils/source_configuration.ts +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { GetLogSourceConfigurationSuccessResponsePayload } from '../../common/http_api/log_sources'; - -export const DEFAULT_SOURCE_CONFIGURATION: GetLogSourceConfigurationSuccessResponsePayload = { - data: { - id: 'default', - version: 'WzQwNiwxXQ==', - updatedAt: 1608559663482, - origin: 'stored', - configuration: { - name: 'Default', - description: '', - logIndices: { - type: 'index_pattern', - indexPatternId: 'some-test-id', - }, - fields: { - container: 'container.id', - host: 'host.name', - pod: 'kubernetes.pod.uid', - tiebreaker: '_doc', - timestamp: '@timestamp', - message: ['message'], - }, - logColumns: [ - { - timestampColumn: { - id: '5e7f964a-be8a-40d8-88d2-fbcfbdca0e2f', - }, - }, - { - fieldColumn: { - id: ' eb9777a8-fcd3-420e-ba7d-172fff6da7a2', - field: 'event.dataset', - }, - }, - { - messageColumn: { - id: 'b645d6da-824b-4723-9a2a-e8cece1645c0', - }, - }, - ], - }, - }, -}; diff --git a/x-pack/plugins/infra/public/types.ts b/x-pack/plugins/infra/public/types.ts index 4ac480484afbf..b4410b87d9b79 100644 --- a/x-pack/plugins/infra/public/types.ts +++ b/x-pack/plugins/infra/public/types.ts @@ -8,6 +8,7 @@ import type { CoreSetup, CoreStart, Plugin as PluginClass } from 'kibana/public'; import { IHttpFetchError } from 'src/core/public'; import type { DataPublicPluginStart } from '../../../../src/plugins/data/public'; +import type { DataViewsPublicPluginStart } from '../../../../src/plugins/data_views/public'; import type { EmbeddableSetup, EmbeddableStart } from '../../../../src/plugins/embeddable/public'; import type { HomePublicPluginSetup } from '../../../../src/plugins/home/public'; import type { SharePluginSetup, SharePluginStart } from '../../../../src/plugins/share/public'; @@ -27,15 +28,18 @@ import type { } from '../../observability/public'; // import type { OsqueryPluginStart } from '../../osquery/public'; import type { SpacesPluginStart } from '../../spaces/public'; +import { UnwrapPromise } from '../common/utility_types'; import type { SourceProviderProps, UseNodeMetricsTableOptions, } from './components/infrastructure_node_metrics_tables/shared'; +import { LogViewsServiceStart } from './services/log_views'; // Our own setup and start contract values export type InfraClientSetupExports = void; export interface InfraClientStartExports { + logViews: LogViewsServiceStart; ContainerMetricsTable: ( props: UseNodeMetricsTableOptions & Partial ) => JSX.Element; @@ -61,6 +65,7 @@ export interface InfraClientSetupDeps { export interface InfraClientStartDeps { data: DataPublicPluginStart; dataEnhanced: DataEnhancedStart; + dataViews: DataViewsPublicPluginStart; observability: ObservabilityPublicStart; spaces: SpacesPluginStart; triggersActionsUi: TriggersAndActionsUIPublicPluginStart; @@ -79,6 +84,8 @@ export type InfraClientPluginClass = PluginClass< InfraClientSetupDeps, InfraClientStartDeps >; +export type InfraClientStartServicesAccessor = InfraClientCoreSetup['getStartServices']; +export type InfraClientStartServices = UnwrapPromise>; export interface InfraHttpError extends IHttpFetchError { readonly body?: { diff --git a/x-pack/plugins/infra/public/utils/logs_overview_fetchers.ts b/x-pack/plugins/infra/public/utils/logs_overview_fetchers.ts index dd4bf2f8a8895..ffcffa29949e8 100644 --- a/x-pack/plugins/infra/public/utils/logs_overview_fetchers.ts +++ b/x-pack/plugins/infra/public/utils/logs_overview_fetchers.ts @@ -5,14 +5,11 @@ * 2.0. */ -import { encode } from 'rison-node'; import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; +import { encode } from 'rison-node'; import { FetchData, FetchDataParams, LogsFetchDataResponse } from '../../../observability/public'; import { DEFAULT_SOURCE_ID, TIMESTAMP_FIELD } from '../../common/constants'; -import { callFetchLogSourceConfigurationAPI } from '../containers/logs/log_source/api/fetch_log_source_configuration'; -import { callFetchLogSourceStatusAPI } from '../containers/logs/log_source/api/fetch_log_source_status'; -import { InfraClientCoreSetup, InfraClientStartDeps } from '../types'; -import { resolveLogSourceConfiguration } from '../../common/log_sources'; +import { InfraClientStartDeps, InfraClientStartServicesAccessor } from '../types'; interface StatsAggregation { buckets: Array<{ @@ -34,37 +31,32 @@ interface LogParams { type StatsAndSeries = Pick; -export function getLogsHasDataFetcher(getStartServices: InfraClientCoreSetup['getStartServices']) { +export function getLogsHasDataFetcher(getStartServices: InfraClientStartServicesAccessor) { return async () => { - const [core] = await getStartServices(); - const sourceStatus = await callFetchLogSourceStatusAPI(DEFAULT_SOURCE_ID, core.http.fetch); + const [, , { logViews }] = await getStartServices(); + const resolvedLogView = await logViews.client.getResolvedLogView(DEFAULT_SOURCE_ID); + const logViewStatus = await logViews.client.getResolvedLogViewStatus(resolvedLogView); + + const hasData = logViewStatus.index === 'available'; + const indices = resolvedLogView.indices; + return { - hasData: sourceStatus.data.logIndexStatus === 'available', - indices: sourceStatus.data.indices, + hasData, + indices, }; }; } export function getLogsOverviewDataFetcher( - getStartServices: InfraClientCoreSetup['getStartServices'] + getStartServices: InfraClientStartServicesAccessor ): FetchData { return async (params) => { - const [core, startPlugins] = await getStartServices(); - const { data } = startPlugins; - - const sourceConfiguration = await callFetchLogSourceConfigurationAPI( - DEFAULT_SOURCE_ID, - core.http.fetch - ); - - const resolvedLogSourceConfiguration = await resolveLogSourceConfiguration( - sourceConfiguration.data.configuration, - startPlugins.data.indexPatterns - ); + const [, { data }, { logViews }] = await getStartServices(); + const resolvedLogView = await logViews.client.getResolvedLogView(DEFAULT_SOURCE_ID); const { stats, series } = await fetchLogsOverview( { - index: resolvedLogSourceConfiguration.indices, + index: resolvedLogView.indices, }, params, data diff --git a/x-pack/plugins/infra/public/utils/logs_overview_fetches.test.ts b/x-pack/plugins/infra/public/utils/logs_overview_fetches.test.ts index 1ae412a92e456..81077f82d048d 100644 --- a/x-pack/plugins/infra/public/utils/logs_overview_fetches.test.ts +++ b/x-pack/plugins/infra/public/utils/logs_overview_fetches.test.ts @@ -6,26 +6,14 @@ */ import { CoreStart } from 'kibana/public'; +import { of } from 'rxjs'; import { coreMock } from 'src/core/public/mocks'; import { dataPluginMock } from 'src/plugins/data/public/mocks'; -import { createIndexPatternMock } from '../../common/dependency_mocks/index_patterns'; -import { GetLogSourceConfigurationSuccessResponsePayload } from '../../common/http_api/log_sources/get_log_source_configuration'; -import { callFetchLogSourceConfigurationAPI } from '../containers/logs/log_source/api/fetch_log_source_configuration'; -import { callFetchLogSourceStatusAPI } from '../containers/logs/log_source/api/fetch_log_source_status'; +import { createResolvedLogViewMock } from '../../common/log_views/resolved_log_view.mock'; +import { createInfraPluginStartMock } from '../mocks'; import { InfraClientStartDeps, InfraClientStartExports } from '../types'; import { getLogsHasDataFetcher, getLogsOverviewDataFetcher } from './logs_overview_fetchers'; -jest.mock('../containers/logs/log_source/api/fetch_log_source_status'); -const mockedCallFetchLogSourceStatusAPI = callFetchLogSourceStatusAPI as jest.MockedFunction< - typeof callFetchLogSourceStatusAPI ->; - -jest.mock('../containers/logs/log_source/api/fetch_log_source_configuration'); -const mockedCallFetchLogSourceConfigurationAPI = - callFetchLogSourceConfigurationAPI as jest.MockedFunction< - typeof callFetchLogSourceConfigurationAPI - >; - const DEFAULT_PARAMS = { absoluteTime: { start: 1593430680000, end: 1593430800000 }, relativeTime: { start: 'now-2m', end: 'now' }, // Doesn't matter for the test @@ -36,155 +24,110 @@ const DEFAULT_PARAMS = { function setup() { const core = coreMock.createStart(); const data = dataPluginMock.createStartContract(); + const pluginStart = createInfraPluginStartMock(); + const pluginDeps = { data } as InfraClientStartDeps; - // `dataResponder.mockReturnValue()` will be the `response` in - // - // const searcher = data.search.getSearchStrategy('sth'); - // searcher.search(...).subscribe((**response**) => {}); - // - const dataResponder = jest.fn(); - - (data.indexPatterns.get as jest.Mock).mockResolvedValue( - createIndexPatternMock({ - id: 'test-index-pattern', - title: 'log-indices-*', - timeFieldName: '@timestamp', - type: undefined, - fields: [ - { - name: 'event.dataset', - type: 'string', - esTypes: ['keyword'], - aggregatable: true, - searchable: true, - }, - { - name: 'runtime_field', - type: 'string', - runtimeField: { - type: 'keyword', - script: { - source: 'emit("runtime value")', - }, - }, - esTypes: ['keyword'], - aggregatable: true, - searchable: true, - }, - ], - }) - ); - - (data.search.search as jest.Mock).mockReturnValue({ - subscribe: (progress: Function, error: Function, finish: Function) => { - progress(dataResponder()); - finish(); - }, - }); + const dataSearch = data.search.search as jest.MockedFunction; - const mockedGetStartServices = jest.fn(() => { - const deps = { data }; - return Promise.resolve([ - core as CoreStart, - deps as InfraClientStartDeps, - {} as InfraClientStartExports, - ]) as Promise<[CoreStart, InfraClientStartDeps, InfraClientStartExports]>; - }); - return { core, mockedGetStartServices, dataResponder }; + const mockedGetStartServices = jest.fn(() => + Promise.resolve<[CoreStart, InfraClientStartDeps, InfraClientStartExports]>([ + core, + pluginDeps, + pluginStart, + ]) + ); + return { core, dataSearch, mockedGetStartServices, pluginStart }; } describe('Logs UI Observability Homepage Functions', () => { + beforeEach(() => { + jest.clearAllMocks(); + }); + describe('getLogsHasDataFetcher()', () => { - beforeEach(() => { - mockedCallFetchLogSourceStatusAPI.mockReset(); - }); it('should return true when non-empty indices exist', async () => { - const { mockedGetStartServices } = setup(); + const { mockedGetStartServices, pluginStart } = setup(); - mockedCallFetchLogSourceStatusAPI.mockResolvedValue({ - data: { logIndexStatus: 'available', indices: 'test-index' }, + pluginStart.logViews.client.getResolvedLogView.mockResolvedValue( + createResolvedLogViewMock({ indices: 'test-index' }) + ); + pluginStart.logViews.client.getResolvedLogViewStatus.mockResolvedValue({ + index: 'available', }); const hasData = getLogsHasDataFetcher(mockedGetStartServices); const response = await hasData(); - expect(mockedCallFetchLogSourceStatusAPI).toHaveBeenCalledTimes(1); + expect(pluginStart.logViews.client.getResolvedLogViewStatus).toHaveBeenCalledTimes(1); expect(response).toEqual({ hasData: true, indices: 'test-index' }); }); it('should return false when only empty indices exist', async () => { - const { mockedGetStartServices } = setup(); + const { mockedGetStartServices, pluginStart } = setup(); - mockedCallFetchLogSourceStatusAPI.mockResolvedValue({ - data: { logIndexStatus: 'empty', indices: 'test-index' }, + pluginStart.logViews.client.getResolvedLogView.mockResolvedValue( + createResolvedLogViewMock({ indices: 'test-index' }) + ); + pluginStart.logViews.client.getResolvedLogViewStatus.mockResolvedValue({ + index: 'empty', }); const hasData = getLogsHasDataFetcher(mockedGetStartServices); const response = await hasData(); - expect(mockedCallFetchLogSourceStatusAPI).toHaveBeenCalledTimes(1); + expect(pluginStart.logViews.client.getResolvedLogViewStatus).toHaveBeenCalledTimes(1); expect(response).toEqual({ hasData: false, indices: 'test-index' }); }); it('should return false when no index exists', async () => { - const { mockedGetStartServices } = setup(); + const { mockedGetStartServices, pluginStart } = setup(); - mockedCallFetchLogSourceStatusAPI.mockResolvedValue({ - data: { logIndexStatus: 'missing', indices: 'test-index' }, + pluginStart.logViews.client.getResolvedLogView.mockResolvedValue( + createResolvedLogViewMock({ indices: 'test-index' }) + ); + pluginStart.logViews.client.getResolvedLogViewStatus.mockResolvedValue({ + index: 'missing', }); const hasData = getLogsHasDataFetcher(mockedGetStartServices); const response = await hasData(); - expect(mockedCallFetchLogSourceStatusAPI).toHaveBeenCalledTimes(1); + expect(pluginStart.logViews.client.getResolvedLogViewStatus).toHaveBeenCalledTimes(1); expect(response).toEqual({ hasData: false, indices: 'test-index' }); }); }); describe('getLogsOverviewDataFetcher()', () => { - beforeAll(() => { - mockedCallFetchLogSourceConfigurationAPI.mockResolvedValue({ - data: { - configuration: { - logIndices: { - type: 'index_pattern', - indexPatternId: 'test-index-pattern', - }, - }, - }, - } as GetLogSourceConfigurationSuccessResponsePayload); - }); - - afterAll(() => { - mockedCallFetchLogSourceConfigurationAPI.mockReset(); - }); - it('should work', async () => { - const { mockedGetStartServices, dataResponder } = setup(); - - dataResponder.mockReturnValue({ - rawResponse: { - aggregations: { - stats: { - buckets: [ - { - key: 'nginx', - doc_count: 250, // Count is for 2 minutes - series: { - buckets: [ - // Counts are per 30 seconds - { key: 1593430680000, doc_count: 25 }, - { key: 1593430710000, doc_count: 50 }, - { key: 1593430740000, doc_count: 75 }, - { key: 1593430770000, doc_count: 100 }, - ], + const { mockedGetStartServices, dataSearch, pluginStart } = setup(); + + pluginStart.logViews.client.getResolvedLogView.mockResolvedValue(createResolvedLogViewMock()); + + dataSearch.mockReturnValue( + of({ + rawResponse: { + aggregations: { + stats: { + buckets: [ + { + key: 'nginx', + doc_count: 250, // Count is for 2 minutes + series: { + buckets: [ + // Counts are per 30 seconds + { key: 1593430680000, doc_count: 25 }, + { key: 1593430710000, doc_count: 50 }, + { key: 1593430740000, doc_count: 75 }, + { key: 1593430770000, doc_count: 100 }, + ], + }, }, - }, - ], + ], + }, }, }, - }, - }); + }) + ); const fetchData = getLogsOverviewDataFetcher(mockedGetStartServices); const response = await fetchData(DEFAULT_PARAMS); diff --git a/x-pack/plugins/infra/public/utils/use_observable.ts b/x-pack/plugins/infra/public/utils/use_observable.ts index 87d182c94ac05..dd89e1ce17edd 100644 --- a/x-pack/plugins/infra/public/utils/use_observable.ts +++ b/x-pack/plugins/infra/public/utils/use_observable.ts @@ -23,11 +23,10 @@ export const useObservable = < createObservableOnce: (inputValues: Observable) => OutputObservable, inputValues: InputValues ) => { - const [inputValues$] = useState(() => new BehaviorSubject(inputValues)); - const [output$] = useState(() => createObservableOnce(inputValues$)); + const [output$, next] = useBehaviorSubject(createObservableOnce, () => inputValues); useEffect(() => { - inputValues$.next(inputValues); + next(inputValues); // `inputValues` can't be statically analyzed // eslint-disable-next-line react-hooks/exhaustive-deps }, inputValues); @@ -35,6 +34,19 @@ export const useObservable = < return output$; }; +export const useBehaviorSubject = < + InputValue, + OutputValue, + OutputObservable extends Observable +>( + deriveObservableOnce: (input$: Observable) => OutputObservable, + createInitialValue: () => InputValue +) => { + const [subject$] = useState(() => new BehaviorSubject(createInitialValue())); + const [output$] = useState(() => deriveObservableOnce(subject$)); + return [output$, subject$.next.bind(subject$)] as const; +}; + export const useObservableState = ( state$: Observable, initialState: InitialState | (() => InitialState) diff --git a/x-pack/plugins/infra/server/features.ts b/x-pack/plugins/infra/server/features.ts index 3e7ede11f7e9d..4c9b4ba531d80 100644 --- a/x-pack/plugins/infra/server/features.ts +++ b/x-pack/plugins/infra/server/features.ts @@ -13,6 +13,8 @@ import { METRIC_THRESHOLD_ALERT_TYPE_ID, } from '../common/alerting/metrics'; import { LOGS_FEATURE_ID, METRICS_FEATURE_ID } from '../common/constants'; +import { infraSourceConfigurationSavedObjectName } from './lib/sources/saved_object_type'; +import { logViewSavedObjectName } from './saved_objects'; export const METRICS_FEATURE = { id: METRICS_FEATURE_ID, @@ -92,7 +94,7 @@ export const LOGS_FEATURE = { catalogue: ['infralogging', 'logs'], api: ['infra'], savedObject: { - all: ['infrastructure-ui-source'], + all: [infraSourceConfigurationSavedObjectName, logViewSavedObjectName], read: [], }, alerting: { @@ -125,7 +127,7 @@ export const LOGS_FEATURE = { }, savedObject: { all: [], - read: ['infrastructure-ui-source'], + read: [infraSourceConfigurationSavedObjectName, logViewSavedObjectName], }, ui: ['show'], }, diff --git a/x-pack/plugins/infra/server/index.ts b/x-pack/plugins/infra/server/index.ts index 93be23356dfc3..dcaa3df2db23c 100644 --- a/x-pack/plugins/infra/server/index.ts +++ b/x-pack/plugins/infra/server/index.ts @@ -6,11 +6,11 @@ */ import { PluginInitializerContext } from 'src/core/server'; -import { config, InfraConfig, InfraServerPlugin, InfraPluginSetup } from './plugin'; +import { config, InfraConfig, InfraServerPlugin } from './plugin'; -export type { InfraConfig, InfraPluginSetup }; +export type { InfraPluginSetup, InfraPluginStart, InfraRequestHandlerContext } from './types'; +export type { InfraConfig }; export { config }; -export type { InfraRequestHandlerContext } from './types'; export function plugin(context: PluginInitializerContext) { return new InfraServerPlugin(context); diff --git a/x-pack/plugins/infra/server/infra_server.ts b/x-pack/plugins/infra/server/infra_server.ts index d289cf339851d..18f6c943f234b 100644 --- a/x-pack/plugins/infra/server/infra_server.ts +++ b/x-pack/plugins/infra/server/infra_server.ts @@ -5,9 +5,14 @@ * 2.0. */ -import { initIpToHostName } from './routes/ip_to_hostname'; import { InfraBackendLibs } from './lib/infra_types'; +import { initGetHostsAnomaliesRoute, initGetK8sAnomaliesRoute } from './routes/infra_ml'; +import { initInventoryMetaRoute } from './routes/inventory_metadata'; +import { initIpToHostName } from './routes/ip_to_hostname'; +import { initGetLogAlertsChartPreviewDataRoute } from './routes/log_alerts'; import { + initGetLogEntryAnomaliesDatasetsRoute, + initGetLogEntryAnomaliesRoute, initGetLogEntryCategoriesRoute, initGetLogEntryCategoryDatasetsRoute, initGetLogEntryCategoryDatasetsStatsRoute, @@ -15,27 +20,21 @@ import { initGetLogEntryExamplesRoute, initValidateLogAnalysisDatasetsRoute, initValidateLogAnalysisIndicesRoute, - initGetLogEntryAnomaliesRoute, - initGetLogEntryAnomaliesDatasetsRoute, } from './routes/log_analysis'; -import { initGetK8sAnomaliesRoute } from './routes/infra_ml'; -import { initGetHostsAnomaliesRoute } from './routes/infra_ml'; -import { initMetricExplorerRoute } from './routes/metrics_explorer'; -import { initMetricsAPIRoute } from './routes/metrics_api'; -import { initMetadataRoute } from './routes/metadata'; -import { initSnapshotRoute } from './routes/snapshot'; -import { initNodeDetailsRoute } from './routes/node_details'; import { initLogEntriesHighlightsRoute, - initLogEntriesSummaryRoute, initLogEntriesSummaryHighlightsRoute, + initLogEntriesSummaryRoute, } from './routes/log_entries'; -import { initInventoryMetaRoute } from './routes/inventory_metadata'; -import { initLogSourceConfigurationRoutes, initLogSourceStatusRoutes } from './routes/log_sources'; +import { initLogViewRoutes } from './routes/log_views'; +import { initMetadataRoute } from './routes/metadata'; +import { initMetricsAPIRoute } from './routes/metrics_api'; +import { initMetricExplorerRoute } from './routes/metrics_explorer'; import { initMetricsSourceConfigurationRoutes } from './routes/metrics_sources'; +import { initNodeDetailsRoute } from './routes/node_details'; import { initOverviewRoute } from './routes/overview'; -import { initGetLogAlertsChartPreviewDataRoute } from './routes/log_alerts'; import { initProcessListRoute } from './routes/process_list'; +import { initSnapshotRoute } from './routes/snapshot'; export const initInfraServer = (libs: InfraBackendLibs) => { initIpToHostName(libs); @@ -56,12 +55,11 @@ export const initInfraServer = (libs: InfraBackendLibs) => { initLogEntriesHighlightsRoute(libs); initLogEntriesSummaryRoute(libs); initLogEntriesSummaryHighlightsRoute(libs); + initLogViewRoutes(libs); initMetricExplorerRoute(libs); initMetricsAPIRoute(libs); initMetadataRoute(libs); initInventoryMetaRoute(libs); - initLogSourceConfigurationRoutes(libs); - initLogSourceStatusRoutes(libs); initGetLogAlertsChartPreviewDataRoute(libs); initProcessListRoute(libs); initOverviewRoute(libs); diff --git a/x-pack/plugins/infra/server/lib/adapters/framework/adapter_types.ts b/x-pack/plugins/infra/server/lib/adapters/framework/adapter_types.ts index 00c52dae7ed3c..7a0f44883f036 100644 --- a/x-pack/plugins/infra/server/lib/adapters/framework/adapter_types.ts +++ b/x-pack/plugins/infra/server/lib/adapters/framework/adapter_types.ts @@ -14,6 +14,7 @@ import { PluginSetup as DataPluginSetup, PluginStart as DataPluginStart, } from '../../../../../../../src/plugins/data/server'; +import { PluginStart as DataViewsPluginStart } from '../../../../../../../src/plugins/data_views/server'; import { HomeServerPluginSetup } from '../../../../../../../src/plugins/home/server'; import { VisTypeTimeseriesSetup } from '../../../../../../../src/plugins/vis_types/timeseries/server'; import { PluginSetupContract as FeaturesPluginSetup } from '../../../../../../plugins/features/server'; @@ -36,6 +37,7 @@ export interface InfraServerPluginSetupDeps { export interface InfraServerPluginStartDeps { data: DataPluginStart; + dataViews: DataViewsPluginStart; } export interface CallWithRequestParams extends estypes.RequestBase { diff --git a/x-pack/plugins/infra/server/lib/adapters/log_entries/kibana_log_entries_adapter.ts b/x-pack/plugins/infra/server/lib/adapters/log_entries/kibana_log_entries_adapter.ts index 7e8f5ebfd5af4..26c29b948e266 100644 --- a/x-pack/plugins/infra/server/lib/adapters/log_entries/kibana_log_entries_adapter.ts +++ b/x-pack/plugins/infra/server/lib/adapters/log_entries/kibana_log_entries_adapter.ts @@ -23,7 +23,7 @@ import { } from '../../domains/log_entries_domain'; import { SortedSearchHit } from '../framework'; import { KibanaFramework } from '../framework/kibana_framework_adapter'; -import { ResolvedLogSourceConfiguration } from '../../../../common/log_sources'; +import { ResolvedLogView } from '../../../../common/log_views'; import { TIMESTAMP_FIELD, TIEBREAKER_FIELD } from '../../../../common/constants'; const TIMESTAMP_FORMAT = 'epoch_millis'; @@ -33,7 +33,7 @@ export class InfraKibanaLogEntriesAdapter implements LogEntriesAdapter { public async getLogEntries( requestContext: InfraPluginRequestHandlerContext, - resolvedLogSourceConfiguration: ResolvedLogSourceConfiguration, + resolvedLogView: ResolvedLogView, fields: string[], params: LogEntriesParams ): Promise<{ documents: LogEntryDocument[]; hasMoreBefore?: boolean; hasMoreAfter?: boolean }> { @@ -71,7 +71,7 @@ export class InfraKibanaLogEntriesAdapter implements LogEntriesAdapter { const esQuery = { allow_no_indices: true, - index: resolvedLogSourceConfiguration.indices, + index: resolvedLogView.indices, ignore_unavailable: true, body: { size: size + 1, // Extra one to test if it has more before or after @@ -94,7 +94,7 @@ export class InfraKibanaLogEntriesAdapter implements LogEntriesAdapter { ], }, }, - runtime_mappings: resolvedLogSourceConfiguration.runtimeMappings, + runtime_mappings: resolvedLogView.runtimeMappings, sort, ...highlightClause, ...searchAfterClause, @@ -127,7 +127,7 @@ export class InfraKibanaLogEntriesAdapter implements LogEntriesAdapter { public async getContainedLogSummaryBuckets( requestContext: InfraPluginRequestHandlerContext, - resolvedLogSourceConfiguration: ResolvedLogSourceConfiguration, + resolvedLogView: ResolvedLogView, startTimestamp: number, endTimestamp: number, bucketSize: number, @@ -141,7 +141,7 @@ export class InfraKibanaLogEntriesAdapter implements LogEntriesAdapter { const query = { allow_no_indices: true, - index: resolvedLogSourceConfiguration.indices, + index: resolvedLogView.indices, ignore_unavailable: true, body: { aggregations: { @@ -181,7 +181,7 @@ export class InfraKibanaLogEntriesAdapter implements LogEntriesAdapter { ], }, }, - runtime_mappings: resolvedLogSourceConfiguration.runtimeMappings, + runtime_mappings: resolvedLogView.runtimeMappings, size: 0, track_total_hits: false, }, diff --git a/x-pack/plugins/infra/server/lib/alerting/inventory_metric_threshold/evaluate_condition.ts b/x-pack/plugins/infra/server/lib/alerting/inventory_metric_threshold/evaluate_condition.ts index 130ad69b111e9..b59235d3ea95a 100644 --- a/x-pack/plugins/infra/server/lib/alerting/inventory_metric_threshold/evaluate_condition.ts +++ b/x-pack/plugins/infra/server/lib/alerting/inventory_metric_threshold/evaluate_condition.ts @@ -12,7 +12,7 @@ import { Logger } from '@kbn/logging'; import { InventoryMetricConditions } from '../../../../common/alerting/metrics'; import { InfraTimerangeInput } from '../../../../common/http_api'; import { InventoryItemType } from '../../../../common/inventory_models/types'; -import { LogQueryFields } from '../../../services/log_queries/get_log_query_fields'; +import { LogQueryFields } from '../../metrics/types'; import { InfraSource } from '../../sources'; import { calcualteFromBasedOnMetric } from './lib/calculate_from_based_on_metric'; import { getData } from './lib/get_data'; diff --git a/x-pack/plugins/infra/server/lib/alerting/inventory_metric_threshold/inventory_metric_threshold_executor.ts b/x-pack/plugins/infra/server/lib/alerting/inventory_metric_threshold/inventory_metric_threshold_executor.ts index 289b4bc6ee74e..f962d73edebc4 100644 --- a/x-pack/plugins/infra/server/lib/alerting/inventory_metric_threshold/inventory_metric_threshold_executor.ts +++ b/x-pack/plugins/infra/server/lib/alerting/inventory_metric_threshold/inventory_metric_threshold_executor.ts @@ -24,6 +24,7 @@ import { METRIC_FORMATTERS } from '../../../../common/formatters/snapshot_metric import { SnapshotMetricType } from '../../../../common/inventory_models/types'; import { toMetricOpt } from '../../../../common/snapshot_metric_i18n'; import { InfraBackendLibs } from '../../infra_types'; +import { LogQueryFields } from '../../metrics/types'; import { buildErrorAlertReason, buildFiredAlertReason, @@ -64,7 +65,7 @@ export const createInventoryMetricThresholdExecutor = (libs: InfraBackendLibs) = InventoryMetricThresholdAllowedActionGroups >(async ({ services, params, alertId, executionId, startedAt }) => { const startTime = Date.now(); - const { criteria, filterQuery, sourceId, nodeType, alertOnNoData } = params; + const { criteria, filterQuery, sourceId = 'default', nodeType, alertOnNoData } = params; if (criteria.length === 0) throw new Error('Cannot execute an alert with 0 conditions'); const logger = createScopedLogger(libs.logger, 'inventoryRule', { alertId, executionId }); const { alertWithLifecycle, savedObjectsClient, getAlertStartedDate } = services; @@ -105,18 +106,16 @@ export const createInventoryMetricThresholdExecutor = (libs: InfraBackendLibs) = return {}; } } - const source = await libs.sources.getSourceConfiguration( - savedObjectsClient, - sourceId || 'default' - ); + const source = await libs.sources.getSourceConfiguration(savedObjectsClient, sourceId); - const logQueryFields = await libs - .getLogQueryFields( - sourceId || 'default', - services.savedObjectsClient, - services.scopedClusterClient.asCurrentUser - ) - .catch(() => undefined); + const [, , { logViews }] = await libs.getStartServices(); + const logQueryFields: LogQueryFields | undefined = await logViews + .getClient(savedObjectsClient, services.scopedClusterClient.asCurrentUser) + .getResolvedLogView(sourceId) + .then( + ({ indices }) => ({ indexPattern: indices }), + () => undefined + ); const compositeSize = libs.configuration.alerting.inventory_threshold.group_by_page_size; const results = await Promise.all( diff --git a/x-pack/plugins/infra/server/lib/alerting/inventory_metric_threshold/lib/get_data.ts b/x-pack/plugins/infra/server/lib/alerting/inventory_metric_threshold/lib/get_data.ts index 4f19f73231df6..c29c802f9391d 100644 --- a/x-pack/plugins/infra/server/lib/alerting/inventory_metric_threshold/lib/get_data.ts +++ b/x-pack/plugins/infra/server/lib/alerting/inventory_metric_threshold/lib/get_data.ts @@ -13,7 +13,7 @@ import { InventoryItemType, SnapshotMetricType, } from '../../../../../common/inventory_models/types'; -import { LogQueryFields } from '../../../../services/log_queries/get_log_query_fields'; +import { LogQueryFields } from '../../../metrics/types'; import { InfraSource } from '../../../sources'; import { createRequest } from './create_request'; diff --git a/x-pack/plugins/infra/server/lib/alerting/inventory_metric_threshold/lib/is_rate.ts b/x-pack/plugins/infra/server/lib/alerting/inventory_metric_threshold/lib/is_rate.ts index b29c6ac71cc50..113715336e9dc 100644 --- a/x-pack/plugins/infra/server/lib/alerting/inventory_metric_threshold/lib/is_rate.ts +++ b/x-pack/plugins/infra/server/lib/alerting/inventory_metric_threshold/lib/is_rate.ts @@ -6,24 +6,46 @@ */ import { has } from 'lodash'; -import { MetricsUIAggregation } from '../../../../../common/inventory_models/types'; +import { + MetricsUIAggregation, + MetricsUIAggregationRT, + ESSumBucketAggRT, + ESTermsWithAggregationRT, + ESDerivativeAggRT, + ESBasicMetricAggRT, +} from '../../../../../common/inventory_models/types'; import { SnapshotCustomMetricInput } from '../../../../../common/http_api'; -export const isMetricRate = (metric: MetricsUIAggregation): boolean => { +export const isMetricRate = (metric: MetricsUIAggregation | undefined): boolean => { + if (!MetricsUIAggregationRT.is(metric)) { + return false; + } const values = Object.values(metric); - return values.some((agg) => has(agg, 'derivative')) && values.some((agg) => has(agg, 'max')); + return ( + values.some((agg) => ESDerivativeAggRT.is(agg)) && + values.some((agg) => ESBasicMetricAggRT.is(agg) && has(agg, 'max')) + ); }; export const isCustomMetricRate = (customMetric: SnapshotCustomMetricInput) => { return customMetric.aggregation === 'rate'; }; -export const isInterfaceRateAgg = (metric: MetricsUIAggregation) => { +export const isInterfaceRateAgg = (metric: MetricsUIAggregation | undefined) => { + if (!MetricsUIAggregationRT.is(metric)) { + return false; + } const values = Object.values(metric); - return values.some((agg) => has(agg, 'terms')) && values.some((agg) => has(agg, 'sum_bucket')); + return ( + values.some((agg) => ESTermsWithAggregationRT.is(agg)) && + values.some((agg) => ESSumBucketAggRT.is(agg)) + ); }; -export const isRate = (metric: MetricsUIAggregation, customMetric?: SnapshotCustomMetricInput) => { +export const isRate = ( + metric: MetricsUIAggregation | undefined, + customMetric?: SnapshotCustomMetricInput +) => { return ( isMetricRate(metric) || isInterfaceRateAgg(metric) || diff --git a/x-pack/plugins/infra/server/lib/alerting/log_threshold/log_threshold_chart_preview.ts b/x-pack/plugins/infra/server/lib/alerting/log_threshold/log_threshold_chart_preview.ts index 7bf2cb5ea3394..56bbd69240dc2 100644 --- a/x-pack/plugins/infra/server/lib/alerting/log_threshold/log_threshold_chart_preview.ts +++ b/x-pack/plugins/infra/server/lib/alerting/log_threshold/log_threshold_chart_preview.ts @@ -6,38 +6,38 @@ */ import { i18n } from '@kbn/i18n'; -import type { InfraPluginRequestHandlerContext } from '../../../types'; -import { KibanaFramework } from '../../adapters/framework/kibana_framework_adapter'; +import { + GroupedSearchQueryResponse, + GroupedSearchQueryResponseRT, + isOptimizedGroupedSearchQueryResponse, + UngroupedSearchQueryResponse, + UngroupedSearchQueryResponseRT, +} from '../../../../common/alerting/logs/log_threshold/types'; import { GetLogAlertsChartPreviewDataAlertParamsSubset, - Series, Point, + Series, } from '../../../../common/http_api/log_alerts'; +import { ResolvedLogView } from '../../../../common/log_views'; +import { decodeOrThrow } from '../../../../common/runtime_types'; +import type { InfraPluginRequestHandlerContext } from '../../../types'; +import { KibanaFramework } from '../../adapters/framework/kibana_framework_adapter'; import { + buildFiltersFromCriteria, getGroupedESQuery, getUngroupedESQuery, - buildFiltersFromCriteria, } from './log_threshold_executor'; -import { - UngroupedSearchQueryResponseRT, - UngroupedSearchQueryResponse, - GroupedSearchQueryResponse, - GroupedSearchQueryResponseRT, - isOptimizedGroupedSearchQueryResponse, -} from '../../../../common/alerting/logs/log_threshold/types'; -import { decodeOrThrow } from '../../../../common/runtime_types'; -import { ResolvedLogSourceConfiguration } from '../../../../common/log_sources'; const COMPOSITE_GROUP_SIZE = 40; export async function getChartPreviewData( requestContext: InfraPluginRequestHandlerContext, - resolvedLogSourceConfiguration: ResolvedLogSourceConfiguration, + resolvedLogView: ResolvedLogView, callWithRequest: KibanaFramework['callWithRequest'], alertParams: GetLogAlertsChartPreviewDataAlertParamsSubset, buckets: number ) { - const { indices, timestampField, runtimeMappings } = resolvedLogSourceConfiguration; + const { indices, timestampField, runtimeMappings } = resolvedLogView; const { groupBy, timeSize, timeUnit } = alertParams; const isGrouped = groupBy && groupBy.length > 0 ? true : false; diff --git a/x-pack/plugins/infra/server/lib/alerting/log_threshold/log_threshold_executor.ts b/x-pack/plugins/infra/server/lib/alerting/log_threshold/log_threshold_executor.ts index 5bf1a914f49b1..b5bc3a15896cb 100644 --- a/x-pack/plugins/infra/server/lib/alerting/log_threshold/log_threshold_executor.ts +++ b/x-pack/plugins/infra/server/lib/alerting/log_threshold/log_threshold_executor.ts @@ -42,7 +42,6 @@ import { UngroupedSearchQueryResponse, UngroupedSearchQueryResponseRT, } from '../../../../common/alerting/logs/log_threshold'; -import { resolveLogSourceConfiguration } from '../../../../common/log_sources'; import { decodeOrThrow } from '../../../../common/runtime_types'; import { getLogsAppAlertUrl } from '../../../../common/formatters/alert_link'; import { getIntervalInSeconds } from '../../../utils/get_interval_in_seconds'; @@ -99,7 +98,7 @@ export const createLogThresholdExecutor = (libs: InfraBackendLibs) => >(async ({ services, params, startedAt }) => { const { alertWithLifecycle, savedObjectsClient, scopedClusterClient, getAlertStartedDate } = services; - const { sources, basePath } = libs; + const { basePath } = libs; const alertFactory: LogThresholdAlertFactory = (id, reason, value, threshold, actions) => { const alert = alertWithLifecycle({ @@ -131,16 +130,14 @@ export const createLogThresholdExecutor = (libs: InfraBackendLibs) => alert.replaceState({ alertState: AlertStates.ALERT, }); + return alert; }; - const sourceConfiguration = await sources.getSourceConfiguration(savedObjectsClient, 'default'); - const { indices, timestampField, runtimeMappings } = await resolveLogSourceConfiguration( - sourceConfiguration.configuration, - await libs.framework.getIndexPatternsService( - savedObjectsClient, - scopedClusterClient.asCurrentUser - ) - ); + + const [, , { logViews }] = await libs.getStartServices(); + const { indices, timestampField, runtimeMappings } = await logViews + .getClient(savedObjectsClient, scopedClusterClient.asCurrentUser) + .getResolvedLogView('default'); // TODO: move to params try { const validatedParams = decodeOrThrow(ruleParamsRT)(params); diff --git a/x-pack/plugins/infra/server/lib/domains/log_entries_domain/log_entries_domain.ts b/x-pack/plugins/infra/server/lib/domains/log_entries_domain/log_entries_domain.ts index e7b1624206515..ef6b7122aa4de 100644 --- a/x-pack/plugins/infra/server/lib/domains/log_entries_domain/log_entries_domain.ts +++ b/x-pack/plugins/infra/server/lib/domains/log_entries_domain/log_entries_domain.ts @@ -7,39 +7,33 @@ import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; import { JsonObject } from '@kbn/utility-types'; - -import type { InfraPluginRequestHandlerContext } from '../../../types'; - import { LogEntriesSummaryBucket, LogEntriesSummaryHighlightsBucket, } from '../../../../common/http_api'; +import { LogColumn, LogEntry, LogEntryCursor } from '../../../../common/log_entry'; import { - LogSourceColumnConfiguration, - ResolvedLogSourceConfiguration, - resolveLogSourceConfiguration, -} from '../../../../common/log_sources'; -import { LogColumn, LogEntryCursor, LogEntry } from '../../../../common/log_entry'; -import { - InfraSourceConfiguration, - InfraSources, - SourceConfigurationFieldColumnRuntimeType, -} from '../../sources'; + LogViewColumnConfiguration, + logViewFieldColumnConfigurationRT, + ResolvedLogView, +} from '../../../../common/log_views'; +import { decodeOrThrow } from '../../../../common/runtime_types'; import { getBuiltinRules } from '../../../services/log_entries/message/builtin_rules'; import { CompiledLogMessageFormattingRule, + compileFormattingRules, Fields, Highlights, - compileFormattingRules, } from '../../../services/log_entries/message/message'; -import { KibanaFramework } from '../../adapters/framework/kibana_framework_adapter'; -import { decodeOrThrow } from '../../../../common/runtime_types'; +import type { InfraPluginRequestHandlerContext } from '../../../types'; +import { InfraBackendLibs } from '../../infra_types'; import { - logEntryDatasetsResponseRT, - LogEntryDatasetBucket, CompositeDatasetKey, createLogEntryDatasetsQuery, + LogEntryDatasetBucket, + logEntryDatasetsResponseRT, } from './queries/log_entry_datasets'; + export interface LogEntriesParams { startTimestamp: number; endTimestamp: number; @@ -66,17 +60,14 @@ const COMPOSITE_AGGREGATION_BATCH_SIZE = 1000; export class InfraLogEntriesDomain { constructor( private readonly adapter: LogEntriesAdapter, - private readonly libs: { - framework: KibanaFramework; - sources: InfraSources; - } + private readonly libs: Pick ) {} public async getLogEntriesAround( requestContext: InfraPluginRequestHandlerContext, sourceId: string, params: LogEntriesAroundParams, - columnOverrides?: LogSourceColumnConfiguration[] + columnOverrides?: LogViewColumnConfiguration[] ): Promise<{ entries: LogEntry[]; hasMoreBefore?: boolean; hasMoreAfter?: boolean }> { const { startTimestamp, endTimestamp, center, query, size, highlightTerm } = params; @@ -136,27 +127,26 @@ export class InfraLogEntriesDomain { requestContext: InfraPluginRequestHandlerContext, sourceId: string, params: LogEntriesParams, - columnOverrides?: LogSourceColumnConfiguration[] + columnOverrides?: LogViewColumnConfiguration[] ): Promise<{ entries: LogEntry[]; hasMoreBefore?: boolean; hasMoreAfter?: boolean }> { - const { configuration } = await this.libs.sources.getSourceConfiguration( - requestContext.core.savedObjects.client, - sourceId - ); - const resolvedLogSourceConfiguration = await resolveLogSourceConfiguration( - configuration, - await this.libs.framework.getIndexPatternsServiceWithRequestContext(requestContext) - ); - const columnDefinitions = columnOverrides ?? configuration.logColumns; + const [, , { logViews }] = await this.libs.getStartServices(); + const resolvedLogView = await logViews + .getClient( + requestContext.core.savedObjects.client, + requestContext.core.elasticsearch.client.asCurrentUser + ) + .getResolvedLogView(sourceId); + const columnDefinitions = columnOverrides ?? resolvedLogView.columns; const messageFormattingRules = compileFormattingRules( - getBuiltinRules(configuration.fields.message) + getBuiltinRules(resolvedLogView.messageField) ); - const requiredFields = getRequiredFields(configuration, messageFormattingRules); + const requiredFields = getRequiredFields(resolvedLogView, messageFormattingRules); const { documents, hasMoreBefore, hasMoreAfter } = await this.adapter.getLogEntries( requestContext, - resolvedLogSourceConfiguration, + resolvedLogView, requiredFields, params ); @@ -201,17 +191,16 @@ export class InfraLogEntriesDomain { bucketSize: number, filterQuery?: LogEntryQuery ): Promise { - const { configuration } = await this.libs.sources.getSourceConfiguration( - requestContext.core.savedObjects.client, - sourceId - ); - const resolvedLogSourceConfiguration = await resolveLogSourceConfiguration( - configuration, - await this.libs.framework.getIndexPatternsServiceWithRequestContext(requestContext) - ); + const [, , { logViews }] = await this.libs.getStartServices(); + const resolvedLogView = await logViews + .getClient( + requestContext.core.savedObjects.client, + requestContext.core.elasticsearch.client.asCurrentUser + ) + .getResolvedLogView(sourceId); const dateRangeBuckets = await this.adapter.getContainedLogSummaryBuckets( requestContext, - resolvedLogSourceConfiguration, + resolvedLogView, start, end, bucketSize, @@ -229,18 +218,17 @@ export class InfraLogEntriesDomain { highlightQueries: string[], filterQuery?: LogEntryQuery ): Promise { - const { configuration } = await this.libs.sources.getSourceConfiguration( - requestContext.core.savedObjects.client, - sourceId - ); - const resolvedLogSourceConfiguration = await resolveLogSourceConfiguration( - configuration, - await this.libs.framework.getIndexPatternsServiceWithRequestContext(requestContext) - ); + const [, , { logViews }] = await this.libs.getStartServices(); + const resolvedLogView = await logViews + .getClient( + requestContext.core.savedObjects.client, + requestContext.core.elasticsearch.client.asCurrentUser + ) + .getResolvedLogView(sourceId); const messageFormattingRules = compileFormattingRules( - getBuiltinRules(configuration.fields.message) + getBuiltinRules(resolvedLogView.messageField) ); - const requiredFields = getRequiredFields(configuration, messageFormattingRules); + const requiredFields = getRequiredFields(resolvedLogView, messageFormattingRules); const summaries = await Promise.all( highlightQueries.map(async (highlightQueryPhrase) => { @@ -254,7 +242,7 @@ export class InfraLogEntriesDomain { : highlightQuery; const summaryBuckets = await this.adapter.getContainedLogSummaryBuckets( requestContext, - resolvedLogSourceConfiguration, + resolvedLogView, startTimestamp, endTimestamp, bucketSize, @@ -315,14 +303,14 @@ export class InfraLogEntriesDomain { export interface LogEntriesAdapter { getLogEntries( requestContext: InfraPluginRequestHandlerContext, - resolvedLogSourceConfiguration: ResolvedLogSourceConfiguration, + resolvedLogView: ResolvedLogView, fields: string[], params: LogEntriesParams ): Promise<{ documents: LogEntryDocument[]; hasMoreBefore?: boolean; hasMoreAfter?: boolean }>; getContainedLogSummaryBuckets( requestContext: InfraPluginRequestHandlerContext, - resolvedLogSourceConfiguration: ResolvedLogSourceConfiguration, + resolvedLogView: ResolvedLogView, startTimestamp: number, endTimestamp: number, bucketSize: number, @@ -360,12 +348,12 @@ const convertLogSummaryBucketToSummaryHighlightBucket = ( }); const getRequiredFields = ( - configuration: InfraSourceConfiguration, + configuration: ResolvedLogView, messageFormattingRules: CompiledLogMessageFormattingRule ): string[] => { - const fieldsFromCustomColumns = configuration.logColumns.reduce( + const fieldsFromCustomColumns = configuration.columns.reduce( (accumulatedFields, logColumn) => { - if (SourceConfigurationFieldColumnRuntimeType.is(logColumn)) { + if (logViewFieldColumnConfigurationRT.is(logColumn)) { return [...accumulatedFields, logColumn.fieldColumn.field]; } return accumulatedFields; diff --git a/x-pack/plugins/infra/server/lib/infra_types.ts b/x-pack/plugins/infra/server/lib/infra_types.ts index bf2847491a901..0a627e9de9c35 100644 --- a/x-pack/plugins/infra/server/lib/infra_types.ts +++ b/x-pack/plugins/infra/server/lib/infra_types.ts @@ -8,9 +8,8 @@ import { Logger } from '@kbn/logging'; import type { IBasePath } from 'kibana/server'; import { handleEsError } from '../../../../../src/plugins/es_ui_shared/server'; -import { InfraConfig } from '../types'; -import { GetLogQueryFields } from '../services/log_queries/get_log_query_fields'; import { RulesServiceSetup } from '../services/rules'; +import { InfraConfig, InfraPluginStartServicesAccessor } from '../types'; import { KibanaFramework } from './adapters/framework/kibana_framework_adapter'; import { InfraFieldsDomain } from './domains/fields_domain'; import { InfraLogEntriesDomain } from './domains/log_entries_domain'; @@ -29,10 +28,10 @@ export interface InfraBackendLibs extends InfraDomainLibs { framework: KibanaFramework; sources: InfraSources; sourceStatus: InfraSourceStatus; - getLogQueryFields: GetLogQueryFields; handleEsError: typeof handleEsError; logsRules: RulesServiceSetup; metricsRules: RulesServiceSetup; + getStartServices: InfraPluginStartServicesAccessor; logger: Logger; basePath: IBasePath; } diff --git a/x-pack/plugins/infra/server/lib/log_analysis/log_entry_anomalies.ts b/x-pack/plugins/infra/server/lib/log_analysis/log_entry_anomalies.ts index aca0483037912..feb0f6b5b9998 100644 --- a/x-pack/plugins/infra/server/lib/log_analysis/log_entry_anomalies.ts +++ b/x-pack/plugins/infra/server/lib/log_analysis/log_entry_anomalies.ts @@ -6,35 +6,39 @@ */ import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; -import type { InfraPluginRequestHandlerContext, InfraRequestHandlerContext } from '../../types'; -import { TracingSpan, startTracingSpan } from '../../../common/performance_tracing'; -import { fetchMlJob, getLogEntryDatasets } from './common'; import { + AnomaliesSort, getJobId, - logEntryCategoriesJobTypes, - logEntryRateJobTypes, + isCategoryAnomaly, jobCustomSettingsRT, LogEntryAnomalyDatasets, - AnomaliesSort, + logEntryCategoriesJobTypes, + logEntryRateJobTypes, Pagination, - isCategoryAnomaly, } from '../../../common/log_analysis'; -import type { ResolvedLogSourceConfiguration } from '../../../common/log_sources'; -import type { MlSystem, MlAnomalyDetectors } from '../../types'; -import { createLogEntryAnomaliesQuery, logEntryAnomaliesResponseRT } from './queries'; +import { ResolvedLogView } from '../../../common/log_views'; +import { startTracingSpan, TracingSpan } from '../../../common/performance_tracing'; +import { decodeOrThrow } from '../../../common/runtime_types'; +import type { + InfraPluginRequestHandlerContext, + InfraRequestHandlerContext, + MlAnomalyDetectors, + MlSystem, +} from '../../types'; +import { KibanaFramework } from '../adapters/framework/kibana_framework_adapter'; +import { fetchMlJob, getLogEntryDatasets } from './common'; import { InsufficientAnomalyMlJobsConfigured, InsufficientLogAnalysisMlJobConfigurationError, - UnknownCategoryError, isMlPrivilegesError, + UnknownCategoryError, } from './errors'; -import { decodeOrThrow } from '../../../common/runtime_types'; +import { fetchLogEntryCategories } from './log_entry_categories_analysis'; +import { createLogEntryAnomaliesQuery, logEntryAnomaliesResponseRT } from './queries'; import { createLogEntryExamplesQuery, logEntryExamplesResponseRT, } from './queries/log_entry_examples'; -import { KibanaFramework } from '../adapters/framework/kibana_framework_adapter'; -import { fetchLogEntryCategories } from './log_entry_categories_analysis'; interface MappedAnomalyHit { id: string; @@ -327,7 +331,7 @@ export async function getLogEntryExamples( endTime: number, dataset: string, exampleCount: number, - resolvedSourceConfiguration: ResolvedLogSourceConfiguration, + resolvedLogView: ResolvedLogView, callWithRequest: KibanaFramework['callWithRequest'], categoryId?: string ) { @@ -347,7 +351,7 @@ export async function getLogEntryExamples( const customSettings = decodeOrThrow(jobCustomSettingsRT)(mlJob.custom_settings); const indices = customSettings?.logs_source_config?.indexPattern; const timestampField = customSettings?.logs_source_config?.timestampField; - const { tiebreakerField, runtimeMappings } = resolvedSourceConfiguration; + const { tiebreakerField, runtimeMappings } = resolvedLogView; if (indices == null || timestampField == null) { throw new InsufficientLogAnalysisMlJobConfigurationError( diff --git a/x-pack/plugins/infra/server/lib/log_analysis/log_entry_categories_analysis.ts b/x-pack/plugins/infra/server/lib/log_analysis/log_entry_categories_analysis.ts index 316f868589064..d4679c7919535 100644 --- a/x-pack/plugins/infra/server/lib/log_analysis/log_entry_categories_analysis.ts +++ b/x-pack/plugins/infra/server/lib/log_analysis/log_entry_categories_analysis.ts @@ -8,17 +8,18 @@ import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; import type { ElasticsearchClient } from 'src/core/server'; import { + CategoriesSort, compareDatasetsByMaximumAnomalyScore, getJobId, jobCustomSettingsRT, logEntryCategoriesJobTypes, - CategoriesSort, } from '../../../common/log_analysis'; import { LogEntryContext } from '../../../common/log_entry'; -import type { ResolvedLogSourceConfiguration } from '../../../common/log_sources'; +import { ResolvedLogView } from '../../../common/log_views'; import { startTracingSpan } from '../../../common/performance_tracing'; import { decodeOrThrow } from '../../../common/runtime_types'; import type { MlAnomalyDetectors, MlSystem } from '../../types'; +import { fetchMlJob, getLogEntryDatasets } from './common'; import { InsufficientLogAnalysisMlJobConfigurationError, UnknownCategoryError } from './errors'; import { createLogEntryCategoriesQuery, @@ -38,7 +39,6 @@ import { createTopLogEntryCategoriesQuery, topLogEntryCategoriesResponseRT, } from './queries/top_log_entry_categories'; -import { fetchMlJob, getLogEntryDatasets } from './common'; export async function getTopLogEntryCategories( context: { @@ -148,7 +148,7 @@ export async function getLogEntryCategoryExamples( endTime: number, categoryId: number, exampleCount: number, - resolvedSourceConfiguration: ResolvedLogSourceConfiguration + resolvedLogView: ResolvedLogView ) { const finalizeLogEntryCategoryExamplesSpan = startTracingSpan('get category example log entries'); @@ -166,7 +166,7 @@ export async function getLogEntryCategoryExamples( const customSettings = decodeOrThrow(jobCustomSettingsRT)(mlJob.custom_settings); const indices = customSettings?.logs_source_config?.indexPattern; const timestampField = customSettings?.logs_source_config?.timestampField; - const { tiebreakerField, runtimeMappings } = resolvedSourceConfiguration; + const { tiebreakerField, runtimeMappings } = resolvedLogView; if (indices == null || timestampField == null) { throw new InsufficientLogAnalysisMlJobConfigurationError( diff --git a/x-pack/plugins/infra/server/lib/metrics/types.ts b/x-pack/plugins/infra/server/lib/metrics/types.ts index b18486f88cc4c..82e174f4f94c1 100644 --- a/x-pack/plugins/infra/server/lib/metrics/types.ts +++ b/x-pack/plugins/infra/server/lib/metrics/types.ts @@ -99,3 +99,7 @@ export type HistogramResponse = rt.TypeOf; export type GroupingResponse = rt.TypeOf; export type MetricsESResponse = HistogramResponse | GroupingResponse; + +export interface LogQueryFields { + indexPattern: string; +} diff --git a/x-pack/plugins/infra/server/lib/source_status.ts b/x-pack/plugins/infra/server/lib/source_status.ts index 2b04bf84c1546..8c6d7d1ad451f 100644 --- a/x-pack/plugins/infra/server/lib/source_status.ts +++ b/x-pack/plugins/infra/server/lib/source_status.ts @@ -7,7 +7,6 @@ import type { InfraPluginRequestHandlerContext } from '../types'; import { InfraSources } from './sources'; -import { ResolvedLogSourceConfiguration } from '../../common/log_sources'; export class InfraSourceStatus { constructor( @@ -43,16 +42,6 @@ export class InfraSourceStatus { ); return hasAlias; } - public async getLogIndexStatus( - requestContext: InfraPluginRequestHandlerContext, - resolvedLogSourceConfiguration: ResolvedLogSourceConfiguration - ): Promise { - const indexStatus = await this.adapter.getIndexStatus( - requestContext, - resolvedLogSourceConfiguration.indices - ); - return indexStatus; - } public async hasMetricIndices( requestContext: InfraPluginRequestHandlerContext, sourceId: string diff --git a/x-pack/plugins/infra/server/lib/sources/defaults.ts b/x-pack/plugins/infra/server/lib/sources/defaults.ts index db262a432b3fc..7fb40a502ec71 100644 --- a/x-pack/plugins/infra/server/lib/sources/defaults.ts +++ b/x-pack/plugins/infra/server/lib/sources/defaults.ts @@ -5,39 +5,4 @@ * 2.0. */ -import { METRICS_INDEX_PATTERN, LOGS_INDEX_PATTERN } from '../../../common/constants'; -import { InfraSourceConfiguration } from '../../../common/source_configuration/source_configuration'; - -export const defaultSourceConfiguration: InfraSourceConfiguration = { - name: 'Default', - description: '', - metricAlias: METRICS_INDEX_PATTERN, - logIndices: { - type: 'index_name', - indexName: LOGS_INDEX_PATTERN, - }, - fields: { - message: ['message', '@message'], - }, - inventoryDefaultView: '0', - metricsExplorerDefaultView: '0', - logColumns: [ - { - timestampColumn: { - id: '5e7f964a-be8a-40d8-88d2-fbcfbdca0e2f', - }, - }, - { - fieldColumn: { - id: ' eb9777a8-fcd3-420e-ba7d-172fff6da7a2', - field: 'event.dataset', - }, - }, - { - messageColumn: { - id: 'b645d6da-824b-4723-9a2a-e8cece1645c0', - }, - }, - ], - anomalyThreshold: 50, -}; +export { defaultSourceConfiguration } from '../../../common/source_configuration/defaults'; diff --git a/x-pack/plugins/infra/server/lib/sources/index.ts b/x-pack/plugins/infra/server/lib/sources/index.ts index 27ad665be31a9..73b50ac2662cc 100644 --- a/x-pack/plugins/infra/server/lib/sources/index.ts +++ b/x-pack/plugins/infra/server/lib/sources/index.ts @@ -6,6 +6,9 @@ */ export * from './defaults'; -export { infraSourceConfigurationSavedObjectType } from './saved_object_type'; +export { + infraSourceConfigurationSavedObjectName, + infraSourceConfigurationSavedObjectType, +} from './saved_object_type'; export * from './sources'; export * from '../../../common/source_configuration/source_configuration'; diff --git a/x-pack/plugins/infra/server/lib/sources/saved_object_references.ts b/x-pack/plugins/infra/server/lib/sources/saved_object_references.ts index 1e3a3acce8926..ee65bd2d5ebeb 100644 --- a/x-pack/plugins/infra/server/lib/sources/saved_object_references.ts +++ b/x-pack/plugins/infra/server/lib/sources/saved_object_references.ts @@ -10,61 +10,17 @@ import { InfraSavedSourceConfiguration, InfraSourceConfiguration, } from '../../../common/source_configuration/source_configuration'; +import { + SavedObjectAttributesWithReferences, + extractSavedObjectReferences as genericExtractSavedObjectReferences, + resolveSavedObjectReferences as genericResolveSavedObjectReferences, +} from '../../saved_objects/references'; import { SavedObjectReferenceResolutionError } from './errors'; export const logIndexPatternReferenceName = 'log_index_pattern_0'; export const inventoryDefaultViewReferenceName = 'inventory-saved-view-0'; export const metricsExplorerDefaultViewReferenceName = 'metrics-explorer-saved-view-0'; -interface SavedObjectAttributesWithReferences { - attributes: SavedObjectAttributes; - references: SavedObjectReference[]; -} - -/** - * Rewrites a source configuration such that well-known saved object references - * are extracted in the `references` array and replaced by the appropriate - * name. This is the inverse operation to `resolveSavedObjectReferences`. - */ -export const extractSavedObjectReferences = ( - sourceConfiguration: InfraSourceConfiguration -): SavedObjectAttributesWithReferences => - [ - extractLogIndicesSavedObjectReferences, - extractInventorySavedViewReferences, - extractMetricsExplorerSavedViewReferences, - ].reduce>( - ({ attributes: accumulatedAttributes, references: accumulatedReferences }, extract) => { - const { attributes, references } = extract(accumulatedAttributes); - return { - attributes, - references: [...accumulatedReferences, ...references], - }; - }, - { - attributes: sourceConfiguration, - references: [], - } - ); - -/** - * Rewrites a source configuration such that well-known saved object references - * are resolved from the `references` argument and replaced by the real saved - * object ids. This is the inverse operation to `extractSavedObjectReferences`. - */ -export const resolveSavedObjectReferences = ( - attributes: InfraSavedSourceConfiguration, - references: SavedObjectReference[] -): InfraSavedSourceConfiguration => - [ - resolveLogIndicesSavedObjectReferences, - resolveInventoryViewSavedObjectReferences, - resolveMetricsExplorerSavedObjectReferences, - ].reduce( - (accumulatedAttributes, resolve) => resolve(accumulatedAttributes, references), - attributes - ); - const extractLogIndicesSavedObjectReferences = ( sourceConfiguration: InfraSourceConfiguration ): SavedObjectAttributesWithReferences => { @@ -227,3 +183,25 @@ const resolveMetricsExplorerSavedObjectReferences = ( return attributes; } }; + +/** + * Rewrites a source configuration such that well-known saved object references + * are extracted in the `references` array and replaced by the appropriate + * name. This is the inverse operation to `resolveSavedObjectReferences`. + */ +export const extractSavedObjectReferences = genericExtractSavedObjectReferences([ + extractLogIndicesSavedObjectReferences, + extractInventorySavedViewReferences, + extractMetricsExplorerSavedViewReferences, +]); + +/** + * Rewrites a source configuration such that well-known saved object references + * are resolved from the `references` argument and replaced by the real saved + * object ids. This is the inverse operation to `extractSavedObjectReferences`. + */ +export const resolveSavedObjectReferences = genericResolveSavedObjectReferences([ + resolveLogIndicesSavedObjectReferences, + resolveInventoryViewSavedObjectReferences, + resolveMetricsExplorerSavedObjectReferences, +]); diff --git a/x-pack/plugins/infra/server/lib/sources/sources.ts b/x-pack/plugins/infra/server/lib/sources/sources.ts index 4d2f0a8c4a159..7448b7cb8d7e0 100644 --- a/x-pack/plugins/infra/server/lib/sources/sources.ts +++ b/x-pack/plugins/infra/server/lib/sources/sources.ts @@ -236,7 +236,7 @@ export class InfraSources { } } -const mergeSourceConfiguration = ( +export const mergeSourceConfiguration = ( first: InfraSourceConfiguration, ...others: InfraStaticSourceConfiguration[] ) => diff --git a/x-pack/plugins/infra/server/plugin.ts b/x-pack/plugins/infra/server/plugin.ts index 6b0400a0c5e65..e77f94dfe38f1 100644 --- a/x-pack/plugins/infra/server/plugin.ts +++ b/x-pack/plugins/infra/server/plugin.ts @@ -10,15 +10,18 @@ import { schema } from '@kbn/config-schema'; import { i18n } from '@kbn/i18n'; import { Logger } from '@kbn/logging'; import { - CoreSetup, - PluginInitializerContext, + CoreStart, Plugin, PluginConfigDescriptor, + PluginInitializerContext, } from 'src/core/server'; +import { handleEsError } from '../../../../src/plugins/es_ui_shared/server'; import { LOGS_FEATURE_ID, METRICS_FEATURE_ID } from '../common/constants'; -import { InfraStaticSourceConfiguration } from '../common/source_configuration/source_configuration'; +import { defaultLogViewsStaticConfig } from '../common/log_views'; +import { publicConfigKeys } from '../common/plugin_config_types'; import { inventoryViewSavedObjectType } from '../common/saved_objects/inventory_view'; import { metricsExplorerViewSavedObjectType } from '../common/saved_objects/metrics_explorer_view'; +import { configDeprecations, getInfraDeprecationsFactory } from './deprecations'; import { LOGS_FEATURE, METRICS_FEATURE } from './features'; import { initInfraServer } from './infra_server'; import { FrameworkFieldsAdapter } from './lib/adapters/fields/framework_fields_adapter'; @@ -34,13 +37,18 @@ import { InfraMetricsDomain } from './lib/domains/metrics_domain'; import { InfraBackendLibs, InfraDomainLibs } from './lib/infra_types'; import { infraSourceConfigurationSavedObjectType, InfraSources } from './lib/sources'; import { InfraSourceStatus } from './lib/source_status'; +import { logViewSavedObjectType } from './saved_objects'; import { LogEntriesService } from './services/log_entries'; -import { InfraPluginRequestHandlerContext, InfraConfig } from './types'; -import { UsageCollector } from './usage/usage_collector'; -import { createGetLogQueryFields } from './services/log_queries/get_log_query_fields'; -import { handleEsError } from '../../../../src/plugins/es_ui_shared/server'; +import { LogViewsService } from './services/log_views'; import { RulesService } from './services/rules'; -import { configDeprecations, getInfraDeprecationsFactory } from './deprecations'; +import { + InfraConfig, + InfraPluginCoreSetup, + InfraPluginRequestHandlerContext, + InfraPluginSetup, + InfraPluginStart, +} from './types'; +import { UsageCollector } from './usage/usage_collector'; export const config: PluginConfigDescriptor = { schema: schema.object({ @@ -70,6 +78,7 @@ export const config: PluginConfigDescriptor = { ), }), deprecations: configDeprecations, + exposeToBrowser: publicConfigKeys, }; export type { InfraConfig }; @@ -82,23 +91,25 @@ const logsSampleDataLinkLabel = i18n.translate('xpack.infra.sampleDataLinkLabel' defaultMessage: 'Logs', }); -export interface InfraPluginSetup { - defineInternalSourceConfiguration: ( - sourceId: string, - sourceProperties: InfraStaticSourceConfiguration - ) => void; -} - -export class InfraServerPlugin implements Plugin { +export class InfraServerPlugin + implements + Plugin< + InfraPluginSetup, + InfraPluginStart, + InfraServerPluginSetupDeps, + InfraServerPluginStartDeps + > +{ public config: InfraConfig; - public libs: InfraBackendLibs | undefined; + public libs!: InfraBackendLibs; public logger: Logger; private logsRules: RulesService; private metricsRules: RulesService; + private logViews: LogViewsService; - constructor(context: PluginInitializerContext) { - this.config = context.config.get(); + constructor(context: PluginInitializerContext) { + this.config = context.config.get(); this.logger = context.logger.get(); this.logsRules = new RulesService( @@ -111,9 +122,11 @@ export class InfraServerPlugin implements Plugin { 'observability.metrics', this.logger.get('metricsRules') ); + + this.logViews = new LogViewsService(this.logger.get('logViews')); } - setup(core: CoreSetup, plugins: InfraServerPluginSetupDeps) { + setup(core: InfraPluginCoreSetup, plugins: InfraServerPluginSetupDeps) { const framework = new KibanaFramework(core, this.config, plugins); const sources = new InfraSources({ config: this.config, @@ -124,11 +137,13 @@ export class InfraServerPlugin implements Plugin { sources, } ); + const logViews = this.logViews.setup(); // register saved object types core.savedObjects.registerType(infraSourceConfigurationSavedObjectType); core.savedObjects.registerType(metricsExplorerViewSavedObjectType); core.savedObjects.registerType(inventoryViewSavedObjectType); + core.savedObjects.registerType(logViewSavedObjectType); // TODO: separate these out individually and do away with "domains" as a temporary group // and make them available via the request context so we can do away with @@ -139,7 +154,7 @@ export class InfraServerPlugin implements Plugin { }), logEntries: new InfraLogEntriesDomain(new InfraKibanaLogEntriesAdapter(framework), { framework, - sources, + getStartServices: () => core.getStartServices(), }), metrics: new InfraMetricsDomain(new KibanaMetricsAdapter(framework)), }; @@ -150,10 +165,10 @@ export class InfraServerPlugin implements Plugin { sources, sourceStatus, ...domainLibs, - getLogQueryFields: createGetLogQueryFields(sources, framework), handleEsError, logsRules: this.logsRules.setup(core, plugins), metricsRules: this.metricsRules.setup(core, plugins), + getStartServices: () => core.getStartServices(), logger: this.logger, basePath: core.http.basePath, }; @@ -195,7 +210,7 @@ export class InfraServerPlugin implements Plugin { UsageCollector.registerUsageCollector(plugins.usageCollection); const logEntriesService = new LogEntriesService(); - logEntriesService.setup(core, { ...plugins, sources }); + logEntriesService.setup(core, plugins); // register deprecated source configuration fields core.deprecations.registerDeprecations({ @@ -203,12 +218,27 @@ export class InfraServerPlugin implements Plugin { }); return { - defineInternalSourceConfiguration(sourceId, sourceProperties) { - sources.defineInternalSourceConfiguration(sourceId, sourceProperties); - }, + defineInternalSourceConfiguration: sources.defineInternalSourceConfiguration.bind(sources), + logViews, } as InfraPluginSetup; } - start() {} + start(core: CoreStart, plugins: InfraServerPluginStartDeps) { + const logViews = this.logViews.start({ + infraSources: this.libs.sources, + savedObjects: core.savedObjects, + dataViews: plugins.dataViews, + elasticsearch: core.elasticsearch, + config: { + messageFields: + this.config.sources?.default?.fields?.message ?? + defaultLogViewsStaticConfig.messageFields, + }, + }); + + return { + logViews, + }; + } stop() {} } diff --git a/x-pack/plugins/infra/server/routes/log_alerts/chart_preview_data.ts b/x-pack/plugins/infra/server/routes/log_alerts/chart_preview_data.ts index 4cda9db3079e7..95b0c8320559e 100644 --- a/x-pack/plugins/infra/server/routes/log_alerts/chart_preview_data.ts +++ b/x-pack/plugins/infra/server/routes/log_alerts/chart_preview_data.ts @@ -14,9 +14,11 @@ import { } from '../../../common/http_api/log_alerts/chart_preview_data'; import { createValidationFunction } from '../../../common/runtime_types'; import { getChartPreviewData } from '../../lib/alerting/log_threshold/log_threshold_chart_preview'; -import { resolveLogSourceConfiguration } from '../../../common/log_sources'; -export const initGetLogAlertsChartPreviewDataRoute = ({ framework, sources }: InfraBackendLibs) => { +export const initGetLogAlertsChartPreviewDataRoute = ({ + framework, + getStartServices, +}: Pick) => { framework.registerRoute( { method: 'post', @@ -30,20 +32,13 @@ export const initGetLogAlertsChartPreviewDataRoute = ({ framework, sources }: In data: { sourceId, buckets, alertParams }, } = request.body; - const { configuration } = await sources.getSourceConfiguration( - requestContext.core.savedObjects.client, - sourceId - ); - - const resolvedLogSourceConfiguration = await resolveLogSourceConfiguration( - configuration, - await framework.getIndexPatternsServiceWithRequestContext(requestContext) - ); + const [, , { logViews }] = await getStartServices(); + const resolvedLogView = await logViews.getScopedClient(request).getResolvedLogView(sourceId); try { const { series } = await getChartPreviewData( requestContext, - resolvedLogSourceConfiguration, + resolvedLogView, framework.callWithRequest, alertParams, buckets diff --git a/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_category_examples.ts b/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_category_examples.ts index 71558f97cf2bc..14787406319db 100644 --- a/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_category_examples.ts +++ b/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_category_examples.ts @@ -14,11 +14,13 @@ import { import { createValidationFunction } from '../../../../common/runtime_types'; import type { InfraBackendLibs } from '../../../lib/infra_types'; import { getLogEntryCategoryExamples } from '../../../lib/log_analysis'; -import { assertHasInfraMlPlugins } from '../../../utils/request_context'; import { isMlPrivilegesError } from '../../../lib/log_analysis/errors'; -import { resolveLogSourceConfiguration } from '../../../../common/log_sources'; +import { assertHasInfraMlPlugins } from '../../../utils/request_context'; -export const initGetLogEntryCategoryExamplesRoute = ({ framework, sources }: InfraBackendLibs) => { +export const initGetLogEntryCategoryExamplesRoute = ({ + framework, + getStartServices, +}: Pick) => { framework.registerRoute( { method: 'post', @@ -37,14 +39,8 @@ export const initGetLogEntryCategoryExamplesRoute = ({ framework, sources }: Inf }, } = request.body; - const sourceConfiguration = await sources.getSourceConfiguration( - requestContext.core.savedObjects.client, - sourceId - ); - const resolvedSourceConfiguration = await resolveLogSourceConfiguration( - sourceConfiguration.configuration, - await framework.getIndexPatternsServiceWithRequestContext(requestContext) - ); + const [, , { logViews }] = await getStartServices(); + const resolvedLogView = await logViews.getScopedClient(request).getResolvedLogView(sourceId); try { assertHasInfraMlPlugins(requestContext); @@ -56,7 +52,7 @@ export const initGetLogEntryCategoryExamplesRoute = ({ framework, sources }: Inf endTime, categoryId, exampleCount, - resolvedSourceConfiguration + resolvedLogView ); return response.ok({ diff --git a/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_examples.ts b/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_examples.ts index 83e6934d1b7a4..f11e9e46bf4c6 100644 --- a/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_examples.ts +++ b/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_examples.ts @@ -6,19 +6,21 @@ */ import Boom from '@hapi/boom'; -import { createValidationFunction } from '../../../../common/runtime_types'; -import { InfraBackendLibs } from '../../../lib/infra_types'; -import { getLogEntryExamples } from '../../../lib/log_analysis'; -import { assertHasInfraMlPlugins } from '../../../utils/request_context'; import { getLogEntryExamplesRequestPayloadRT, getLogEntryExamplesSuccessReponsePayloadRT, LOG_ANALYSIS_GET_LOG_ENTRY_RATE_EXAMPLES_PATH, } from '../../../../common/http_api/log_analysis'; +import { createValidationFunction } from '../../../../common/runtime_types'; +import { InfraBackendLibs } from '../../../lib/infra_types'; +import { getLogEntryExamples } from '../../../lib/log_analysis'; import { isMlPrivilegesError } from '../../../lib/log_analysis/errors'; -import { resolveLogSourceConfiguration } from '../../../../common/log_sources'; +import { assertHasInfraMlPlugins } from '../../../utils/request_context'; -export const initGetLogEntryExamplesRoute = ({ framework, sources }: InfraBackendLibs) => { +export const initGetLogEntryExamplesRoute = ({ + framework, + getStartServices, +}: Pick) => { framework.registerRoute( { method: 'post', @@ -38,14 +40,8 @@ export const initGetLogEntryExamplesRoute = ({ framework, sources }: InfraBacken }, } = request.body; - const sourceConfiguration = await sources.getSourceConfiguration( - requestContext.core.savedObjects.client, - sourceId - ); - const resolvedSourceConfiguration = await resolveLogSourceConfiguration( - sourceConfiguration.configuration, - await framework.getIndexPatternsServiceWithRequestContext(requestContext) - ); + const [, , { logViews }] = await getStartServices(); + const resolvedLogView = await logViews.getScopedClient(request).getResolvedLogView(sourceId); try { assertHasInfraMlPlugins(requestContext); @@ -57,7 +53,7 @@ export const initGetLogEntryExamplesRoute = ({ framework, sources }: InfraBacken endTime, dataset, exampleCount, - resolvedSourceConfiguration, + resolvedLogView, framework.callWithRequest, categoryId ); diff --git a/x-pack/plugins/infra/server/routes/log_sources/configuration.ts b/x-pack/plugins/infra/server/routes/log_sources/configuration.ts deleted file mode 100644 index 9a92012c21fe4..0000000000000 --- a/x-pack/plugins/infra/server/routes/log_sources/configuration.ts +++ /dev/null @@ -1,117 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import Boom from '@hapi/boom'; -import { - getLogSourceConfigurationRequestParamsRT, - getLogSourceConfigurationSuccessResponsePayloadRT, - LOG_SOURCE_CONFIGURATION_PATH, - patchLogSourceConfigurationRequestBodyRT, - patchLogSourceConfigurationRequestParamsRT, - patchLogSourceConfigurationSuccessResponsePayloadRT, -} from '../../../common/http_api/log_sources'; -import { createValidationFunction } from '../../../common/runtime_types'; -import { InfraBackendLibs } from '../../lib/infra_types'; - -export const initLogSourceConfigurationRoutes = ({ framework, sources }: InfraBackendLibs) => { - framework.registerRoute( - { - method: 'get', - path: LOG_SOURCE_CONFIGURATION_PATH, - validate: { - params: createValidationFunction(getLogSourceConfigurationRequestParamsRT), - }, - }, - framework.router.handleLegacyErrors(async (requestContext, request, response) => { - const { sourceId } = request.params; - - try { - const sourceConfiguration = await sources.getSourceConfiguration( - requestContext.core.savedObjects.client, - sourceId - ); - - return response.ok({ - body: getLogSourceConfigurationSuccessResponsePayloadRT.encode({ - data: sourceConfiguration, - }), - }); - } catch (error) { - if (Boom.isBoom(error)) { - throw error; - } - - return response.customError({ - statusCode: error.statusCode ?? 500, - body: { - message: error.message ?? 'An unexpected error occurred', - }, - }); - } - }) - ); - - framework.registerRoute( - { - method: 'patch', - path: LOG_SOURCE_CONFIGURATION_PATH, - validate: { - params: createValidationFunction(patchLogSourceConfigurationRequestParamsRT), - body: createValidationFunction(patchLogSourceConfigurationRequestBodyRT), - }, - }, - framework.router.handleLegacyErrors(async (requestContext, request, response) => { - const { sourceId } = request.params; - const { data: patchedSourceConfigurationProperties } = request.body; - - try { - const sourceConfiguration = await sources.getSourceConfiguration( - requestContext.core.savedObjects.client, - sourceId - ); - - if (sourceConfiguration.origin === 'internal') { - response.conflict({ - body: 'A conflicting read-only source configuration already exists.', - }); - } - - const sourceConfigurationExists = sourceConfiguration.origin === 'stored'; - const patchedSourceConfiguration = await (sourceConfigurationExists - ? sources.updateSourceConfiguration( - requestContext.core.savedObjects.client, - sourceId, - // @ts-ignore - patchedSourceConfigurationProperties - ) - : sources.createSourceConfiguration( - requestContext.core.savedObjects.client, - sourceId, - // @ts-ignore - patchedSourceConfigurationProperties - )); - - return response.ok({ - body: patchLogSourceConfigurationSuccessResponsePayloadRT.encode({ - data: patchedSourceConfiguration, - }), - }); - } catch (error) { - if (Boom.isBoom(error)) { - throw error; - } - - return response.customError({ - statusCode: error.statusCode ?? 500, - body: { - message: error.message ?? 'An unexpected error occurred', - }, - }); - } - }) - ); -}; diff --git a/x-pack/plugins/infra/server/routes/log_sources/status.ts b/x-pack/plugins/infra/server/routes/log_sources/status.ts deleted file mode 100644 index e55e856483fc6..0000000000000 --- a/x-pack/plugins/infra/server/routes/log_sources/status.ts +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import Boom from '@hapi/boom'; -import { - getLogSourceStatusRequestParamsRT, - getLogSourceStatusSuccessResponsePayloadRT, - LOG_SOURCE_STATUS_PATH, -} from '../../../common/http_api/log_sources'; -import { createValidationFunction } from '../../../common/runtime_types'; -import { InfraBackendLibs } from '../../lib/infra_types'; -import { resolveLogSourceConfiguration } from '../../../common/log_sources'; - -export const initLogSourceStatusRoutes = ({ - framework, - sourceStatus, - fields, - sources, -}: InfraBackendLibs) => { - framework.registerRoute( - { - method: 'get', - path: LOG_SOURCE_STATUS_PATH, - validate: { - params: createValidationFunction(getLogSourceStatusRequestParamsRT), - }, - }, - framework.router.handleLegacyErrors(async (requestContext, request, response) => { - const { sourceId } = request.params; - - try { - const sourceConfiguration = await sources.getSourceConfiguration( - requestContext.core.savedObjects.client, - sourceId - ); - - const resolvedLogSourceConfiguration = await resolveLogSourceConfiguration( - sourceConfiguration.configuration, - await framework.getIndexPatternsServiceWithRequestContext(requestContext) - ); - - const logIndexStatus = await sourceStatus.getLogIndexStatus( - requestContext, - resolvedLogSourceConfiguration - ); - - return response.ok({ - body: getLogSourceStatusSuccessResponsePayloadRT.encode({ - data: { - logIndexStatus, - indices: resolvedLogSourceConfiguration.indices, - }, - }), - }); - } catch (error) { - if (Boom.isBoom(error)) { - throw error; - } - - return response.customError({ - statusCode: error.statusCode ?? 500, - body: { - message: error.message ?? 'An unexpected error occurred', - }, - }); - } - }) - ); -}; diff --git a/x-pack/plugins/infra/server/routes/log_views/get_log_view.ts b/x-pack/plugins/infra/server/routes/log_views/get_log_view.ts new file mode 100644 index 0000000000000..3f2bb8ec14427 --- /dev/null +++ b/x-pack/plugins/infra/server/routes/log_views/get_log_view.ts @@ -0,0 +1,55 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { + getLogViewRequestParamsRT, + getLogViewResponsePayloadRT, + LOG_VIEW_URL, +} from '../../../common/http_api/log_views'; +import { createValidationFunction } from '../../../common/runtime_types'; +import type { KibanaFramework } from '../../lib/adapters/framework/kibana_framework_adapter'; +import type { InfraPluginStartServicesAccessor } from '../../types'; + +export const initGetLogViewRoute = ({ + framework, + getStartServices, +}: { + framework: KibanaFramework; + getStartServices: InfraPluginStartServicesAccessor; +}) => { + framework.registerRoute( + { + method: 'get', + path: LOG_VIEW_URL, + validate: { + params: createValidationFunction(getLogViewRequestParamsRT), + }, + }, + async (_requestContext, request, response) => { + const { logViewId } = request.params; + const { logViews } = (await getStartServices())[2]; + const logViewsClient = logViews.getScopedClient(request); + + try { + const logView = await logViewsClient.getLogView(logViewId); + + return response.ok({ + body: getLogViewResponsePayloadRT.encode({ + data: logView, + }), + }); + } catch (error) { + return response.customError({ + statusCode: error.statusCode ?? 500, + body: { + message: error.message ?? 'An unexpected error occurred', + }, + }); + } + } + ); +}; diff --git a/x-pack/plugins/infra/server/routes/log_views/index.ts b/x-pack/plugins/infra/server/routes/log_views/index.ts new file mode 100644 index 0000000000000..fa7e6f6e1b9d3 --- /dev/null +++ b/x-pack/plugins/infra/server/routes/log_views/index.ts @@ -0,0 +1,19 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { KibanaFramework } from '../../lib/adapters/framework/kibana_framework_adapter'; +import { InfraPluginStartServicesAccessor } from '../../types'; +import { initGetLogViewRoute } from './get_log_view'; +import { initPutLogViewRoute } from './put_log_view'; + +export const initLogViewRoutes = (dependencies: { + framework: KibanaFramework; + getStartServices: InfraPluginStartServicesAccessor; +}) => { + initGetLogViewRoute(dependencies); + initPutLogViewRoute(dependencies); +}; diff --git a/x-pack/plugins/infra/server/routes/log_views/put_log_view.ts b/x-pack/plugins/infra/server/routes/log_views/put_log_view.ts new file mode 100644 index 0000000000000..cf6eb74347310 --- /dev/null +++ b/x-pack/plugins/infra/server/routes/log_views/put_log_view.ts @@ -0,0 +1,58 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { + LOG_VIEW_URL, + putLogViewRequestParamsRT, + putLogViewRequestPayloadRT, + putLogViewResponsePayloadRT, +} from '../../../common/http_api/log_views'; +import { createValidationFunction } from '../../../common/runtime_types'; +import type { KibanaFramework } from '../../lib/adapters/framework/kibana_framework_adapter'; +import type { InfraPluginStartServicesAccessor } from '../../types'; + +export const initPutLogViewRoute = ({ + framework, + getStartServices, +}: { + framework: KibanaFramework; + getStartServices: InfraPluginStartServicesAccessor; +}) => { + framework.registerRoute( + { + method: 'put', + path: LOG_VIEW_URL, + validate: { + params: createValidationFunction(putLogViewRequestParamsRT), + body: createValidationFunction(putLogViewRequestPayloadRT), + }, + }, + async (_requestContext, request, response) => { + const { logViewId } = request.params; + const { attributes } = request.body; + const { logViews } = (await getStartServices())[2]; + const logViewsClient = logViews.getScopedClient(request); + + try { + const logView = await logViewsClient.putLogView(logViewId, attributes); + + return response.ok({ + body: putLogViewResponsePayloadRT.encode({ + data: logView, + }), + }); + } catch (error) { + return response.customError({ + statusCode: error.statusCode ?? 500, + body: { + message: error.message ?? 'An unexpected error occurred', + }, + }); + } + } + ); +}; diff --git a/x-pack/plugins/infra/server/routes/snapshot/index.ts b/x-pack/plugins/infra/server/routes/snapshot/index.ts index b86eb9f7d4c95..06b2104e0e17e 100644 --- a/x-pack/plugins/infra/server/routes/snapshot/index.ts +++ b/x-pack/plugins/infra/server/routes/snapshot/index.ts @@ -16,6 +16,7 @@ import { SnapshotRequestRT, SnapshotNodeResponseRT } from '../../../common/http_ import { throwErrors } from '../../../common/runtime_types'; import { createSearchClient } from '../../lib/create_search_client'; import { getNodes } from './lib/get_nodes'; +import { LogQueryFields } from '../../lib/metrics/types'; const escapeHatch = schema.object({}, { unknowns: 'allow' }); @@ -41,13 +42,14 @@ export const initSnapshotRoute = (libs: InfraBackendLibs) => { snapshotRequest.sourceId ); const compositeSize = libs.configuration.inventory.compositeSize; - const logQueryFields = await libs - .getLogQueryFields( - snapshotRequest.sourceId, - requestContext.core.savedObjects.client, - requestContext.core.elasticsearch.client.asCurrentUser - ) - .catch(() => undefined); + const [, , { logViews }] = await libs.getStartServices(); + const logQueryFields: LogQueryFields | undefined = await logViews + .getScopedClient(request) + .getResolvedLogView(snapshotRequest.sourceId) + .then( + ({ indices }) => ({ indexPattern: indices }), + () => undefined + ); UsageCollector.countNode(snapshotRequest.nodeType); const client = createSearchClient(requestContext, framework); diff --git a/x-pack/plugins/infra/server/routes/snapshot/lib/get_nodes.ts b/x-pack/plugins/infra/server/routes/snapshot/lib/get_nodes.ts index a3ca2cfd683bb..7b75c5fd09980 100644 --- a/x-pack/plugins/infra/server/routes/snapshot/lib/get_nodes.ts +++ b/x-pack/plugins/infra/server/routes/snapshot/lib/get_nodes.ts @@ -6,13 +6,12 @@ */ import { SnapshotRequest } from '../../../../common/http_api'; -import { ESSearchClient } from '../../../lib/metrics/types'; +import { ESSearchClient, LogQueryFields } from '../../../lib/metrics/types'; import { InfraSource } from '../../../lib/sources'; import { transformRequestToMetricsAPIRequest } from './transform_request_to_metrics_api_request'; import { queryAllData } from './query_all_data'; import { transformMetricsApiResponseToSnapshotResponse } from './transform_metrics_ui_response'; import { copyMissingMetrics } from './copy_missing_metrics'; -import { LogQueryFields } from '../../../services/log_queries/get_log_query_fields'; export interface SourceOverrides { indexPattern: string; diff --git a/x-pack/plugins/infra/server/routes/snapshot/lib/transform_snapshot_metrics_to_metrics_api_metrics.ts b/x-pack/plugins/infra/server/routes/snapshot/lib/transform_snapshot_metrics_to_metrics_api_metrics.ts index e1f50158dd4c2..e6de664d34b8e 100644 --- a/x-pack/plugins/infra/server/routes/snapshot/lib/transform_snapshot_metrics_to_metrics_api_metrics.ts +++ b/x-pack/plugins/infra/server/routes/snapshot/lib/transform_snapshot_metrics_to_metrics_api_metrics.ts @@ -5,6 +5,8 @@ * 2.0. */ +import { identity } from 'lodash'; +import { MetricsUIAggregationRT } from '../../../../common/inventory_models/types'; import { networkTraffic } from '../../../../common/inventory_models/shared/metrics/snapshot/network_traffic'; import { findInventoryModel } from '../../../../common/inventory_models'; import { @@ -16,27 +18,33 @@ import { export const transformSnapshotMetricsToMetricsAPIMetrics = ( snapshotRequest: SnapshotRequest ): MetricsAPIMetric[] => { - return snapshotRequest.metrics.map((metric, index) => { - const inventoryModel = findInventoryModel(snapshotRequest.nodeType); - if (SnapshotCustomMetricInputRT.is(metric)) { - const isUniqueId = snapshotRequest.metrics.findIndex((m) => - SnapshotCustomMetricInputRT.is(m) ? m.id === metric.id : false - ); - const customId = isUniqueId ? metric.id : `custom_${index}`; - if (metric.aggregation === 'rate') { - return { id: customId, aggregations: networkTraffic(customId, metric.field) }; + return snapshotRequest.metrics + .map((metric, index) => { + const inventoryModel = findInventoryModel(snapshotRequest.nodeType); + const aggregations = inventoryModel.metrics.snapshot?.[metric.type]; + if (MetricsUIAggregationRT.is(aggregations)) { + return { id: metric.type, aggregations }; } - return { - id: customId, - aggregations: { - [customId]: { - [metric.aggregation]: { - field: metric.field, + if (SnapshotCustomMetricInputRT.is(metric)) { + const isUniqueId = snapshotRequest.metrics.findIndex((m) => + SnapshotCustomMetricInputRT.is(m) ? m.id === metric.id : false + ); + const customId = isUniqueId ? metric.id : `custom_${index}`; + if (metric.aggregation === 'rate') { + return { id: customId, aggregations: networkTraffic(customId, metric.field) }; + } + return { + id: customId, + aggregations: { + [customId]: { + [metric.aggregation]: { + field: metric.field, + }, }, }, - }, - }; - } - return { id: metric.type, aggregations: inventoryModel.metrics.snapshot?.[metric.type] }; - }); + }; + } + return null; + }) + .filter(identity) as MetricsAPIMetric[]; }; diff --git a/x-pack/plugins/infra/public/containers/logs/log_source/index.ts b/x-pack/plugins/infra/server/saved_objects/index.ts similarity index 89% rename from x-pack/plugins/infra/public/containers/logs/log_source/index.ts rename to x-pack/plugins/infra/server/saved_objects/index.ts index 6fa0d259ca9ce..bd7ecac5179a1 100644 --- a/x-pack/plugins/infra/public/containers/logs/log_source/index.ts +++ b/x-pack/plugins/infra/server/saved_objects/index.ts @@ -5,4 +5,4 @@ * 2.0. */ -export * from './log_source'; +export * from './log_view'; diff --git a/x-pack/plugins/infra/server/saved_objects/log_view/index.ts b/x-pack/plugins/infra/server/saved_objects/log_view/index.ts new file mode 100644 index 0000000000000..5d3011ed8bb32 --- /dev/null +++ b/x-pack/plugins/infra/server/saved_objects/log_view/index.ts @@ -0,0 +1,13 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export { logViewSavedObjectName, logViewSavedObjectType } from './log_view_saved_object'; +export { + extractLogViewSavedObjectReferences, + resolveLogViewSavedObjectReferences, +} from './references'; +export { logViewSavedObjectRT } from './types'; diff --git a/x-pack/plugins/infra/server/saved_objects/log_view/log_view_saved_object.ts b/x-pack/plugins/infra/server/saved_objects/log_view/log_view_saved_object.ts new file mode 100644 index 0000000000000..09b1098af6a61 --- /dev/null +++ b/x-pack/plugins/infra/server/saved_objects/log_view/log_view_saved_object.ts @@ -0,0 +1,44 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { fold } from 'fp-ts/lib/Either'; +import { pipe } from 'fp-ts/lib/pipeable'; +import { SavedObject, SavedObjectsType } from 'src/core/server'; +import { logViewSavedObjectRT } from './types'; + +export const logViewSavedObjectName = 'infrastructure-monitoring-log-view'; + +const getLogViewTitle = (savedObject: SavedObject) => + pipe( + logViewSavedObjectRT.decode(savedObject), + fold( + () => `Log view [id=${savedObject.id}]`, + ({ attributes: { name } }) => name + ) + ); + +export const logViewSavedObjectType: SavedObjectsType = { + name: logViewSavedObjectName, + hidden: false, + namespaceType: 'multiple-isolated', + management: { + defaultSearchField: 'name', + displayName: 'log view', + getTitle: getLogViewTitle, + icon: 'logsApp', + importableAndExportable: true, + }, + mappings: { + dynamic: false, + properties: { + name: { + type: 'text', + }, + }, + }, + migrations: {}, +}; diff --git a/x-pack/plugins/infra/server/saved_objects/log_view/references/index.ts b/x-pack/plugins/infra/server/saved_objects/log_view/references/index.ts new file mode 100644 index 0000000000000..fdfa2f6251731 --- /dev/null +++ b/x-pack/plugins/infra/server/saved_objects/log_view/references/index.ts @@ -0,0 +1,20 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { extractSavedObjectReferences, resolveSavedObjectReferences } from '../../references'; +import { + extractLogIndicesSavedObjectReferences, + resolveLogIndicesSavedObjectReferences, +} from './log_indices'; + +export const extractLogViewSavedObjectReferences = extractSavedObjectReferences([ + extractLogIndicesSavedObjectReferences, +]); + +export const resolveLogViewSavedObjectReferences = resolveSavedObjectReferences([ + resolveLogIndicesSavedObjectReferences, +]); diff --git a/x-pack/plugins/infra/server/saved_objects/log_view/references/log_indices.ts b/x-pack/plugins/infra/server/saved_objects/log_view/references/log_indices.ts new file mode 100644 index 0000000000000..461bbccb6e414 --- /dev/null +++ b/x-pack/plugins/infra/server/saved_objects/log_view/references/log_indices.ts @@ -0,0 +1,71 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { SavedObjectReference } from 'src/core/server'; +import { DATA_VIEW_SAVED_OBJECT_TYPE } from '../../../../../../../src/plugins/data_views/common'; +import { LogViewAttributes } from '../../../../common/log_views'; +import { + SavedObjectAttributesWithReferences, + SavedObjectReferenceResolutionError, +} from '../../references'; + +export const logIndicesDataViewReferenceName = 'log-indices-data-view-0'; + +export const extractLogIndicesSavedObjectReferences = ( + unextractedAttributes: LogViewAttributes +): SavedObjectAttributesWithReferences => { + if (unextractedAttributes.logIndices.type === 'data_view') { + const logDataViewReference: SavedObjectReference = { + id: unextractedAttributes.logIndices.dataViewId, + type: DATA_VIEW_SAVED_OBJECT_TYPE, + name: logIndicesDataViewReferenceName, + }; + const attributes: LogViewAttributes = { + ...unextractedAttributes, + logIndices: { + ...unextractedAttributes.logIndices, + dataViewId: logDataViewReference.name, + }, + }; + return { + attributes, + references: [logDataViewReference], + }; + } else { + return { + attributes: unextractedAttributes, + references: [], + }; + } +}; + +export const resolveLogIndicesSavedObjectReferences = ( + attributes: LogViewAttributes, + references: SavedObjectReference[] +): LogViewAttributes => { + if (attributes.logIndices?.type === 'data_view') { + const logDataViewReference = references.find( + (reference) => reference.name === logIndicesDataViewReferenceName + ); + + if (logDataViewReference == null) { + throw new SavedObjectReferenceResolutionError( + `Failed to resolve log data view reference "${logIndicesDataViewReferenceName}".` + ); + } + + return { + ...attributes, + logIndices: { + ...attributes.logIndices, + dataViewId: logDataViewReference.id, + }, + }; + } else { + return attributes; + } +}; diff --git a/x-pack/plugins/infra/server/saved_objects/log_view/types.ts b/x-pack/plugins/infra/server/saved_objects/log_view/types.ts new file mode 100644 index 0000000000000..2b19ad0470f7e --- /dev/null +++ b/x-pack/plugins/infra/server/saved_objects/log_view/types.ts @@ -0,0 +1,23 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { isoToEpochRt } from '@kbn/io-ts-utils'; +import * as rt from 'io-ts'; +import { logViewAttributesRT } from '../../../common/log_views'; +import { savedObjectReferenceRT } from '../references'; + +export const logViewSavedObjectRT = rt.intersection([ + rt.type({ + id: rt.string, + attributes: logViewAttributesRT, + references: rt.array(savedObjectReferenceRT), + }), + rt.partial({ + version: rt.string, + updated_at: isoToEpochRt, + }), +]); diff --git a/x-pack/plugins/infra/server/saved_objects/references.test.ts b/x-pack/plugins/infra/server/saved_objects/references.test.ts new file mode 100644 index 0000000000000..13675c03564a1 --- /dev/null +++ b/x-pack/plugins/infra/server/saved_objects/references.test.ts @@ -0,0 +1,121 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { SavedObjectReference } from 'kibana/server'; +import { + extractSavedObjectReferences, + resolveSavedObjectReferences, + SavedObjectAttributesWithReferences, +} from './references'; + +it('extractSavedObjectReferences extracts references using the given extractors', () => { + const { attributes, references } = extractSavedObjectReferences([ + extractReferenceA, + extractReferenceB, + ])({ + a: 'id-a', + b: 'id-b', + c: 'something-else', + }); + + expect(references).toMatchObject([ + { id: 'id-a', name: REFERENCE_A_NAME, type: 'some-reference' }, + { id: 'id-b', name: REFERENCE_B_NAME, type: 'some-reference' }, + ]); + expect(attributes).toMatchObject({ + a: REFERENCE_A_NAME, + b: REFERENCE_B_NAME, + c: 'something-else', + }); +}); + +it('resolveSavedObjectReferences resolves references using the given resolvers', () => { + const attributes = resolveSavedObjectReferences([resolveReferenceA, resolveReferenceB])( + { + a: REFERENCE_A_NAME, + b: REFERENCE_B_NAME, + c: 'something-else', + }, + [ + { id: 'id-a', name: REFERENCE_A_NAME, type: 'some-reference' }, + { id: 'id-b', name: REFERENCE_B_NAME, type: 'some-reference' }, + ] + ); + + expect(attributes).toMatchObject({ + a: 'id-a', + b: 'id-b', + c: 'something-else', + }); +}); + +interface TestSavedObjectAttributes { + a: string; + b: string; + c: string; +} + +const REFERENCE_A_NAME = 'reference-a'; +const REFERENCE_B_NAME = 'reference-b'; + +const extractReferenceA = ( + attributes: TestSavedObjectAttributes +): SavedObjectAttributesWithReferences => ({ + attributes: { ...attributes, a: REFERENCE_A_NAME }, + references: [ + { + id: attributes.a, + name: REFERENCE_A_NAME, + type: 'some-reference', + }, + ], +}); + +const extractReferenceB = ( + attributes: TestSavedObjectAttributes +): SavedObjectAttributesWithReferences => ({ + attributes: { ...attributes, b: REFERENCE_B_NAME }, + references: [ + { + id: attributes.b, + name: REFERENCE_B_NAME, + type: 'some-reference', + }, + ], +}); + +const resolveReferenceA = ( + attributes: TestSavedObjectAttributes, + references: SavedObjectReference[] +): TestSavedObjectAttributes => { + const referenceA = references.find((reference) => reference.name === REFERENCE_A_NAME); + + if (referenceA != null) { + return { + ...attributes, + a: referenceA.id, + }; + } else { + return attributes; + } +}; + +const resolveReferenceB = ( + attributes: TestSavedObjectAttributes, + references: SavedObjectReference[] +): TestSavedObjectAttributes => { + const referenceB = references.find((reference) => reference.name === REFERENCE_B_NAME); + + if (referenceB != null) { + return { + ...attributes, + b: referenceB.id, + }; + } else { + return attributes; + } +}; diff --git a/x-pack/plugins/infra/server/saved_objects/references.ts b/x-pack/plugins/infra/server/saved_objects/references.ts new file mode 100644 index 0000000000000..3a2347faeb9db --- /dev/null +++ b/x-pack/plugins/infra/server/saved_objects/references.ts @@ -0,0 +1,78 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import * as rt from 'io-ts'; +import { SavedObject, SavedObjectReference } from 'src/core/server'; + +export type SavedObjectAttributesWithReferences = Pick< + SavedObject, + 'attributes' | 'references' +>; + +export type SavedObjectReferenceExtractor = ( + savedObjectAttributes: SavedObjectAttributes +) => SavedObjectAttributesWithReferences; + +export type SavedObjectReferenceResolver = ( + savedObjectAttributes: SavedObjectAttributes, + references: SavedObjectReference[] +) => SavedObjectAttributes; + +export const savedObjectReferenceRT = rt.strict({ + name: rt.string, + type: rt.string, + id: rt.string, +}); + +/** + * Rewrites a saved object such that well-known saved object references + * are extracted in the `references` array and replaced by the appropriate + * name. This is the inverse operation to `resolveSavedObjectReferences`. + */ +export const extractSavedObjectReferences = + ( + referenceExtractors: Array> + ) => + ( + savedObjectAttributes: SavedObjectAttributes + ): SavedObjectAttributesWithReferences => + referenceExtractors.reduce>( + ({ attributes: accumulatedAttributes, references: accumulatedReferences }, extract) => { + const { attributes, references } = extract(accumulatedAttributes); + return { + attributes, + references: [...accumulatedReferences, ...references], + }; + }, + { + attributes: savedObjectAttributes, + references: [], + } + ); + +/** + * Rewrites a source configuration such that well-known saved object references + * are resolved from the `references` argument and replaced by the real saved + * object ids. This is the inverse operation to `extractSavedObjectReferences`. + */ +export const resolveSavedObjectReferences = + ( + referenceResolvers: Array> + ) => + (attributes: SavedObjectAttributes, references: SavedObjectReference[]): SavedObjectAttributes => + referenceResolvers.reduce( + (accumulatedAttributes, resolve) => resolve(accumulatedAttributes, references), + attributes + ); + +export class SavedObjectReferenceResolutionError extends Error { + constructor(message?: string) { + super(message); + Object.setPrototypeOf(this, new.target.prototype); + this.name = 'SavedObjectReferenceResolutionError'; + } +} diff --git a/x-pack/plugins/infra/server/services/log_entries/log_entries_search_strategy.test.ts b/x-pack/plugins/infra/server/services/log_entries/log_entries_search_strategy.test.ts index cfa9e84fb3651..2f91c65205b55 100644 --- a/x-pack/plugins/infra/server/services/log_entries/log_entries_search_strategy.test.ts +++ b/x-pack/plugins/infra/server/services/log_entries/log_entries_search_strategy.test.ts @@ -20,12 +20,9 @@ import { SearchStrategyDependencies, } from 'src/plugins/data/server'; import { createSearchSessionsClientMock } from '../../../../../../src/plugins/data/server/search/mocks'; -import { - createIndexPatternMock, - createIndexPatternsStartMock, -} from '../../../common/dependency_mocks/index_patterns'; -import { InfraSource } from '../../lib/sources'; -import { createInfraSourcesMock } from '../../lib/sources/mocks'; +import { createResolvedLogViewMock } from '../../../common/log_views/resolved_log_view.mock'; +import { createLogViewsClientMock } from '../log_views/log_views_client.mock'; +import { createLogViewsServiceStartMock } from '../log_views/log_views_service.mock'; import { logEntriesSearchRequestStateRT, logEntriesSearchStrategyProvider, @@ -45,13 +42,15 @@ describe('LogEntries search strategy', () => { }); const dataMock = createDataPluginMock(esSearchStrategyMock); - const sourcesMock = createInfraSourcesMock(); - sourcesMock.getSourceConfiguration.mockResolvedValue(createSourceConfigurationMock()); + const logViewsClientMock = createLogViewsClientMock(); + logViewsClientMock.getResolvedLogView.mockResolvedValue(createResolvedLogViewMock()); + const logViewsMock = createLogViewsServiceStartMock(); + logViewsMock.getScopedClient.mockReturnValue(logViewsClientMock); const mockDependencies = createSearchStrategyDependenciesMock(); const logEntriesSearchStrategy = logEntriesSearchStrategyProvider({ data: dataMock, - sources: sourcesMock, + logViews: logViewsMock, }); const response = await logEntriesSearchStrategy @@ -69,7 +68,8 @@ describe('LogEntries search strategy', () => { ) .toPromise(); - expect(sourcesMock.getSourceConfiguration).toHaveBeenCalled(); + expect(logViewsMock.getScopedClient).toHaveBeenCalled(); + expect(logViewsClientMock.getResolvedLogView).toHaveBeenCalled(); expect(esSearchStrategyMock.search).toHaveBeenCalledWith( expect.objectContaining({ params: expect.objectContaining({ @@ -124,13 +124,15 @@ describe('LogEntries search strategy', () => { }, }); const dataMock = createDataPluginMock(esSearchStrategyMock); - const sourcesMock = createInfraSourcesMock(); - sourcesMock.getSourceConfiguration.mockResolvedValue(createSourceConfigurationMock()); + const logViewsClientMock = createLogViewsClientMock(); + logViewsClientMock.getResolvedLogView.mockResolvedValue(createResolvedLogViewMock()); + const logViewsMock = createLogViewsServiceStartMock(); + logViewsMock.getScopedClient.mockReturnValue(logViewsClientMock); const mockDependencies = createSearchStrategyDependenciesMock(); const logEntriesSearchStrategy = logEntriesSearchStrategyProvider({ data: dataMock, - sources: sourcesMock, + logViews: logViewsMock, }); const requestId = logEntriesSearchRequestStateRT.encode({ esRequestId: 'ASYNC_REQUEST_ID', @@ -152,7 +154,8 @@ describe('LogEntries search strategy', () => { ) .toPromise(); - expect(sourcesMock.getSourceConfiguration).toHaveBeenCalled(); + expect(logViewsMock.getScopedClient).toHaveBeenCalled(); + expect(logViewsClientMock.getResolvedLogView).toHaveBeenCalled(); expect(esSearchStrategyMock.search).toHaveBeenCalled(); expect(response.id).toEqual(requestId); expect(response.isRunning).toBe(false); @@ -205,13 +208,15 @@ describe('LogEntries search strategy', () => { }, }); const dataMock = createDataPluginMock(esSearchStrategyMock); - const sourcesMock = createInfraSourcesMock(); - sourcesMock.getSourceConfiguration.mockResolvedValue(createSourceConfigurationMock()); + const logViewsClientMock = createLogViewsClientMock(); + logViewsClientMock.getResolvedLogView.mockResolvedValue(createResolvedLogViewMock()); + const logViewsMock = createLogViewsServiceStartMock(); + logViewsMock.getScopedClient.mockReturnValue(logViewsClientMock); const mockDependencies = createSearchStrategyDependenciesMock(); const logEntriesSearchStrategy = logEntriesSearchStrategyProvider({ data: dataMock, - sources: sourcesMock, + logViews: logViewsMock, }); const response = logEntriesSearchStrategy.search( @@ -243,13 +248,16 @@ describe('LogEntries search strategy', () => { }, }); const dataMock = createDataPluginMock(esSearchStrategyMock); - const sourcesMock = createInfraSourcesMock(); - sourcesMock.getSourceConfiguration.mockResolvedValue(createSourceConfigurationMock()); + const logViewsClientMock = createLogViewsClientMock(); + logViewsClientMock.getResolvedLogView.mockResolvedValue(createResolvedLogViewMock()); + const logViewsMock = createLogViewsServiceStartMock(); + logViewsMock.getScopedClient.mockReturnValue(logViewsClientMock); + const mockDependencies = createSearchStrategyDependenciesMock(); const logEntriesSearchStrategy = logEntriesSearchStrategyProvider({ data: dataMock, - sources: sourcesMock, + logViews: logViewsMock, }); const requestId = logEntriesSearchRequestStateRT.encode({ esRequestId: 'ASYNC_REQUEST_ID', @@ -261,38 +269,6 @@ describe('LogEntries search strategy', () => { }); }); -const createSourceConfigurationMock = (): InfraSource => ({ - id: 'SOURCE_ID', - origin: 'stored' as const, - configuration: { - name: 'SOURCE_NAME', - description: 'SOURCE_DESCRIPTION', - logIndices: { - type: 'index_pattern', - indexPatternId: 'test-index-pattern', - }, - metricAlias: 'metric-indices-*', - inventoryDefaultView: 'DEFAULT_VIEW', - metricsExplorerDefaultView: 'DEFAULT_VIEW', - logColumns: [ - { timestampColumn: { id: 'TIMESTAMP_COLUMN_ID' } }, - { - fieldColumn: { - id: 'DATASET_COLUMN_ID', - field: 'event.dataset', - }, - }, - { - messageColumn: { id: 'MESSAGE_COLUMN_ID' }, - }, - ], - fields: { - message: ['MESSAGE_FIELD'], - }, - anomalyThreshold: 20, - }, -}); - const createEsSearchStrategyMock = (esSearchResponse: IEsSearchResponse) => ({ search: jest.fn((esSearchRequest: IEsSearchRequest) => { if (typeof esSearchRequest.id === 'string') { @@ -330,42 +306,4 @@ const createDataPluginMock = (esSearchStrategyMock: ISearchStrategy): any => ({ search: { getSearchStrategy: jest.fn().mockReturnValue(esSearchStrategyMock), }, - indexPatterns: createIndexPatternsStartMock(0, [ - createIndexPatternMock({ - id: 'test-index-pattern', - title: 'log-indices-*', - timeFieldName: '@timestamp', - type: undefined, - fields: [ - { - name: 'event.dataset', - type: 'string', - esTypes: ['keyword'], - aggregatable: true, - searchable: true, - }, - { - name: 'runtime_field', - type: 'string', - runtimeField: { - type: 'keyword', - script: { - source: 'emit("runtime value")', - }, - }, - esTypes: ['keyword'], - aggregatable: true, - searchable: true, - }, - ], - runtimeFields: { - runtime_field: { - type: 'keyword', - script: { - source: 'emit("runtime value")', - }, - }, - }, - }), - ]), }); diff --git a/x-pack/plugins/infra/server/services/log_entries/log_entries_search_strategy.ts b/x-pack/plugins/infra/server/services/log_entries/log_entries_search_strategy.ts index b401b68d0e3d3..15f53d0236594 100644 --- a/x-pack/plugins/infra/server/services/log_entries/log_entries_search_strategy.ts +++ b/x-pack/plugins/infra/server/services/log_entries/log_entries_search_strategy.ts @@ -18,10 +18,6 @@ import type { ISearchStrategy, PluginStart as DataPluginStart, } from '../../../../../../src/plugins/data/server'; -import { - LogSourceColumnConfiguration, - logSourceFieldColumnConfigurationRT, -} from '../../../common/log_sources'; import { getLogEntryCursorFromHit, LogColumn, @@ -32,6 +28,10 @@ import { logEntryBeforeCursorRT, LogEntryContext, } from '../../../common/log_entry'; +import { + LogViewColumnConfiguration, + logViewFieldColumnConfigurationRT, +} from '../../../common/log_views'; import { decodeOrThrow } from '../../../common/runtime_types'; import { LogEntriesSearchRequestParams, @@ -39,12 +39,12 @@ import { LogEntriesSearchResponsePayload, logEntriesSearchResponsePayloadRT, } from '../../../common/search_strategies/log_entries/log_entries'; -import type { IInfraSources } from '../../lib/sources'; import { createAsyncRequestRTs, createErrorFromShardFailure, jsonFromBase64StringRT, } from '../../utils/typed_search_strategy'; +import { LogViewsServiceStart } from '../log_views/types'; import { CompiledLogMessageFormattingRule, compileFormattingRules, @@ -56,17 +56,16 @@ import { getSortDirection, LogEntryHit, } from './queries/log_entries'; -import { resolveLogSourceConfiguration } from '../../../common/log_sources'; type LogEntriesSearchRequest = IKibanaSearchRequest; type LogEntriesSearchResponse = IKibanaSearchResponse; export const logEntriesSearchStrategyProvider = ({ data, - sources, + logViews, }: { data: DataPluginStart; - sources: IInfraSources; + logViews: LogViewsServiceStart; }): ISearchStrategy => { const esSearchStrategy = data.search.getSearchStrategy('ese'); @@ -75,25 +74,12 @@ export const logEntriesSearchStrategyProvider = ({ defer(() => { const request = decodeOrThrow(asyncRequestRT)(rawRequest); - const resolvedSourceConfiguration$ = defer(() => - forkJoin([ - sources.getSourceConfiguration( - dependencies.savedObjectsClient, - request.params.sourceId - ), - data.indexPatterns.indexPatternsServiceFactory( - dependencies.savedObjectsClient, - dependencies.esClient.asCurrentUser - ), - ]).pipe( - concatMap(([sourceConfiguration, indexPatternsService]) => - resolveLogSourceConfiguration(sourceConfiguration.configuration, indexPatternsService) - ) - ) + const resolvedLogView$ = defer(() => + logViews.getScopedClient(dependencies.request).getResolvedLogView(request.params.sourceId) ).pipe(take(1), shareReplay(1)); const messageFormattingRules$ = defer(() => - resolvedSourceConfiguration$.pipe( + resolvedLogView$.pipe( map(({ messageField }) => compileFormattingRules(getBuiltinRules(messageField))) ) ).pipe(take(1), shareReplay(1)); @@ -106,7 +92,7 @@ export const logEntriesSearchStrategyProvider = ({ const initialRequest$ = of(request).pipe( filter(asyncInitialRequestRT.is), concatMap(({ params }) => - forkJoin([resolvedSourceConfiguration$, messageFormattingRules$]).pipe( + forkJoin([resolvedLogView$, messageFormattingRules$]).pipe( map( ([ { indices, timestampField, tiebreakerField, columns, runtimeMappings }, @@ -138,11 +124,7 @@ export const logEntriesSearchStrategyProvider = ({ concatMap((esRequest) => esSearchStrategy.search(esRequest, options, dependencies)) ); - return combineLatest([ - searchResponse$, - resolvedSourceConfiguration$, - messageFormattingRules$, - ]).pipe( + return combineLatest([searchResponse$, resolvedLogView$, messageFormattingRules$]).pipe( map(([esResponse, { columns }, messageFormattingRules]) => { const rawResponse = decodeOrThrow(getLogEntriesResponseRT)(esResponse.rawResponse); @@ -198,7 +180,7 @@ const { asyncInitialRequestRT, asyncRecoveredRequestRT, asyncRequestRT } = creat const getLogEntryFromHit = ( - columnDefinitions: LogSourceColumnConfiguration[], + columnDefinitions: LogViewColumnConfiguration[], messageFormattingRules: CompiledLogMessageFormattingRule ) => (hit: LogEntryHit): LogEntry => { @@ -271,11 +253,11 @@ function getResponseCursors(entries: LogEntry[]) { const VIEW_IN_CONTEXT_FIELDS = ['log.file.path', 'host.name', 'container.id']; const getRequiredFields = ( - columns: LogSourceColumnConfiguration[], + columns: LogViewColumnConfiguration[], messageFormattingRules: CompiledLogMessageFormattingRule ): string[] => { const fieldsFromColumns = columns.reduce((accumulatedFields, logColumn) => { - if (logSourceFieldColumnConfigurationRT.is(logColumn)) { + if (logViewFieldColumnConfigurationRT.is(logColumn)) { return [...accumulatedFields, logColumn.fieldColumn.field]; } return accumulatedFields; diff --git a/x-pack/plugins/infra/server/services/log_entries/log_entries_service.ts b/x-pack/plugins/infra/server/services/log_entries/log_entries_service.ts index 12bde24761877..0c5e32a9514f3 100644 --- a/x-pack/plugins/infra/server/services/log_entries/log_entries_service.ts +++ b/x-pack/plugins/infra/server/services/log_entries/log_entries_service.ts @@ -10,21 +10,28 @@ import { LOG_ENTRY_SEARCH_STRATEGY } from '../../../common/search_strategies/log import { LOG_ENTRIES_SEARCH_STRATEGY } from '../../../common/search_strategies/log_entries/log_entries'; import { logEntriesSearchStrategyProvider } from './log_entries_search_strategy'; import { logEntrySearchStrategyProvider } from './log_entry_search_strategy'; -import { LogEntriesServiceSetupDeps, LogEntriesServiceStartDeps } from './types'; +import { + LogEntriesServiceSetupDeps, + LogEntriesServicePluginsStartDeps, + LogEntriesServicePluginSelfDeps, +} from './types'; export class LogEntriesService { - public setup(core: CoreSetup, setupDeps: LogEntriesServiceSetupDeps) { - core.getStartServices().then(([, startDeps]) => { + public setup( + core: CoreSetup, + setupDeps: LogEntriesServiceSetupDeps + ) { + core.getStartServices().then(([, startDeps, selfStartDeps]) => { setupDeps.data.search.registerSearchStrategy( LOG_ENTRIES_SEARCH_STRATEGY, - logEntriesSearchStrategyProvider({ ...setupDeps, ...startDeps }) + logEntriesSearchStrategyProvider({ ...setupDeps, ...startDeps, ...selfStartDeps }) ); setupDeps.data.search.registerSearchStrategy( LOG_ENTRY_SEARCH_STRATEGY, - logEntrySearchStrategyProvider({ ...setupDeps, ...startDeps }) + logEntrySearchStrategyProvider({ ...setupDeps, ...startDeps, ...selfStartDeps }) ); }); } - public start(_startDeps: LogEntriesServiceStartDeps) {} + public start(_startDeps: LogEntriesServicePluginsStartDeps) {} } diff --git a/x-pack/plugins/infra/server/services/log_entries/log_entry_search_strategy.test.ts b/x-pack/plugins/infra/server/services/log_entries/log_entry_search_strategy.test.ts index c2f3c70580040..c6ee6fb92ca47 100644 --- a/x-pack/plugins/infra/server/services/log_entries/log_entry_search_strategy.test.ts +++ b/x-pack/plugins/infra/server/services/log_entries/log_entry_search_strategy.test.ts @@ -20,12 +20,9 @@ import { SearchStrategyDependencies, } from 'src/plugins/data/server'; import { createSearchSessionsClientMock } from '../../../../../../src/plugins/data/server/search/mocks'; -import { - createIndexPatternMock, - createIndexPatternsStartMock, -} from '../../../common/dependency_mocks/index_patterns'; -import { InfraSource } from '../../../common/source_configuration/source_configuration'; -import { createInfraSourcesMock } from '../../lib/sources/mocks'; +import { createResolvedLogViewMock } from '../../../common/log_views/resolved_log_view.mock'; +import { createLogViewsClientMock } from '../log_views/log_views_client.mock'; +import { createLogViewsServiceStartMock } from '../log_views/log_views_service.mock'; import { logEntrySearchRequestStateRT, logEntrySearchStrategyProvider, @@ -45,13 +42,15 @@ describe('LogEntry search strategy', () => { }); const dataMock = createDataPluginMock(esSearchStrategyMock); - const sourcesMock = createInfraSourcesMock(); - sourcesMock.getSourceConfiguration.mockResolvedValue(createSourceConfigurationMock()); + const logViewsClientMock = createLogViewsClientMock(); + logViewsClientMock.getResolvedLogView.mockResolvedValue(createResolvedLogViewMock()); + const logViewsMock = createLogViewsServiceStartMock(); + logViewsMock.getScopedClient.mockReturnValue(logViewsClientMock); const mockDependencies = createSearchStrategyDependenciesMock(); const logEntrySearchStrategy = logEntrySearchStrategyProvider({ data: dataMock, - sources: sourcesMock, + logViews: logViewsMock, }); const response = await logEntrySearchStrategy @@ -64,7 +63,8 @@ describe('LogEntry search strategy', () => { ) .toPromise(); - expect(sourcesMock.getSourceConfiguration).toHaveBeenCalled(); + expect(logViewsMock.getScopedClient).toHaveBeenCalled(); + expect(logViewsClientMock.getResolvedLogView).toHaveBeenCalled(); expect(esSearchStrategyMock.search).toHaveBeenCalledWith( { params: expect.objectContaining({ @@ -123,13 +123,15 @@ describe('LogEntry search strategy', () => { }, }); const dataMock = createDataPluginMock(esSearchStrategyMock); - const sourcesMock = createInfraSourcesMock(); - sourcesMock.getSourceConfiguration.mockResolvedValue(createSourceConfigurationMock()); + const logViewsClientMock = createLogViewsClientMock(); + logViewsClientMock.getResolvedLogView.mockResolvedValue(createResolvedLogViewMock()); + const logViewsMock = createLogViewsServiceStartMock(); + logViewsMock.getScopedClient.mockReturnValue(logViewsClientMock); const mockDependencies = createSearchStrategyDependenciesMock(); const logEntrySearchStrategy = logEntrySearchStrategyProvider({ data: dataMock, - sources: sourcesMock, + logViews: logViewsMock, }); const requestId = logEntrySearchRequestStateRT.encode({ esRequestId: 'ASYNC_REQUEST_ID', @@ -146,7 +148,8 @@ describe('LogEntry search strategy', () => { ) .toPromise(); - expect(sourcesMock.getSourceConfiguration).not.toHaveBeenCalled(); + expect(logViewsMock.getScopedClient).not.toHaveBeenCalled(); + expect(logViewsClientMock.getResolvedLogView).not.toHaveBeenCalled(); expect(esSearchStrategyMock.search).toHaveBeenCalled(); expect(response.id).toEqual(requestId); expect(response.isRunning).toBe(false); @@ -176,13 +179,15 @@ describe('LogEntry search strategy', () => { }, }); const dataMock = createDataPluginMock(esSearchStrategyMock); - const sourcesMock = createInfraSourcesMock(); - sourcesMock.getSourceConfiguration.mockResolvedValue(createSourceConfigurationMock()); + const logViewsClientMock = createLogViewsClientMock(); + logViewsClientMock.getResolvedLogView.mockResolvedValue(createResolvedLogViewMock()); + const logViewsMock = createLogViewsServiceStartMock(); + logViewsMock.getScopedClient.mockReturnValue(logViewsClientMock); const mockDependencies = createSearchStrategyDependenciesMock(); const logEntrySearchStrategy = logEntrySearchStrategyProvider({ data: dataMock, - sources: sourcesMock, + logViews: logViewsMock, }); const response = logEntrySearchStrategy.search( @@ -209,13 +214,15 @@ describe('LogEntry search strategy', () => { }, }); const dataMock = createDataPluginMock(esSearchStrategyMock); - const sourcesMock = createInfraSourcesMock(); - sourcesMock.getSourceConfiguration.mockResolvedValue(createSourceConfigurationMock()); + const logViewsClientMock = createLogViewsClientMock(); + logViewsClientMock.getResolvedLogView.mockResolvedValue(createResolvedLogViewMock()); + const logViewsMock = createLogViewsServiceStartMock(); + logViewsMock.getScopedClient.mockReturnValue(logViewsClientMock); const mockDependencies = createSearchStrategyDependenciesMock(); const logEntrySearchStrategy = logEntrySearchStrategyProvider({ data: dataMock, - sources: sourcesMock, + logViews: logViewsMock, }); const requestId = logEntrySearchRequestStateRT.encode({ esRequestId: 'ASYNC_REQUEST_ID', @@ -227,27 +234,6 @@ describe('LogEntry search strategy', () => { }); }); -const createSourceConfigurationMock = (): InfraSource => ({ - id: 'SOURCE_ID', - origin: 'stored' as const, - configuration: { - name: 'SOURCE_NAME', - description: 'SOURCE_DESCRIPTION', - logIndices: { - type: 'index_pattern', - indexPatternId: 'test-index-pattern', - }, - metricAlias: 'metric-indices-*', - inventoryDefaultView: 'DEFAULT_VIEW', - metricsExplorerDefaultView: 'DEFAULT_VIEW', - logColumns: [], - fields: { - message: ['MESSAGE_FIELD'], - }, - anomalyThreshold: 20, - }, -}); - const createEsSearchStrategyMock = (esSearchResponse: IEsSearchResponse) => ({ search: jest.fn((esSearchRequest: IEsSearchRequest) => { if (typeof esSearchRequest.id === 'string') { @@ -285,42 +271,4 @@ const createDataPluginMock = (esSearchStrategyMock: ISearchStrategy): any => ({ search: { getSearchStrategy: jest.fn().mockReturnValue(esSearchStrategyMock), }, - indexPatterns: createIndexPatternsStartMock(0, [ - createIndexPatternMock({ - id: 'test-index-pattern', - title: 'log-indices-*', - timeFieldName: '@timestamp', - type: undefined, - fields: [ - { - name: 'event.dataset', - type: 'string', - esTypes: ['keyword'], - aggregatable: true, - searchable: true, - }, - { - name: 'runtime_field', - type: 'string', - runtimeField: { - type: 'keyword', - script: { - source: 'emit("runtime value")', - }, - }, - esTypes: ['keyword'], - aggregatable: true, - searchable: true, - }, - ], - runtimeFields: { - runtime_field: { - type: 'keyword', - script: { - source: 'emit("runtime value")', - }, - }, - }, - }), - ]), }); diff --git a/x-pack/plugins/infra/server/services/log_entries/log_entry_search_strategy.ts b/x-pack/plugins/infra/server/services/log_entries/log_entry_search_strategy.ts index 565318578f990..6cd6e87810553 100644 --- a/x-pack/plugins/infra/server/services/log_entries/log_entry_search_strategy.ts +++ b/x-pack/plugins/infra/server/services/log_entries/log_entry_search_strategy.ts @@ -6,7 +6,7 @@ */ import * as rt from 'io-ts'; -import { concat, defer, of, forkJoin } from 'rxjs'; +import { concat, defer, of } from 'rxjs'; import { concatMap, filter, map, shareReplay, take } from 'rxjs/operators'; import type { IEsSearchRequest, @@ -25,24 +25,23 @@ import { LogEntrySearchResponsePayload, logEntrySearchResponsePayloadRT, } from '../../../common/search_strategies/log_entries/log_entry'; -import type { IInfraSources } from '../../lib/sources'; import { createAsyncRequestRTs, createErrorFromShardFailure, jsonFromBase64StringRT, } from '../../utils/typed_search_strategy'; +import { LogViewsServiceStart } from '../log_views/types'; import { createGetLogEntryQuery, getLogEntryResponseRT, LogEntryHit } from './queries/log_entry'; -import { resolveLogSourceConfiguration } from '../../../common/log_sources'; type LogEntrySearchRequest = IKibanaSearchRequest; type LogEntrySearchResponse = IKibanaSearchResponse; export const logEntrySearchStrategyProvider = ({ data, - sources, + logViews, }: { data: DataPluginStart; - sources: IInfraSources; + logViews: LogViewsServiceStart; }): ISearchStrategy => { const esSearchStrategy = data.search.getSearchStrategy('ese'); @@ -51,21 +50,8 @@ export const logEntrySearchStrategyProvider = ({ defer(() => { const request = decodeOrThrow(asyncRequestRT)(rawRequest); - const resolvedSourceConfiguration$ = defer(() => - forkJoin([ - sources.getSourceConfiguration( - dependencies.savedObjectsClient, - request.params.sourceId - ), - data.indexPatterns.indexPatternsServiceFactory( - dependencies.savedObjectsClient, - dependencies.esClient.asCurrentUser - ), - ]).pipe( - concatMap(([sourceConfiguration, indexPatternsService]) => - resolveLogSourceConfiguration(sourceConfiguration.configuration, indexPatternsService) - ) - ) + const resolvedLogView$ = defer(() => + logViews.getScopedClient(dependencies.request).getResolvedLogView(request.params.sourceId) ).pipe(take(1), shareReplay(1)); const recoveredRequest$ = of(request).pipe( @@ -76,7 +62,7 @@ export const logEntrySearchStrategyProvider = ({ const initialRequest$ = of(request).pipe( filter(asyncInitialRequestRT.is), concatMap(({ params }) => - resolvedSourceConfiguration$.pipe( + resolvedLogView$.pipe( map( ({ indices, diff --git a/x-pack/plugins/infra/server/services/log_entries/types.ts b/x-pack/plugins/infra/server/services/log_entries/types.ts index 4d07acb1a64aa..e3ebe0eeece56 100644 --- a/x-pack/plugins/infra/server/services/log_entries/types.ts +++ b/x-pack/plugins/infra/server/services/log_entries/types.ts @@ -5,17 +5,20 @@ * 2.0. */ -import { +import type { PluginSetup as DataPluginSetup, PluginStart as DataPluginStart, } from '../../../../../../src/plugins/data/server'; -import { InfraSources } from '../../lib/sources'; +import type { LogViewsServiceStart } from '../log_views/types'; export interface LogEntriesServiceSetupDeps { data: DataPluginSetup; - sources: InfraSources; } -export interface LogEntriesServiceStartDeps { +export interface LogEntriesServicePluginsStartDeps { data: DataPluginStart; } + +export interface LogEntriesServicePluginSelfDeps { + logViews: LogViewsServiceStart; +} diff --git a/x-pack/plugins/infra/server/services/log_queries/get_log_query_fields.ts b/x-pack/plugins/infra/server/services/log_queries/get_log_query_fields.ts deleted file mode 100644 index db1696854db83..0000000000000 --- a/x-pack/plugins/infra/server/services/log_queries/get_log_query_fields.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { SavedObjectsClientContract, ElasticsearchClient } from 'src/core/server'; -import { InfraSources } from '../../lib/sources'; -import { resolveLogSourceConfiguration } from '../../../common/log_sources'; -import { KibanaFramework } from '../../lib/adapters/framework/kibana_framework_adapter'; - -export interface LogQueryFields { - indexPattern: string; -} - -export const createGetLogQueryFields = (sources: InfraSources, framework: KibanaFramework) => { - return async ( - sourceId: string, - savedObjectsClient: SavedObjectsClientContract, - elasticsearchClient: ElasticsearchClient - ): Promise => { - const source = await sources.getSourceConfiguration(savedObjectsClient, sourceId); - const resolvedLogSourceConfiguration = await resolveLogSourceConfiguration( - source.configuration, - await framework.getIndexPatternsService(savedObjectsClient, elasticsearchClient) - ); - - return { - indexPattern: resolvedLogSourceConfiguration.indices, - }; - }; -}; - -export type GetLogQueryFields = ReturnType; diff --git a/x-pack/plugins/infra/server/services/log_views/errors.ts b/x-pack/plugins/infra/server/services/log_views/errors.ts new file mode 100644 index 0000000000000..fb0dc3b031511 --- /dev/null +++ b/x-pack/plugins/infra/server/services/log_views/errors.ts @@ -0,0 +1,13 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export class NotFoundError extends Error { + constructor(message?: string) { + super(message); + Object.setPrototypeOf(this, new.target.prototype); + } +} diff --git a/x-pack/plugins/infra/common/http_api/log_sources/index.ts b/x-pack/plugins/infra/server/services/log_views/index.ts similarity index 54% rename from x-pack/plugins/infra/common/http_api/log_sources/index.ts rename to x-pack/plugins/infra/server/services/log_views/index.ts index f37ad1f4b1f73..d9ec5cfcad261 100644 --- a/x-pack/plugins/infra/common/http_api/log_sources/index.ts +++ b/x-pack/plugins/infra/server/services/log_views/index.ts @@ -5,7 +5,6 @@ * 2.0. */ -export * from './get_log_source_configuration'; -export * from './get_log_source_status'; -export * from './patch_log_source_configuration'; -export * from './common'; +export { LogViewsService } from './log_views_service'; +export { LogViewsClient } from './log_views_client'; +export type { LogViewsServiceSetup, LogViewsServiceStart, LogViewsServiceStartDeps } from './types'; diff --git a/x-pack/plugins/infra/server/services/log_views/log_views_client.mock.ts b/x-pack/plugins/infra/server/services/log_views/log_views_client.mock.ts new file mode 100644 index 0000000000000..ac69ae4f85ba5 --- /dev/null +++ b/x-pack/plugins/infra/server/services/log_views/log_views_client.mock.ts @@ -0,0 +1,15 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { ILogViewsClient } from './types'; + +export const createLogViewsClientMock = (): jest.Mocked => ({ + getLogView: jest.fn(), + getResolvedLogView: jest.fn(), + putLogView: jest.fn(), + resolveLogView: jest.fn(), +}); diff --git a/x-pack/plugins/infra/server/services/log_views/log_views_client.test.ts b/x-pack/plugins/infra/server/services/log_views/log_views_client.test.ts new file mode 100644 index 0000000000000..c99930c7c47a5 --- /dev/null +++ b/x-pack/plugins/infra/server/services/log_views/log_views_client.test.ts @@ -0,0 +1,353 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { loggerMock } from '@kbn/logging-mocks'; +import { SavedObject, SavedObjectsUtils } from 'src/core/server'; +import { savedObjectsClientMock } from 'src/core/server/mocks'; +import { createStubDataView } from 'src/plugins/data_views/common/stubs'; +import { dataViewsService as dataViewsServiceMock } from 'src/plugins/data_views/server/mocks'; +import { + defaultLogViewId, + LogView, + LogViewAttributes, + LogViewsStaticConfig, +} from '../../../common/log_views'; +import { createLogViewMock } from '../../../common/log_views/log_view.mock'; +import { InfraSource } from '../../lib/sources'; +import { createInfraSourcesMock } from '../../lib/sources/mocks'; +import { + extractLogViewSavedObjectReferences, + logViewSavedObjectName, +} from '../../saved_objects/log_view'; +import { getAttributesFromSourceConfiguration, LogViewsClient } from './log_views_client'; + +describe('getAttributesFromSourceConfiguration function', () => { + it('converts the index_pattern log indices type to data_view', () => { + const logViewAttributes = getAttributesFromSourceConfiguration(basicTestSourceConfiguration); + + expect(logViewAttributes.logIndices).toEqual({ + type: 'data_view', + dataViewId: 'INDEX_PATTERN_ID', + }); + }); + + it('preserves the index_name log indices type', () => { + const logViewAttributes = getAttributesFromSourceConfiguration({ + ...basicTestSourceConfiguration, + configuration: { + ...basicTestSourceConfiguration.configuration, + logIndices: { + type: 'index_name', + indexName: 'INDEX_NAME', + }, + }, + }); + + expect(logViewAttributes.logIndices).toEqual({ + type: 'index_name', + indexName: 'INDEX_NAME', + }); + }); +}); + +describe('LogViewsClient class', () => { + it('getLogView resolves the default id to a real saved object id if it exists', async () => { + const { logViewsClient, savedObjectsClient } = createLogViewsClient(); + + const logViewMock = createLogViewMock('SAVED_OBJECT_ID'); + const logViewSavedObject: SavedObject = { + ...extractLogViewSavedObjectReferences(logViewMock.attributes), + id: logViewMock.id, + type: logViewSavedObjectName, + }; + + savedObjectsClient.get.mockResolvedValue(logViewSavedObject); + + savedObjectsClient.find.mockResolvedValue({ + total: 1, + saved_objects: [ + { + score: 0, + ...logViewSavedObject, + }, + ], + per_page: 1, + page: 1, + }); + + const logView = await logViewsClient.getLogView(defaultLogViewId); + + expect(savedObjectsClient.get).toHaveBeenCalledWith(logViewSavedObjectName, 'SAVED_OBJECT_ID'); + expect(logView).toEqual(logViewMock); + }); + + it('getLogView preserves non-default ids', async () => { + const { logViewsClient, savedObjectsClient } = createLogViewsClient(); + + const logViewMock = createLogViewMock('SAVED_OBJECT_ID'); + const logViewSavedObject: SavedObject = { + ...extractLogViewSavedObjectReferences(logViewMock.attributes), + id: logViewMock.id, + type: logViewSavedObjectName, + }; + + savedObjectsClient.get.mockResolvedValue(logViewSavedObject); + + savedObjectsClient.find.mockResolvedValue({ + total: 1, + saved_objects: [ + { + score: 0, + ...logViewSavedObject, + }, + ], + per_page: 1, + page: 1, + }); + + const logView = await logViewsClient.getLogView('SAVED_OBJECT_ID'); + + expect(savedObjectsClient.get).toHaveBeenCalledWith(logViewSavedObjectName, 'SAVED_OBJECT_ID'); + expect(logView).toEqual(logViewMock); + }); + + it('getLogView preserves the default id for fallback lookups', async () => { + const { infraSources, logViewsClient, savedObjectsClient } = createLogViewsClient(); + + infraSources.getSourceConfiguration.mockResolvedValue(basicTestSourceConfiguration); + + savedObjectsClient.find.mockResolvedValue({ + total: 0, + saved_objects: [], + per_page: 0, + page: 1, + }); + + await logViewsClient.getLogView(defaultLogViewId); + + expect(infraSources.getSourceConfiguration).toHaveBeenCalledWith( + savedObjectsClient, + defaultLogViewId + ); + }); + + it('putLogView resolves the default id to a real saved object id if one exists', async () => { + const { logViewsClient, savedObjectsClient } = createLogViewsClient(); + + const existingLogViewMock = createLogViewMock('SAVED_OBJECT_ID'); + const existingLogViewSavedObject: SavedObject = { + ...extractLogViewSavedObjectReferences(existingLogViewMock.attributes), + id: existingLogViewMock.id, + type: logViewSavedObjectName, + }; + + const newLogViewMock = createLogViewMock('SAVED_OBJECT_ID', 'stored', { name: 'New Log View' }); + const newLogViewSavedObject: SavedObject = { + ...extractLogViewSavedObjectReferences(newLogViewMock.attributes), + id: newLogViewMock.id, + type: logViewSavedObjectName, + }; + + savedObjectsClient.create.mockResolvedValue(newLogViewSavedObject); + + savedObjectsClient.find.mockResolvedValue({ + total: 1, + saved_objects: [ + { + score: 0, + ...existingLogViewSavedObject, + }, + ], + per_page: 1, + page: 1, + }); + + const logView = await logViewsClient.putLogView(defaultLogViewId, newLogViewMock.attributes); + + expect(savedObjectsClient.create).toHaveBeenCalledWith( + logViewSavedObjectName, + newLogViewMock.attributes, + expect.objectContaining({ id: 'SAVED_OBJECT_ID' }) + ); + expect(logView).toEqual(newLogViewMock); + }); + + it('putLogView resolves the default id to a new uuid if no default exists', async () => { + const { logViewsClient, savedObjectsClient } = createLogViewsClient(); + + const newLogViewMock = createLogViewMock('NOT_THE_FINAL_ID', 'stored', { + name: 'New Log View', + }); + const newLogViewSavedObject: SavedObject = { + ...extractLogViewSavedObjectReferences(newLogViewMock.attributes), + id: newLogViewMock.id, + type: logViewSavedObjectName, + }; + + savedObjectsClient.create.mockImplementation(async (_type, _attributes, { id = '' } = {}) => ({ + ...newLogViewSavedObject, + id, + })); + + savedObjectsClient.find.mockResolvedValue({ + total: 0, + saved_objects: [], + per_page: 0, + page: 1, + }); + + const logView = await logViewsClient.putLogView(defaultLogViewId, newLogViewMock.attributes); + + expect(savedObjectsClient.create).toHaveBeenCalledWith( + logViewSavedObjectName, + newLogViewMock.attributes, + expect.objectContaining({ + id: expect.any(String), // the id was generated + }) + ); + expect(logView).toEqual( + expect.objectContaining({ + ...newLogViewMock, + id: expect.any(String), // the id was generated + }) + ); + expect(SavedObjectsUtils.isRandomId(logView.id)).toBeTruthy(); + }); + + it('resolveLogView method resolves given LogViewAttributes with DataView reference', async () => { + const { logViewsClient, dataViews } = createLogViewsClient(); + + dataViews.get.mockResolvedValue( + createStubDataView({ + spec: { + id: 'LOG_DATA_VIEW', + title: 'log-indices-*', + timeFieldName: '@timestamp', + runtimeFieldMap: { + runtime_field: { + type: 'keyword', + script: { + source: 'emit("runtime value")', + }, + }, + }, + }, + }) + ); + + const resolvedLogView = await logViewsClient.resolveLogView({ + name: 'LOG VIEW', + description: 'LOG VIEW DESCRIPTION', + logIndices: { + type: 'data_view', + dataViewId: 'LOG_DATA_VIEW', + }, + logColumns: [ + { timestampColumn: { id: 'TIMESTAMP_COLUMN_ID' } }, + { + fieldColumn: { + id: 'DATASET_COLUMN_ID', + field: 'event.dataset', + }, + }, + { + messageColumn: { id: 'MESSAGE_COLUMN_ID' }, + }, + ], + }); + + expect(resolvedLogView).toMatchInlineSnapshot(` + Object { + "columns": Array [ + Object { + "timestampColumn": Object { + "id": "TIMESTAMP_COLUMN_ID", + }, + }, + Object { + "fieldColumn": Object { + "field": "event.dataset", + "id": "DATASET_COLUMN_ID", + }, + }, + Object { + "messageColumn": Object { + "id": "MESSAGE_COLUMN_ID", + }, + }, + ], + "description": "LOG VIEW DESCRIPTION", + "fields": FldList [], + "indices": "log-indices-*", + "messageField": Array [ + "message", + ], + "name": "LOG VIEW", + "runtimeMappings": Object { + "runtime_field": Object { + "script": Object { + "source": "emit(\\"runtime value\\")", + }, + "type": "keyword", + }, + }, + "tiebreakerField": "_doc", + "timestampField": "@timestamp", + } + `); + }); +}); + +const createLogViewsClient = () => { + const logger = loggerMock.create(); + const dataViews = dataViewsServiceMock; + const savedObjectsClient = savedObjectsClientMock.create(); + const infraSources = createInfraSourcesMock(); + const internalLogViews = new Map(); + const logViewStaticConfig: LogViewsStaticConfig = { + messageFields: ['message'], + }; + + const logViewsClient = new LogViewsClient( + logger, + Promise.resolve(dataViews), + savedObjectsClient, + infraSources, + internalLogViews, + logViewStaticConfig + ); + + return { + dataViews, + infraSources, + internalLogViews, + logViewStaticConfig, + logViewsClient, + savedObjectsClient, + }; +}; + +const basicTestSourceConfiguration: InfraSource = { + id: 'ID', + origin: 'stored', + configuration: { + name: 'NAME', + description: 'DESCRIPTION', + logIndices: { + type: 'index_pattern', + indexPatternId: 'INDEX_PATTERN_ID', + }, + logColumns: [], + fields: { + message: [], + }, + metricAlias: 'METRIC_ALIAS', + inventoryDefaultView: 'INVENTORY_DEFAULT_VIEW', + metricsExplorerDefaultView: 'METRICS_EXPLORER_DEFAULT_VIEW', + anomalyThreshold: 0, + }, +}; diff --git a/x-pack/plugins/infra/server/services/log_views/log_views_client.ts b/x-pack/plugins/infra/server/services/log_views/log_views_client.ts new file mode 100644 index 0000000000000..a4c64288d0ac0 --- /dev/null +++ b/x-pack/plugins/infra/server/services/log_views/log_views_client.ts @@ -0,0 +1,210 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { PluginStart as DataViewsServerPluginStart } from 'src/plugins/data_views/server'; +import { + Logger, + SavedObject, + SavedObjectsClientContract, + SavedObjectsUtils, +} from '../../../../../../src/core/server'; +import { + defaultLogViewAttributes, + defaultLogViewId, + LogIndexReference, + LogView, + LogViewAttributes, + LogViewsStaticConfig, + ResolvedLogView, + resolveLogView, +} from '../../../common/log_views'; +import { decodeOrThrow } from '../../../common/runtime_types'; +import { LogIndexReference as SourceConfigurationLogIndexReference } from '../../../common/source_configuration/source_configuration'; +import type { IInfraSources, InfraSource } from '../../lib/sources'; +import { + extractLogViewSavedObjectReferences, + logViewSavedObjectName, + resolveLogViewSavedObjectReferences, +} from '../../saved_objects/log_view'; +import { logViewSavedObjectRT } from '../../saved_objects/log_view/types'; +import { NotFoundError } from './errors'; +import { ILogViewsClient } from './types'; + +type DataViewsService = ReturnType; + +export class LogViewsClient implements ILogViewsClient { + static errors = { + NotFoundError, + }; + + constructor( + private readonly logger: Logger, + private readonly dataViews: DataViewsService, + private readonly savedObjectsClient: SavedObjectsClientContract, + private readonly infraSources: IInfraSources, + private readonly internalLogViews: Map, + private readonly config: LogViewsStaticConfig + ) {} + + public async getLogView(logViewId: string): Promise { + return await this.getSavedLogView(logViewId) + .catch((err) => + this.savedObjectsClient.errors.isNotFoundError(err) || err instanceof NotFoundError + ? this.getInternalLogView(logViewId) + : Promise.reject(err) + ) + .catch((err) => + err instanceof NotFoundError + ? this.getLogViewFromInfraSourceConfiguration(logViewId) + : Promise.reject(err) + ); + } + + public async getResolvedLogView(logViewId: string): Promise { + const logView = await this.getLogView(logViewId); + const resolvedLogView = await this.resolveLogView(logView.attributes); + return resolvedLogView; + } + + public async putLogView( + logViewId: string, + logViewAttributes: Partial + ): Promise { + const resolvedLogViewId = + (await this.resolveLogViewId(logViewId)) ?? SavedObjectsUtils.generateId(); + + this.logger.debug(`Trying to store log view "${logViewId}" as "${resolvedLogViewId}"...`); + + const logViewAttributesWithDefaults = { + ...defaultLogViewAttributes, + ...logViewAttributes, + }; + + const { attributes, references } = extractLogViewSavedObjectReferences( + logViewAttributesWithDefaults + ); + + const savedObject = await this.savedObjectsClient.create(logViewSavedObjectName, attributes, { + id: resolvedLogViewId, + overwrite: true, + references, + }); + + return getLogViewFromSavedObject(savedObject); + } + + public async resolveLogView(logViewAttributes: LogViewAttributes): Promise { + return await resolveLogView(logViewAttributes, await this.dataViews, this.config); + } + + private async getSavedLogView(logViewId: string): Promise { + this.logger.debug(`Trying to load stored log view "${logViewId}"...`); + + const resolvedLogViewId = await this.resolveLogViewId(logViewId); + + if (!resolvedLogViewId) { + throw new NotFoundError( + `Failed to load saved log view: the log view id "${logViewId}" could not be resolved.` + ); + } + + const savedObject = await this.savedObjectsClient.get( + logViewSavedObjectName, + resolvedLogViewId + ); + + return getLogViewFromSavedObject(savedObject); + } + + private async getInternalLogView(logViewId: string): Promise { + this.logger.debug(`Trying to load internal log view "${logViewId}"...`); + + const internalLogView = this.internalLogViews.get(logViewId); + + if (!internalLogView) { + throw new NotFoundError( + `Failed to load internal log view: no view with id "${logViewId}" found.` + ); + } + + return internalLogView; + } + + private async getLogViewFromInfraSourceConfiguration(sourceId: string): Promise { + this.logger.debug(`Trying to load log view from source configuration "${sourceId}"...`); + + const sourceConfiguration = await this.infraSources.getSourceConfiguration( + this.savedObjectsClient, + sourceId + ); + + return { + id: sourceConfiguration.id, + version: sourceConfiguration.version, + updatedAt: sourceConfiguration.updatedAt, + origin: `infra-source-${sourceConfiguration.origin}`, + attributes: getAttributesFromSourceConfiguration(sourceConfiguration), + }; + } + + private async resolveLogViewId(logViewId: string): Promise { + // only the default id needs to be transformed + if (logViewId !== defaultLogViewId) { + return logViewId; + } + + return await this.getNewestSavedLogViewId(); + } + + private async getNewestSavedLogViewId(): Promise { + const response = await this.savedObjectsClient.find({ + type: logViewSavedObjectName, + sortField: 'updated_at', + sortOrder: 'desc', + perPage: 1, + fields: [], + }); + + const [newestSavedLogView] = response.saved_objects; + + return newestSavedLogView?.id ?? null; + } +} + +const getLogViewFromSavedObject = (savedObject: SavedObject): LogView => { + const logViewSavedObject = decodeOrThrow(logViewSavedObjectRT)(savedObject); + + return { + id: logViewSavedObject.id, + version: logViewSavedObject.version, + updatedAt: logViewSavedObject.updated_at, + origin: 'stored', + attributes: resolveLogViewSavedObjectReferences( + logViewSavedObject.attributes, + savedObject.references + ), + }; +}; + +export const getAttributesFromSourceConfiguration = ({ + configuration: { name, description, logIndices, logColumns }, +}: InfraSource): LogViewAttributes => ({ + name, + description, + logIndices: getLogIndicesFromSourceConfigurationLogIndices(logIndices), + logColumns, +}); + +const getLogIndicesFromSourceConfigurationLogIndices = ( + logIndices: SourceConfigurationLogIndexReference +): LogIndexReference => + logIndices.type === 'index_pattern' + ? { + type: 'data_view', + dataViewId: logIndices.indexPatternId, + } + : logIndices; diff --git a/x-pack/plugins/infra/server/services/log_views/log_views_service.mock.ts b/x-pack/plugins/infra/server/services/log_views/log_views_service.mock.ts new file mode 100644 index 0000000000000..becd5a015b2ec --- /dev/null +++ b/x-pack/plugins/infra/server/services/log_views/log_views_service.mock.ts @@ -0,0 +1,16 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { createLogViewsClientMock } from './log_views_client.mock'; +import { LogViewsServiceStart } from './types'; + +export const createLogViewsServiceStartMock = (): jest.Mocked => ({ + getClient: jest.fn((_savedObjectsClient: any, _elasticsearchClient: any) => + createLogViewsClientMock() + ), + getScopedClient: jest.fn((_request: any) => createLogViewsClientMock()), +}); diff --git a/x-pack/plugins/infra/server/services/log_views/log_views_service.ts b/x-pack/plugins/infra/server/services/log_views/log_views_service.ts new file mode 100644 index 0000000000000..f5385b9d2873c --- /dev/null +++ b/x-pack/plugins/infra/server/services/log_views/log_views_service.ts @@ -0,0 +1,70 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { + ElasticsearchClient, + KibanaRequest, + Logger, + SavedObjectsClientContract, +} from 'src/core/server'; +import { LogView, LogViewAttributes } from '../../../common/log_views'; +import { LogViewsClient } from './log_views_client'; +import { LogViewsServiceSetup, LogViewsServiceStart, LogViewsServiceStartDeps } from './types'; + +export class LogViewsService { + private internalLogViews: Map = new Map(); + + constructor(private readonly logger: Logger) {} + + public setup(): LogViewsServiceSetup { + const { internalLogViews } = this; + + return { + defineInternalLogView(logViewId: string, logViewAttributes: LogViewAttributes) { + internalLogViews.set(logViewId, { + id: logViewId, + origin: 'internal', + attributes: logViewAttributes, + updatedAt: Date.now(), + }); + }, + }; + } + + public start({ + config, + dataViews, + elasticsearch, + infraSources, + savedObjects, + }: LogViewsServiceStartDeps): LogViewsServiceStart { + const { internalLogViews, logger } = this; + + return { + getClient( + savedObjectsClient: SavedObjectsClientContract, + elasticsearchClient: ElasticsearchClient, + request?: KibanaRequest + ) { + return new LogViewsClient( + logger, + dataViews.dataViewsServiceFactory(savedObjectsClient, elasticsearchClient, request), + savedObjectsClient, + infraSources, + internalLogViews, + config + ); + }, + getScopedClient(request: KibanaRequest) { + const savedObjectsClient = savedObjects.getScopedClient(request); + const elasticsearchClient = elasticsearch.client.asScoped(request).asCurrentUser; + + return this.getClient(savedObjectsClient, elasticsearchClient, request); + }, + }; + } +} diff --git a/x-pack/plugins/infra/server/services/log_views/types.ts b/x-pack/plugins/infra/server/services/log_views/types.ts new file mode 100644 index 0000000000000..0052db19ee4de --- /dev/null +++ b/x-pack/plugins/infra/server/services/log_views/types.ts @@ -0,0 +1,50 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { + ElasticsearchClient, + ElasticsearchServiceStart, + KibanaRequest, + SavedObjectsClientContract, + SavedObjectsServiceStart, +} from 'src/core/server'; +import { PluginStart as DataViewsServerPluginStart } from 'src/plugins/data_views/server'; +import { + LogView, + LogViewAttributes, + LogViewsStaticConfig, + ResolvedLogView, +} from '../../../common/log_views'; +import { InfraSources } from '../../lib/sources'; + +export interface LogViewsServiceStartDeps { + config: LogViewsStaticConfig; + dataViews: DataViewsServerPluginStart; + elasticsearch: ElasticsearchServiceStart; + infraSources: InfraSources; + savedObjects: SavedObjectsServiceStart; +} + +export interface LogViewsServiceSetup { + defineInternalLogView(logViewId: string, logViewAttributes: LogViewAttributes): void; +} + +export interface LogViewsServiceStart { + getClient( + savedObjectsClient: SavedObjectsClientContract, + elasticsearchClient: ElasticsearchClient, + request?: KibanaRequest + ): ILogViewsClient; + getScopedClient(request: KibanaRequest): ILogViewsClient; +} + +export interface ILogViewsClient { + getLogView(logViewId: string): Promise; + getResolvedLogView(logViewId: string): Promise; + putLogView(logViewId: string, logViewAttributes: Partial): Promise; + resolveLogView(logViewAttributes: LogViewAttributes): Promise; +} diff --git a/x-pack/plugins/infra/server/types.ts b/x-pack/plugins/infra/server/types.ts index d0fd744b133e3..42c27085380f7 100644 --- a/x-pack/plugins/infra/server/types.ts +++ b/x-pack/plugins/infra/server/types.ts @@ -5,9 +5,29 @@ * 2.0. */ -import type { RequestHandlerContext } from 'src/core/server'; +import type { CoreSetup, RequestHandlerContext } from 'src/core/server'; import type { SearchRequestHandlerContext } from '../../../../src/plugins/data/server'; -import { MlPluginSetup } from '../../ml/server'; +import type { MlPluginSetup } from '../../ml/server'; +import type { InfraStaticSourceConfiguration } from '../common/source_configuration/source_configuration'; +import { InfraServerPluginStartDeps } from './lib/adapters/framework'; +import { LogViewsServiceSetup, LogViewsServiceStart } from './services/log_views/types'; + +export type { InfraConfig } from '../common/plugin_config_types'; + +export type InfraPluginCoreSetup = CoreSetup; +export type InfraPluginStartServicesAccessor = InfraPluginCoreSetup['getStartServices']; + +export interface InfraPluginSetup { + defineInternalSourceConfiguration: ( + sourceId: string, + sourceProperties: InfraStaticSourceConfiguration + ) => void; + logViews: LogViewsServiceSetup; +} + +export interface InfraPluginStart { + logViews: LogViewsServiceStart; +} export type MlSystem = ReturnType; export type MlAnomalyDetectors = ReturnType; @@ -31,24 +51,3 @@ export interface InfraPluginRequestHandlerContext extends RequestHandlerContext infra: InfraRequestHandlerContext; search: SearchRequestHandlerContext; } - -export interface InfraConfig { - alerting: { - inventory_threshold: { - group_by_page_size: number; - }; - metric_threshold: { - group_by_page_size: number; - }; - }; - inventory: { - compositeSize: number; - }; - sources?: { - default?: { - fields?: { - message?: string[]; - }; - }; - }; -} diff --git a/x-pack/plugins/infra/tsconfig.json b/x-pack/plugins/infra/tsconfig.json index a2d1d2b63655a..b45bd15adb3f8 100644 --- a/x-pack/plugins/infra/tsconfig.json +++ b/x-pack/plugins/infra/tsconfig.json @@ -17,6 +17,7 @@ "references": [ { "path": "../../../src/core/tsconfig.json" }, { "path": "../../../src/plugins/data/tsconfig.json" }, + { "path": "../../../src/plugins/data_views/tsconfig.json" }, { "path": "../../../src/plugins/embeddable/tsconfig.json" }, { "path": "../../../src/plugins/home/tsconfig.json" }, { "path": "../../../src/plugins/kibana_utils/tsconfig.json" }, diff --git a/x-pack/plugins/ingest_pipelines/kibana.json b/x-pack/plugins/ingest_pipelines/kibana.json index 912584e808331..b43c7c20b9bc1 100644 --- a/x-pack/plugins/ingest_pipelines/kibana.json +++ b/x-pack/plugins/ingest_pipelines/kibana.json @@ -1,6 +1,7 @@ { "id": "ingestPipelines", "version": "8.2.0", + "kibanaVersion": "kibana", "server": true, "ui": true, "owner": { diff --git a/x-pack/plugins/ingest_pipelines/public/application/app.tsx b/x-pack/plugins/ingest_pipelines/public/application/app.tsx index 99624cbcf9967..19ad3b2e1dd75 100644 --- a/x-pack/plugins/ingest_pipelines/public/application/app.tsx +++ b/x-pack/plugins/ingest_pipelines/public/application/app.tsx @@ -10,7 +10,7 @@ import { EuiPageContent, EuiEmptyPrompt } from '@elastic/eui'; import React, { FunctionComponent } from 'react'; import { Router, Switch, Route } from 'react-router-dom'; -import { useKibana } from '../shared_imports'; +import { useKibana, useExecutionContext } from '../shared_imports'; import { APP_CLUSTER_REQUIRED_PRIVILEGES } from '../../common/constants'; @@ -44,7 +44,12 @@ export const AppWithoutRouter = () => ( export const App: FunctionComponent = () => { const { apiError } = useAuthorizationContext(); - const { history } = useKibana().services; + const { history, executionContext } = useKibana().services; + + useExecutionContext(executionContext!, { + type: 'application', + page: 'ingestPipelines', + }); if (apiError) { return ( diff --git a/x-pack/plugins/ingest_pipelines/public/application/mount_management_section.ts b/x-pack/plugins/ingest_pipelines/public/application/mount_management_section.ts index 81f7be35074d8..a032b3a66347b 100644 --- a/x-pack/plugins/ingest_pipelines/public/application/mount_management_section.ts +++ b/x-pack/plugins/ingest_pipelines/public/application/mount_management_section.ts @@ -28,6 +28,7 @@ export async function mountManagementSection( docLinks, application, i18n: { Context: I18nContext }, + executionContext, } = coreStart; documentationService.setup(docLinks); @@ -45,6 +46,7 @@ export async function mountManagementSection( share: depsStart.share, fileUpload: depsStart.fileUpload, application, + executionContext, }; return renderApp(element, I18nContext, services, { http }, { theme$ }); diff --git a/x-pack/plugins/ingest_pipelines/public/shared_imports.ts b/x-pack/plugins/ingest_pipelines/public/shared_imports.ts index 90ccf78355f1a..1fde3a1930ba9 100644 --- a/x-pack/plugins/ingest_pipelines/public/shared_imports.ts +++ b/x-pack/plugins/ingest_pipelines/public/shared_imports.ts @@ -90,6 +90,7 @@ export { export { KibanaContextProvider, KibanaThemeProvider, + useExecutionContext, } from '../../../../src/plugins/kibana_react/public'; export const useKibana = () => _useKibana(); diff --git a/x-pack/plugins/lens/public/app_plugin/show_underlying_data.ts b/x-pack/plugins/lens/public/app_plugin/show_underlying_data.ts index 12cd5aac25552..305b74575ce81 100644 --- a/x-pack/plugins/lens/public/app_plugin/show_underlying_data.ts +++ b/x-pack/plugins/lens/public/app_plugin/show_underlying_data.ts @@ -21,8 +21,8 @@ import { TableInspectorAdapter } from '../editor_frame_service/types'; import { Datasource } from '../types'; export const getShowUnderlyingDataLabel = () => - i18n.translate('xpack.lens.app.openInDiscover', { - defaultMessage: 'Open in Discover', + i18n.translate('xpack.lens.app.exploreRawData', { + defaultMessage: 'Explore raw data', }); /** diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/indexpattern.test.ts b/x-pack/plugins/lens/public/indexpattern_datasource/indexpattern.test.ts index 6bdd41d8db631..66e9ff5bbb416 100644 --- a/x-pack/plugins/lens/public/indexpattern_datasource/indexpattern.test.ts +++ b/x-pack/plugins/lens/public/indexpattern_datasource/indexpattern.test.ts @@ -294,7 +294,6 @@ describe('IndexPattern Data Source', () => { }, }, savedObjectReferences: [ - { name: 'indexpattern-datasource-current-indexpattern', type: 'index-pattern', id: '1' }, { name: 'indexpattern-datasource-layer-first', type: 'index-pattern', id: '1' }, ], }); @@ -2705,14 +2704,7 @@ describe('IndexPattern Data Source', () => { }, }; - const currentIndexPatternReference = { - id: 'some-id', - name: 'indexpattern-datasource-current-indexpattern', - type: 'index-pattern', - }; - const references1: SavedObjectReference[] = [ - currentIndexPatternReference, { id: 'some-id', name: 'indexpattern-datasource-layer-8bd66b66-aba3-49fb-9ff2-4bf83f2be08e', @@ -2721,7 +2713,6 @@ describe('IndexPattern Data Source', () => { ]; const references2: SavedObjectReference[] = [ - currentIndexPatternReference, { id: 'some-DIFFERENT-id', name: 'indexpattern-datasource-layer-8bd66b66-aba3-49fb-9ff2-4bf83f2be08e', diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/loader.test.ts b/x-pack/plugins/lens/public/indexpattern_datasource/loader.test.ts index 77b0ac7de78ca..15391aaf95c80 100644 --- a/x-pack/plugins/lens/public/indexpattern_datasource/loader.test.ts +++ b/x-pack/plugins/lens/public/indexpattern_datasource/loader.test.ts @@ -589,7 +589,6 @@ describe('loader', () => { const state = await loadInitialState({ persistedState: savedState, references: [ - { name: 'indexpattern-datasource-current-indexpattern', id: '2', type: 'index-pattern' }, { name: 'indexpattern-datasource-layer-layerb', id: '2', type: 'index-pattern' }, { name: 'another-reference', id: 'c', type: 'index-pattern' }, ], @@ -640,7 +639,6 @@ describe('loader', () => { const state = await loadInitialState({ persistedState: savedState, references: [ - { name: 'indexpattern-datasource-current-indexpattern', id: '2', type: 'index-pattern' }, { name: 'indexpattern-datasource-layer-layerb', id: '2', type: 'index-pattern' }, { name: 'another-reference', id: 'c', type: 'index-pattern' }, ], @@ -727,11 +725,6 @@ describe('loader', () => { const state = await loadInitialState({ persistedState: savedState, references: [ - { - name: 'indexpattern-datasource-current-indexpattern', - id: 'conflictId', - type: 'index-pattern', - }, { name: 'indexpattern-datasource-layer-layerb', id: 'conflictId', type: 'index-pattern' }, ], indexPatternsService: mockIndexPatternsServiceWithConflict(), @@ -799,11 +792,6 @@ describe('loader', () => { const { savedObjectReferences } = extractReferences(state); expect(savedObjectReferences).toMatchInlineSnapshot(` Array [ - Object { - "id": "b", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern", - }, Object { "id": "id-index-pattern-a", "name": "indexpattern-datasource-layer-a", @@ -822,13 +810,6 @@ describe('loader', () => { const { savedObjectReferences, state: persistedState } = extractReferences(state); expect(injectReferences(persistedState, savedObjectReferences).layers).toEqual(state.layers); }); - - it('should restore current index pattern', () => { - const { savedObjectReferences, state: persistedState } = extractReferences(state); - expect(injectReferences(persistedState, savedObjectReferences).currentIndexPatternId).toEqual( - state.currentIndexPatternId - ); - }); }); describe('changeIndexPattern', () => { diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/loader.ts b/x-pack/plugins/lens/public/indexpattern_datasource/loader.ts index 6742e92bbbf15..a8ad1885b3350 100644 --- a/x-pack/plugins/lens/public/indexpattern_datasource/loader.ts +++ b/x-pack/plugins/lens/public/indexpattern_datasource/loader.ts @@ -165,18 +165,12 @@ const setLastUsedIndexPatternId = (storage: IStorageWrapper, value: string) => { writeToStorage(storage, 'indexPatternId', value); }; -const CURRENT_PATTERN_REFERENCE_NAME = 'indexpattern-datasource-current-indexpattern'; function getLayerReferenceName(layerId: string) { return `indexpattern-datasource-layer-${layerId}`; } -export function extractReferences({ currentIndexPatternId, layers }: IndexPatternPrivateState) { +export function extractReferences({ layers }: IndexPatternPrivateState) { const savedObjectReferences: SavedObjectReference[] = []; - savedObjectReferences.push({ - type: 'index-pattern', - id: currentIndexPatternId, - name: CURRENT_PATTERN_REFERENCE_NAME, - }); const persistableLayers: Record> = {}; Object.entries(layers).forEach(([layerId, { indexPatternId, ...persistableLayer }]) => { savedObjectReferences.push({ @@ -201,8 +195,6 @@ export function injectReferences( }; }); return { - currentIndexPatternId: references.find(({ name }) => name === CURRENT_PATTERN_REFERENCE_NAME)! - .id, layers, }; } @@ -246,13 +238,7 @@ export async function loadInitialState({ const usedPatterns = ( initialContext ? indexPatternIds - : uniq( - state - ? Object.values(state.layers) - .map((l) => l.indexPatternId) - .concat(state.currentIndexPatternId) - : [fallbackId] - ) + : uniq(state ? Object.values(state.layers).map((l) => l.indexPatternId) : [fallbackId]) ) // take out the undefined from the list .filter(Boolean); diff --git a/x-pack/plugins/lens/public/trigger_actions/open_in_discover_action.ts b/x-pack/plugins/lens/public/trigger_actions/open_in_discover_action.ts index 947e01fd15bc9..03b917bb9482f 100644 --- a/x-pack/plugins/lens/public/trigger_actions/open_in_discover_action.ts +++ b/x-pack/plugins/lens/public/trigger_actions/open_in_discover_action.ts @@ -21,8 +21,8 @@ export const createOpenInDiscoverAction = (discover: DiscoverStart, hasDiscoverA order: 19, // right after Inspect which is 20 getIconType: () => 'popout', getDisplayName: () => - i18n.translate('xpack.lens.actions.openInDiscover', { - defaultMessage: 'Open in Discover', + i18n.translate('xpack.lens.actions.exploreRawData', { + defaultMessage: 'Explore raw data', }), isCompatible: async (context: { embeddable: IEmbeddable }) => { if (!hasDiscoverAccess) return false; diff --git a/x-pack/plugins/license_management/public/application/app.js b/x-pack/plugins/license_management/public/application/app.js index b260c4ebfb7a8..f02725bbaf875 100644 --- a/x-pack/plugins/license_management/public/application/app.js +++ b/x-pack/plugins/license_management/public/application/app.js @@ -5,94 +5,101 @@ * 2.0. */ -import React, { Component } from 'react'; +import React, { useEffect } from 'react'; import { FormattedMessage } from '@kbn/i18n-react'; import { LicenseDashboard, UploadLicense } from './sections'; import { Switch, Route } from 'react-router-dom'; import { APP_PERMISSION } from '../../common/constants'; -import { SectionLoading } from '../shared_imports'; +import { SectionLoading, useExecutionContext } from '../shared_imports'; import { EuiPageContent, EuiPageBody, EuiEmptyPrompt } from '@elastic/eui'; -export class App extends Component { - componentDidMount() { - const { loadPermissions } = this.props; - loadPermissions(); - } - - render() { - const { hasPermission, permissionsLoading, permissionsError, telemetry } = this.props; - - if (permissionsLoading) { - return ( - - - - - - ); - } +export const App = ({ + hasPermission, + permissionsLoading, + permissionsError, + telemetry, + loadPermissions, + executionContext, +}) => { + useExecutionContext(executionContext, { + type: 'application', + page: 'licenseManagement', + }); - if (permissionsError) { - const error = permissionsError?.data?.message; + useEffect(() => { + loadPermissions(); + }, [loadPermissions]); - return ( - - - - - } - body={error ?

{error}

: null} + if (permissionsLoading) { + return ( + + + - - ); - } + + + ); + } - if (!hasPermission) { - return ( - - - - - } - body={ -

- {APP_PERMISSION}, - }} - /> -

- } - /> - - ); - } + if (permissionsError) { + const error = permissionsError?.data?.message; - const withTelemetry = (Component) => (props) => ; return ( - - - - - - + + + + + } + body={error ?

{error}

: null} + /> + ); } -} + + if (!hasPermission) { + return ( + + + + + } + body={ +

+ {APP_PERMISSION}, + }} + /> +

+ } + /> + + ); + } + + const withTelemetry = (Component) => (props) => ; + return ( + + + + + + + ); +}; diff --git a/x-pack/plugins/license_management/public/application/index.tsx b/x-pack/plugins/license_management/public/application/index.tsx index 16b6ebb1afdf9..dd70e15646fc7 100644 --- a/x-pack/plugins/license_management/public/application/index.tsx +++ b/x-pack/plugins/license_management/public/application/index.tsx @@ -26,6 +26,7 @@ export const renderApp = (element: Element, dependencies: AppDependencies) => { , element diff --git a/x-pack/plugins/license_management/public/shared_imports.ts b/x-pack/plugins/license_management/public/shared_imports.ts index 878655c82c557..ad4d91b1473f6 100644 --- a/x-pack/plugins/license_management/public/shared_imports.ts +++ b/x-pack/plugins/license_management/public/shared_imports.ts @@ -7,4 +7,7 @@ export { SectionLoading } from '../../../../src/plugins/es_ui_shared/public/'; -export { KibanaThemeProvider } from '../../../../src/plugins/kibana_react/public'; +export { + KibanaThemeProvider, + useExecutionContext, +} from '../../../../src/plugins/kibana_react/public'; diff --git a/x-pack/plugins/maps/public/classes/sources/es_pew_pew_source/es_pew_pew_source.js b/x-pack/plugins/maps/public/classes/sources/es_pew_pew_source/es_pew_pew_source.js index b3d2074c91667..73a267036044e 100644 --- a/x-pack/plugins/maps/public/classes/sources/es_pew_pew_source/es_pew_pew_source.js +++ b/x-pack/plugins/maps/public/classes/sources/es_pew_pew_source/es_pew_pew_source.js @@ -201,11 +201,13 @@ export class ESPewPewSource extends AbstractESAggSource { try { const abortController = new AbortController(); registerCancelCallback(() => abortController.abort()); - const esResp = await searchSource.fetch({ - abortSignal: abortController.signal, - legacyHitsTotal: false, - executionContext: makePublicExecutionContext('es_pew_pew_source:bounds'), - }); + const { rawResponse: esResp } = await searchSource + .fetch$({ + abortSignal: abortController.signal, + legacyHitsTotal: false, + executionContext: makePublicExecutionContext('es_pew_pew_source:bounds'), + }) + .toPromise(); if (esResp.aggregations.destFitToBounds.bounds) { corners.push([ esResp.aggregations.destFitToBounds.bounds.top_left.lon, diff --git a/x-pack/plugins/maps/public/classes/sources/es_search_source/es_search_source.tsx b/x-pack/plugins/maps/public/classes/sources/es_search_source/es_search_source.tsx index e703561357a07..42fded4fbefb7 100644 --- a/x-pack/plugins/maps/public/classes/sources/es_search_source/es_search_source.tsx +++ b/x-pack/plugins/maps/public/classes/sources/es_search_source/es_search_source.tsx @@ -597,10 +597,12 @@ export class ESSearchSource extends AbstractESSource implements IMvtVectorSource searchSource.setField('query', query); searchSource.setField('fieldsFromSource', this._getTooltipPropertyNames()); - const resp = await searchSource.fetch({ - legacyHitsTotal: false, - executionContext: makePublicExecutionContext('es_search_source:load_tooltip_properties'), - }); + const { rawResponse: resp } = await searchSource + .fetch$({ + legacyHitsTotal: false, + executionContext: makePublicExecutionContext('es_search_source:load_tooltip_properties'), + }) + .toPromise(); const hit = _.get(resp, 'hits.hits[0]'); if (!hit) { @@ -899,12 +901,14 @@ export class ESSearchSource extends AbstractESSource implements IMvtVectorSource const maxResultWindow = await this.getMaxResultWindow(); const searchSource = await this.makeSearchSource(searchFilters, 0); searchSource.setField('trackTotalHits', maxResultWindow + 1); - const resp = await searchSource.fetch({ - abortSignal: abortController.signal, - sessionId: searchFilters.searchSessionId, - legacyHitsTotal: false, - executionContext: makePublicExecutionContext('es_search_source:all_doc_counts'), - }); + const { rawResponse: resp } = await searchSource + .fetch$({ + abortSignal: abortController.signal, + sessionId: searchFilters.searchSessionId, + legacyHitsTotal: false, + executionContext: makePublicExecutionContext('es_search_source:all_doc_counts'), + }) + .toPromise(); return !isTotalHitsGreaterThan(resp.hits.total as unknown as TotalHits, maxResultWindow); } } diff --git a/x-pack/plugins/maps/public/classes/sources/es_source/es_source.ts b/x-pack/plugins/maps/public/classes/sources/es_source/es_source.ts index 27c11d27673f2..ece1ec39f3425 100644 --- a/x-pack/plugins/maps/public/classes/sources/es_source/es_source.ts +++ b/x-pack/plugins/maps/public/classes/sources/es_source/es_source.ts @@ -279,11 +279,13 @@ export class AbstractESSource extends AbstractVectorSource implements IESSource try { const abortController = new AbortController(); registerCancelCallback(() => abortController.abort()); - const esResp = await searchSource.fetch({ - abortSignal: abortController.signal, - legacyHitsTotal: false, - executionContext: makePublicExecutionContext('es_source:bounds'), - }); + const { rawResponse: esResp } = await searchSource + .fetch$({ + abortSignal: abortController.signal, + legacyHitsTotal: false, + executionContext: makePublicExecutionContext('es_source:bounds'), + }) + .toPromise(); if (!esResp.aggregations) { return null; diff --git a/x-pack/plugins/maps/public/classes/util/can_skip_fetch.test.ts b/x-pack/plugins/maps/public/classes/util/can_skip_fetch.test.ts index a564644df7af0..953c456d346b8 100644 --- a/x-pack/plugins/maps/public/classes/util/can_skip_fetch.test.ts +++ b/x-pack/plugins/maps/public/classes/util/can_skip_fetch.test.ts @@ -7,7 +7,7 @@ import { canSkipSourceUpdate, updateDueToExtent } from './can_skip_fetch'; import { DataRequest } from './data_request'; -import { Filter } from 'src/plugins/data/common'; +import { Filter } from '@kbn/es-query'; import { ISource } from '../sources/source'; describe('updateDueToExtent', () => { diff --git a/x-pack/plugins/maps/public/locators.test.ts b/x-pack/plugins/maps/public/locators.test.ts index aabae1a26c1df..cc954d5f73717 100644 --- a/x-pack/plugins/maps/public/locators.test.ts +++ b/x-pack/plugins/maps/public/locators.test.ts @@ -6,7 +6,7 @@ */ import { LAYER_TYPE, SOURCE_TYPES, SCALING_TYPES } from '../common/constants'; -import { esFilters } from '../../../../src/plugins/data/public'; +import { FilterStateStore } from '@kbn/es-query'; import { MapsAppLocatorDefinition } from './locators'; import { SerializableRecord } from '@kbn/utility-types'; import { LayerDescriptor } from '../common/descriptor_types'; @@ -100,7 +100,7 @@ describe('visualize url generator', () => { }, query: { query: 'q1' }, $state: { - store: esFilters.FilterStateStore.GLOBAL_STATE, + store: FilterStateStore.GLOBAL_STATE, }, }, ], diff --git a/x-pack/plugins/ml/public/application/explorer/explorer_charts/explorer_charts_container.js b/x-pack/plugins/ml/public/application/explorer/explorer_charts/explorer_charts_container.js index 79a1121a98a62..13800536f2fae 100644 --- a/x-pack/plugins/ml/public/application/explorer/explorer_charts/explorer_charts_container.js +++ b/x-pack/plugins/ml/public/application/explorer/explorer_charts/explorer_charts_container.js @@ -198,20 +198,21 @@ function ExplorerChartContainer({ useEffect( function getMapsPluginLink() { - if (!series) return; let isCancelled = false; - const generateLink = async () => { - if (!isCancelled) { + if (series && getChartType(series) === CHART_TYPE.GEO_MAP) { + const generateLink = async () => { try { const mapsLink = await getMapsLink(); - setMapsLink(mapsLink?.path); + if (!isCancelled) { + setMapsLink(mapsLink?.path); + } } catch (error) { console.error(error); setMapsLink(''); } - } - }; - generateLink().catch(console.error); + }; + generateLink().catch(console.error); + } return () => { isCancelled = true; }; diff --git a/x-pack/plugins/ml/public/embeddables/anomaly_charts/__snapshots__/embeddable_anomaly_charts_container.test.tsx.snap b/x-pack/plugins/ml/public/embeddables/anomaly_charts/__snapshots__/embeddable_anomaly_charts_container.test.tsx.snap index ca474c90859d7..cb9a915a105a8 100644 --- a/x-pack/plugins/ml/public/embeddables/anomaly_charts/__snapshots__/embeddable_anomaly_charts_container.test.tsx.snap +++ b/x-pack/plugins/ml/public/embeddables/anomaly_charts/__snapshots__/embeddable_anomaly_charts_container.test.tsx.snap @@ -52,6 +52,7 @@ Object { "getTimeDefaults": [MockFunction], "getTimeUpdate$": [MockFunction], "isAutoRefreshSelectorEnabled": [MockFunction], + "isRefreshIntervalTouched": [MockFunction], "isTimeRangeSelectorEnabled": [MockFunction], "isTimeTouched": [MockFunction], "setRefreshInterval": [MockFunction], diff --git a/x-pack/plugins/ml/public/embeddables/anomaly_charts/anomaly_charts_embeddable.tsx b/x-pack/plugins/ml/public/embeddables/anomaly_charts/anomaly_charts_embeddable.tsx index 88a153c1e0051..424c1df6497e2 100644 --- a/x-pack/plugins/ml/public/embeddables/anomaly_charts/anomaly_charts_embeddable.tsx +++ b/x-pack/plugins/ml/public/embeddables/anomaly_charts/anomaly_charts_embeddable.tsx @@ -94,10 +94,28 @@ export class AnomalyChartsEmbeddable extends Embeddable< } } + public onLoading() { + this.renderComplete.dispatchInProgress(); + this.updateOutput({ loading: true, error: undefined }); + } + + public onError(error: Error) { + this.renderComplete.dispatchError(); + this.updateOutput({ loading: false, error: { name: error.name, message: error.message } }); + } + + public onRenderComplete() { + this.renderComplete.dispatchComplete(); + this.updateOutput({ loading: false, error: undefined }); + } + public render(node: HTMLElement) { super.render(node); this.node = node; + // required for the export feature to work + this.node.setAttribute('data-shared-item', ''); + const I18nContext = this.services[0].i18n.Context; const theme$ = this.services[0].theme.theme$; @@ -114,6 +132,9 @@ export class AnomalyChartsEmbeddable extends Embeddable< refresh={this.reload$.asObservable()} onInputChange={this.updateInput.bind(this)} onOutputChange={this.updateOutput.bind(this)} + onRenderComplete={this.onRenderComplete.bind(this)} + onLoading={this.onLoading.bind(this)} + onError={this.onError.bind(this)} /> diff --git a/x-pack/plugins/ml/public/embeddables/anomaly_charts/embeddable_anomaly_charts_container.test.tsx b/x-pack/plugins/ml/public/embeddables/anomaly_charts/embeddable_anomaly_charts_container.test.tsx index efa89dd7e7608..9b38d67847388 100644 --- a/x-pack/plugins/ml/public/embeddables/anomaly_charts/embeddable_anomaly_charts_container.test.tsx +++ b/x-pack/plugins/ml/public/embeddables/anomaly_charts/embeddable_anomaly_charts_container.test.tsx @@ -49,6 +49,9 @@ describe('EmbeddableAnomalyChartsContainer', () => { const onInputChange = jest.fn(); const onOutputChange = jest.fn(); + const onRenderComplete = jest.fn(); + const onLoading = jest.fn(); + const onError = jest.fn(); const mockedInput = { viewMode: 'view', @@ -145,6 +148,9 @@ describe('EmbeddableAnomalyChartsContainer', () => { refresh={refresh} onInputChange={onInputChange} onOutputChange={onOutputChange} + onLoading={onLoading} + onRenderComplete={onRenderComplete} + onError={onError} />, defaultOptions ); @@ -172,6 +178,9 @@ describe('EmbeddableAnomalyChartsContainer', () => { refresh={refresh} onInputChange={onInputChange} onOutputChange={onOutputChange} + onLoading={onLoading} + onRenderComplete={onRenderComplete} + onError={onError} />, defaultOptions ); diff --git a/x-pack/plugins/ml/public/embeddables/anomaly_charts/embeddable_anomaly_charts_container.tsx b/x-pack/plugins/ml/public/embeddables/anomaly_charts/embeddable_anomaly_charts_container.tsx index 923014a5c4d4d..e3f8fb3dcdeff 100644 --- a/x-pack/plugins/ml/public/embeddables/anomaly_charts/embeddable_anomaly_charts_container.tsx +++ b/x-pack/plugins/ml/public/embeddables/anomaly_charts/embeddable_anomaly_charts_container.tsx @@ -38,6 +38,9 @@ export interface EmbeddableAnomalyChartsContainerProps { refresh: Observable; onInputChange: (input: Partial) => void; onOutputChange: (output: Partial) => void; + onRenderComplete: () => void; + onLoading: () => void; + onError: (error: Error) => void; } export const EmbeddableAnomalyChartsContainer: FC = ({ @@ -48,6 +51,9 @@ export const EmbeddableAnomalyChartsContainer: FC { const [chartWidth, setChartWidth] = useState(0); const [severity, setSeverity] = useState( @@ -94,7 +100,8 @@ export const EmbeddableAnomalyChartsContainer: FC { diff --git a/x-pack/plugins/ml/public/embeddables/anomaly_charts/use_anomaly_charts_input_resolver.test.ts b/x-pack/plugins/ml/public/embeddables/anomaly_charts/use_anomaly_charts_input_resolver.test.ts index c104c5da80545..6aa148b18ce0c 100644 --- a/x-pack/plugins/ml/public/embeddables/anomaly_charts/use_anomaly_charts_input_resolver.test.ts +++ b/x-pack/plugins/ml/public/embeddables/anomaly_charts/use_anomaly_charts_input_resolver.test.ts @@ -40,6 +40,12 @@ describe('useAnomalyChartsInputResolver', () => { const start = moment().subtract(1, 'years'); const end = moment(); + const renderCallbacks = { + onRenderComplete: jest.fn(), + onLoading: jest.fn(), + onError: jest.fn(), + }; + beforeEach(() => { jest.useFakeTimers(); @@ -116,21 +122,27 @@ describe('useAnomalyChartsInputResolver', () => { refresh, services, 1000, - 0 + 0, + renderCallbacks ) ); expect(result.current.chartsData).toBe(undefined); expect(result.current.error).toBe(undefined); expect(result.current.isLoading).toBe(true); + expect(renderCallbacks.onLoading).toHaveBeenCalledTimes(0); jest.advanceTimersByTime(501); + expect(renderCallbacks.onLoading).toHaveBeenCalledTimes(1); + const explorerServices = services[2]; expect(explorerServices.anomalyDetectorService.getJobs$).toHaveBeenCalledTimes(1); expect(explorerServices.anomalyExplorerService.getAnomalyData$).toHaveBeenCalledTimes(1); + expect(renderCallbacks.onRenderComplete).toHaveBeenCalledTimes(1); + embeddableInput.next({ id: 'test-explorer-charts-embeddable', jobIds: ['anotherJobId'], @@ -144,8 +156,14 @@ describe('useAnomalyChartsInputResolver', () => { }); jest.advanceTimersByTime(501); + expect(renderCallbacks.onLoading).toHaveBeenCalledTimes(2); + expect(explorerServices.anomalyDetectorService.getJobs$).toHaveBeenCalledTimes(2); expect(explorerServices.anomalyExplorerService.getAnomalyData$).toHaveBeenCalledTimes(2); + + expect(renderCallbacks.onRenderComplete).toHaveBeenCalledTimes(2); + + expect(renderCallbacks.onError).toHaveBeenCalledTimes(0); }); test.skip('should not complete the observable on error', async () => { @@ -156,7 +174,8 @@ describe('useAnomalyChartsInputResolver', () => { refresh, services, 1000, - 1 + 1, + renderCallbacks ) ); @@ -168,5 +187,6 @@ describe('useAnomalyChartsInputResolver', () => { } as Partial); expect(result.current.error).toBeDefined(); + expect(renderCallbacks.onError).toHaveBeenCalledTimes(1); }); }); diff --git a/x-pack/plugins/ml/public/embeddables/anomaly_charts/use_anomaly_charts_input_resolver.ts b/x-pack/plugins/ml/public/embeddables/anomaly_charts/use_anomaly_charts_input_resolver.ts index 8195727b2635c..c6dc3ec41ff9e 100644 --- a/x-pack/plugins/ml/public/embeddables/anomaly_charts/use_anomaly_charts_input_resolver.ts +++ b/x-pack/plugins/ml/public/embeddables/anomaly_charts/use_anomaly_charts_input_resolver.ts @@ -35,7 +35,12 @@ export function useAnomalyChartsInputResolver( refresh: Observable, services: [CoreStart, MlStartDependencies, AnomalyChartsServices], chartWidth: number, - severity: number + severity: number, + renderCallbacks: { + onRenderComplete: () => void; + onLoading: () => void; + onError: (error: Error) => void; + } ): { chartsData: ExplorerChartsData | undefined; isLoading: boolean; @@ -61,6 +66,9 @@ export function useAnomalyChartsInputResolver( .pipe( tap(setIsLoading.bind(null, true)), debounceTime(FETCH_RESULTS_DEBOUNCE_MS), + tap(() => { + renderCallbacks.onLoading(); + }), switchMap(([explorerJobs, input, embeddableContainerWidth, severityValue]) => { if (!explorerJobs) { // couldn't load the list of jobs @@ -118,6 +126,8 @@ export function useAnomalyChartsInputResolver( setError(null); setChartsData(results); setIsLoading(false); + + renderCallbacks.onRenderComplete(); } }); @@ -134,5 +144,11 @@ export function useAnomalyChartsInputResolver( severity$.next(severity); }, [severity]); + useEffect(() => { + if (error) { + renderCallbacks.onError(error); + } + }, [error]); + return { chartsData, isLoading, error }; } diff --git a/x-pack/plugins/ml/public/embeddables/anomaly_swimlane/anomaly_swimlane_embeddable.tsx b/x-pack/plugins/ml/public/embeddables/anomaly_swimlane/anomaly_swimlane_embeddable.tsx index e168029148006..e23869cb809b3 100644 --- a/x-pack/plugins/ml/public/embeddables/anomaly_swimlane/anomaly_swimlane_embeddable.tsx +++ b/x-pack/plugins/ml/public/embeddables/anomaly_swimlane/anomaly_swimlane_embeddable.tsx @@ -56,10 +56,28 @@ export class AnomalySwimlaneEmbeddable extends Embeddable< ); } + public onLoading() { + this.renderComplete.dispatchInProgress(); + this.updateOutput({ loading: true, error: undefined }); + } + + public onError(error: Error) { + this.renderComplete.dispatchError(); + this.updateOutput({ loading: false, error: { name: error.name, message: error.message } }); + } + + public onRenderComplete() { + this.renderComplete.dispatchComplete(); + this.updateOutput({ loading: false, error: undefined }); + } + public render(node: HTMLElement) { super.render(node); this.node = node; + // required for the export feature to work + this.node.setAttribute('data-shared-item', ''); + const I18nContext = this.services[0].i18n.Context; const theme$ = this.services[0].theme.theme$; @@ -76,6 +94,9 @@ export class AnomalySwimlaneEmbeddable extends Embeddable< refresh={this.reload$.asObservable()} onInputChange={this.updateInput.bind(this)} onOutputChange={this.updateOutput.bind(this)} + onRenderComplete={this.onRenderComplete.bind(this)} + onLoading={this.onLoading.bind(this)} + onError={this.onError.bind(this)} /> diff --git a/x-pack/plugins/ml/public/embeddables/anomaly_swimlane/embeddable_swim_lane_container.test.tsx b/x-pack/plugins/ml/public/embeddables/anomaly_swimlane/embeddable_swim_lane_container.test.tsx index 6b44073ac95bb..e9ff81ac07bdc 100644 --- a/x-pack/plugins/ml/public/embeddables/anomaly_swimlane/embeddable_swim_lane_container.test.tsx +++ b/x-pack/plugins/ml/public/embeddables/anomaly_swimlane/embeddable_swim_lane_container.test.tsx @@ -48,6 +48,9 @@ describe('ExplorerSwimlaneContainer', () => { const onInputChange = jest.fn(); const onOutputChange = jest.fn(); + const onRenderComplete = jest.fn(); + const onLoading = jest.fn(); + const onError = jest.fn(); beforeEach(() => { embeddableContext = { id: 'test-id' } as AnomalySwimlaneEmbeddable; @@ -102,6 +105,9 @@ describe('ExplorerSwimlaneContainer', () => { refresh={refresh} onInputChange={onInputChange} onOutputChange={onOutputChange} + onLoading={onLoading} + onRenderComplete={onRenderComplete} + onError={onError} />, defaultOptions ); @@ -141,6 +147,9 @@ describe('ExplorerSwimlaneContainer', () => { refresh={refresh} onInputChange={onInputChange} onOutputChange={onOutputChange} + onLoading={onLoading} + onRenderComplete={onRenderComplete} + onError={onError} />, defaultOptions ); diff --git a/x-pack/plugins/ml/public/embeddables/anomaly_swimlane/embeddable_swim_lane_container.tsx b/x-pack/plugins/ml/public/embeddables/anomaly_swimlane/embeddable_swim_lane_container.tsx index 28598974ba4d0..ac9586bfa69ae 100644 --- a/x-pack/plugins/ml/public/embeddables/anomaly_swimlane/embeddable_swim_lane_container.tsx +++ b/x-pack/plugins/ml/public/embeddables/anomaly_swimlane/embeddable_swim_lane_container.tsx @@ -35,6 +35,9 @@ export interface ExplorerSwimlaneContainerProps { refresh: Observable; onInputChange: (input: Partial) => void; onOutputChange: (output: Partial) => void; + onRenderComplete: () => void; + onLoading: () => void; + onError: (error: Error) => void; } export const EmbeddableSwimLaneContainer: FC = ({ @@ -45,6 +48,9 @@ export const EmbeddableSwimLaneContainer: FC = ( refresh, onInputChange, onOutputChange, + onRenderComplete, + onLoading, + onError, }) => { const [chartWidth, setChartWidth] = useState(0); @@ -61,7 +67,8 @@ export const EmbeddableSwimLaneContainer: FC = ( refresh, services, chartWidth, - fromPage + fromPage, + { onRenderComplete, onError, onLoading } ); useEffect(() => { diff --git a/x-pack/plugins/ml/public/embeddables/anomaly_swimlane/swimlane_input_resolver.test.ts b/x-pack/plugins/ml/public/embeddables/anomaly_swimlane/swimlane_input_resolver.test.ts index 28aae4bcc0a55..de2281b395000 100644 --- a/x-pack/plugins/ml/public/embeddables/anomaly_swimlane/swimlane_input_resolver.test.ts +++ b/x-pack/plugins/ml/public/embeddables/anomaly_swimlane/swimlane_input_resolver.test.ts @@ -19,6 +19,12 @@ describe('useSwimlaneInputResolver', () => { let services: [CoreStart, MlStartDependencies, AnomalySwimlaneServices]; let onInputChange: jest.Mock; + const renderCallbacks = { + onRenderComplete: jest.fn(), + onLoading: jest.fn(), + onError: jest.fn(), + }; + beforeEach(() => { jest.useFakeTimers(); @@ -78,6 +84,7 @@ describe('useSwimlaneInputResolver', () => { ]; onInputChange = jest.fn(); }); + afterEach(() => { jest.useRealTimers(); jest.clearAllMocks(); @@ -91,7 +98,8 @@ describe('useSwimlaneInputResolver', () => { refresh, services, 1000, - 1 + 1, + renderCallbacks ) ); @@ -106,6 +114,9 @@ describe('useSwimlaneInputResolver', () => { expect(services[2].anomalyDetectorService.getJobs$).toHaveBeenCalledTimes(1); expect(services[2].anomalyTimelineService.loadOverallData).toHaveBeenCalledTimes(1); + expect(renderCallbacks.onLoading).toHaveBeenCalledTimes(1); + expect(renderCallbacks.onRenderComplete).toHaveBeenCalledTimes(1); + await act(async () => { embeddableInput.next({ id: 'test-swimlane-embeddable', @@ -121,6 +132,9 @@ describe('useSwimlaneInputResolver', () => { expect(services[2].anomalyDetectorService.getJobs$).toHaveBeenCalledTimes(2); expect(services[2].anomalyTimelineService.loadOverallData).toHaveBeenCalledTimes(2); + expect(renderCallbacks.onLoading).toHaveBeenCalledTimes(2); + expect(renderCallbacks.onRenderComplete).toHaveBeenCalledTimes(2); + await act(async () => { embeddableInput.next({ id: 'test-swimlane-embeddable', @@ -135,6 +149,9 @@ describe('useSwimlaneInputResolver', () => { expect(services[2].anomalyDetectorService.getJobs$).toHaveBeenCalledTimes(2); expect(services[2].anomalyTimelineService.loadOverallData).toHaveBeenCalledTimes(3); + + expect(renderCallbacks.onLoading).toHaveBeenCalledTimes(3); + expect(renderCallbacks.onRenderComplete).toHaveBeenCalledTimes(3); }); test('should not complete the observable on error', async () => { @@ -145,7 +162,8 @@ describe('useSwimlaneInputResolver', () => { refresh, services, 1000, - 1 + 1, + renderCallbacks ) ); @@ -160,5 +178,7 @@ describe('useSwimlaneInputResolver', () => { }); expect(result.current[6]?.message).toBe('Invalid job'); + + expect(renderCallbacks.onError).toHaveBeenCalledTimes(1); }); }); diff --git a/x-pack/plugins/ml/public/embeddables/anomaly_swimlane/swimlane_input_resolver.ts b/x-pack/plugins/ml/public/embeddables/anomaly_swimlane/swimlane_input_resolver.ts index 8b0c89bbd16b7..ee3a635071071 100644 --- a/x-pack/plugins/ml/public/embeddables/anomaly_swimlane/swimlane_input_resolver.ts +++ b/x-pack/plugins/ml/public/embeddables/anomaly_swimlane/swimlane_input_resolver.ts @@ -46,10 +46,15 @@ const FETCH_RESULTS_DEBOUNCE_MS = 500; export function useSwimlaneInputResolver( embeddableInput$: Observable, onInputChange: (output: Partial) => void, - refresh: Observable, + refresh: Observable, services: [CoreStart, MlStartDependencies, AnomalySwimlaneServices], chartWidth: number, - fromPage: number + fromPage: number, + renderCallbacks: { + onRenderComplete: () => void; + onLoading: () => void; + onError: (error: Error) => void; + } ): [ string | undefined, OverallSwimlaneData | undefined, @@ -122,6 +127,9 @@ export function useSwimlaneInputResolver( .pipe( tap(setIsLoading.bind(null, true)), debounceTime(FETCH_RESULTS_DEBOUNCE_MS), + tap(() => { + renderCallbacks.onLoading(); + }), switchMap(([explorerJobs, input, bucketInterval, fromPageInput, perPageFromState]) => { if (!explorerJobs) { // couldn't load the list of jobs @@ -227,6 +235,18 @@ export function useSwimlaneInputResolver( chartWidth$.next(chartWidth); }, [chartWidth]); + useEffect(() => { + if (error) { + renderCallbacks.onError(error); + } + }, [error]); + + useEffect(() => { + if (swimlaneData) { + renderCallbacks.onRenderComplete(); + } + }, [swimlaneData]); + return [ swimlaneType, swimlaneData, diff --git a/x-pack/plugins/monitoring/public/application/contexts/global_state_context.tsx b/x-pack/plugins/monitoring/public/application/contexts/global_state_context.tsx index 3dbb703b5706f..bb8195744cc31 100644 --- a/x-pack/plugins/monitoring/public/application/contexts/global_state_context.tsx +++ b/x-pack/plugins/monitoring/public/application/contexts/global_state_context.tsx @@ -9,10 +9,12 @@ import { GlobalState } from '../../url_state'; import { MonitoringStartPluginDependencies, MonitoringStartServices } from '../../types'; import { TimeRange, RefreshInterval } from '../../../../../../src/plugins/data/public'; import { Legacy } from '../../legacy_shims'; +import { shouldOverrideRefreshInterval } from './should_override_refresh_interval'; interface GlobalStateProviderProps { query: MonitoringStartPluginDependencies['data']['query']; toasts: MonitoringStartServices['notifications']['toasts']; + uiSettings: MonitoringStartServices['uiSettings']; } export interface State { @@ -27,7 +29,13 @@ export interface State { export const GlobalStateContext = createContext({} as State); +const REFRESH_INTERVAL_OVERRIDE = { + pause: false, + value: 10000, +}; + export const GlobalStateProvider: React.FC = ({ + uiSettings, query, toasts, children, @@ -43,18 +51,17 @@ export const GlobalStateProvider: React.FC = ({ localState[key] = initialState[key]; } - localState.refreshInterval = { value: 10000, pause: false }; - localState.save = () => { const newState = { ...localState }; delete newState.save; state.setState(newState); }; - const { value, pause } = Legacy.shims.timefilter.getRefreshInterval(); - if (!value && pause) { + // default to an active refresh interval if it's not conflicting with user-defined values + if (shouldOverrideRefreshInterval(uiSettings, Legacy.shims.timefilter)) { + localState.refreshInterval = REFRESH_INTERVAL_OVERRIDE; Legacy.shims.timefilter.setRefreshInterval(localState.refreshInterval); - localState.save?.(); + localState.save(); } return {children}; diff --git a/x-pack/plugins/monitoring/public/application/contexts/should_override_refresh_interval.test.ts b/x-pack/plugins/monitoring/public/application/contexts/should_override_refresh_interval.test.ts new file mode 100644 index 0000000000000..bf6141eb4c9a8 --- /dev/null +++ b/x-pack/plugins/monitoring/public/application/contexts/should_override_refresh_interval.test.ts @@ -0,0 +1,54 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import { shouldOverrideRefreshInterval } from './should_override_refresh_interval'; +import { MonitoringStartPluginDependencies, MonitoringStartServices } from '../../types'; + +const getMockArguments = ({ + isDefaultSettings = true, + isRefreshIntervalTouched = false, + refreshInterval = { pause: false, value: 0 }, +}) => { + const timefilter = { + isRefreshIntervalTouched: () => isRefreshIntervalTouched, + getRefreshInterval: () => refreshInterval, + } as MonitoringStartPluginDependencies['data']['query']['timefilter']['timefilter']; + + const uiSettings = { + isDefault: () => isDefaultSettings, + } as unknown as MonitoringStartServices['uiSettings']; + + return { + timefilter, + uiSettings, + }; +}; + +describe('shouldOverrideRefreshInterval', () => { + test('should not override when the interval was updated with the timefilter', () => { + const { uiSettings, timefilter } = getMockArguments({ isRefreshIntervalTouched: true }); + expect(shouldOverrideRefreshInterval(uiSettings, timefilter)).toBe(false); + }); + + test('should not override when the interval was updated with the settings', () => { + const { uiSettings, timefilter } = getMockArguments({ isDefaultSettings: false }); + expect(shouldOverrideRefreshInterval(uiSettings, timefilter)).toBe(false); + }); + + test('should override when the default is a paused interval', () => { + let { uiSettings, timefilter } = getMockArguments({ + isDefaultSettings: true, + refreshInterval: { pause: true, value: 10000 }, + }); + expect(shouldOverrideRefreshInterval(uiSettings, timefilter)).toBe(true); + + ({ uiSettings, timefilter } = getMockArguments({ + isDefaultSettings: true, + refreshInterval: { pause: false, value: 0 }, + })); + expect(shouldOverrideRefreshInterval(uiSettings, timefilter)).toBe(true); + }); +}); diff --git a/x-pack/plugins/monitoring/public/application/contexts/should_override_refresh_interval.ts b/x-pack/plugins/monitoring/public/application/contexts/should_override_refresh_interval.ts new file mode 100644 index 0000000000000..9b6c94929862d --- /dev/null +++ b/x-pack/plugins/monitoring/public/application/contexts/should_override_refresh_interval.ts @@ -0,0 +1,24 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import { MonitoringStartPluginDependencies, MonitoringStartServices } from '../../types'; +import { UI_SETTINGS } from '../../../../../../src/plugins/data/public'; + +export const shouldOverrideRefreshInterval = ( + uiSettings: MonitoringStartServices['uiSettings'], + timefilter: MonitoringStartPluginDependencies['data']['query']['timefilter']['timefilter'] +): boolean => { + const isUserDefined = + timefilter.isRefreshIntervalTouched() || + !uiSettings.isDefault(UI_SETTINGS.TIMEPICKER_REFRESH_INTERVAL_DEFAULTS); + if (isUserDefined) { + return false; + } + + const currentInterval = timefilter.getRefreshInterval(); + const isPaused = currentInterval.pause || currentInterval.value === 0; + return isPaused; +}; diff --git a/x-pack/plugins/monitoring/public/application/hooks/use_monitoring_time.ts b/x-pack/plugins/monitoring/public/application/hooks/use_monitoring_time.ts index e8973ce18232c..8f1a5d6f4a9d3 100644 --- a/x-pack/plugins/monitoring/public/application/hooks/use_monitoring_time.ts +++ b/x-pack/plugins/monitoring/public/application/hooks/use_monitoring_time.ts @@ -22,9 +22,6 @@ export const DEFAULT_TIMERANGE: TimeOptions = { interval: '>=10s', }; -const DEFAULT_REFRESH_INTERVAL_VALUE = 10000; -const DEFAULT_REFRESH_INTERVAL_PAUSE = false; - export const useMonitoringTime = () => { const { services } = useKibana<{ data: any }>(); const state = useContext(GlobalStateContext); @@ -35,8 +32,8 @@ export const useMonitoringTime = () => { }; const { value, pause } = services.data?.query.timefilter.timefilter.getRefreshInterval(); - const [refreshInterval, setRefreshInterval] = useState(value || DEFAULT_REFRESH_INTERVAL_VALUE); - const [isPaused, setIsPaused] = useState(pause || DEFAULT_REFRESH_INTERVAL_PAUSE); + const [refreshInterval, setRefreshInterval] = useState(value); + const [isPaused, setIsPaused] = useState(pause); const [currentTimerange, setTimeRange] = useState(defaultTimeRange); const [isDisabled, setIsDisabled] = useState(false); diff --git a/x-pack/plugins/monitoring/public/application/index.tsx b/x-pack/plugins/monitoring/public/application/index.tsx index a08d9f2648eca..5d5d0c8bdd8a6 100644 --- a/x-pack/plugins/monitoring/public/application/index.tsx +++ b/x-pack/plugins/monitoring/public/application/index.tsx @@ -101,7 +101,11 @@ const MonitoringApp: React.FC<{ return ( - + diff --git a/x-pack/plugins/osquery/public/common/schemas/ecs/v1.12.1.json b/x-pack/plugins/osquery/public/common/schemas/ecs/v1.12.1.json deleted file mode 100644 index a613c8b576524..0000000000000 --- a/x-pack/plugins/osquery/public/common/schemas/ecs/v1.12.1.json +++ /dev/null @@ -1 +0,0 @@ -[{"field":"labels","type":"object","normalization":"","example":{"application":"foo-bar","env":"production"},"description":"Custom key/value pairs."},{"field":"message","type":"match_only_text","normalization":"","example":"Hello World","description":"Log message optimized for viewing in a log viewer."},{"field":"tags","type":"keyword","normalization":"array","example":["production","env2"],"description":"List of keywords used to tag each event."},{"field":"agent.build.original","type":"keyword","normalization":"","example":"metricbeat version 7.6.0 (amd64), libbeat 7.6.0 [6a23e8f8f30f5001ba344e4e54d8d9cb82cb107c built 2020-02-05 23:10:10 +0000 UTC]","description":"Extended build information for the agent."},{"field":"client.address","type":"keyword","normalization":"","example":"","description":"Client network address."},{"field":"client.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"client.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"client.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"client.bytes","type":"long","normalization":"","example":184,"description":"Bytes sent from the client to the server."},{"field":"client.domain","type":"keyword","normalization":"","example":"","description":"Client domain."},{"field":"client.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"client.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"client.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"client.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"client.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"client.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"client.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"client.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"client.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"client.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"client.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"client.ip","type":"ip","normalization":"","example":"","description":"IP address of the client."},{"field":"client.mac","type":"keyword","normalization":"","example":"00-00-5E-00-53-23","description":"MAC address of the client."},{"field":"client.nat.ip","type":"ip","normalization":"","example":"","description":"Client NAT ip address"},{"field":"client.nat.port","type":"long","normalization":"","example":"","description":"Client NAT port"},{"field":"client.packets","type":"long","normalization":"","example":12,"description":"Packets sent from the client to the server."},{"field":"client.port","type":"long","normalization":"","example":"","description":"Port of the client."},{"field":"client.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered client domain, stripped of the subdomain."},{"field":"client.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"client.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"client.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"client.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"client.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"client.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"client.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"client.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"client.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"client.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"client.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"client.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"client.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"client.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"cloud.account.id","type":"keyword","normalization":"","example":666777888999,"description":"The cloud account or organization id."},{"field":"cloud.account.name","type":"keyword","normalization":"","example":"elastic-dev","description":"The cloud account name."},{"field":"cloud.availability_zone","type":"keyword","normalization":"","example":"us-east-1c","description":"Availability zone in which this host, resource, or service is located."},{"field":"cloud.instance.id","type":"keyword","normalization":"","example":"i-1234567890abcdef0","description":"Instance ID of the host machine."},{"field":"cloud.instance.name","type":"keyword","normalization":"","example":"","description":"Instance name of the host machine."},{"field":"cloud.machine.type","type":"keyword","normalization":"","example":"t2.medium","description":"Machine type of the host machine."},{"field":"cloud.project.id","type":"keyword","normalization":"","example":"my-project","description":"The cloud project id."},{"field":"cloud.project.name","type":"keyword","normalization":"","example":"my project","description":"The cloud project name."},{"field":"cloud.provider","type":"keyword","normalization":"","example":"aws","description":"Name of the cloud provider."},{"field":"cloud.region","type":"keyword","normalization":"","example":"us-east-1","description":"Region in which this host, resource, or service is located."},{"field":"cloud.service.name","type":"keyword","normalization":"","example":"lambda","description":"The cloud service name."},{"field":"container.id","type":"keyword","normalization":"","example":"","description":"Unique container id."},{"field":"container.image.name","type":"keyword","normalization":"","example":"","description":"Name of the image the container was built on."},{"field":"container.image.tag","type":"keyword","normalization":"array","example":"","description":"Container image tags."},{"field":"container.labels","type":"object","normalization":"","example":"","description":"Image labels."},{"field":"container.name","type":"keyword","normalization":"","example":"","description":"Container name."},{"field":"container.runtime","type":"keyword","normalization":"","example":"docker","description":"Runtime managing this container."},{"field":"data_stream.dataset","type":"constant_keyword","normalization":"","example":"nginx.access","description":"The field can contain anything that makes sense to signify the source of the data."},{"field":"data_stream.namespace","type":"constant_keyword","normalization":"","example":"production","description":"A user defined namespace. Namespaces are useful to allow grouping of data."},{"field":"data_stream.type","type":"constant_keyword","normalization":"","example":"logs","description":"An overarching type for the data stream."},{"field":"destination.address","type":"keyword","normalization":"","example":"","description":"Destination network address."},{"field":"destination.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"destination.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"destination.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"destination.bytes","type":"long","normalization":"","example":184,"description":"Bytes sent from the destination to the source."},{"field":"destination.domain","type":"keyword","normalization":"","example":"","description":"Destination domain."},{"field":"destination.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"destination.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"destination.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"destination.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"destination.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"destination.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"destination.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"destination.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"destination.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"destination.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"destination.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"destination.ip","type":"ip","normalization":"","example":"","description":"IP address of the destination."},{"field":"destination.mac","type":"keyword","normalization":"","example":"00-00-5E-00-53-23","description":"MAC address of the destination."},{"field":"destination.nat.ip","type":"ip","normalization":"","example":"","description":"Destination NAT ip"},{"field":"destination.nat.port","type":"long","normalization":"","example":"","description":"Destination NAT Port"},{"field":"destination.packets","type":"long","normalization":"","example":12,"description":"Packets sent from the destination to the source."},{"field":"destination.port","type":"long","normalization":"","example":"","description":"Port of the destination."},{"field":"destination.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered destination domain, stripped of the subdomain."},{"field":"destination.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"destination.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"destination.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"destination.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"destination.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"destination.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"destination.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"destination.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"destination.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"destination.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"destination.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"destination.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"destination.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"destination.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"dll.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"dll.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"dll.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"dll.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"dll.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"dll.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"dll.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"dll.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"dll.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"dll.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"dll.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"dll.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"dll.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"dll.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"dll.name","type":"keyword","normalization":"","example":"kernel32.dll","description":"Name of the library."},{"field":"dll.path","type":"keyword","normalization":"","example":"C:\\Windows\\System32\\kernel32.dll","description":"Full file path of the library."},{"field":"dll.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"dll.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"dll.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"dll.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"dll.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"dll.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"dll.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"dns.answers","type":"object","normalization":"array","example":"","description":"Array of DNS answers."},{"field":"dns.answers.class","type":"keyword","normalization":"","example":"IN","description":"The class of DNS data contained in this resource record."},{"field":"dns.answers.data","type":"keyword","normalization":"","example":"10.10.10.10","description":"The data describing the resource."},{"field":"dns.answers.name","type":"keyword","normalization":"","example":"www.example.com","description":"The domain name to which this resource record pertains."},{"field":"dns.answers.ttl","type":"long","normalization":"","example":180,"description":"The time interval in seconds that this resource record may be cached before it should be discarded."},{"field":"dns.answers.type","type":"keyword","normalization":"","example":"CNAME","description":"The type of data contained in this resource record."},{"field":"dns.header_flags","type":"keyword","normalization":"array","example":["RD","RA"],"description":"Array of DNS header flags."},{"field":"dns.id","type":"keyword","normalization":"","example":62111,"description":"The DNS packet identifier assigned by the program that generated the query. The identifier is copied to the response."},{"field":"dns.op_code","type":"keyword","normalization":"","example":"QUERY","description":"The DNS operation code that specifies the kind of query in the message."},{"field":"dns.question.class","type":"keyword","normalization":"","example":"IN","description":"The class of records being queried."},{"field":"dns.question.name","type":"keyword","normalization":"","example":"www.example.com","description":"The name being queried."},{"field":"dns.question.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered domain, stripped of the subdomain."},{"field":"dns.question.subdomain","type":"keyword","normalization":"","example":"www","description":"The subdomain of the domain."},{"field":"dns.question.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"dns.question.type","type":"keyword","normalization":"","example":"AAAA","description":"The type of record being queried."},{"field":"dns.resolved_ip","type":"ip","normalization":"array","example":["10.10.10.10","10.10.10.11"],"description":"Array containing all IPs seen in answers.data"},{"field":"dns.response_code","type":"keyword","normalization":"","example":"NOERROR","description":"The DNS response code."},{"field":"dns.type","type":"keyword","normalization":"","example":"answer","description":"The type of DNS event captured, query or answer."},{"field":"error.code","type":"keyword","normalization":"","example":"","description":"Error code describing the error."},{"field":"error.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the error."},{"field":"error.message","type":"match_only_text","normalization":"","example":"","description":"Error message."},{"field":"error.stack_trace","type":"wildcard","normalization":"","example":"","description":"The stack trace of this error in plain text."},{"field":"error.stack_trace.text","type":"match_only_text","normalization":"","example":"","description":"The stack trace of this error in plain text."},{"field":"error.type","type":"keyword","normalization":"","example":"java.lang.NullPointerException","description":"The type of the error, for example the class name of the exception."},{"field":"event.action","type":"keyword","normalization":"","example":"user-password-change","description":"The action captured by the event."},{"field":"event.category","type":"keyword","normalization":"array","example":"authentication","description":"Event category. The second categorization field in the hierarchy."},{"field":"event.code","type":"keyword","normalization":"","example":4648,"description":"Identification code for this event."},{"field":"event.created","type":"date","normalization":"","example":"2016-05-23T08:05:34.857Z","description":"Time when the event was first read by an agent or by your pipeline."},{"field":"event.dataset","type":"keyword","normalization":"","example":"apache.access","description":"Name of the dataset."},{"field":"event.duration","type":"long","normalization":"","example":"","description":"Duration of the event in nanoseconds."},{"field":"event.end","type":"date","normalization":"","example":"","description":"event.end contains the date when the event ended or when the activity was last observed."},{"field":"event.hash","type":"keyword","normalization":"","example":"123456789012345678901234567890ABCD","description":"Hash (perhaps logstash fingerprint) of raw field to be able to demonstrate log integrity."},{"field":"event.id","type":"keyword","normalization":"","example":"8a4f500d","description":"Unique ID to describe the event."},{"field":"event.kind","type":"keyword","normalization":"","example":"alert","description":"The kind of the event. The highest categorization field in the hierarchy."},{"field":"event.original","type":"keyword","normalization":"","example":"Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100| worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232","description":"Raw text message of entire event."},{"field":"event.outcome","type":"keyword","normalization":"","example":"success","description":"The outcome of the event. The lowest level categorization field in the hierarchy."},{"field":"event.provider","type":"keyword","normalization":"","example":"kernel","description":"Source of the event."},{"field":"event.reason","type":"keyword","normalization":"","example":"Terminated an unexpected process","description":"Reason why this event happened, according to the source"},{"field":"event.reference","type":"keyword","normalization":"","example":"https://system.example.com/event/#0001234","description":"Event reference URL"},{"field":"event.risk_score","type":"float","normalization":"","example":"","description":"Risk score or priority of the event (e.g. security solutions). Use your system's original value here."},{"field":"event.risk_score_norm","type":"float","normalization":"","example":"","description":"Normalized risk score or priority of the event (0-100)."},{"field":"event.sequence","type":"long","normalization":"","example":"","description":"Sequence number of the event."},{"field":"event.severity","type":"long","normalization":"","example":7,"description":"Numeric severity of the event."},{"field":"event.start","type":"date","normalization":"","example":"","description":"event.start contains the date when the event started or when the activity was first observed."},{"field":"event.timezone","type":"keyword","normalization":"","example":"","description":"Event time zone."},{"field":"event.type","type":"keyword","normalization":"array","example":"","description":"Event type. The third categorization field in the hierarchy."},{"field":"event.url","type":"keyword","normalization":"","example":"https://mysystem.example.com/alert/5271dedb-f5b0-4218-87f0-4ac4870a38fe","description":"Event investigation URL"},{"field":"file.accessed","type":"date","normalization":"","example":"","description":"Last time the file was accessed."},{"field":"file.attributes","type":"keyword","normalization":"array","example":["readonly","system"],"description":"Array of file attributes."},{"field":"file.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"file.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"file.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"file.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"file.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"file.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"file.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"file.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"file.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"file.created","type":"date","normalization":"","example":"","description":"File creation time."},{"field":"file.ctime","type":"date","normalization":"","example":"","description":"Last time the file attributes or metadata changed."},{"field":"file.device","type":"keyword","normalization":"","example":"sda","description":"Device that is the source of the file."},{"field":"file.directory","type":"keyword","normalization":"","example":"/home/alice","description":"Directory where the file is located."},{"field":"file.drive_letter","type":"keyword","normalization":"","example":"C","description":"Drive letter where the file is located."},{"field":"file.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"file.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"file.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"file.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"file.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"file.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"file.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"file.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"file.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"file.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"file.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"file.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"file.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"file.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"file.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"file.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"file.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"file.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"file.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"file.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"file.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"file.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"file.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"file.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"file.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"file.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"file.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"file.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"file.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"file.extension","type":"keyword","normalization":"","example":"png","description":"File extension, excluding the leading dot."},{"field":"file.fork_name","type":"keyword","normalization":"","example":"Zone.Identifer","description":"A fork is additional data associated with a filesystem object."},{"field":"file.gid","type":"keyword","normalization":"","example":1001,"description":"Primary group ID (GID) of the file."},{"field":"file.group","type":"keyword","normalization":"","example":"alice","description":"Primary group name of the file."},{"field":"file.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"file.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"file.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"file.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"file.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"file.inode","type":"keyword","normalization":"","example":256383,"description":"Inode representing the file in the filesystem."},{"field":"file.mime_type","type":"keyword","normalization":"","example":"","description":"Media type of file, document, or arrangement of bytes."},{"field":"file.mode","type":"keyword","normalization":"","example":"0640","description":"Mode of the file in octal representation."},{"field":"file.mtime","type":"date","normalization":"","example":"","description":"Last time the file content was modified."},{"field":"file.name","type":"keyword","normalization":"","example":"example.png","description":"Name of the file including the extension, without the directory."},{"field":"file.owner","type":"keyword","normalization":"","example":"alice","description":"File owner's username."},{"field":"file.path","type":"keyword","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"file.path.text","type":"match_only_text","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"file.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"file.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"file.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"file.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"file.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"file.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"file.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"file.size","type":"long","normalization":"","example":16384,"description":"File size in bytes."},{"field":"file.target_path","type":"keyword","normalization":"","example":"","description":"Target path for symlinks."},{"field":"file.target_path.text","type":"match_only_text","normalization":"","example":"","description":"Target path for symlinks."},{"field":"file.type","type":"keyword","normalization":"","example":"file","description":"File type (file, dir, or symlink)."},{"field":"file.uid","type":"keyword","normalization":"","example":1001,"description":"The user ID (UID) or security identifier (SID) of the file owner."},{"field":"file.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"file.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"file.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) codes"},{"field":"file.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"file.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"file.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"file.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"file.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"file.x509.not_after","type":"date","normalization":"","example":"2020-07-16 03:15:39+00:00","description":"Time at which the certificate is no longer considered valid."},{"field":"file.x509.not_before","type":"date","normalization":"","example":"2019-08-16 01:40:25+00:00","description":"Time at which the certificate is first considered valid."},{"field":"file.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"file.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"file.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"file.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"file.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"file.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"file.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"file.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) code"},{"field":"file.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"file.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"file.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"file.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"file.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"file.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"host.cpu.usage","type":"scaled_float","normalization":"","example":"","description":"Percent CPU used, between 0 and 1."},{"field":"host.disk.read.bytes","type":"long","normalization":"","example":"","description":"The number of bytes read by all disks."},{"field":"host.disk.write.bytes","type":"long","normalization":"","example":"","description":"The number of bytes written on all disks."},{"field":"host.domain","type":"keyword","normalization":"","example":"CONTOSO","description":"Name of the directory the group is a member of."},{"field":"host.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"host.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"host.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"host.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"host.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"host.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"host.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"host.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"host.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"host.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"host.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"host.name","type":"keyword","normalization":"","example":"","description":"Name of the host."},{"field":"host.network.egress.bytes","type":"long","normalization":"","example":"","description":"The number of bytes sent on all network interfaces."},{"field":"host.network.egress.packets","type":"long","normalization":"","example":"","description":"The number of packets sent on all network interfaces."},{"field":"host.network.ingress.bytes","type":"long","normalization":"","example":"","description":"The number of bytes received on all network interfaces."},{"field":"host.network.ingress.packets","type":"long","normalization":"","example":"","description":"The number of packets received on all network interfaces."},{"field":"host.os.full","type":"keyword","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"host.os.full.text","type":"match_only_text","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"host.os.name.text","type":"match_only_text","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"host.os.platform","type":"keyword","normalization":"","example":"darwin","description":"Operating system platform (such centos, ubuntu, windows)."},{"field":"host.type","type":"keyword","normalization":"","example":"","description":"Type of host."},{"field":"host.uptime","type":"long","normalization":"","example":1325,"description":"Seconds the host has been up."},{"field":"host.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"host.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"host.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"host.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"host.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"host.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"host.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"host.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"host.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"host.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"host.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"host.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"http.request.body.bytes","type":"long","normalization":"","example":887,"description":"Size in bytes of the request body."},{"field":"http.request.body.content","type":"wildcard","normalization":"","example":"Hello world","description":"The full HTTP request body."},{"field":"http.request.body.content.text","type":"match_only_text","normalization":"","example":"Hello world","description":"The full HTTP request body."},{"field":"http.request.bytes","type":"long","normalization":"","example":1437,"description":"Total size in bytes of the request (body and headers)."},{"field":"http.request.id","type":"keyword","normalization":"","example":"123e4567-e89b-12d3-a456-426614174000","description":"HTTP request ID."},{"field":"http.request.method","type":"keyword","normalization":"","example":"GET, POST, PUT, PoST","description":"HTTP request method."},{"field":"http.request.mime_type","type":"keyword","normalization":"","example":"image/gif","description":"Mime type of the body of the request."},{"field":"http.request.referrer","type":"keyword","normalization":"","example":"https://blog.example.com/","description":"Referrer for this HTTP request."},{"field":"http.response.body.bytes","type":"long","normalization":"","example":887,"description":"Size in bytes of the response body."},{"field":"http.response.body.content","type":"wildcard","normalization":"","example":"Hello world","description":"The full HTTP response body."},{"field":"http.response.body.content.text","type":"match_only_text","normalization":"","example":"Hello world","description":"The full HTTP response body."},{"field":"http.response.bytes","type":"long","normalization":"","example":1437,"description":"Total size in bytes of the response (body and headers)."},{"field":"http.response.mime_type","type":"keyword","normalization":"","example":"image/gif","description":"Mime type of the body of the response."},{"field":"http.response.status_code","type":"long","normalization":"","example":404,"description":"HTTP response status code."},{"field":"http.version","type":"keyword","normalization":"","example":1.1,"description":"HTTP version."},{"field":"log.file.path","type":"keyword","normalization":"","example":"/var/log/fun-times.log","description":"Full path to the log file this event came from."},{"field":"log.level","type":"keyword","normalization":"","example":"error","description":"Log level of the log event."},{"field":"log.logger","type":"keyword","normalization":"","example":"org.elasticsearch.bootstrap.Bootstrap","description":"Name of the logger."},{"field":"log.origin.file.line","type":"integer","normalization":"","example":42,"description":"The line number of the file which originated the log event."},{"field":"log.origin.file.name","type":"keyword","normalization":"","example":"Bootstrap.java","description":"The code file which originated the log event."},{"field":"log.origin.function","type":"keyword","normalization":"","example":"init","description":"The function which originated the log event."},{"field":"log.original","type":"keyword","normalization":"","example":"Sep 19 08:26:10 localhost My log","description":"Deprecated original log message with light interpretation only (encoding, newlines)."},{"field":"log.syslog","type":"object","normalization":"","example":"","description":"Syslog metadata"},{"field":"log.syslog.facility.code","type":"long","normalization":"","example":23,"description":"Syslog numeric facility of the event."},{"field":"log.syslog.facility.name","type":"keyword","normalization":"","example":"local7","description":"Syslog text-based facility of the event."},{"field":"log.syslog.priority","type":"long","normalization":"","example":135,"description":"Syslog priority of the event."},{"field":"log.syslog.severity.code","type":"long","normalization":"","example":3,"description":"Syslog numeric severity of the event."},{"field":"log.syslog.severity.name","type":"keyword","normalization":"","example":"Error","description":"Syslog text-based severity of the event."},{"field":"network.application","type":"keyword","normalization":"","example":"aim","description":"Application level protocol name."},{"field":"network.bytes","type":"long","normalization":"","example":368,"description":"Total bytes transferred in both directions."},{"field":"network.community_id","type":"keyword","normalization":"","example":"1:hO+sN4H+MG5MY/8hIrXPqc4ZQz0=","description":"A hash of source and destination IPs and ports."},{"field":"network.direction","type":"keyword","normalization":"","example":"inbound","description":"Direction of the network traffic."},{"field":"network.forwarded_ip","type":"ip","normalization":"","example":"192.1.1.2","description":"Host IP address when the source IP address is the proxy."},{"field":"network.iana_number","type":"keyword","normalization":"","example":6,"description":"IANA Protocol Number."},{"field":"network.inner","type":"object","normalization":"","example":"","description":"Inner VLAN tag information"},{"field":"network.inner.vlan.id","type":"keyword","normalization":"","example":10,"description":"VLAN ID as reported by the observer."},{"field":"network.inner.vlan.name","type":"keyword","normalization":"","example":"outside","description":"Optional VLAN name as reported by the observer."},{"field":"network.name","type":"keyword","normalization":"","example":"Guest Wifi","description":"Name given by operators to sections of their network."},{"field":"network.packets","type":"long","normalization":"","example":24,"description":"Total packets transferred in both directions."},{"field":"network.protocol","type":"keyword","normalization":"","example":"http","description":"L7 Network protocol name."},{"field":"network.transport","type":"keyword","normalization":"","example":"tcp","description":"Protocol Name corresponding to the field `iana_number`."},{"field":"network.type","type":"keyword","normalization":"","example":"ipv4","description":"In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc"},{"field":"network.vlan.id","type":"keyword","normalization":"","example":10,"description":"VLAN ID as reported by the observer."},{"field":"network.vlan.name","type":"keyword","normalization":"","example":"outside","description":"Optional VLAN name as reported by the observer."},{"field":"observer.egress","type":"object","normalization":"","example":"","description":"Object field for egress information"},{"field":"observer.egress.interface.alias","type":"keyword","normalization":"","example":"outside","description":"Interface alias"},{"field":"observer.egress.interface.id","type":"keyword","normalization":"","example":10,"description":"Interface ID"},{"field":"observer.egress.interface.name","type":"keyword","normalization":"","example":"eth0","description":"Interface name"},{"field":"observer.egress.vlan.id","type":"keyword","normalization":"","example":10,"description":"VLAN ID as reported by the observer."},{"field":"observer.egress.vlan.name","type":"keyword","normalization":"","example":"outside","description":"Optional VLAN name as reported by the observer."},{"field":"observer.egress.zone","type":"keyword","normalization":"","example":"Public_Internet","description":"Observer Egress zone"},{"field":"observer.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"observer.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"observer.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"observer.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"observer.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"observer.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"observer.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"observer.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"observer.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"observer.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"observer.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"observer.hostname","type":"keyword","normalization":"","example":"","description":"Hostname of the observer."},{"field":"observer.ingress","type":"object","normalization":"","example":"","description":"Object field for ingress information"},{"field":"observer.ingress.interface.alias","type":"keyword","normalization":"","example":"outside","description":"Interface alias"},{"field":"observer.ingress.interface.id","type":"keyword","normalization":"","example":10,"description":"Interface ID"},{"field":"observer.ingress.interface.name","type":"keyword","normalization":"","example":"eth0","description":"Interface name"},{"field":"observer.ingress.vlan.id","type":"keyword","normalization":"","example":10,"description":"VLAN ID as reported by the observer."},{"field":"observer.ingress.vlan.name","type":"keyword","normalization":"","example":"outside","description":"Optional VLAN name as reported by the observer."},{"field":"observer.ingress.zone","type":"keyword","normalization":"","example":"DMZ","description":"Observer ingress zone"},{"field":"observer.ip","type":"ip","normalization":"array","example":"","description":"IP addresses of the observer."},{"field":"observer.mac","type":"keyword","normalization":"array","example":["00-00-5E-00-53-23","00-00-5E-00-53-24"],"description":"MAC addresses of the observer."},{"field":"observer.name","type":"keyword","normalization":"","example":"1_proxySG","description":"Custom name of the observer."},{"field":"observer.os.family","type":"keyword","normalization":"","example":"debian","description":"OS family (such as redhat, debian, freebsd, windows)."},{"field":"observer.os.full","type":"keyword","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"observer.os.full.text","type":"match_only_text","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"observer.os.kernel","type":"keyword","normalization":"","example":"4.4.0-112-generic","description":"Operating system kernel version as a raw string."},{"field":"observer.os.name","type":"keyword","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"observer.os.name.text","type":"match_only_text","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"observer.os.platform","type":"keyword","normalization":"","example":"darwin","description":"Operating system platform (such centos, ubuntu, windows)."},{"field":"observer.os.type","type":"keyword","normalization":"","example":"macos","description":"Which commercial OS family (one of: linux, macos, unix or windows)."},{"field":"observer.os.version","type":"keyword","normalization":"","example":"10.14.1","description":"Operating system version as a raw string."},{"field":"observer.product","type":"keyword","normalization":"","example":"s200","description":"The product name of the observer."},{"field":"observer.serial_number","type":"keyword","normalization":"","example":"","description":"Observer serial number."},{"field":"observer.type","type":"keyword","normalization":"","example":"firewall","description":"The type of the observer the data is coming from."},{"field":"observer.vendor","type":"keyword","normalization":"","example":"Symantec","description":"Vendor name of the observer."},{"field":"observer.version","type":"keyword","normalization":"","example":"","description":"Observer version."},{"field":"orchestrator.api_version","type":"keyword","normalization":"","example":"v1beta1","description":"API version being used to carry out the action"},{"field":"orchestrator.cluster.name","type":"keyword","normalization":"","example":"","description":"Name of the cluster."},{"field":"orchestrator.cluster.url","type":"keyword","normalization":"","example":"","description":"URL of the API used to manage the cluster."},{"field":"orchestrator.cluster.version","type":"keyword","normalization":"","example":"","description":"The version of the cluster."},{"field":"orchestrator.namespace","type":"keyword","normalization":"","example":"kube-system","description":"Namespace in which the action is taking place."},{"field":"orchestrator.organization","type":"keyword","normalization":"","example":"elastic","description":"Organization affected by the event (for multi-tenant orchestrator setups)."},{"field":"orchestrator.resource.name","type":"keyword","normalization":"","example":"test-pod-cdcws","description":"Name of the resource being acted upon."},{"field":"orchestrator.resource.type","type":"keyword","normalization":"","example":"service","description":"Type of resource being acted upon."},{"field":"orchestrator.type","type":"keyword","normalization":"","example":"kubernetes","description":"Orchestrator cluster type (e.g. kubernetes, nomad or cloudfoundry)."},{"field":"organization.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the organization."},{"field":"organization.name","type":"keyword","normalization":"","example":"","description":"Organization name."},{"field":"organization.name.text","type":"match_only_text","normalization":"","example":"","description":"Organization name."},{"field":"package.architecture","type":"keyword","normalization":"","example":"x86_64","description":"Package architecture."},{"field":"package.build_version","type":"keyword","normalization":"","example":"36f4f7e89dd61b0988b12ee000b98966867710cd","description":"Build version information"},{"field":"package.checksum","type":"keyword","normalization":"","example":"68b329da9893e34099c7d8ad5cb9c940","description":"Checksum of the installed package for verification."},{"field":"package.description","type":"keyword","normalization":"","example":"Open source programming language to build simple/reliable/efficient software.","description":"Description of the package."},{"field":"package.install_scope","type":"keyword","normalization":"","example":"global","description":"Indicating how the package was installed, e.g. user-local, global."},{"field":"package.installed","type":"date","normalization":"","example":"","description":"Time when package was installed."},{"field":"package.license","type":"keyword","normalization":"","example":"Apache License 2.0","description":"Package license"},{"field":"package.name","type":"keyword","normalization":"","example":"go","description":"Package name"},{"field":"package.path","type":"keyword","normalization":"","example":"/usr/local/Cellar/go/1.12.9/","description":"Path where the package is installed."},{"field":"package.reference","type":"keyword","normalization":"","example":"https://golang.org","description":"Package home page or reference URL"},{"field":"package.size","type":"long","normalization":"","example":62231,"description":"Package size in bytes."},{"field":"package.type","type":"keyword","normalization":"","example":"rpm","description":"Package type"},{"field":"package.version","type":"keyword","normalization":"","example":"1.12.9","description":"Package version"},{"field":"process.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"process.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"process.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"process.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"process.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"process.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"process.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"process.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"process.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"process.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"process.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"process.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"process.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"process.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"process.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"process.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"process.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"process.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"process.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"process.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"process.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"process.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"process.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"process.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"process.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"process.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"process.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"process.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"process.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"process.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"process.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"process.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"process.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"process.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"process.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"process.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"process.end","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process ended."},{"field":"process.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.exit_code","type":"long","normalization":"","example":137,"description":"The exit code of the process."},{"field":"process.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"process.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"process.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"process.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"process.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"process.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.parent.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.parent.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.parent.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"process.parent.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"process.parent.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"process.parent.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"process.parent.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"process.parent.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"process.parent.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"process.parent.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"process.parent.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"process.parent.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.parent.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.parent.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"process.parent.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"process.parent.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"process.parent.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"process.parent.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"process.parent.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"process.parent.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"process.parent.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"process.parent.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"process.parent.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"process.parent.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"process.parent.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"process.parent.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"process.parent.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.parent.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"process.parent.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"process.parent.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.parent.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"process.parent.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"process.parent.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"process.parent.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"process.parent.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"process.parent.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"process.parent.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"process.parent.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"process.parent.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"process.parent.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"process.parent.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"process.parent.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"process.parent.end","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process ended."},{"field":"process.parent.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.parent.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.parent.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.parent.exit_code","type":"long","normalization":"","example":137,"description":"The exit code of the process."},{"field":"process.parent.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"process.parent.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"process.parent.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"process.parent.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"process.parent.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"process.parent.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.parent.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.parent.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"process.parent.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"process.parent.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"process.parent.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"process.parent.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"process.parent.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"process.parent.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"process.parent.pgid","type":"long","normalization":"","example":"","description":"Identifier of the group of processes the process belongs to."},{"field":"process.parent.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.parent.ppid","type":"long","normalization":"","example":4241,"description":"Parent process' pid."},{"field":"process.parent.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.parent.thread.id","type":"long","normalization":"","example":4242,"description":"Thread ID."},{"field":"process.parent.thread.name","type":"keyword","normalization":"","example":"thread-0","description":"Thread name."},{"field":"process.parent.title","type":"keyword","normalization":"","example":"","description":"Process title."},{"field":"process.parent.title.text","type":"match_only_text","normalization":"","example":"","description":"Process title."},{"field":"process.parent.uptime","type":"long","normalization":"","example":1325,"description":"Seconds the process has been up."},{"field":"process.parent.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.parent.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"process.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"process.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"process.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"process.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"process.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"process.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"process.pgid","type":"long","normalization":"","example":"","description":"Identifier of the group of processes the process belongs to."},{"field":"process.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.ppid","type":"long","normalization":"","example":4241,"description":"Parent process' pid."},{"field":"process.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.thread.id","type":"long","normalization":"","example":4242,"description":"Thread ID."},{"field":"process.thread.name","type":"keyword","normalization":"","example":"thread-0","description":"Thread name."},{"field":"process.title","type":"keyword","normalization":"","example":"","description":"Process title."},{"field":"process.title.text","type":"match_only_text","normalization":"","example":"","description":"Process title."},{"field":"process.uptime","type":"long","normalization":"","example":1325,"description":"Seconds the process has been up."},{"field":"process.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"registry.data.bytes","type":"keyword","normalization":"","example":"ZQBuAC0AVQBTAAAAZQBuAAAAAAA=","description":"Original bytes written with base64 encoding."},{"field":"registry.data.strings","type":"wildcard","normalization":"array","example":"[\"C:\\rta\\red_ttp\\bin\\myapp.exe\"]","description":"List of strings representing what was written to the registry."},{"field":"registry.data.type","type":"keyword","normalization":"","example":"REG_SZ","description":"Standard registry type for encoding contents"},{"field":"registry.hive","type":"keyword","normalization":"","example":"HKLM","description":"Abbreviated name for the hive."},{"field":"registry.key","type":"keyword","normalization":"","example":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe","description":"Hive-relative path of keys."},{"field":"registry.path","type":"keyword","normalization":"","example":"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe\\Debugger","description":"Full path, including hive, key and value"},{"field":"registry.value","type":"keyword","normalization":"","example":"Debugger","description":"Name of the value written."},{"field":"related.hash","type":"keyword","normalization":"array","example":"","description":"All the hashes seen on your event."},{"field":"related.hosts","type":"keyword","normalization":"array","example":"","description":"All the host identifiers seen on your event."},{"field":"related.ip","type":"ip","normalization":"array","example":"","description":"All of the IPs seen on your event."},{"field":"related.user","type":"keyword","normalization":"array","example":"","description":"All the user names or other user identifiers seen on the event."},{"field":"rule.author","type":"keyword","normalization":"array","example":["Star-Lord"],"description":"Rule author"},{"field":"rule.category","type":"keyword","normalization":"","example":"Attempted Information Leak","description":"Rule category"},{"field":"rule.description","type":"keyword","normalization":"","example":"Block requests to public DNS over HTTPS / TLS protocols","description":"Rule description"},{"field":"rule.id","type":"keyword","normalization":"","example":101,"description":"Rule ID"},{"field":"rule.license","type":"keyword","normalization":"","example":"Apache 2.0","description":"Rule license"},{"field":"rule.name","type":"keyword","normalization":"","example":"BLOCK_DNS_over_TLS","description":"Rule name"},{"field":"rule.reference","type":"keyword","normalization":"","example":"https://en.wikipedia.org/wiki/DNS_over_TLS","description":"Rule reference URL"},{"field":"rule.ruleset","type":"keyword","normalization":"","example":"Standard_Protocol_Filters","description":"Rule ruleset"},{"field":"rule.uuid","type":"keyword","normalization":"","example":1100110011,"description":"Rule UUID"},{"field":"rule.version","type":"keyword","normalization":"","example":1.1,"description":"Rule version"},{"field":"server.address","type":"keyword","normalization":"","example":"","description":"Server network address."},{"field":"server.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"server.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"server.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"server.bytes","type":"long","normalization":"","example":184,"description":"Bytes sent from the server to the client."},{"field":"server.domain","type":"keyword","normalization":"","example":"","description":"Server domain."},{"field":"server.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"server.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"server.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"server.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"server.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"server.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"server.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"server.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"server.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"server.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"server.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"server.ip","type":"ip","normalization":"","example":"","description":"IP address of the server."},{"field":"server.mac","type":"keyword","normalization":"","example":"00-00-5E-00-53-23","description":"MAC address of the server."},{"field":"server.nat.ip","type":"ip","normalization":"","example":"","description":"Server NAT ip"},{"field":"server.nat.port","type":"long","normalization":"","example":"","description":"Server NAT port"},{"field":"server.packets","type":"long","normalization":"","example":12,"description":"Packets sent from the server to the client."},{"field":"server.port","type":"long","normalization":"","example":"","description":"Port of the server."},{"field":"server.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered server domain, stripped of the subdomain."},{"field":"server.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"server.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"server.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"server.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"server.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"server.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"server.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"server.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"server.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"server.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"server.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"server.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"server.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"server.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"service.address","type":"keyword","normalization":"","example":"172.26.0.2:5432","description":"Address of this service."},{"field":"service.environment","type":"keyword","normalization":"","example":"production","description":"Environment of the service."},{"field":"service.ephemeral_id","type":"keyword","normalization":"","example":"8a4f500f","description":"Ephemeral identifier of this service."},{"field":"service.id","type":"keyword","normalization":"","example":"d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6","description":"Unique identifier of the running service."},{"field":"service.name","type":"keyword","normalization":"","example":"elasticsearch-metrics","description":"Name of the service."},{"field":"service.node.name","type":"keyword","normalization":"","example":"instance-0000000016","description":"Name of the service node."},{"field":"service.state","type":"keyword","normalization":"","example":"","description":"Current state of the service."},{"field":"service.type","type":"keyword","normalization":"","example":"elasticsearch","description":"The type of the service."},{"field":"service.version","type":"keyword","normalization":"","example":"3.2.4","description":"Version of the service."},{"field":"source.address","type":"keyword","normalization":"","example":"","description":"Source network address."},{"field":"source.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"source.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"source.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"source.bytes","type":"long","normalization":"","example":184,"description":"Bytes sent from the source to the destination."},{"field":"source.domain","type":"keyword","normalization":"","example":"","description":"Source domain."},{"field":"source.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"source.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"source.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"source.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"source.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"source.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"source.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"source.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"source.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"source.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"source.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"source.ip","type":"ip","normalization":"","example":"","description":"IP address of the source."},{"field":"source.mac","type":"keyword","normalization":"","example":"00-00-5E-00-53-23","description":"MAC address of the source."},{"field":"source.nat.ip","type":"ip","normalization":"","example":"","description":"Source NAT ip"},{"field":"source.nat.port","type":"long","normalization":"","example":"","description":"Source NAT port"},{"field":"source.packets","type":"long","normalization":"","example":12,"description":"Packets sent from the source to the destination."},{"field":"source.port","type":"long","normalization":"","example":"","description":"Port of the source."},{"field":"source.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered source domain, stripped of the subdomain."},{"field":"source.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"source.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"source.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"source.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"source.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"source.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"source.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"source.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"source.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"source.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"source.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"source.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"source.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"source.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"span.id","type":"keyword","normalization":"","example":"3ff9a8981b7ccd5a","description":"Unique identifier of the span within the scope of its trace."},{"field":"threat.enrichments","type":"nested","normalization":"array","example":"","description":"List of objects containing indicators enriching the event."},{"field":"threat.enrichments.indicator","type":"object","normalization":"","example":"","description":"Object containing indicators enriching the event."},{"field":"threat.enrichments.indicator.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"threat.enrichments.indicator.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"threat.enrichments.indicator.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"threat.enrichments.indicator.confidence","type":"keyword","normalization":"","example":"High","description":"Indicator confidence rating"},{"field":"threat.enrichments.indicator.description","type":"keyword","normalization":"","example":"IP x.x.x.x was observed delivering the Angler EK.","description":"Indicator description"},{"field":"threat.enrichments.indicator.email.address","type":"keyword","normalization":"","example":"phish@example.com","description":"Indicator email address"},{"field":"threat.enrichments.indicator.file.accessed","type":"date","normalization":"","example":"","description":"Last time the file was accessed."},{"field":"threat.enrichments.indicator.file.attributes","type":"keyword","normalization":"array","example":["readonly","system"],"description":"Array of file attributes."},{"field":"threat.enrichments.indicator.file.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"threat.enrichments.indicator.file.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"threat.enrichments.indicator.file.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"threat.enrichments.indicator.file.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"threat.enrichments.indicator.file.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"threat.enrichments.indicator.file.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"threat.enrichments.indicator.file.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"threat.enrichments.indicator.file.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"threat.enrichments.indicator.file.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"threat.enrichments.indicator.file.created","type":"date","normalization":"","example":"","description":"File creation time."},{"field":"threat.enrichments.indicator.file.ctime","type":"date","normalization":"","example":"","description":"Last time the file attributes or metadata changed."},{"field":"threat.enrichments.indicator.file.device","type":"keyword","normalization":"","example":"sda","description":"Device that is the source of the file."},{"field":"threat.enrichments.indicator.file.directory","type":"keyword","normalization":"","example":"/home/alice","description":"Directory where the file is located."},{"field":"threat.enrichments.indicator.file.drive_letter","type":"keyword","normalization":"","example":"C","description":"Drive letter where the file is located."},{"field":"threat.enrichments.indicator.file.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"threat.enrichments.indicator.file.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"threat.enrichments.indicator.file.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"threat.enrichments.indicator.file.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"threat.enrichments.indicator.file.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"threat.enrichments.indicator.file.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"threat.enrichments.indicator.file.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"threat.enrichments.indicator.file.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"threat.enrichments.indicator.file.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"threat.enrichments.indicator.file.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"threat.enrichments.indicator.file.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"threat.enrichments.indicator.file.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"threat.enrichments.indicator.file.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"threat.enrichments.indicator.file.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"threat.enrichments.indicator.file.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"threat.enrichments.indicator.file.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"threat.enrichments.indicator.file.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"threat.enrichments.indicator.file.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"threat.enrichments.indicator.file.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"threat.enrichments.indicator.file.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"threat.enrichments.indicator.file.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"threat.enrichments.indicator.file.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"threat.enrichments.indicator.file.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"threat.enrichments.indicator.file.extension","type":"keyword","normalization":"","example":"png","description":"File extension, excluding the leading dot."},{"field":"threat.enrichments.indicator.file.fork_name","type":"keyword","normalization":"","example":"Zone.Identifer","description":"A fork is additional data associated with a filesystem object."},{"field":"threat.enrichments.indicator.file.gid","type":"keyword","normalization":"","example":1001,"description":"Primary group ID (GID) of the file."},{"field":"threat.enrichments.indicator.file.group","type":"keyword","normalization":"","example":"alice","description":"Primary group name of the file."},{"field":"threat.enrichments.indicator.file.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"threat.enrichments.indicator.file.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"threat.enrichments.indicator.file.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"threat.enrichments.indicator.file.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"threat.enrichments.indicator.file.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"threat.enrichments.indicator.file.inode","type":"keyword","normalization":"","example":256383,"description":"Inode representing the file in the filesystem."},{"field":"threat.enrichments.indicator.file.mime_type","type":"keyword","normalization":"","example":"","description":"Media type of file, document, or arrangement of bytes."},{"field":"threat.enrichments.indicator.file.mode","type":"keyword","normalization":"","example":"0640","description":"Mode of the file in octal representation."},{"field":"threat.enrichments.indicator.file.mtime","type":"date","normalization":"","example":"","description":"Last time the file content was modified."},{"field":"threat.enrichments.indicator.file.name","type":"keyword","normalization":"","example":"example.png","description":"Name of the file including the extension, without the directory."},{"field":"threat.enrichments.indicator.file.owner","type":"keyword","normalization":"","example":"alice","description":"File owner's username."},{"field":"threat.enrichments.indicator.file.path","type":"keyword","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"threat.enrichments.indicator.file.path.text","type":"match_only_text","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"threat.enrichments.indicator.file.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"threat.enrichments.indicator.file.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"threat.enrichments.indicator.file.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"threat.enrichments.indicator.file.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.size","type":"long","normalization":"","example":16384,"description":"File size in bytes."},{"field":"threat.enrichments.indicator.file.target_path","type":"keyword","normalization":"","example":"","description":"Target path for symlinks."},{"field":"threat.enrichments.indicator.file.target_path.text","type":"match_only_text","normalization":"","example":"","description":"Target path for symlinks."},{"field":"threat.enrichments.indicator.file.type","type":"keyword","normalization":"","example":"file","description":"File type (file, dir, or symlink)."},{"field":"threat.enrichments.indicator.file.uid","type":"keyword","normalization":"","example":1001,"description":"The user ID (UID) or security identifier (SID) of the file owner."},{"field":"threat.enrichments.indicator.file.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"threat.enrichments.indicator.file.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) codes"},{"field":"threat.enrichments.indicator.file.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.file.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.file.x509.not_after","type":"date","normalization":"","example":"2020-07-16 03:15:39+00:00","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.enrichments.indicator.file.x509.not_before","type":"date","normalization":"","example":"2019-08-16 01:40:25+00:00","description":"Time at which the certificate is first considered valid."},{"field":"threat.enrichments.indicator.file.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"threat.enrichments.indicator.file.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.enrichments.indicator.file.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.enrichments.indicator.file.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"threat.enrichments.indicator.file.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"threat.enrichments.indicator.file.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"threat.enrichments.indicator.file.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"threat.enrichments.indicator.file.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) code"},{"field":"threat.enrichments.indicator.file.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.enrichments.indicator.file.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.file.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"threat.enrichments.indicator.file.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"threat.enrichments.indicator.file.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.file.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"threat.enrichments.indicator.first_seen","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was first reported."},{"field":"threat.enrichments.indicator.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"threat.enrichments.indicator.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"threat.enrichments.indicator.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"threat.enrichments.indicator.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"threat.enrichments.indicator.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"threat.enrichments.indicator.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"threat.enrichments.indicator.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"threat.enrichments.indicator.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"threat.enrichments.indicator.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"threat.enrichments.indicator.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"threat.enrichments.indicator.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"threat.enrichments.indicator.ip","type":"ip","normalization":"","example":"1.2.3.4","description":"Indicator IP address"},{"field":"threat.enrichments.indicator.last_seen","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was last reported."},{"field":"threat.enrichments.indicator.marking.tlp","type":"keyword","normalization":"","example":"White","description":"Indicator TLP marking"},{"field":"threat.enrichments.indicator.modified_at","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was last updated."},{"field":"threat.enrichments.indicator.port","type":"long","normalization":"","example":443,"description":"Indicator port"},{"field":"threat.enrichments.indicator.provider","type":"keyword","normalization":"","example":"lrz_urlhaus","description":"Indicator provider"},{"field":"threat.enrichments.indicator.reference","type":"keyword","normalization":"","example":"https://system.example.com/indicator/0001234","description":"Indicator reference URL"},{"field":"threat.enrichments.indicator.registry.data.bytes","type":"keyword","normalization":"","example":"ZQBuAC0AVQBTAAAAZQBuAAAAAAA=","description":"Original bytes written with base64 encoding."},{"field":"threat.enrichments.indicator.registry.data.strings","type":"wildcard","normalization":"array","example":"[\"C:\\rta\\red_ttp\\bin\\myapp.exe\"]","description":"List of strings representing what was written to the registry."},{"field":"threat.enrichments.indicator.registry.data.type","type":"keyword","normalization":"","example":"REG_SZ","description":"Standard registry type for encoding contents"},{"field":"threat.enrichments.indicator.registry.hive","type":"keyword","normalization":"","example":"HKLM","description":"Abbreviated name for the hive."},{"field":"threat.enrichments.indicator.registry.key","type":"keyword","normalization":"","example":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe","description":"Hive-relative path of keys."},{"field":"threat.enrichments.indicator.registry.path","type":"keyword","normalization":"","example":"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe\\Debugger","description":"Full path, including hive, key and value"},{"field":"threat.enrichments.indicator.registry.value","type":"keyword","normalization":"","example":"Debugger","description":"Name of the value written."},{"field":"threat.enrichments.indicator.scanner_stats","type":"long","normalization":"","example":4,"description":"Scanner statistics"},{"field":"threat.enrichments.indicator.sightings","type":"long","normalization":"","example":20,"description":"Number of times indicator observed"},{"field":"threat.enrichments.indicator.type","type":"keyword","normalization":"","example":"ipv4-addr","description":"Type of indicator"},{"field":"threat.enrichments.indicator.url.domain","type":"keyword","normalization":"","example":"www.elastic.co","description":"Domain of the url."},{"field":"threat.enrichments.indicator.url.extension","type":"keyword","normalization":"","example":"png","description":"File extension from the request url, excluding the leading dot."},{"field":"threat.enrichments.indicator.url.fragment","type":"keyword","normalization":"","example":"","description":"Portion of the url after the `#`."},{"field":"threat.enrichments.indicator.url.full","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"threat.enrichments.indicator.url.full.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"threat.enrichments.indicator.url.original","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"threat.enrichments.indicator.url.original.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"threat.enrichments.indicator.url.password","type":"keyword","normalization":"","example":"","description":"Password of the request."},{"field":"threat.enrichments.indicator.url.path","type":"wildcard","normalization":"","example":"","description":"Path of the request, such as \"/search\"."},{"field":"threat.enrichments.indicator.url.port","type":"long","normalization":"","example":443,"description":"Port of the request, such as 443."},{"field":"threat.enrichments.indicator.url.query","type":"keyword","normalization":"","example":"","description":"Query string of the request."},{"field":"threat.enrichments.indicator.url.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered url domain, stripped of the subdomain."},{"field":"threat.enrichments.indicator.url.scheme","type":"keyword","normalization":"","example":"https","description":"Scheme of the url."},{"field":"threat.enrichments.indicator.url.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"threat.enrichments.indicator.url.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"threat.enrichments.indicator.url.username","type":"keyword","normalization":"","example":"","description":"Username of the request."},{"field":"threat.enrichments.indicator.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"threat.enrichments.indicator.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) codes"},{"field":"threat.enrichments.indicator.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.x509.not_after","type":"date","normalization":"","example":"2020-07-16 03:15:39+00:00","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.enrichments.indicator.x509.not_before","type":"date","normalization":"","example":"2019-08-16 01:40:25+00:00","description":"Time at which the certificate is first considered valid."},{"field":"threat.enrichments.indicator.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"threat.enrichments.indicator.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.enrichments.indicator.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.enrichments.indicator.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"threat.enrichments.indicator.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"threat.enrichments.indicator.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"threat.enrichments.indicator.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"threat.enrichments.indicator.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) code"},{"field":"threat.enrichments.indicator.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.enrichments.indicator.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"threat.enrichments.indicator.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"threat.enrichments.indicator.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"threat.enrichments.matched.atomic","type":"keyword","normalization":"","example":"bad-domain.com","description":"Matched indicator value"},{"field":"threat.enrichments.matched.field","type":"keyword","normalization":"","example":"file.hash.sha256","description":"Matched indicator field"},{"field":"threat.enrichments.matched.id","type":"keyword","normalization":"","example":"ff93aee5-86a1-4a61-b0e6-0cdc313d01b5","description":"Matched indicator identifier"},{"field":"threat.enrichments.matched.index","type":"keyword","normalization":"","example":"filebeat-8.0.0-2021.05.23-000011","description":"Matched indicator index"},{"field":"threat.enrichments.matched.type","type":"keyword","normalization":"","example":"indicator_match_rule","description":"Type of indicator match"},{"field":"threat.framework","type":"keyword","normalization":"","example":"MITRE ATT&CK","description":"Threat classification framework."},{"field":"threat.group.alias","type":"keyword","normalization":"array","example":["Magecart Group 6"],"description":"Alias of the group."},{"field":"threat.group.id","type":"keyword","normalization":"","example":"G0037","description":"ID of the group."},{"field":"threat.group.name","type":"keyword","normalization":"","example":"FIN6","description":"Name of the group."},{"field":"threat.group.reference","type":"keyword","normalization":"","example":"https://attack.mitre.org/groups/G0037/","description":"Reference URL of the group."},{"field":"threat.indicator.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"threat.indicator.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"threat.indicator.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"threat.indicator.confidence","type":"keyword","normalization":"","example":"High","description":"Indicator confidence rating"},{"field":"threat.indicator.description","type":"keyword","normalization":"","example":"IP x.x.x.x was observed delivering the Angler EK.","description":"Indicator description"},{"field":"threat.indicator.email.address","type":"keyword","normalization":"","example":"phish@example.com","description":"Indicator email address"},{"field":"threat.indicator.file.accessed","type":"date","normalization":"","example":"","description":"Last time the file was accessed."},{"field":"threat.indicator.file.attributes","type":"keyword","normalization":"array","example":["readonly","system"],"description":"Array of file attributes."},{"field":"threat.indicator.file.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"threat.indicator.file.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"threat.indicator.file.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"threat.indicator.file.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"threat.indicator.file.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"threat.indicator.file.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"threat.indicator.file.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"threat.indicator.file.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"threat.indicator.file.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"threat.indicator.file.created","type":"date","normalization":"","example":"","description":"File creation time."},{"field":"threat.indicator.file.ctime","type":"date","normalization":"","example":"","description":"Last time the file attributes or metadata changed."},{"field":"threat.indicator.file.device","type":"keyword","normalization":"","example":"sda","description":"Device that is the source of the file."},{"field":"threat.indicator.file.directory","type":"keyword","normalization":"","example":"/home/alice","description":"Directory where the file is located."},{"field":"threat.indicator.file.drive_letter","type":"keyword","normalization":"","example":"C","description":"Drive letter where the file is located."},{"field":"threat.indicator.file.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"threat.indicator.file.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"threat.indicator.file.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"threat.indicator.file.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"threat.indicator.file.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"threat.indicator.file.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"threat.indicator.file.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"threat.indicator.file.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"threat.indicator.file.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"threat.indicator.file.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"threat.indicator.file.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"threat.indicator.file.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"threat.indicator.file.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"threat.indicator.file.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"threat.indicator.file.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"threat.indicator.file.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"threat.indicator.file.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"threat.indicator.file.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"threat.indicator.file.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"threat.indicator.file.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"threat.indicator.file.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"threat.indicator.file.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"threat.indicator.file.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"threat.indicator.file.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"threat.indicator.file.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"threat.indicator.file.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"threat.indicator.file.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"threat.indicator.file.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"threat.indicator.file.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"threat.indicator.file.extension","type":"keyword","normalization":"","example":"png","description":"File extension, excluding the leading dot."},{"field":"threat.indicator.file.fork_name","type":"keyword","normalization":"","example":"Zone.Identifer","description":"A fork is additional data associated with a filesystem object."},{"field":"threat.indicator.file.gid","type":"keyword","normalization":"","example":1001,"description":"Primary group ID (GID) of the file."},{"field":"threat.indicator.file.group","type":"keyword","normalization":"","example":"alice","description":"Primary group name of the file."},{"field":"threat.indicator.file.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"threat.indicator.file.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"threat.indicator.file.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"threat.indicator.file.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"threat.indicator.file.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"threat.indicator.file.inode","type":"keyword","normalization":"","example":256383,"description":"Inode representing the file in the filesystem."},{"field":"threat.indicator.file.mime_type","type":"keyword","normalization":"","example":"","description":"Media type of file, document, or arrangement of bytes."},{"field":"threat.indicator.file.mode","type":"keyword","normalization":"","example":"0640","description":"Mode of the file in octal representation."},{"field":"threat.indicator.file.mtime","type":"date","normalization":"","example":"","description":"Last time the file content was modified."},{"field":"threat.indicator.file.name","type":"keyword","normalization":"","example":"example.png","description":"Name of the file including the extension, without the directory."},{"field":"threat.indicator.file.owner","type":"keyword","normalization":"","example":"alice","description":"File owner's username."},{"field":"threat.indicator.file.path","type":"keyword","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"threat.indicator.file.path.text","type":"match_only_text","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"threat.indicator.file.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"threat.indicator.file.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"threat.indicator.file.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"threat.indicator.file.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"threat.indicator.file.size","type":"long","normalization":"","example":16384,"description":"File size in bytes."},{"field":"threat.indicator.file.target_path","type":"keyword","normalization":"","example":"","description":"Target path for symlinks."},{"field":"threat.indicator.file.target_path.text","type":"match_only_text","normalization":"","example":"","description":"Target path for symlinks."},{"field":"threat.indicator.file.type","type":"keyword","normalization":"","example":"file","description":"File type (file, dir, or symlink)."},{"field":"threat.indicator.file.uid","type":"keyword","normalization":"","example":1001,"description":"The user ID (UID) or security identifier (SID) of the file owner."},{"field":"threat.indicator.file.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"threat.indicator.file.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) codes"},{"field":"threat.indicator.file.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"threat.indicator.file.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.file.x509.not_after","type":"date","normalization":"","example":"2020-07-16 03:15:39+00:00","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.indicator.file.x509.not_before","type":"date","normalization":"","example":"2019-08-16 01:40:25+00:00","description":"Time at which the certificate is first considered valid."},{"field":"threat.indicator.file.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"threat.indicator.file.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.indicator.file.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.indicator.file.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"threat.indicator.file.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"threat.indicator.file.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"threat.indicator.file.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"threat.indicator.file.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) code"},{"field":"threat.indicator.file.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.indicator.file.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"threat.indicator.file.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"threat.indicator.file.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"threat.indicator.file.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.file.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"threat.indicator.first_seen","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was first reported."},{"field":"threat.indicator.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"threat.indicator.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"threat.indicator.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"threat.indicator.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"threat.indicator.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"threat.indicator.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"threat.indicator.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"threat.indicator.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"threat.indicator.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"threat.indicator.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"threat.indicator.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"threat.indicator.ip","type":"ip","normalization":"","example":"1.2.3.4","description":"Indicator IP address"},{"field":"threat.indicator.last_seen","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was last reported."},{"field":"threat.indicator.marking.tlp","type":"keyword","normalization":"","example":"WHITE","description":"Indicator TLP marking"},{"field":"threat.indicator.modified_at","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was last updated."},{"field":"threat.indicator.port","type":"long","normalization":"","example":443,"description":"Indicator port"},{"field":"threat.indicator.provider","type":"keyword","normalization":"","example":"lrz_urlhaus","description":"Indicator provider"},{"field":"threat.indicator.reference","type":"keyword","normalization":"","example":"https://system.example.com/indicator/0001234","description":"Indicator reference URL"},{"field":"threat.indicator.registry.data.bytes","type":"keyword","normalization":"","example":"ZQBuAC0AVQBTAAAAZQBuAAAAAAA=","description":"Original bytes written with base64 encoding."},{"field":"threat.indicator.registry.data.strings","type":"wildcard","normalization":"array","example":"[\"C:\\rta\\red_ttp\\bin\\myapp.exe\"]","description":"List of strings representing what was written to the registry."},{"field":"threat.indicator.registry.data.type","type":"keyword","normalization":"","example":"REG_SZ","description":"Standard registry type for encoding contents"},{"field":"threat.indicator.registry.hive","type":"keyword","normalization":"","example":"HKLM","description":"Abbreviated name for the hive."},{"field":"threat.indicator.registry.key","type":"keyword","normalization":"","example":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe","description":"Hive-relative path of keys."},{"field":"threat.indicator.registry.path","type":"keyword","normalization":"","example":"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe\\Debugger","description":"Full path, including hive, key and value"},{"field":"threat.indicator.registry.value","type":"keyword","normalization":"","example":"Debugger","description":"Name of the value written."},{"field":"threat.indicator.scanner_stats","type":"long","normalization":"","example":4,"description":"Scanner statistics"},{"field":"threat.indicator.sightings","type":"long","normalization":"","example":20,"description":"Number of times indicator observed"},{"field":"threat.indicator.type","type":"keyword","normalization":"","example":"ipv4-addr","description":"Type of indicator"},{"field":"threat.indicator.url.domain","type":"keyword","normalization":"","example":"www.elastic.co","description":"Domain of the url."},{"field":"threat.indicator.url.extension","type":"keyword","normalization":"","example":"png","description":"File extension from the request url, excluding the leading dot."},{"field":"threat.indicator.url.fragment","type":"keyword","normalization":"","example":"","description":"Portion of the url after the `#`."},{"field":"threat.indicator.url.full","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"threat.indicator.url.full.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"threat.indicator.url.original","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"threat.indicator.url.original.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"threat.indicator.url.password","type":"keyword","normalization":"","example":"","description":"Password of the request."},{"field":"threat.indicator.url.path","type":"wildcard","normalization":"","example":"","description":"Path of the request, such as \"/search\"."},{"field":"threat.indicator.url.port","type":"long","normalization":"","example":443,"description":"Port of the request, such as 443."},{"field":"threat.indicator.url.query","type":"keyword","normalization":"","example":"","description":"Query string of the request."},{"field":"threat.indicator.url.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered url domain, stripped of the subdomain."},{"field":"threat.indicator.url.scheme","type":"keyword","normalization":"","example":"https","description":"Scheme of the url."},{"field":"threat.indicator.url.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"threat.indicator.url.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"threat.indicator.url.username","type":"keyword","normalization":"","example":"","description":"Username of the request."},{"field":"threat.indicator.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"threat.indicator.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) codes"},{"field":"threat.indicator.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"threat.indicator.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.x509.not_after","type":"date","normalization":"","example":"2020-07-16 03:15:39+00:00","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.indicator.x509.not_before","type":"date","normalization":"","example":"2019-08-16 01:40:25+00:00","description":"Time at which the certificate is first considered valid."},{"field":"threat.indicator.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"threat.indicator.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.indicator.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.indicator.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"threat.indicator.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"threat.indicator.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"threat.indicator.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"threat.indicator.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) code"},{"field":"threat.indicator.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.indicator.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"threat.indicator.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"threat.indicator.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"threat.indicator.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"threat.software.alias","type":"keyword","normalization":"array","example":["X-Agent"],"description":"Alias of the software"},{"field":"threat.software.id","type":"keyword","normalization":"","example":"S0552","description":"ID of the software"},{"field":"threat.software.name","type":"keyword","normalization":"","example":"AdFind","description":"Name of the software."},{"field":"threat.software.platforms","type":"keyword","normalization":"array","example":["Windows"],"description":"Platforms of the software."},{"field":"threat.software.reference","type":"keyword","normalization":"","example":"https://attack.mitre.org/software/S0552/","description":"Software reference URL."},{"field":"threat.software.type","type":"keyword","normalization":"","example":"Tool","description":"Software type."},{"field":"threat.tactic.id","type":"keyword","normalization":"array","example":"TA0002","description":"Threat tactic id."},{"field":"threat.tactic.name","type":"keyword","normalization":"array","example":"Execution","description":"Threat tactic."},{"field":"threat.tactic.reference","type":"keyword","normalization":"array","example":"https://attack.mitre.org/tactics/TA0002/","description":"Threat tactic URL reference."},{"field":"threat.technique.id","type":"keyword","normalization":"array","example":"T1059","description":"Threat technique id."},{"field":"threat.technique.name","type":"keyword","normalization":"array","example":"Command and Scripting Interpreter","description":"Threat technique name."},{"field":"threat.technique.name.text","type":"match_only_text","normalization":"","example":"Command and Scripting Interpreter","description":"Threat technique name."},{"field":"threat.technique.reference","type":"keyword","normalization":"array","example":"https://attack.mitre.org/techniques/T1059/","description":"Threat technique URL reference."},{"field":"threat.technique.subtechnique.id","type":"keyword","normalization":"array","example":"T1059.001","description":"Threat subtechnique id."},{"field":"threat.technique.subtechnique.name","type":"keyword","normalization":"array","example":"PowerShell","description":"Threat subtechnique name."},{"field":"threat.technique.subtechnique.name.text","type":"match_only_text","normalization":"","example":"PowerShell","description":"Threat subtechnique name."},{"field":"threat.technique.subtechnique.reference","type":"keyword","normalization":"array","example":"https://attack.mitre.org/techniques/T1059/001/","description":"Threat subtechnique URL reference."},{"field":"tls.cipher","type":"keyword","normalization":"","example":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256","description":"String indicating the cipher used during the current connection."},{"field":"tls.client.certificate","type":"keyword","normalization":"","example":"MII...","description":"PEM-encoded stand-alone certificate offered by the client."},{"field":"tls.client.certificate_chain","type":"keyword","normalization":"array","example":["MII...","MII..."],"description":"Array of PEM-encoded certificates that make up the certificate chain offered by the client."},{"field":"tls.client.hash.md5","type":"keyword","normalization":"","example":"0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC","description":"Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the client."},{"field":"tls.client.hash.sha1","type":"keyword","normalization":"","example":"9E393D93138888D288266C2D915214D1D1CCEB2A","description":"Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the client."},{"field":"tls.client.hash.sha256","type":"keyword","normalization":"","example":"0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0","description":"Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the client."},{"field":"tls.client.issuer","type":"keyword","normalization":"","example":"CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com","description":"Distinguished name of subject of the issuer of the x.509 certificate presented by the client."},{"field":"tls.client.ja3","type":"keyword","normalization":"","example":"d4e5b18d6b55c71272893221c96ba240","description":"A hash that identifies clients based on how they perform an SSL/TLS handshake."},{"field":"tls.client.not_after","type":"date","normalization":"","example":"2021-01-01T00:00:00.000Z","description":"Date/Time indicating when client certificate is no longer considered valid."},{"field":"tls.client.not_before","type":"date","normalization":"","example":"1970-01-01T00:00:00.000Z","description":"Date/Time indicating when client certificate is first considered valid."},{"field":"tls.client.server_name","type":"keyword","normalization":"","example":"www.elastic.co","description":"Hostname the client is trying to connect to. Also called the SNI."},{"field":"tls.client.subject","type":"keyword","normalization":"","example":"CN=myclient, OU=Documentation Team, DC=example, DC=com","description":"Distinguished name of subject of the x.509 certificate presented by the client."},{"field":"tls.client.supported_ciphers","type":"keyword","normalization":"array","example":["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","..."],"description":"Array of ciphers offered by the client during the client hello."},{"field":"tls.client.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"tls.client.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"tls.client.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) codes"},{"field":"tls.client.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"tls.client.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"tls.client.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"tls.client.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"tls.client.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"tls.client.x509.not_after","type":"date","normalization":"","example":"2020-07-16 03:15:39+00:00","description":"Time at which the certificate is no longer considered valid."},{"field":"tls.client.x509.not_before","type":"date","normalization":"","example":"2019-08-16 01:40:25+00:00","description":"Time at which the certificate is first considered valid."},{"field":"tls.client.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"tls.client.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"tls.client.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"tls.client.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"tls.client.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"tls.client.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"tls.client.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"tls.client.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) code"},{"field":"tls.client.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"tls.client.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"tls.client.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"tls.client.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"tls.client.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"tls.client.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"tls.curve","type":"keyword","normalization":"","example":"secp256r1","description":"String indicating the curve used for the given cipher, when applicable."},{"field":"tls.established","type":"boolean","normalization":"","example":"","description":"Boolean flag indicating if the TLS negotiation was successful and transitioned to an encrypted tunnel."},{"field":"tls.next_protocol","type":"keyword","normalization":"","example":"http/1.1","description":"String indicating the protocol being tunneled."},{"field":"tls.resumed","type":"boolean","normalization":"","example":"","description":"Boolean flag indicating if this TLS connection was resumed from an existing TLS negotiation."},{"field":"tls.server.certificate","type":"keyword","normalization":"","example":"MII...","description":"PEM-encoded stand-alone certificate offered by the server."},{"field":"tls.server.certificate_chain","type":"keyword","normalization":"array","example":["MII...","MII..."],"description":"Array of PEM-encoded certificates that make up the certificate chain offered by the server."},{"field":"tls.server.hash.md5","type":"keyword","normalization":"","example":"0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC","description":"Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the server."},{"field":"tls.server.hash.sha1","type":"keyword","normalization":"","example":"9E393D93138888D288266C2D915214D1D1CCEB2A","description":"Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the server."},{"field":"tls.server.hash.sha256","type":"keyword","normalization":"","example":"0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0","description":"Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the server."},{"field":"tls.server.issuer","type":"keyword","normalization":"","example":"CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com","description":"Subject of the issuer of the x.509 certificate presented by the server."},{"field":"tls.server.ja3s","type":"keyword","normalization":"","example":"394441ab65754e2207b1e1b457b3641d","description":"A hash that identifies servers based on how they perform an SSL/TLS handshake."},{"field":"tls.server.not_after","type":"date","normalization":"","example":"2021-01-01T00:00:00.000Z","description":"Timestamp indicating when server certificate is no longer considered valid."},{"field":"tls.server.not_before","type":"date","normalization":"","example":"1970-01-01T00:00:00.000Z","description":"Timestamp indicating when server certificate is first considered valid."},{"field":"tls.server.subject","type":"keyword","normalization":"","example":"CN=www.example.com, OU=Infrastructure Team, DC=example, DC=com","description":"Subject of the x.509 certificate presented by the server."},{"field":"tls.server.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"tls.server.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"tls.server.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) codes"},{"field":"tls.server.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"tls.server.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"tls.server.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"tls.server.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"tls.server.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"tls.server.x509.not_after","type":"date","normalization":"","example":"2020-07-16 03:15:39+00:00","description":"Time at which the certificate is no longer considered valid."},{"field":"tls.server.x509.not_before","type":"date","normalization":"","example":"2019-08-16 01:40:25+00:00","description":"Time at which the certificate is first considered valid."},{"field":"tls.server.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"tls.server.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"tls.server.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"tls.server.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"tls.server.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"tls.server.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"tls.server.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"tls.server.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) code"},{"field":"tls.server.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"tls.server.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"tls.server.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"tls.server.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"tls.server.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"tls.server.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"tls.version","type":"keyword","normalization":"","example":1.2,"description":"Numeric part of the version parsed from the original string."},{"field":"tls.version_protocol","type":"keyword","normalization":"","example":"tls","description":"Normalized lowercase protocol name parsed from original string."},{"field":"trace.id","type":"keyword","normalization":"","example":"4bf92f3577b34da6a3ce929d0e0e4736","description":"Unique identifier of the trace."},{"field":"transaction.id","type":"keyword","normalization":"","example":"00f067aa0ba902b7","description":"Unique identifier of the transaction within the scope of its trace."},{"field":"url.domain","type":"keyword","normalization":"","example":"www.elastic.co","description":"Domain of the url."},{"field":"url.extension","type":"keyword","normalization":"","example":"png","description":"File extension from the request url, excluding the leading dot."},{"field":"url.fragment","type":"keyword","normalization":"","example":"","description":"Portion of the url after the `#`."},{"field":"url.full","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"url.full.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"url.original","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"url.original.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"url.password","type":"keyword","normalization":"","example":"","description":"Password of the request."},{"field":"url.path","type":"wildcard","normalization":"","example":"","description":"Path of the request, such as \"/search\"."},{"field":"url.port","type":"long","normalization":"","example":443,"description":"Port of the request, such as 443."},{"field":"url.query","type":"keyword","normalization":"","example":"","description":"Query string of the request."},{"field":"url.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered url domain, stripped of the subdomain."},{"field":"url.scheme","type":"keyword","normalization":"","example":"https","description":"Scheme of the url."},{"field":"url.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"url.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"url.username","type":"keyword","normalization":"","example":"","description":"Username of the request."},{"field":"user.changes.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"user.changes.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"user.changes.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.changes.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.changes.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"user.changes.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"user.changes.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"user.changes.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.changes.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"user.changes.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.changes.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.changes.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"user.effective.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"user.effective.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"user.effective.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.effective.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.effective.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"user.effective.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"user.effective.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"user.effective.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.effective.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"user.effective.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.effective.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.effective.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"user.target.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"user.target.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"user.target.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.target.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.target.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"user.target.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"user.target.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"user.target.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.target.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"user.target.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.target.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.target.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"user_agent.device.name","type":"keyword","normalization":"","example":"iPhone","description":"Name of the device."},{"field":"user_agent.name","type":"keyword","normalization":"","example":"Safari","description":"Name of the user agent."},{"field":"user_agent.original","type":"keyword","normalization":"","example":"Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1","description":"Unparsed user_agent string."},{"field":"user_agent.original.text","type":"match_only_text","normalization":"","example":"Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1","description":"Unparsed user_agent string."},{"field":"user_agent.os.family","type":"keyword","normalization":"","example":"debian","description":"OS family (such as redhat, debian, freebsd, windows)."},{"field":"user_agent.os.full","type":"keyword","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"user_agent.os.full.text","type":"match_only_text","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"user_agent.os.kernel","type":"keyword","normalization":"","example":"4.4.0-112-generic","description":"Operating system kernel version as a raw string."},{"field":"user_agent.os.name","type":"keyword","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"user_agent.os.name.text","type":"match_only_text","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"user_agent.os.platform","type":"keyword","normalization":"","example":"darwin","description":"Operating system platform (such centos, ubuntu, windows)."},{"field":"user_agent.os.type","type":"keyword","normalization":"","example":"macos","description":"Which commercial OS family (one of: linux, macos, unix or windows)."},{"field":"user_agent.os.version","type":"keyword","normalization":"","example":"10.14.1","description":"Operating system version as a raw string."},{"field":"user_agent.version","type":"keyword","normalization":"","example":12,"description":"Version of the user agent."},{"field":"vulnerability.category","type":"keyword","normalization":"array","example":["Firewall"],"description":"Category of a vulnerability."},{"field":"vulnerability.classification","type":"keyword","normalization":"","example":"CVSS","description":"Classification of the vulnerability."},{"field":"vulnerability.description","type":"keyword","normalization":"","example":"In macOS before 2.12.6, there is a vulnerability in the RPC...","description":"Description of the vulnerability."},{"field":"vulnerability.description.text","type":"match_only_text","normalization":"","example":"In macOS before 2.12.6, there is a vulnerability in the RPC...","description":"Description of the vulnerability."},{"field":"vulnerability.enumeration","type":"keyword","normalization":"","example":"CVE","description":"Identifier of the vulnerability."},{"field":"vulnerability.id","type":"keyword","normalization":"","example":"CVE-2019-00001","description":"ID of the vulnerability."},{"field":"vulnerability.reference","type":"keyword","normalization":"","example":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111","description":"Reference of the vulnerability."},{"field":"vulnerability.report_id","type":"keyword","normalization":"","example":20191018.0001,"description":"Scan identification number."},{"field":"vulnerability.scanner.vendor","type":"keyword","normalization":"","example":"Tenable","description":"Name of the scanner vendor."},{"field":"vulnerability.score.base","type":"float","normalization":"","example":5.5,"description":"Vulnerability Base score."},{"field":"vulnerability.score.environmental","type":"float","normalization":"","example":5.5,"description":"Vulnerability Environmental score."},{"field":"vulnerability.score.temporal","type":"float","normalization":"","example":"","description":"Vulnerability Temporal score."},{"field":"vulnerability.score.version","type":"keyword","normalization":"","example":2,"description":"CVSS version."},{"field":"vulnerability.severity","type":"keyword","normalization":"","example":"Critical","description":"Severity of the vulnerability."}] \ No newline at end of file diff --git a/x-pack/plugins/osquery/public/common/schemas/ecs/v8.2.0.json b/x-pack/plugins/osquery/public/common/schemas/ecs/v8.2.0.json new file mode 100644 index 0000000000000..b26078cb109e0 --- /dev/null +++ b/x-pack/plugins/osquery/public/common/schemas/ecs/v8.2.0.json @@ -0,0 +1 @@ +[{"field":"labels","type":"object","normalization":"","example":{"application":"foo-bar","env":"production"},"description":"Custom key/value pairs."},{"field":"message","type":"match_only_text","normalization":"","example":"Hello World","description":"Log message optimized for viewing in a log viewer."},{"field":"tags","type":"keyword","normalization":"array","example":["production","env2"],"description":"List of keywords used to tag each event."},{"field":"agent.build.original","type":"keyword","normalization":"","example":"metricbeat version 7.6.0 (amd64), libbeat 7.6.0 [6a23e8f8f30f5001ba344e4e54d8d9cb82cb107c built 2020-02-05 23:10:10 +0000 UTC]","description":"Extended build information for the agent."},{"field":"client.address","type":"keyword","normalization":"","example":"","description":"Client network address."},{"field":"client.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"client.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"client.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"client.bytes","type":"long","normalization":"","example":184,"description":"Bytes sent from the client to the server."},{"field":"client.domain","type":"keyword","normalization":"","example":"foo.example.com","description":"The domain name of the client."},{"field":"client.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"client.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"client.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"client.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"client.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"client.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"client.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"client.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"client.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"client.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"client.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"client.ip","type":"ip","normalization":"","example":"","description":"IP address of the client."},{"field":"client.mac","type":"keyword","normalization":"","example":"00-00-5E-00-53-23","description":"MAC address of the client."},{"field":"client.nat.ip","type":"ip","normalization":"","example":"","description":"Client NAT ip address"},{"field":"client.nat.port","type":"long","normalization":"","example":"","description":"Client NAT port"},{"field":"client.packets","type":"long","normalization":"","example":12,"description":"Packets sent from the client to the server."},{"field":"client.port","type":"long","normalization":"","example":"","description":"Port of the client."},{"field":"client.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered client domain, stripped of the subdomain."},{"field":"client.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"client.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"client.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"client.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"client.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"client.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"client.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"client.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"client.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"client.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"client.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"client.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"client.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"client.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"cloud.account.id","type":"keyword","normalization":"","example":666777888999,"description":"The cloud account or organization id."},{"field":"cloud.account.name","type":"keyword","normalization":"","example":"elastic-dev","description":"The cloud account name."},{"field":"cloud.availability_zone","type":"keyword","normalization":"","example":"us-east-1c","description":"Availability zone in which this host, resource, or service is located."},{"field":"cloud.instance.id","type":"keyword","normalization":"","example":"i-1234567890abcdef0","description":"Instance ID of the host machine."},{"field":"cloud.instance.name","type":"keyword","normalization":"","example":"","description":"Instance name of the host machine."},{"field":"cloud.machine.type","type":"keyword","normalization":"","example":"t2.medium","description":"Machine type of the host machine."},{"field":"cloud.origin.account.id","type":"keyword","normalization":"","example":666777888999,"description":"The cloud account or organization id."},{"field":"cloud.origin.account.name","type":"keyword","normalization":"","example":"elastic-dev","description":"The cloud account name."},{"field":"cloud.origin.availability_zone","type":"keyword","normalization":"","example":"us-east-1c","description":"Availability zone in which this host, resource, or service is located."},{"field":"cloud.origin.instance.id","type":"keyword","normalization":"","example":"i-1234567890abcdef0","description":"Instance ID of the host machine."},{"field":"cloud.origin.instance.name","type":"keyword","normalization":"","example":"","description":"Instance name of the host machine."},{"field":"cloud.origin.machine.type","type":"keyword","normalization":"","example":"t2.medium","description":"Machine type of the host machine."},{"field":"cloud.origin.project.id","type":"keyword","normalization":"","example":"my-project","description":"The cloud project id."},{"field":"cloud.origin.project.name","type":"keyword","normalization":"","example":"my project","description":"The cloud project name."},{"field":"cloud.origin.provider","type":"keyword","normalization":"","example":"aws","description":"Name of the cloud provider."},{"field":"cloud.origin.region","type":"keyword","normalization":"","example":"us-east-1","description":"Region in which this host, resource, or service is located."},{"field":"cloud.origin.service.name","type":"keyword","normalization":"","example":"lambda","description":"The cloud service name."},{"field":"cloud.project.id","type":"keyword","normalization":"","example":"my-project","description":"The cloud project id."},{"field":"cloud.project.name","type":"keyword","normalization":"","example":"my project","description":"The cloud project name."},{"field":"cloud.provider","type":"keyword","normalization":"","example":"aws","description":"Name of the cloud provider."},{"field":"cloud.region","type":"keyword","normalization":"","example":"us-east-1","description":"Region in which this host, resource, or service is located."},{"field":"cloud.service.name","type":"keyword","normalization":"","example":"lambda","description":"The cloud service name."},{"field":"cloud.target.account.id","type":"keyword","normalization":"","example":666777888999,"description":"The cloud account or organization id."},{"field":"cloud.target.account.name","type":"keyword","normalization":"","example":"elastic-dev","description":"The cloud account name."},{"field":"cloud.target.availability_zone","type":"keyword","normalization":"","example":"us-east-1c","description":"Availability zone in which this host, resource, or service is located."},{"field":"cloud.target.instance.id","type":"keyword","normalization":"","example":"i-1234567890abcdef0","description":"Instance ID of the host machine."},{"field":"cloud.target.instance.name","type":"keyword","normalization":"","example":"","description":"Instance name of the host machine."},{"field":"cloud.target.machine.type","type":"keyword","normalization":"","example":"t2.medium","description":"Machine type of the host machine."},{"field":"cloud.target.project.id","type":"keyword","normalization":"","example":"my-project","description":"The cloud project id."},{"field":"cloud.target.project.name","type":"keyword","normalization":"","example":"my project","description":"The cloud project name."},{"field":"cloud.target.provider","type":"keyword","normalization":"","example":"aws","description":"Name of the cloud provider."},{"field":"cloud.target.region","type":"keyword","normalization":"","example":"us-east-1","description":"Region in which this host, resource, or service is located."},{"field":"cloud.target.service.name","type":"keyword","normalization":"","example":"lambda","description":"The cloud service name."},{"field":"container.cpu.usage","type":"scaled_float","normalization":"","example":"","description":"Percent CPU used, between 0 and 1."},{"field":"container.disk.read.bytes","type":"long","normalization":"","example":"","description":"The number of bytes read by all disks."},{"field":"container.disk.write.bytes","type":"long","normalization":"","example":"","description":"The number of bytes written on all disks."},{"field":"container.id","type":"keyword","normalization":"","example":"","description":"Unique container id."},{"field":"container.image.name","type":"keyword","normalization":"","example":"","description":"Name of the image the container was built on."},{"field":"container.image.tag","type":"keyword","normalization":"array","example":"","description":"Container image tags."},{"field":"container.labels","type":"object","normalization":"","example":"","description":"Image labels."},{"field":"container.memory.usage","type":"scaled_float","normalization":"","example":"","description":"Percent memory used, between 0 and 1."},{"field":"container.name","type":"keyword","normalization":"","example":"","description":"Container name."},{"field":"container.network.egress.bytes","type":"long","normalization":"","example":"","description":"The number of bytes sent on all network interfaces."},{"field":"container.network.ingress.bytes","type":"long","normalization":"","example":"","description":"The number of bytes received on all network interfaces."},{"field":"container.runtime","type":"keyword","normalization":"","example":"docker","description":"Runtime managing this container."},{"field":"data_stream.dataset","type":"constant_keyword","normalization":"","example":"nginx.access","description":"The field can contain anything that makes sense to signify the source of the data."},{"field":"data_stream.namespace","type":"constant_keyword","normalization":"","example":"production","description":"A user defined namespace. Namespaces are useful to allow grouping of data."},{"field":"data_stream.type","type":"constant_keyword","normalization":"","example":"logs","description":"An overarching type for the data stream."},{"field":"destination.address","type":"keyword","normalization":"","example":"","description":"Destination network address."},{"field":"destination.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"destination.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"destination.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"destination.bytes","type":"long","normalization":"","example":184,"description":"Bytes sent from the destination to the source."},{"field":"destination.domain","type":"keyword","normalization":"","example":"foo.example.com","description":"The domain name of the destination."},{"field":"destination.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"destination.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"destination.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"destination.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"destination.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"destination.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"destination.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"destination.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"destination.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"destination.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"destination.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"destination.ip","type":"ip","normalization":"","example":"","description":"IP address of the destination."},{"field":"destination.mac","type":"keyword","normalization":"","example":"00-00-5E-00-53-23","description":"MAC address of the destination."},{"field":"destination.nat.ip","type":"ip","normalization":"","example":"","description":"Destination NAT ip"},{"field":"destination.nat.port","type":"long","normalization":"","example":"","description":"Destination NAT Port"},{"field":"destination.packets","type":"long","normalization":"","example":12,"description":"Packets sent from the destination to the source."},{"field":"destination.port","type":"long","normalization":"","example":"","description":"Port of the destination."},{"field":"destination.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered destination domain, stripped of the subdomain."},{"field":"destination.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"destination.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"destination.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"destination.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"destination.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"destination.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"destination.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"destination.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"destination.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"destination.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"destination.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"destination.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"destination.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"destination.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"dll.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"dll.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"dll.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"dll.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"dll.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"dll.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"dll.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"dll.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"dll.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"dll.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"dll.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"dll.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"dll.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"dll.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"dll.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"dll.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"dll.name","type":"keyword","normalization":"","example":"kernel32.dll","description":"Name of the library."},{"field":"dll.path","type":"keyword","normalization":"","example":"C:\\Windows\\System32\\kernel32.dll","description":"Full file path of the library."},{"field":"dll.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"dll.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"dll.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"dll.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"dll.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"dll.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"dll.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"dll.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"dns.answers","type":"object","normalization":"array","example":"","description":"Array of DNS answers."},{"field":"dns.answers.class","type":"keyword","normalization":"","example":"IN","description":"The class of DNS data contained in this resource record."},{"field":"dns.answers.data","type":"keyword","normalization":"","example":"10.10.10.10","description":"The data describing the resource."},{"field":"dns.answers.name","type":"keyword","normalization":"","example":"www.example.com","description":"The domain name to which this resource record pertains."},{"field":"dns.answers.ttl","type":"long","normalization":"","example":180,"description":"The time interval in seconds that this resource record may be cached before it should be discarded."},{"field":"dns.answers.type","type":"keyword","normalization":"","example":"CNAME","description":"The type of data contained in this resource record."},{"field":"dns.header_flags","type":"keyword","normalization":"array","example":["RD","RA"],"description":"Array of DNS header flags."},{"field":"dns.id","type":"keyword","normalization":"","example":62111,"description":"The DNS packet identifier assigned by the program that generated the query. The identifier is copied to the response."},{"field":"dns.op_code","type":"keyword","normalization":"","example":"QUERY","description":"The DNS operation code that specifies the kind of query in the message."},{"field":"dns.question.class","type":"keyword","normalization":"","example":"IN","description":"The class of records being queried."},{"field":"dns.question.name","type":"keyword","normalization":"","example":"www.example.com","description":"The name being queried."},{"field":"dns.question.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered domain, stripped of the subdomain."},{"field":"dns.question.subdomain","type":"keyword","normalization":"","example":"www","description":"The subdomain of the domain."},{"field":"dns.question.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"dns.question.type","type":"keyword","normalization":"","example":"AAAA","description":"The type of record being queried."},{"field":"dns.resolved_ip","type":"ip","normalization":"array","example":["10.10.10.10","10.10.10.11"],"description":"Array containing all IPs seen in answers.data"},{"field":"dns.response_code","type":"keyword","normalization":"","example":"NOERROR","description":"The DNS response code."},{"field":"dns.type","type":"keyword","normalization":"","example":"answer","description":"The type of DNS event captured, query or answer."},{"field":"email.attachments","type":"nested","normalization":"array","example":"","description":"List of objects describing the attachments."},{"field":"email.attachments.file.extension","type":"keyword","normalization":"","example":"txt","description":"Attachment file extension."},{"field":"email.attachments.file.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"email.attachments.file.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"email.attachments.file.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"email.attachments.file.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"email.attachments.file.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"email.attachments.file.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"email.attachments.file.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"email.attachments.file.mime_type","type":"keyword","normalization":"","example":"text/plain","description":"MIME type of the attachment file."},{"field":"email.attachments.file.name","type":"keyword","normalization":"","example":"attachment.txt","description":"Name of the attachment file."},{"field":"email.attachments.file.size","type":"long","normalization":"","example":64329,"description":"Attachment file size."},{"field":"email.bcc.address","type":"keyword","normalization":"array","example":"bcc.user1@example.com","description":"Email address of BCC recipient"},{"field":"email.cc.address","type":"keyword","normalization":"array","example":"cc.user1@example.com","description":"Email address of CC recipient"},{"field":"email.content_type","type":"keyword","normalization":"","example":"text/plain","description":"MIME type of the email message."},{"field":"email.delivery_timestamp","type":"date","normalization":"","example":"2020-11-10T22:12:34.8196921Z","description":"Date and time when message was delivered."},{"field":"email.direction","type":"keyword","normalization":"","example":"inbound","description":"Direction of the message."},{"field":"email.from.address","type":"keyword","normalization":"array","example":"sender@example.com","description":"The sender's email address."},{"field":"email.local_id","type":"keyword","normalization":"","example":"c26dbea0-80d5-463b-b93c-4e8b708219ce","description":"Unique identifier given by the source."},{"field":"email.message_id","type":"wildcard","normalization":"","example":"81ce15$8r2j59@mail01.example.com","description":"Value from the Message-ID header."},{"field":"email.origination_timestamp","type":"date","normalization":"","example":"2020-11-10T22:12:34.8196921Z","description":"Date and time the email was composed."},{"field":"email.reply_to.address","type":"keyword","normalization":"array","example":"reply.here@example.com","description":"Address replies should be delivered to."},{"field":"email.sender.address","type":"keyword","normalization":"","example":"","description":"Address of the message sender."},{"field":"email.subject","type":"keyword","normalization":"","example":"Please see this important message.","description":"The subject of the email message."},{"field":"email.subject.text","type":"match_only_text","normalization":"","example":"Please see this important message.","description":"The subject of the email message."},{"field":"email.to.address","type":"keyword","normalization":"array","example":"user1@example.com","description":"Email address of recipient"},{"field":"email.x_mailer","type":"keyword","normalization":"","example":"Spambot v2.5","description":"Application that drafted email."},{"field":"error.code","type":"keyword","normalization":"","example":"","description":"Error code describing the error."},{"field":"error.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the error."},{"field":"error.message","type":"match_only_text","normalization":"","example":"","description":"Error message."},{"field":"error.stack_trace","type":"wildcard","normalization":"","example":"","description":"The stack trace of this error in plain text."},{"field":"error.stack_trace.text","type":"match_only_text","normalization":"","example":"","description":"The stack trace of this error in plain text."},{"field":"error.type","type":"keyword","normalization":"","example":"java.lang.NullPointerException","description":"The type of the error, for example the class name of the exception."},{"field":"event.action","type":"keyword","normalization":"","example":"user-password-change","description":"The action captured by the event."},{"field":"event.category","type":"keyword","normalization":"array","example":"authentication","description":"Event category. The second categorization field in the hierarchy."},{"field":"event.code","type":"keyword","normalization":"","example":4648,"description":"Identification code for this event."},{"field":"event.created","type":"date","normalization":"","example":"2016-05-23T08:05:34.857Z","description":"Time when the event was first read by an agent or by your pipeline."},{"field":"event.dataset","type":"keyword","normalization":"","example":"apache.access","description":"Name of the dataset."},{"field":"event.duration","type":"long","normalization":"","example":"","description":"Duration of the event in nanoseconds."},{"field":"event.end","type":"date","normalization":"","example":"","description":"event.end contains the date when the event ended or when the activity was last observed."},{"field":"event.hash","type":"keyword","normalization":"","example":"123456789012345678901234567890ABCD","description":"Hash (perhaps logstash fingerprint) of raw field to be able to demonstrate log integrity."},{"field":"event.id","type":"keyword","normalization":"","example":"8a4f500d","description":"Unique ID to describe the event."},{"field":"event.kind","type":"keyword","normalization":"","example":"alert","description":"The kind of the event. The highest categorization field in the hierarchy."},{"field":"event.original","type":"keyword","normalization":"","example":"Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100| worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232","description":"Raw text message of entire event."},{"field":"event.outcome","type":"keyword","normalization":"","example":"success","description":"The outcome of the event. The lowest level categorization field in the hierarchy."},{"field":"event.provider","type":"keyword","normalization":"","example":"kernel","description":"Source of the event."},{"field":"event.reason","type":"keyword","normalization":"","example":"Terminated an unexpected process","description":"Reason why this event happened, according to the source"},{"field":"event.reference","type":"keyword","normalization":"","example":"https://system.example.com/event/#0001234","description":"Event reference URL"},{"field":"event.risk_score","type":"float","normalization":"","example":"","description":"Risk score or priority of the event (e.g. security solutions). Use your system's original value here."},{"field":"event.risk_score_norm","type":"float","normalization":"","example":"","description":"Normalized risk score or priority of the event (0-100)."},{"field":"event.sequence","type":"long","normalization":"","example":"","description":"Sequence number of the event."},{"field":"event.severity","type":"long","normalization":"","example":7,"description":"Numeric severity of the event."},{"field":"event.start","type":"date","normalization":"","example":"","description":"event.start contains the date when the event started or when the activity was first observed."},{"field":"event.timezone","type":"keyword","normalization":"","example":"","description":"Event time zone."},{"field":"event.type","type":"keyword","normalization":"array","example":"","description":"Event type. The third categorization field in the hierarchy."},{"field":"event.url","type":"keyword","normalization":"","example":"https://mysystem.example.com/alert/5271dedb-f5b0-4218-87f0-4ac4870a38fe","description":"Event investigation URL"},{"field":"faas.coldstart","type":"boolean","normalization":"","example":"","description":"Boolean value indicating a cold start of a function."},{"field":"faas.execution","type":"keyword","normalization":"","example":"af9d5aa4-a685-4c5f-a22b-444f80b3cc28","description":"The execution ID of the current function execution."},{"field":"faas.id","type":"keyword","normalization":"","example":"arn:aws:lambda:us-west-2:123456789012:function:my-function","description":"The unique identifier of a serverless function."},{"field":"faas.name","type":"keyword","normalization":"","example":"my-function","description":"The name of a serverless function."},{"field":"faas.trigger","type":"nested","normalization":"","example":"","description":"Details about the function trigger."},{"field":"faas.trigger.request_id","type":"keyword","normalization":"","example":123456789,"description":"The ID of the trigger request , message, event, etc."},{"field":"faas.trigger.type","type":"keyword","normalization":"","example":"http","description":"The trigger for the function execution."},{"field":"faas.version","type":"keyword","normalization":"","example":123,"description":"The version of a serverless function."},{"field":"file.accessed","type":"date","normalization":"","example":"","description":"Last time the file was accessed."},{"field":"file.attributes","type":"keyword","normalization":"array","example":["readonly","system"],"description":"Array of file attributes."},{"field":"file.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"file.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"file.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"file.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"file.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"file.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"file.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"file.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"file.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"file.created","type":"date","normalization":"","example":"","description":"File creation time."},{"field":"file.ctime","type":"date","normalization":"","example":"","description":"Last time the file attributes or metadata changed."},{"field":"file.device","type":"keyword","normalization":"","example":"sda","description":"Device that is the source of the file."},{"field":"file.directory","type":"keyword","normalization":"","example":"/home/alice","description":"Directory where the file is located."},{"field":"file.drive_letter","type":"keyword","normalization":"","example":"C","description":"Drive letter where the file is located."},{"field":"file.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"file.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"file.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"file.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"file.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"file.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"file.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"file.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"file.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"file.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"file.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"file.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"file.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"file.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"file.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"file.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"file.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"file.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"file.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"file.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"file.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"file.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"file.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"file.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"file.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"file.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"file.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"file.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"file.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"file.extension","type":"keyword","normalization":"","example":"png","description":"File extension, excluding the leading dot."},{"field":"file.fork_name","type":"keyword","normalization":"","example":"Zone.Identifer","description":"A fork is additional data associated with a filesystem object."},{"field":"file.gid","type":"keyword","normalization":"","example":1001,"description":"Primary group ID (GID) of the file."},{"field":"file.group","type":"keyword","normalization":"","example":"alice","description":"Primary group name of the file."},{"field":"file.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"file.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"file.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"file.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"file.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"file.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"file.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"file.inode","type":"keyword","normalization":"","example":256383,"description":"Inode representing the file in the filesystem."},{"field":"file.mime_type","type":"keyword","normalization":"","example":"","description":"Media type of file, document, or arrangement of bytes."},{"field":"file.mode","type":"keyword","normalization":"","example":"0640","description":"Mode of the file in octal representation."},{"field":"file.mtime","type":"date","normalization":"","example":"","description":"Last time the file content was modified."},{"field":"file.name","type":"keyword","normalization":"","example":"example.png","description":"Name of the file including the extension, without the directory."},{"field":"file.owner","type":"keyword","normalization":"","example":"alice","description":"File owner's username."},{"field":"file.path","type":"keyword","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"file.path.text","type":"match_only_text","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"file.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"file.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"file.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"file.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"file.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"file.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"file.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"file.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"file.size","type":"long","normalization":"","example":16384,"description":"File size in bytes."},{"field":"file.target_path","type":"keyword","normalization":"","example":"","description":"Target path for symlinks."},{"field":"file.target_path.text","type":"match_only_text","normalization":"","example":"","description":"Target path for symlinks."},{"field":"file.type","type":"keyword","normalization":"","example":"file","description":"File type (file, dir, or symlink)."},{"field":"file.uid","type":"keyword","normalization":"","example":1001,"description":"The user ID (UID) or security identifier (SID) of the file owner."},{"field":"file.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"file.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"file.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) codes"},{"field":"file.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"file.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"file.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"file.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"file.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"file.x509.not_after","type":"date","normalization":"","example":"2020-07-16 03:15:39+00:00","description":"Time at which the certificate is no longer considered valid."},{"field":"file.x509.not_before","type":"date","normalization":"","example":"2019-08-16 01:40:25+00:00","description":"Time at which the certificate is first considered valid."},{"field":"file.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"file.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"file.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"file.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"file.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"file.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"file.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"file.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) code"},{"field":"file.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"file.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"file.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"file.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"file.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"file.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"host.boot.id","type":"keyword","normalization":"","example":"88a1f0ed-5ae5-41ee-af6b-41921c311872","description":"Linux boot uuid taken from /proc/sys/kernel/random/boot_id"},{"field":"host.cpu.usage","type":"scaled_float","normalization":"","example":"","description":"Percent CPU used, between 0 and 1."},{"field":"host.disk.read.bytes","type":"long","normalization":"","example":"","description":"The number of bytes read by all disks."},{"field":"host.disk.write.bytes","type":"long","normalization":"","example":"","description":"The number of bytes written on all disks."},{"field":"host.domain","type":"keyword","normalization":"","example":"CONTOSO","description":"Name of the directory the group is a member of."},{"field":"host.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"host.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"host.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"host.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"host.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"host.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"host.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"host.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"host.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"host.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"host.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"host.name","type":"keyword","normalization":"","example":"","description":"Name of the host."},{"field":"host.network.egress.bytes","type":"long","normalization":"","example":"","description":"The number of bytes sent on all network interfaces."},{"field":"host.network.egress.packets","type":"long","normalization":"","example":"","description":"The number of packets sent on all network interfaces."},{"field":"host.network.ingress.bytes","type":"long","normalization":"","example":"","description":"The number of bytes received on all network interfaces."},{"field":"host.network.ingress.packets","type":"long","normalization":"","example":"","description":"The number of packets received on all network interfaces."},{"field":"host.os.full","type":"keyword","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"host.os.full.text","type":"match_only_text","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"host.os.name.text","type":"match_only_text","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"host.os.platform","type":"keyword","normalization":"","example":"darwin","description":"Operating system platform (such centos, ubuntu, windows)."},{"field":"host.pid_ns_ino","type":"keyword","normalization":"","example":256383,"description":"Pid namespace inode"},{"field":"host.type","type":"keyword","normalization":"","example":"","description":"Type of host."},{"field":"host.uptime","type":"long","normalization":"","example":1325,"description":"Seconds the host has been up."},{"field":"http.request.body.bytes","type":"long","normalization":"","example":887,"description":"Size in bytes of the request body."},{"field":"http.request.body.content","type":"wildcard","normalization":"","example":"Hello world","description":"The full HTTP request body."},{"field":"http.request.body.content.text","type":"match_only_text","normalization":"","example":"Hello world","description":"The full HTTP request body."},{"field":"http.request.bytes","type":"long","normalization":"","example":1437,"description":"Total size in bytes of the request (body and headers)."},{"field":"http.request.id","type":"keyword","normalization":"","example":"123e4567-e89b-12d3-a456-426614174000","description":"HTTP request ID."},{"field":"http.request.method","type":"keyword","normalization":"","example":"POST","description":"HTTP request method."},{"field":"http.request.mime_type","type":"keyword","normalization":"","example":"image/gif","description":"Mime type of the body of the request."},{"field":"http.request.referrer","type":"keyword","normalization":"","example":"https://blog.example.com/","description":"Referrer for this HTTP request."},{"field":"http.response.body.bytes","type":"long","normalization":"","example":887,"description":"Size in bytes of the response body."},{"field":"http.response.body.content","type":"wildcard","normalization":"","example":"Hello world","description":"The full HTTP response body."},{"field":"http.response.body.content.text","type":"match_only_text","normalization":"","example":"Hello world","description":"The full HTTP response body."},{"field":"http.response.bytes","type":"long","normalization":"","example":1437,"description":"Total size in bytes of the response (body and headers)."},{"field":"http.response.mime_type","type":"keyword","normalization":"","example":"image/gif","description":"Mime type of the body of the response."},{"field":"http.response.status_code","type":"long","normalization":"","example":404,"description":"HTTP response status code."},{"field":"http.version","type":"keyword","normalization":"","example":1.1,"description":"HTTP version."},{"field":"log.file.path","type":"keyword","normalization":"","example":"/var/log/fun-times.log","description":"Full path to the log file this event came from."},{"field":"log.level","type":"keyword","normalization":"","example":"error","description":"Log level of the log event."},{"field":"log.logger","type":"keyword","normalization":"","example":"org.elasticsearch.bootstrap.Bootstrap","description":"Name of the logger."},{"field":"log.origin.file.line","type":"long","normalization":"","example":42,"description":"The line number of the file which originated the log event."},{"field":"log.origin.file.name","type":"keyword","normalization":"","example":"Bootstrap.java","description":"The code file which originated the log event."},{"field":"log.origin.function","type":"keyword","normalization":"","example":"init","description":"The function which originated the log event."},{"field":"log.syslog","type":"object","normalization":"","example":"","description":"Syslog metadata"},{"field":"log.syslog.appname","type":"keyword","normalization":"","example":"sshd","description":"The device or application that originated the Syslog message."},{"field":"log.syslog.facility.code","type":"long","normalization":"","example":23,"description":"Syslog numeric facility of the event."},{"field":"log.syslog.facility.name","type":"keyword","normalization":"","example":"local7","description":"Syslog text-based facility of the event."},{"field":"log.syslog.hostname","type":"keyword","normalization":"","example":"example-host","description":"The host that originated the Syslog message."},{"field":"log.syslog.msgid","type":"keyword","normalization":"","example":"ID47","description":"An identifier for the type of Syslog message."},{"field":"log.syslog.priority","type":"long","normalization":"","example":135,"description":"Syslog priority of the event."},{"field":"log.syslog.procid","type":"keyword","normalization":"","example":12345,"description":"The process name or ID that originated the Syslog message."},{"field":"log.syslog.severity.code","type":"long","normalization":"","example":3,"description":"Syslog numeric severity of the event."},{"field":"log.syslog.severity.name","type":"keyword","normalization":"","example":"Error","description":"Syslog text-based severity of the event."},{"field":"log.syslog.structured_data","type":"flattened","normalization":"","example":"","description":"Structured data expressed in RFC 5424 messages."},{"field":"log.syslog.version","type":"keyword","normalization":"","example":1,"description":"Syslog protocol version."},{"field":"network.application","type":"keyword","normalization":"","example":"aim","description":"Application level protocol name."},{"field":"network.bytes","type":"long","normalization":"","example":368,"description":"Total bytes transferred in both directions."},{"field":"network.community_id","type":"keyword","normalization":"","example":"1:hO+sN4H+MG5MY/8hIrXPqc4ZQz0=","description":"A hash of source and destination IPs and ports."},{"field":"network.direction","type":"keyword","normalization":"","example":"inbound","description":"Direction of the network traffic."},{"field":"network.forwarded_ip","type":"ip","normalization":"","example":"192.1.1.2","description":"Host IP address when the source IP address is the proxy."},{"field":"network.iana_number","type":"keyword","normalization":"","example":6,"description":"IANA Protocol Number."},{"field":"network.inner","type":"object","normalization":"","example":"","description":"Inner VLAN tag information"},{"field":"network.inner.vlan.id","type":"keyword","normalization":"","example":10,"description":"VLAN ID as reported by the observer."},{"field":"network.inner.vlan.name","type":"keyword","normalization":"","example":"outside","description":"Optional VLAN name as reported by the observer."},{"field":"network.name","type":"keyword","normalization":"","example":"Guest Wifi","description":"Name given by operators to sections of their network."},{"field":"network.packets","type":"long","normalization":"","example":24,"description":"Total packets transferred in both directions."},{"field":"network.protocol","type":"keyword","normalization":"","example":"http","description":"Application protocol name."},{"field":"network.transport","type":"keyword","normalization":"","example":"tcp","description":"Protocol Name corresponding to the field `iana_number`."},{"field":"network.type","type":"keyword","normalization":"","example":"ipv4","description":"In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc"},{"field":"network.vlan.id","type":"keyword","normalization":"","example":10,"description":"VLAN ID as reported by the observer."},{"field":"network.vlan.name","type":"keyword","normalization":"","example":"outside","description":"Optional VLAN name as reported by the observer."},{"field":"observer.egress","type":"object","normalization":"","example":"","description":"Object field for egress information"},{"field":"observer.egress.interface.alias","type":"keyword","normalization":"","example":"outside","description":"Interface alias"},{"field":"observer.egress.interface.id","type":"keyword","normalization":"","example":10,"description":"Interface ID"},{"field":"observer.egress.interface.name","type":"keyword","normalization":"","example":"eth0","description":"Interface name"},{"field":"observer.egress.vlan.id","type":"keyword","normalization":"","example":10,"description":"VLAN ID as reported by the observer."},{"field":"observer.egress.vlan.name","type":"keyword","normalization":"","example":"outside","description":"Optional VLAN name as reported by the observer."},{"field":"observer.egress.zone","type":"keyword","normalization":"","example":"Public_Internet","description":"Observer Egress zone"},{"field":"observer.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"observer.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"observer.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"observer.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"observer.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"observer.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"observer.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"observer.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"observer.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"observer.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"observer.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"observer.hostname","type":"keyword","normalization":"","example":"","description":"Hostname of the observer."},{"field":"observer.ingress","type":"object","normalization":"","example":"","description":"Object field for ingress information"},{"field":"observer.ingress.interface.alias","type":"keyword","normalization":"","example":"outside","description":"Interface alias"},{"field":"observer.ingress.interface.id","type":"keyword","normalization":"","example":10,"description":"Interface ID"},{"field":"observer.ingress.interface.name","type":"keyword","normalization":"","example":"eth0","description":"Interface name"},{"field":"observer.ingress.vlan.id","type":"keyword","normalization":"","example":10,"description":"VLAN ID as reported by the observer."},{"field":"observer.ingress.vlan.name","type":"keyword","normalization":"","example":"outside","description":"Optional VLAN name as reported by the observer."},{"field":"observer.ingress.zone","type":"keyword","normalization":"","example":"DMZ","description":"Observer ingress zone"},{"field":"observer.ip","type":"ip","normalization":"array","example":"","description":"IP addresses of the observer."},{"field":"observer.mac","type":"keyword","normalization":"array","example":["00-00-5E-00-53-23","00-00-5E-00-53-24"],"description":"MAC addresses of the observer."},{"field":"observer.name","type":"keyword","normalization":"","example":"1_proxySG","description":"Custom name of the observer."},{"field":"observer.os.family","type":"keyword","normalization":"","example":"debian","description":"OS family (such as redhat, debian, freebsd, windows)."},{"field":"observer.os.full","type":"keyword","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"observer.os.full.text","type":"match_only_text","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"observer.os.kernel","type":"keyword","normalization":"","example":"4.4.0-112-generic","description":"Operating system kernel version as a raw string."},{"field":"observer.os.name","type":"keyword","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"observer.os.name.text","type":"match_only_text","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"observer.os.platform","type":"keyword","normalization":"","example":"darwin","description":"Operating system platform (such centos, ubuntu, windows)."},{"field":"observer.os.type","type":"keyword","normalization":"","example":"macos","description":"Which commercial OS family (one of: linux, macos, unix or windows)."},{"field":"observer.os.version","type":"keyword","normalization":"","example":"10.14.1","description":"Operating system version as a raw string."},{"field":"observer.product","type":"keyword","normalization":"","example":"s200","description":"The product name of the observer."},{"field":"observer.serial_number","type":"keyword","normalization":"","example":"","description":"Observer serial number."},{"field":"observer.type","type":"keyword","normalization":"","example":"firewall","description":"The type of the observer the data is coming from."},{"field":"observer.vendor","type":"keyword","normalization":"","example":"Symantec","description":"Vendor name of the observer."},{"field":"observer.version","type":"keyword","normalization":"","example":"","description":"Observer version."},{"field":"orchestrator.api_version","type":"keyword","normalization":"","example":"v1beta1","description":"API version being used to carry out the action"},{"field":"orchestrator.cluster.name","type":"keyword","normalization":"","example":"","description":"Name of the cluster."},{"field":"orchestrator.cluster.url","type":"keyword","normalization":"","example":"","description":"URL of the API used to manage the cluster."},{"field":"orchestrator.cluster.version","type":"keyword","normalization":"","example":"","description":"The version of the cluster."},{"field":"orchestrator.namespace","type":"keyword","normalization":"","example":"kube-system","description":"Namespace in which the action is taking place."},{"field":"orchestrator.organization","type":"keyword","normalization":"","example":"elastic","description":"Organization affected by the event (for multi-tenant orchestrator setups)."},{"field":"orchestrator.resource.name","type":"keyword","normalization":"","example":"test-pod-cdcws","description":"Name of the resource being acted upon."},{"field":"orchestrator.resource.type","type":"keyword","normalization":"","example":"service","description":"Type of resource being acted upon."},{"field":"orchestrator.type","type":"keyword","normalization":"","example":"kubernetes","description":"Orchestrator cluster type (e.g. kubernetes, nomad or cloudfoundry)."},{"field":"organization.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the organization."},{"field":"organization.name","type":"keyword","normalization":"","example":"","description":"Organization name."},{"field":"organization.name.text","type":"match_only_text","normalization":"","example":"","description":"Organization name."},{"field":"package.architecture","type":"keyword","normalization":"","example":"x86_64","description":"Package architecture."},{"field":"package.build_version","type":"keyword","normalization":"","example":"36f4f7e89dd61b0988b12ee000b98966867710cd","description":"Build version information"},{"field":"package.checksum","type":"keyword","normalization":"","example":"68b329da9893e34099c7d8ad5cb9c940","description":"Checksum of the installed package for verification."},{"field":"package.description","type":"keyword","normalization":"","example":"Open source programming language to build simple/reliable/efficient software.","description":"Description of the package."},{"field":"package.install_scope","type":"keyword","normalization":"","example":"global","description":"Indicating how the package was installed, e.g. user-local, global."},{"field":"package.installed","type":"date","normalization":"","example":"","description":"Time when package was installed."},{"field":"package.license","type":"keyword","normalization":"","example":"Apache License 2.0","description":"Package license"},{"field":"package.name","type":"keyword","normalization":"","example":"go","description":"Package name"},{"field":"package.path","type":"keyword","normalization":"","example":"/usr/local/Cellar/go/1.12.9/","description":"Path where the package is installed."},{"field":"package.reference","type":"keyword","normalization":"","example":"https://golang.org","description":"Package home page or reference URL"},{"field":"package.size","type":"long","normalization":"","example":62231,"description":"Package size in bytes."},{"field":"package.type","type":"keyword","normalization":"","example":"rpm","description":"Package type"},{"field":"package.version","type":"keyword","normalization":"","example":"1.12.9","description":"Package version"},{"field":"process.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"process.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"process.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"process.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"process.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"process.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"process.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"process.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"process.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"process.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"process.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"process.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"process.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"process.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"process.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"process.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"process.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"process.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"process.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"process.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"process.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"process.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"process.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"process.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"process.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"process.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"process.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"process.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"process.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"process.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"process.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"process.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"process.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"process.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"process.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"process.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"process.end","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process ended."},{"field":"process.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.entry_leader.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.entry_leader.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.entry_leader.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.entry_leader.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.entry_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.entry_leader.entry_meta.source.ip","type":"ip","normalization":"","example":"","description":"IP address of the source."},{"field":"process.entry_leader.entry_meta.type","type":"keyword","normalization":"","example":"","description":"The entry type for the entry session leader."},{"field":"process.entry_leader.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.entry_leader.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.entry_leader.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.entry_leader.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.entry_leader.interactive","type":"boolean","normalization":"","example":"True","description":"Whether the process is connected to an interactive shell."},{"field":"process.entry_leader.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.entry_leader.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.entry_leader.parent.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.entry_leader.parent.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.entry_leader.parent.session_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.entry_leader.parent.session_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.entry_leader.parent.session_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.entry_leader.parent.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.entry_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.entry_leader.real_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.entry_leader.real_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.entry_leader.real_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.entry_leader.real_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.real_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.same_as_process","type":"boolean","normalization":"","example":"True","description":"This boolean is used to identify if a leader process is the same as the top level process."},{"field":"process.entry_leader.saved_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.entry_leader.saved_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.entry_leader.saved_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.entry_leader.saved_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.saved_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.entry_leader.supplemental_groups.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.entry_leader.supplemental_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.entry_leader.tty","type":"object","normalization":"","example":"","description":"Information about the controlling TTY device."},{"field":"process.entry_leader.tty.char_device.major","type":"long","normalization":"","example":1,"description":"The TTY character device's major number."},{"field":"process.entry_leader.tty.char_device.minor","type":"long","normalization":"","example":128,"description":"The TTY character device's minor number."},{"field":"process.entry_leader.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.entry_leader.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.entry_leader.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.env_vars","type":"object","normalization":"","example":{"USER":"elastic","LANG":"en_US.UTF-8","HOME":"/home/elastic"},"description":"Environment variables set at the time of the event."},{"field":"process.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.exit_code","type":"long","normalization":"","example":137,"description":"The exit code of the process."},{"field":"process.group_leader.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.group_leader.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.group_leader.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.group_leader.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.group_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.group_leader.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.group_leader.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.group_leader.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.group_leader.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.group_leader.interactive","type":"boolean","normalization":"","example":"True","description":"Whether the process is connected to an interactive shell."},{"field":"process.group_leader.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.group_leader.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.group_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.group_leader.real_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.group_leader.real_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.group_leader.real_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.group_leader.real_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.real_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.same_as_process","type":"boolean","normalization":"","example":"True","description":"This boolean is used to identify if a leader process is the same as the top level process."},{"field":"process.group_leader.saved_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.group_leader.saved_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.group_leader.saved_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.group_leader.saved_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.saved_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.group_leader.supplemental_groups.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.group_leader.supplemental_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.group_leader.tty","type":"object","normalization":"","example":"","description":"Information about the controlling TTY device."},{"field":"process.group_leader.tty.char_device.major","type":"long","normalization":"","example":1,"description":"The TTY character device's major number."},{"field":"process.group_leader.tty.char_device.minor","type":"long","normalization":"","example":128,"description":"The TTY character device's minor number."},{"field":"process.group_leader.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.group_leader.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.group_leader.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"process.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"process.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"process.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"process.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"process.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"process.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"process.interactive","type":"boolean","normalization":"","example":"True","description":"Whether the process is connected to an interactive shell."},{"field":"process.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.parent.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.parent.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.parent.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"process.parent.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"process.parent.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"process.parent.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"process.parent.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"process.parent.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"process.parent.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"process.parent.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"process.parent.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"process.parent.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.parent.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.parent.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"process.parent.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"process.parent.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"process.parent.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"process.parent.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"process.parent.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"process.parent.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"process.parent.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"process.parent.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"process.parent.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"process.parent.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"process.parent.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"process.parent.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"process.parent.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.parent.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"process.parent.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"process.parent.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.parent.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"process.parent.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"process.parent.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"process.parent.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"process.parent.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"process.parent.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"process.parent.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"process.parent.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"process.parent.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"process.parent.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"process.parent.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"process.parent.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"process.parent.end","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process ended."},{"field":"process.parent.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.parent.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.parent.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.parent.exit_code","type":"long","normalization":"","example":137,"description":"The exit code of the process."},{"field":"process.parent.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.parent.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.parent.group_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.parent.group_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.parent.group_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.parent.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"process.parent.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"process.parent.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"process.parent.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"process.parent.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"process.parent.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"process.parent.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"process.parent.interactive","type":"boolean","normalization":"","example":"True","description":"Whether the process is connected to an interactive shell."},{"field":"process.parent.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.parent.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.parent.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"process.parent.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"process.parent.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"process.parent.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"process.parent.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"process.parent.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"process.parent.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"process.parent.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"process.parent.pgid","type":"long","normalization":"","example":"","description":"Deprecated identifier of the group of processes the process belongs to."},{"field":"process.parent.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.parent.real_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.parent.real_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.parent.real_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.parent.real_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.real_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.saved_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.parent.saved_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.parent.saved_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.parent.saved_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.saved_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.parent.supplemental_groups.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.parent.supplemental_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.parent.thread.id","type":"long","normalization":"","example":4242,"description":"Thread ID."},{"field":"process.parent.thread.name","type":"keyword","normalization":"","example":"thread-0","description":"Thread name."},{"field":"process.parent.title","type":"keyword","normalization":"","example":"","description":"Process title."},{"field":"process.parent.title.text","type":"match_only_text","normalization":"","example":"","description":"Process title."},{"field":"process.parent.tty","type":"object","normalization":"","example":"","description":"Information about the controlling TTY device."},{"field":"process.parent.tty.char_device.major","type":"long","normalization":"","example":1,"description":"The TTY character device's major number."},{"field":"process.parent.tty.char_device.minor","type":"long","normalization":"","example":128,"description":"The TTY character device's minor number."},{"field":"process.parent.uptime","type":"long","normalization":"","example":1325,"description":"Seconds the process has been up."},{"field":"process.parent.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.parent.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.parent.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"process.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"process.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"process.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"process.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"process.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"process.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"process.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"process.pgid","type":"long","normalization":"","example":"","description":"Deprecated identifier of the group of processes the process belongs to."},{"field":"process.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.previous.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.previous.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.previous.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.previous.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.real_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.real_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.real_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.real_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.real_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.saved_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.saved_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.saved_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.saved_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.saved_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.session_leader.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.session_leader.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.session_leader.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.session_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.session_leader.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.session_leader.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.session_leader.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.session_leader.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.session_leader.interactive","type":"boolean","normalization":"","example":"True","description":"Whether the process is connected to an interactive shell."},{"field":"process.session_leader.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.session_leader.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.session_leader.parent.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.session_leader.parent.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.session_leader.parent.session_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.session_leader.parent.session_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.session_leader.parent.session_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.session_leader.parent.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.session_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.session_leader.real_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.session_leader.real_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.session_leader.real_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.session_leader.real_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.real_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.same_as_process","type":"boolean","normalization":"","example":"True","description":"This boolean is used to identify if a leader process is the same as the top level process."},{"field":"process.session_leader.saved_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.session_leader.saved_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.session_leader.saved_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.session_leader.saved_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.saved_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.session_leader.supplemental_groups.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.session_leader.supplemental_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.session_leader.tty","type":"object","normalization":"","example":"","description":"Information about the controlling TTY device."},{"field":"process.session_leader.tty.char_device.major","type":"long","normalization":"","example":1,"description":"The TTY character device's major number."},{"field":"process.session_leader.tty.char_device.minor","type":"long","normalization":"","example":128,"description":"The TTY character device's minor number."},{"field":"process.session_leader.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.session_leader.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.session_leader.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.supplemental_groups.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.supplemental_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.thread.id","type":"long","normalization":"","example":4242,"description":"Thread ID."},{"field":"process.thread.name","type":"keyword","normalization":"","example":"thread-0","description":"Thread name."},{"field":"process.title","type":"keyword","normalization":"","example":"","description":"Process title."},{"field":"process.title.text","type":"match_only_text","normalization":"","example":"","description":"Process title."},{"field":"process.tty","type":"object","normalization":"","example":"","description":"Information about the controlling TTY device."},{"field":"process.tty.char_device.major","type":"long","normalization":"","example":1,"description":"The TTY character device's major number."},{"field":"process.tty.char_device.minor","type":"long","normalization":"","example":128,"description":"The TTY character device's minor number."},{"field":"process.uptime","type":"long","normalization":"","example":1325,"description":"Seconds the process has been up."},{"field":"process.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"registry.data.bytes","type":"keyword","normalization":"","example":"ZQBuAC0AVQBTAAAAZQBuAAAAAAA=","description":"Original bytes written with base64 encoding."},{"field":"registry.data.strings","type":"wildcard","normalization":"array","example":"[\"C:\\rta\\red_ttp\\bin\\myapp.exe\"]","description":"List of strings representing what was written to the registry."},{"field":"registry.data.type","type":"keyword","normalization":"","example":"REG_SZ","description":"Standard registry type for encoding contents"},{"field":"registry.hive","type":"keyword","normalization":"","example":"HKLM","description":"Abbreviated name for the hive."},{"field":"registry.key","type":"keyword","normalization":"","example":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe","description":"Hive-relative path of keys."},{"field":"registry.path","type":"keyword","normalization":"","example":"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe\\Debugger","description":"Full path, including hive, key and value"},{"field":"registry.value","type":"keyword","normalization":"","example":"Debugger","description":"Name of the value written."},{"field":"related.hash","type":"keyword","normalization":"array","example":"","description":"All the hashes seen on your event."},{"field":"related.hosts","type":"keyword","normalization":"array","example":"","description":"All the host identifiers seen on your event."},{"field":"related.ip","type":"ip","normalization":"array","example":"","description":"All of the IPs seen on your event."},{"field":"related.user","type":"keyword","normalization":"array","example":"","description":"All the user names or other user identifiers seen on the event."},{"field":"rule.author","type":"keyword","normalization":"array","example":["Star-Lord"],"description":"Rule author"},{"field":"rule.category","type":"keyword","normalization":"","example":"Attempted Information Leak","description":"Rule category"},{"field":"rule.description","type":"keyword","normalization":"","example":"Block requests to public DNS over HTTPS / TLS protocols","description":"Rule description"},{"field":"rule.id","type":"keyword","normalization":"","example":101,"description":"Rule ID"},{"field":"rule.license","type":"keyword","normalization":"","example":"Apache 2.0","description":"Rule license"},{"field":"rule.name","type":"keyword","normalization":"","example":"BLOCK_DNS_over_TLS","description":"Rule name"},{"field":"rule.reference","type":"keyword","normalization":"","example":"https://en.wikipedia.org/wiki/DNS_over_TLS","description":"Rule reference URL"},{"field":"rule.ruleset","type":"keyword","normalization":"","example":"Standard_Protocol_Filters","description":"Rule ruleset"},{"field":"rule.uuid","type":"keyword","normalization":"","example":1100110011,"description":"Rule UUID"},{"field":"rule.version","type":"keyword","normalization":"","example":1.1,"description":"Rule version"},{"field":"server.address","type":"keyword","normalization":"","example":"","description":"Server network address."},{"field":"server.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"server.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"server.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"server.bytes","type":"long","normalization":"","example":184,"description":"Bytes sent from the server to the client."},{"field":"server.domain","type":"keyword","normalization":"","example":"foo.example.com","description":"The domain name of the server."},{"field":"server.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"server.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"server.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"server.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"server.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"server.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"server.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"server.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"server.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"server.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"server.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"server.ip","type":"ip","normalization":"","example":"","description":"IP address of the server."},{"field":"server.mac","type":"keyword","normalization":"","example":"00-00-5E-00-53-23","description":"MAC address of the server."},{"field":"server.nat.ip","type":"ip","normalization":"","example":"","description":"Server NAT ip"},{"field":"server.nat.port","type":"long","normalization":"","example":"","description":"Server NAT port"},{"field":"server.packets","type":"long","normalization":"","example":12,"description":"Packets sent from the server to the client."},{"field":"server.port","type":"long","normalization":"","example":"","description":"Port of the server."},{"field":"server.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered server domain, stripped of the subdomain."},{"field":"server.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"server.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"server.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"server.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"server.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"server.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"server.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"server.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"server.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"server.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"server.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"server.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"server.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"server.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"service.address","type":"keyword","normalization":"","example":"172.26.0.2:5432","description":"Address of this service."},{"field":"service.environment","type":"keyword","normalization":"","example":"production","description":"Environment of the service."},{"field":"service.ephemeral_id","type":"keyword","normalization":"","example":"8a4f500f","description":"Ephemeral identifier of this service."},{"field":"service.id","type":"keyword","normalization":"","example":"d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6","description":"Unique identifier of the running service."},{"field":"service.name","type":"keyword","normalization":"","example":"elasticsearch-metrics","description":"Name of the service."},{"field":"service.node.name","type":"keyword","normalization":"","example":"instance-0000000016","description":"Name of the service node."},{"field":"service.origin.address","type":"keyword","normalization":"","example":"172.26.0.2:5432","description":"Address of this service."},{"field":"service.origin.environment","type":"keyword","normalization":"","example":"production","description":"Environment of the service."},{"field":"service.origin.ephemeral_id","type":"keyword","normalization":"","example":"8a4f500f","description":"Ephemeral identifier of this service."},{"field":"service.origin.id","type":"keyword","normalization":"","example":"d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6","description":"Unique identifier of the running service."},{"field":"service.origin.name","type":"keyword","normalization":"","example":"elasticsearch-metrics","description":"Name of the service."},{"field":"service.origin.node.name","type":"keyword","normalization":"","example":"instance-0000000016","description":"Name of the service node."},{"field":"service.origin.state","type":"keyword","normalization":"","example":"","description":"Current state of the service."},{"field":"service.origin.type","type":"keyword","normalization":"","example":"elasticsearch","description":"The type of the service."},{"field":"service.origin.version","type":"keyword","normalization":"","example":"3.2.4","description":"Version of the service."},{"field":"service.state","type":"keyword","normalization":"","example":"","description":"Current state of the service."},{"field":"service.target.address","type":"keyword","normalization":"","example":"172.26.0.2:5432","description":"Address of this service."},{"field":"service.target.environment","type":"keyword","normalization":"","example":"production","description":"Environment of the service."},{"field":"service.target.ephemeral_id","type":"keyword","normalization":"","example":"8a4f500f","description":"Ephemeral identifier of this service."},{"field":"service.target.id","type":"keyword","normalization":"","example":"d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6","description":"Unique identifier of the running service."},{"field":"service.target.name","type":"keyword","normalization":"","example":"elasticsearch-metrics","description":"Name of the service."},{"field":"service.target.node.name","type":"keyword","normalization":"","example":"instance-0000000016","description":"Name of the service node."},{"field":"service.target.state","type":"keyword","normalization":"","example":"","description":"Current state of the service."},{"field":"service.target.type","type":"keyword","normalization":"","example":"elasticsearch","description":"The type of the service."},{"field":"service.target.version","type":"keyword","normalization":"","example":"3.2.4","description":"Version of the service."},{"field":"service.type","type":"keyword","normalization":"","example":"elasticsearch","description":"The type of the service."},{"field":"service.version","type":"keyword","normalization":"","example":"3.2.4","description":"Version of the service."},{"field":"source.address","type":"keyword","normalization":"","example":"","description":"Source network address."},{"field":"source.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"source.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"source.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"source.bytes","type":"long","normalization":"","example":184,"description":"Bytes sent from the source to the destination."},{"field":"source.domain","type":"keyword","normalization":"","example":"foo.example.com","description":"The domain name of the source."},{"field":"source.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"source.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"source.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"source.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"source.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"source.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"source.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"source.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"source.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"source.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"source.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"source.ip","type":"ip","normalization":"","example":"","description":"IP address of the source."},{"field":"source.mac","type":"keyword","normalization":"","example":"00-00-5E-00-53-23","description":"MAC address of the source."},{"field":"source.nat.ip","type":"ip","normalization":"","example":"","description":"Source NAT ip"},{"field":"source.nat.port","type":"long","normalization":"","example":"","description":"Source NAT port"},{"field":"source.packets","type":"long","normalization":"","example":12,"description":"Packets sent from the source to the destination."},{"field":"source.port","type":"long","normalization":"","example":"","description":"Port of the source."},{"field":"source.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered source domain, stripped of the subdomain."},{"field":"source.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"source.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"source.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"source.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"source.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"source.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"source.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"source.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"source.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"source.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"source.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"source.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"source.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"source.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"span.id","type":"keyword","normalization":"","example":"3ff9a8981b7ccd5a","description":"Unique identifier of the span within the scope of its trace."},{"field":"threat.enrichments","type":"nested","normalization":"array","example":"","description":"List of objects containing indicators enriching the event."},{"field":"threat.enrichments.indicator","type":"object","normalization":"","example":"","description":"Object containing indicators enriching the event."},{"field":"threat.enrichments.indicator.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"threat.enrichments.indicator.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"threat.enrichments.indicator.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"threat.enrichments.indicator.confidence","type":"keyword","normalization":"","example":"Medium","description":"Indicator confidence rating"},{"field":"threat.enrichments.indicator.description","type":"keyword","normalization":"","example":"IP x.x.x.x was observed delivering the Angler EK.","description":"Indicator description"},{"field":"threat.enrichments.indicator.email.address","type":"keyword","normalization":"","example":"phish@example.com","description":"Indicator email address"},{"field":"threat.enrichments.indicator.file.accessed","type":"date","normalization":"","example":"","description":"Last time the file was accessed."},{"field":"threat.enrichments.indicator.file.attributes","type":"keyword","normalization":"array","example":["readonly","system"],"description":"Array of file attributes."},{"field":"threat.enrichments.indicator.file.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"threat.enrichments.indicator.file.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"threat.enrichments.indicator.file.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"threat.enrichments.indicator.file.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"threat.enrichments.indicator.file.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"threat.enrichments.indicator.file.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"threat.enrichments.indicator.file.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"threat.enrichments.indicator.file.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"threat.enrichments.indicator.file.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"threat.enrichments.indicator.file.created","type":"date","normalization":"","example":"","description":"File creation time."},{"field":"threat.enrichments.indicator.file.ctime","type":"date","normalization":"","example":"","description":"Last time the file attributes or metadata changed."},{"field":"threat.enrichments.indicator.file.device","type":"keyword","normalization":"","example":"sda","description":"Device that is the source of the file."},{"field":"threat.enrichments.indicator.file.directory","type":"keyword","normalization":"","example":"/home/alice","description":"Directory where the file is located."},{"field":"threat.enrichments.indicator.file.drive_letter","type":"keyword","normalization":"","example":"C","description":"Drive letter where the file is located."},{"field":"threat.enrichments.indicator.file.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"threat.enrichments.indicator.file.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"threat.enrichments.indicator.file.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"threat.enrichments.indicator.file.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"threat.enrichments.indicator.file.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"threat.enrichments.indicator.file.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"threat.enrichments.indicator.file.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"threat.enrichments.indicator.file.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"threat.enrichments.indicator.file.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"threat.enrichments.indicator.file.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"threat.enrichments.indicator.file.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"threat.enrichments.indicator.file.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"threat.enrichments.indicator.file.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"threat.enrichments.indicator.file.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"threat.enrichments.indicator.file.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"threat.enrichments.indicator.file.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"threat.enrichments.indicator.file.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"threat.enrichments.indicator.file.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"threat.enrichments.indicator.file.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"threat.enrichments.indicator.file.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"threat.enrichments.indicator.file.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"threat.enrichments.indicator.file.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"threat.enrichments.indicator.file.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"threat.enrichments.indicator.file.extension","type":"keyword","normalization":"","example":"png","description":"File extension, excluding the leading dot."},{"field":"threat.enrichments.indicator.file.fork_name","type":"keyword","normalization":"","example":"Zone.Identifer","description":"A fork is additional data associated with a filesystem object."},{"field":"threat.enrichments.indicator.file.gid","type":"keyword","normalization":"","example":1001,"description":"Primary group ID (GID) of the file."},{"field":"threat.enrichments.indicator.file.group","type":"keyword","normalization":"","example":"alice","description":"Primary group name of the file."},{"field":"threat.enrichments.indicator.file.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"threat.enrichments.indicator.file.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"threat.enrichments.indicator.file.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"threat.enrichments.indicator.file.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"threat.enrichments.indicator.file.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"threat.enrichments.indicator.file.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"threat.enrichments.indicator.file.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"threat.enrichments.indicator.file.inode","type":"keyword","normalization":"","example":256383,"description":"Inode representing the file in the filesystem."},{"field":"threat.enrichments.indicator.file.mime_type","type":"keyword","normalization":"","example":"","description":"Media type of file, document, or arrangement of bytes."},{"field":"threat.enrichments.indicator.file.mode","type":"keyword","normalization":"","example":"0640","description":"Mode of the file in octal representation."},{"field":"threat.enrichments.indicator.file.mtime","type":"date","normalization":"","example":"","description":"Last time the file content was modified."},{"field":"threat.enrichments.indicator.file.name","type":"keyword","normalization":"","example":"example.png","description":"Name of the file including the extension, without the directory."},{"field":"threat.enrichments.indicator.file.owner","type":"keyword","normalization":"","example":"alice","description":"File owner's username."},{"field":"threat.enrichments.indicator.file.path","type":"keyword","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"threat.enrichments.indicator.file.path.text","type":"match_only_text","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"threat.enrichments.indicator.file.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"threat.enrichments.indicator.file.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"threat.enrichments.indicator.file.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"threat.enrichments.indicator.file.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"threat.enrichments.indicator.file.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.size","type":"long","normalization":"","example":16384,"description":"File size in bytes."},{"field":"threat.enrichments.indicator.file.target_path","type":"keyword","normalization":"","example":"","description":"Target path for symlinks."},{"field":"threat.enrichments.indicator.file.target_path.text","type":"match_only_text","normalization":"","example":"","description":"Target path for symlinks."},{"field":"threat.enrichments.indicator.file.type","type":"keyword","normalization":"","example":"file","description":"File type (file, dir, or symlink)."},{"field":"threat.enrichments.indicator.file.uid","type":"keyword","normalization":"","example":1001,"description":"The user ID (UID) or security identifier (SID) of the file owner."},{"field":"threat.enrichments.indicator.file.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"threat.enrichments.indicator.file.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) codes"},{"field":"threat.enrichments.indicator.file.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.file.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.file.x509.not_after","type":"date","normalization":"","example":"2020-07-16 03:15:39+00:00","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.enrichments.indicator.file.x509.not_before","type":"date","normalization":"","example":"2019-08-16 01:40:25+00:00","description":"Time at which the certificate is first considered valid."},{"field":"threat.enrichments.indicator.file.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"threat.enrichments.indicator.file.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.enrichments.indicator.file.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.enrichments.indicator.file.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"threat.enrichments.indicator.file.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"threat.enrichments.indicator.file.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"threat.enrichments.indicator.file.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"threat.enrichments.indicator.file.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) code"},{"field":"threat.enrichments.indicator.file.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.enrichments.indicator.file.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.file.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"threat.enrichments.indicator.file.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"threat.enrichments.indicator.file.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.file.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"threat.enrichments.indicator.first_seen","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was first reported."},{"field":"threat.enrichments.indicator.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"threat.enrichments.indicator.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"threat.enrichments.indicator.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"threat.enrichments.indicator.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"threat.enrichments.indicator.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"threat.enrichments.indicator.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"threat.enrichments.indicator.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"threat.enrichments.indicator.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"threat.enrichments.indicator.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"threat.enrichments.indicator.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"threat.enrichments.indicator.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"threat.enrichments.indicator.ip","type":"ip","normalization":"","example":"1.2.3.4","description":"Indicator IP address"},{"field":"threat.enrichments.indicator.last_seen","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was last reported."},{"field":"threat.enrichments.indicator.marking.tlp","type":"keyword","normalization":"","example":"White","description":"Indicator TLP marking"},{"field":"threat.enrichments.indicator.modified_at","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was last updated."},{"field":"threat.enrichments.indicator.port","type":"long","normalization":"","example":443,"description":"Indicator port"},{"field":"threat.enrichments.indicator.provider","type":"keyword","normalization":"","example":"lrz_urlhaus","description":"Indicator provider"},{"field":"threat.enrichments.indicator.reference","type":"keyword","normalization":"","example":"https://system.example.com/indicator/0001234","description":"Indicator reference URL"},{"field":"threat.enrichments.indicator.registry.data.bytes","type":"keyword","normalization":"","example":"ZQBuAC0AVQBTAAAAZQBuAAAAAAA=","description":"Original bytes written with base64 encoding."},{"field":"threat.enrichments.indicator.registry.data.strings","type":"wildcard","normalization":"array","example":"[\"C:\\rta\\red_ttp\\bin\\myapp.exe\"]","description":"List of strings representing what was written to the registry."},{"field":"threat.enrichments.indicator.registry.data.type","type":"keyword","normalization":"","example":"REG_SZ","description":"Standard registry type for encoding contents"},{"field":"threat.enrichments.indicator.registry.hive","type":"keyword","normalization":"","example":"HKLM","description":"Abbreviated name for the hive."},{"field":"threat.enrichments.indicator.registry.key","type":"keyword","normalization":"","example":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe","description":"Hive-relative path of keys."},{"field":"threat.enrichments.indicator.registry.path","type":"keyword","normalization":"","example":"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe\\Debugger","description":"Full path, including hive, key and value"},{"field":"threat.enrichments.indicator.registry.value","type":"keyword","normalization":"","example":"Debugger","description":"Name of the value written."},{"field":"threat.enrichments.indicator.scanner_stats","type":"long","normalization":"","example":4,"description":"Scanner statistics"},{"field":"threat.enrichments.indicator.sightings","type":"long","normalization":"","example":20,"description":"Number of times indicator observed"},{"field":"threat.enrichments.indicator.type","type":"keyword","normalization":"","example":"ipv4-addr","description":"Type of indicator"},{"field":"threat.enrichments.indicator.url.domain","type":"keyword","normalization":"","example":"www.elastic.co","description":"Domain of the url."},{"field":"threat.enrichments.indicator.url.extension","type":"keyword","normalization":"","example":"png","description":"File extension from the request url, excluding the leading dot."},{"field":"threat.enrichments.indicator.url.fragment","type":"keyword","normalization":"","example":"","description":"Portion of the url after the `#`."},{"field":"threat.enrichments.indicator.url.full","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"threat.enrichments.indicator.url.full.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"threat.enrichments.indicator.url.original","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"threat.enrichments.indicator.url.original.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"threat.enrichments.indicator.url.password","type":"keyword","normalization":"","example":"","description":"Password of the request."},{"field":"threat.enrichments.indicator.url.path","type":"wildcard","normalization":"","example":"","description":"Path of the request, such as \"/search\"."},{"field":"threat.enrichments.indicator.url.port","type":"long","normalization":"","example":443,"description":"Port of the request, such as 443."},{"field":"threat.enrichments.indicator.url.query","type":"keyword","normalization":"","example":"","description":"Query string of the request."},{"field":"threat.enrichments.indicator.url.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered url domain, stripped of the subdomain."},{"field":"threat.enrichments.indicator.url.scheme","type":"keyword","normalization":"","example":"https","description":"Scheme of the url."},{"field":"threat.enrichments.indicator.url.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"threat.enrichments.indicator.url.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"threat.enrichments.indicator.url.username","type":"keyword","normalization":"","example":"","description":"Username of the request."},{"field":"threat.enrichments.indicator.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"threat.enrichments.indicator.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) codes"},{"field":"threat.enrichments.indicator.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.x509.not_after","type":"date","normalization":"","example":"2020-07-16 03:15:39+00:00","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.enrichments.indicator.x509.not_before","type":"date","normalization":"","example":"2019-08-16 01:40:25+00:00","description":"Time at which the certificate is first considered valid."},{"field":"threat.enrichments.indicator.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"threat.enrichments.indicator.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.enrichments.indicator.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.enrichments.indicator.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"threat.enrichments.indicator.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"threat.enrichments.indicator.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"threat.enrichments.indicator.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"threat.enrichments.indicator.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) code"},{"field":"threat.enrichments.indicator.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.enrichments.indicator.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"threat.enrichments.indicator.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"threat.enrichments.indicator.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"threat.enrichments.matched.atomic","type":"keyword","normalization":"","example":"bad-domain.com","description":"Matched indicator value"},{"field":"threat.enrichments.matched.field","type":"keyword","normalization":"","example":"file.hash.sha256","description":"Matched indicator field"},{"field":"threat.enrichments.matched.id","type":"keyword","normalization":"","example":"ff93aee5-86a1-4a61-b0e6-0cdc313d01b5","description":"Matched indicator identifier"},{"field":"threat.enrichments.matched.index","type":"keyword","normalization":"","example":"filebeat-8.0.0-2021.05.23-000011","description":"Matched indicator index"},{"field":"threat.enrichments.matched.occurred","type":"date","normalization":"","example":"2021-10-05 17:00:58.326000+00:00","description":"Date of match"},{"field":"threat.enrichments.matched.type","type":"keyword","normalization":"","example":"indicator_match_rule","description":"Type of indicator match"},{"field":"threat.feed.dashboard_id","type":"keyword","normalization":"","example":"5ba16340-72e6-11eb-a3e3-b3cc7c78a70f","description":"Feed dashboard ID."},{"field":"threat.feed.description","type":"keyword","normalization":"","example":"Threat feed from the AlienVault Open Threat eXchange network.","description":"Description of the threat feed."},{"field":"threat.feed.name","type":"keyword","normalization":"","example":"AlienVault OTX","description":"Name of the threat feed."},{"field":"threat.feed.reference","type":"keyword","normalization":"","example":"https://otx.alienvault.com","description":"Reference for the threat feed."},{"field":"threat.framework","type":"keyword","normalization":"","example":"MITRE ATT&CK","description":"Threat classification framework."},{"field":"threat.group.alias","type":"keyword","normalization":"array","example":["Magecart Group 6"],"description":"Alias of the group."},{"field":"threat.group.id","type":"keyword","normalization":"","example":"G0037","description":"ID of the group."},{"field":"threat.group.name","type":"keyword","normalization":"","example":"FIN6","description":"Name of the group."},{"field":"threat.group.reference","type":"keyword","normalization":"","example":"https://attack.mitre.org/groups/G0037/","description":"Reference URL of the group."},{"field":"threat.indicator.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"threat.indicator.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"threat.indicator.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"threat.indicator.confidence","type":"keyword","normalization":"","example":"Medium","description":"Indicator confidence rating"},{"field":"threat.indicator.description","type":"keyword","normalization":"","example":"IP x.x.x.x was observed delivering the Angler EK.","description":"Indicator description"},{"field":"threat.indicator.email.address","type":"keyword","normalization":"","example":"phish@example.com","description":"Indicator email address"},{"field":"threat.indicator.file.accessed","type":"date","normalization":"","example":"","description":"Last time the file was accessed."},{"field":"threat.indicator.file.attributes","type":"keyword","normalization":"array","example":["readonly","system"],"description":"Array of file attributes."},{"field":"threat.indicator.file.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"threat.indicator.file.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"threat.indicator.file.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"threat.indicator.file.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"threat.indicator.file.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"threat.indicator.file.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"threat.indicator.file.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"threat.indicator.file.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"threat.indicator.file.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"threat.indicator.file.created","type":"date","normalization":"","example":"","description":"File creation time."},{"field":"threat.indicator.file.ctime","type":"date","normalization":"","example":"","description":"Last time the file attributes or metadata changed."},{"field":"threat.indicator.file.device","type":"keyword","normalization":"","example":"sda","description":"Device that is the source of the file."},{"field":"threat.indicator.file.directory","type":"keyword","normalization":"","example":"/home/alice","description":"Directory where the file is located."},{"field":"threat.indicator.file.drive_letter","type":"keyword","normalization":"","example":"C","description":"Drive letter where the file is located."},{"field":"threat.indicator.file.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"threat.indicator.file.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"threat.indicator.file.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"threat.indicator.file.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"threat.indicator.file.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"threat.indicator.file.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"threat.indicator.file.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"threat.indicator.file.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"threat.indicator.file.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"threat.indicator.file.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"threat.indicator.file.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"threat.indicator.file.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"threat.indicator.file.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"threat.indicator.file.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"threat.indicator.file.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"threat.indicator.file.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"threat.indicator.file.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"threat.indicator.file.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"threat.indicator.file.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"threat.indicator.file.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"threat.indicator.file.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"threat.indicator.file.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"threat.indicator.file.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"threat.indicator.file.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"threat.indicator.file.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"threat.indicator.file.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"threat.indicator.file.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"threat.indicator.file.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"threat.indicator.file.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"threat.indicator.file.extension","type":"keyword","normalization":"","example":"png","description":"File extension, excluding the leading dot."},{"field":"threat.indicator.file.fork_name","type":"keyword","normalization":"","example":"Zone.Identifer","description":"A fork is additional data associated with a filesystem object."},{"field":"threat.indicator.file.gid","type":"keyword","normalization":"","example":1001,"description":"Primary group ID (GID) of the file."},{"field":"threat.indicator.file.group","type":"keyword","normalization":"","example":"alice","description":"Primary group name of the file."},{"field":"threat.indicator.file.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"threat.indicator.file.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"threat.indicator.file.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"threat.indicator.file.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"threat.indicator.file.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"threat.indicator.file.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"threat.indicator.file.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"threat.indicator.file.inode","type":"keyword","normalization":"","example":256383,"description":"Inode representing the file in the filesystem."},{"field":"threat.indicator.file.mime_type","type":"keyword","normalization":"","example":"","description":"Media type of file, document, or arrangement of bytes."},{"field":"threat.indicator.file.mode","type":"keyword","normalization":"","example":"0640","description":"Mode of the file in octal representation."},{"field":"threat.indicator.file.mtime","type":"date","normalization":"","example":"","description":"Last time the file content was modified."},{"field":"threat.indicator.file.name","type":"keyword","normalization":"","example":"example.png","description":"Name of the file including the extension, without the directory."},{"field":"threat.indicator.file.owner","type":"keyword","normalization":"","example":"alice","description":"File owner's username."},{"field":"threat.indicator.file.path","type":"keyword","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"threat.indicator.file.path.text","type":"match_only_text","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"threat.indicator.file.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"threat.indicator.file.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"threat.indicator.file.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"threat.indicator.file.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"threat.indicator.file.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"threat.indicator.file.size","type":"long","normalization":"","example":16384,"description":"File size in bytes."},{"field":"threat.indicator.file.target_path","type":"keyword","normalization":"","example":"","description":"Target path for symlinks."},{"field":"threat.indicator.file.target_path.text","type":"match_only_text","normalization":"","example":"","description":"Target path for symlinks."},{"field":"threat.indicator.file.type","type":"keyword","normalization":"","example":"file","description":"File type (file, dir, or symlink)."},{"field":"threat.indicator.file.uid","type":"keyword","normalization":"","example":1001,"description":"The user ID (UID) or security identifier (SID) of the file owner."},{"field":"threat.indicator.file.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"threat.indicator.file.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) codes"},{"field":"threat.indicator.file.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"threat.indicator.file.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.file.x509.not_after","type":"date","normalization":"","example":"2020-07-16 03:15:39+00:00","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.indicator.file.x509.not_before","type":"date","normalization":"","example":"2019-08-16 01:40:25+00:00","description":"Time at which the certificate is first considered valid."},{"field":"threat.indicator.file.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"threat.indicator.file.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.indicator.file.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.indicator.file.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"threat.indicator.file.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"threat.indicator.file.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"threat.indicator.file.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"threat.indicator.file.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) code"},{"field":"threat.indicator.file.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.indicator.file.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"threat.indicator.file.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"threat.indicator.file.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"threat.indicator.file.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.file.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"threat.indicator.first_seen","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was first reported."},{"field":"threat.indicator.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"threat.indicator.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"threat.indicator.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"threat.indicator.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"threat.indicator.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"threat.indicator.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"threat.indicator.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"threat.indicator.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"threat.indicator.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"threat.indicator.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"threat.indicator.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"threat.indicator.ip","type":"ip","normalization":"","example":"1.2.3.4","description":"Indicator IP address"},{"field":"threat.indicator.last_seen","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was last reported."},{"field":"threat.indicator.marking.tlp","type":"keyword","normalization":"","example":"WHITE","description":"Indicator TLP marking"},{"field":"threat.indicator.modified_at","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was last updated."},{"field":"threat.indicator.port","type":"long","normalization":"","example":443,"description":"Indicator port"},{"field":"threat.indicator.provider","type":"keyword","normalization":"","example":"lrz_urlhaus","description":"Indicator provider"},{"field":"threat.indicator.reference","type":"keyword","normalization":"","example":"https://system.example.com/indicator/0001234","description":"Indicator reference URL"},{"field":"threat.indicator.registry.data.bytes","type":"keyword","normalization":"","example":"ZQBuAC0AVQBTAAAAZQBuAAAAAAA=","description":"Original bytes written with base64 encoding."},{"field":"threat.indicator.registry.data.strings","type":"wildcard","normalization":"array","example":"[\"C:\\rta\\red_ttp\\bin\\myapp.exe\"]","description":"List of strings representing what was written to the registry."},{"field":"threat.indicator.registry.data.type","type":"keyword","normalization":"","example":"REG_SZ","description":"Standard registry type for encoding contents"},{"field":"threat.indicator.registry.hive","type":"keyword","normalization":"","example":"HKLM","description":"Abbreviated name for the hive."},{"field":"threat.indicator.registry.key","type":"keyword","normalization":"","example":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe","description":"Hive-relative path of keys."},{"field":"threat.indicator.registry.path","type":"keyword","normalization":"","example":"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe\\Debugger","description":"Full path, including hive, key and value"},{"field":"threat.indicator.registry.value","type":"keyword","normalization":"","example":"Debugger","description":"Name of the value written."},{"field":"threat.indicator.scanner_stats","type":"long","normalization":"","example":4,"description":"Scanner statistics"},{"field":"threat.indicator.sightings","type":"long","normalization":"","example":20,"description":"Number of times indicator observed"},{"field":"threat.indicator.type","type":"keyword","normalization":"","example":"ipv4-addr","description":"Type of indicator"},{"field":"threat.indicator.url.domain","type":"keyword","normalization":"","example":"www.elastic.co","description":"Domain of the url."},{"field":"threat.indicator.url.extension","type":"keyword","normalization":"","example":"png","description":"File extension from the request url, excluding the leading dot."},{"field":"threat.indicator.url.fragment","type":"keyword","normalization":"","example":"","description":"Portion of the url after the `#`."},{"field":"threat.indicator.url.full","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"threat.indicator.url.full.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"threat.indicator.url.original","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"threat.indicator.url.original.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"threat.indicator.url.password","type":"keyword","normalization":"","example":"","description":"Password of the request."},{"field":"threat.indicator.url.path","type":"wildcard","normalization":"","example":"","description":"Path of the request, such as \"/search\"."},{"field":"threat.indicator.url.port","type":"long","normalization":"","example":443,"description":"Port of the request, such as 443."},{"field":"threat.indicator.url.query","type":"keyword","normalization":"","example":"","description":"Query string of the request."},{"field":"threat.indicator.url.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered url domain, stripped of the subdomain."},{"field":"threat.indicator.url.scheme","type":"keyword","normalization":"","example":"https","description":"Scheme of the url."},{"field":"threat.indicator.url.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"threat.indicator.url.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"threat.indicator.url.username","type":"keyword","normalization":"","example":"","description":"Username of the request."},{"field":"threat.indicator.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"threat.indicator.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) codes"},{"field":"threat.indicator.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"threat.indicator.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.x509.not_after","type":"date","normalization":"","example":"2020-07-16 03:15:39+00:00","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.indicator.x509.not_before","type":"date","normalization":"","example":"2019-08-16 01:40:25+00:00","description":"Time at which the certificate is first considered valid."},{"field":"threat.indicator.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"threat.indicator.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.indicator.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.indicator.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"threat.indicator.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"threat.indicator.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"threat.indicator.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"threat.indicator.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) code"},{"field":"threat.indicator.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.indicator.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"threat.indicator.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"threat.indicator.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"threat.indicator.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"threat.software.alias","type":"keyword","normalization":"array","example":["X-Agent"],"description":"Alias of the software"},{"field":"threat.software.id","type":"keyword","normalization":"","example":"S0552","description":"ID of the software"},{"field":"threat.software.name","type":"keyword","normalization":"","example":"AdFind","description":"Name of the software."},{"field":"threat.software.platforms","type":"keyword","normalization":"array","example":["Windows"],"description":"Platforms of the software."},{"field":"threat.software.reference","type":"keyword","normalization":"","example":"https://attack.mitre.org/software/S0552/","description":"Software reference URL."},{"field":"threat.software.type","type":"keyword","normalization":"","example":"Tool","description":"Software type."},{"field":"threat.tactic.id","type":"keyword","normalization":"array","example":"TA0002","description":"Threat tactic id."},{"field":"threat.tactic.name","type":"keyword","normalization":"array","example":"Execution","description":"Threat tactic."},{"field":"threat.tactic.reference","type":"keyword","normalization":"array","example":"https://attack.mitre.org/tactics/TA0002/","description":"Threat tactic URL reference."},{"field":"threat.technique.id","type":"keyword","normalization":"array","example":"T1059","description":"Threat technique id."},{"field":"threat.technique.name","type":"keyword","normalization":"array","example":"Command and Scripting Interpreter","description":"Threat technique name."},{"field":"threat.technique.name.text","type":"match_only_text","normalization":"","example":"Command and Scripting Interpreter","description":"Threat technique name."},{"field":"threat.technique.reference","type":"keyword","normalization":"array","example":"https://attack.mitre.org/techniques/T1059/","description":"Threat technique URL reference."},{"field":"threat.technique.subtechnique.id","type":"keyword","normalization":"array","example":"T1059.001","description":"Threat subtechnique id."},{"field":"threat.technique.subtechnique.name","type":"keyword","normalization":"array","example":"PowerShell","description":"Threat subtechnique name."},{"field":"threat.technique.subtechnique.name.text","type":"match_only_text","normalization":"","example":"PowerShell","description":"Threat subtechnique name."},{"field":"threat.technique.subtechnique.reference","type":"keyword","normalization":"array","example":"https://attack.mitre.org/techniques/T1059/001/","description":"Threat subtechnique URL reference."},{"field":"tls.cipher","type":"keyword","normalization":"","example":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256","description":"String indicating the cipher used during the current connection."},{"field":"tls.client.certificate","type":"keyword","normalization":"","example":"MII...","description":"PEM-encoded stand-alone certificate offered by the client."},{"field":"tls.client.certificate_chain","type":"keyword","normalization":"array","example":["MII...","MII..."],"description":"Array of PEM-encoded certificates that make up the certificate chain offered by the client."},{"field":"tls.client.hash.md5","type":"keyword","normalization":"","example":"0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC","description":"Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the client."},{"field":"tls.client.hash.sha1","type":"keyword","normalization":"","example":"9E393D93138888D288266C2D915214D1D1CCEB2A","description":"Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the client."},{"field":"tls.client.hash.sha256","type":"keyword","normalization":"","example":"0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0","description":"Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the client."},{"field":"tls.client.issuer","type":"keyword","normalization":"","example":"CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com","description":"Distinguished name of subject of the issuer of the x.509 certificate presented by the client."},{"field":"tls.client.ja3","type":"keyword","normalization":"","example":"d4e5b18d6b55c71272893221c96ba240","description":"A hash that identifies clients based on how they perform an SSL/TLS handshake."},{"field":"tls.client.not_after","type":"date","normalization":"","example":"2021-01-01T00:00:00.000Z","description":"Date/Time indicating when client certificate is no longer considered valid."},{"field":"tls.client.not_before","type":"date","normalization":"","example":"1970-01-01T00:00:00.000Z","description":"Date/Time indicating when client certificate is first considered valid."},{"field":"tls.client.server_name","type":"keyword","normalization":"","example":"www.elastic.co","description":"Hostname the client is trying to connect to. Also called the SNI."},{"field":"tls.client.subject","type":"keyword","normalization":"","example":"CN=myclient, OU=Documentation Team, DC=example, DC=com","description":"Distinguished name of subject of the x.509 certificate presented by the client."},{"field":"tls.client.supported_ciphers","type":"keyword","normalization":"array","example":["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","..."],"description":"Array of ciphers offered by the client during the client hello."},{"field":"tls.client.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"tls.client.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"tls.client.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) codes"},{"field":"tls.client.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"tls.client.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"tls.client.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"tls.client.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"tls.client.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"tls.client.x509.not_after","type":"date","normalization":"","example":"2020-07-16 03:15:39+00:00","description":"Time at which the certificate is no longer considered valid."},{"field":"tls.client.x509.not_before","type":"date","normalization":"","example":"2019-08-16 01:40:25+00:00","description":"Time at which the certificate is first considered valid."},{"field":"tls.client.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"tls.client.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"tls.client.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"tls.client.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"tls.client.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"tls.client.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"tls.client.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"tls.client.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) code"},{"field":"tls.client.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"tls.client.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"tls.client.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"tls.client.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"tls.client.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"tls.client.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"tls.curve","type":"keyword","normalization":"","example":"secp256r1","description":"String indicating the curve used for the given cipher, when applicable."},{"field":"tls.established","type":"boolean","normalization":"","example":"","description":"Boolean flag indicating if the TLS negotiation was successful and transitioned to an encrypted tunnel."},{"field":"tls.next_protocol","type":"keyword","normalization":"","example":"http/1.1","description":"String indicating the protocol being tunneled."},{"field":"tls.resumed","type":"boolean","normalization":"","example":"","description":"Boolean flag indicating if this TLS connection was resumed from an existing TLS negotiation."},{"field":"tls.server.certificate","type":"keyword","normalization":"","example":"MII...","description":"PEM-encoded stand-alone certificate offered by the server."},{"field":"tls.server.certificate_chain","type":"keyword","normalization":"array","example":["MII...","MII..."],"description":"Array of PEM-encoded certificates that make up the certificate chain offered by the server."},{"field":"tls.server.hash.md5","type":"keyword","normalization":"","example":"0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC","description":"Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the server."},{"field":"tls.server.hash.sha1","type":"keyword","normalization":"","example":"9E393D93138888D288266C2D915214D1D1CCEB2A","description":"Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the server."},{"field":"tls.server.hash.sha256","type":"keyword","normalization":"","example":"0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0","description":"Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the server."},{"field":"tls.server.issuer","type":"keyword","normalization":"","example":"CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com","description":"Subject of the issuer of the x.509 certificate presented by the server."},{"field":"tls.server.ja3s","type":"keyword","normalization":"","example":"394441ab65754e2207b1e1b457b3641d","description":"A hash that identifies servers based on how they perform an SSL/TLS handshake."},{"field":"tls.server.not_after","type":"date","normalization":"","example":"2021-01-01T00:00:00.000Z","description":"Timestamp indicating when server certificate is no longer considered valid."},{"field":"tls.server.not_before","type":"date","normalization":"","example":"1970-01-01T00:00:00.000Z","description":"Timestamp indicating when server certificate is first considered valid."},{"field":"tls.server.subject","type":"keyword","normalization":"","example":"CN=www.example.com, OU=Infrastructure Team, DC=example, DC=com","description":"Subject of the x.509 certificate presented by the server."},{"field":"tls.server.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"tls.server.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"tls.server.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) codes"},{"field":"tls.server.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"tls.server.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"tls.server.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"tls.server.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"tls.server.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"tls.server.x509.not_after","type":"date","normalization":"","example":"2020-07-16 03:15:39+00:00","description":"Time at which the certificate is no longer considered valid."},{"field":"tls.server.x509.not_before","type":"date","normalization":"","example":"2019-08-16 01:40:25+00:00","description":"Time at which the certificate is first considered valid."},{"field":"tls.server.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"tls.server.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"tls.server.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"tls.server.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"tls.server.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"tls.server.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"tls.server.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"tls.server.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) code"},{"field":"tls.server.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"tls.server.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"tls.server.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"tls.server.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"tls.server.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"tls.server.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"tls.version","type":"keyword","normalization":"","example":1.2,"description":"Numeric part of the version parsed from the original string."},{"field":"tls.version_protocol","type":"keyword","normalization":"","example":"tls","description":"Normalized lowercase protocol name parsed from original string."},{"field":"trace.id","type":"keyword","normalization":"","example":"4bf92f3577b34da6a3ce929d0e0e4736","description":"Unique identifier of the trace."},{"field":"transaction.id","type":"keyword","normalization":"","example":"00f067aa0ba902b7","description":"Unique identifier of the transaction within the scope of its trace."},{"field":"url.domain","type":"keyword","normalization":"","example":"www.elastic.co","description":"Domain of the url."},{"field":"url.extension","type":"keyword","normalization":"","example":"png","description":"File extension from the request url, excluding the leading dot."},{"field":"url.fragment","type":"keyword","normalization":"","example":"","description":"Portion of the url after the `#`."},{"field":"url.full","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"url.full.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"url.original","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"url.original.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"url.password","type":"keyword","normalization":"","example":"","description":"Password of the request."},{"field":"url.path","type":"wildcard","normalization":"","example":"","description":"Path of the request, such as \"/search\"."},{"field":"url.port","type":"long","normalization":"","example":443,"description":"Port of the request, such as 443."},{"field":"url.query","type":"keyword","normalization":"","example":"","description":"Query string of the request."},{"field":"url.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered url domain, stripped of the subdomain."},{"field":"url.scheme","type":"keyword","normalization":"","example":"https","description":"Scheme of the url."},{"field":"url.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"url.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"url.username","type":"keyword","normalization":"","example":"","description":"Username of the request."},{"field":"user.changes.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"user.changes.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"user.changes.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.changes.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.changes.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"user.changes.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"user.changes.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"user.changes.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.changes.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"user.changes.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.changes.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.changes.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"user.effective.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"user.effective.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"user.effective.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.effective.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.effective.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"user.effective.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"user.effective.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"user.effective.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.effective.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"user.effective.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.effective.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.effective.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"user.target.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"user.target.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"user.target.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.target.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.target.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"user.target.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"user.target.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"user.target.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.target.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"user.target.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.target.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.target.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"user_agent.device.name","type":"keyword","normalization":"","example":"iPhone","description":"Name of the device."},{"field":"user_agent.name","type":"keyword","normalization":"","example":"Safari","description":"Name of the user agent."},{"field":"user_agent.original","type":"keyword","normalization":"","example":"Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1","description":"Unparsed user_agent string."},{"field":"user_agent.original.text","type":"match_only_text","normalization":"","example":"Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1","description":"Unparsed user_agent string."},{"field":"user_agent.os.family","type":"keyword","normalization":"","example":"debian","description":"OS family (such as redhat, debian, freebsd, windows)."},{"field":"user_agent.os.full","type":"keyword","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"user_agent.os.full.text","type":"match_only_text","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"user_agent.os.kernel","type":"keyword","normalization":"","example":"4.4.0-112-generic","description":"Operating system kernel version as a raw string."},{"field":"user_agent.os.name","type":"keyword","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"user_agent.os.name.text","type":"match_only_text","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"user_agent.os.platform","type":"keyword","normalization":"","example":"darwin","description":"Operating system platform (such centos, ubuntu, windows)."},{"field":"user_agent.os.type","type":"keyword","normalization":"","example":"macos","description":"Which commercial OS family (one of: linux, macos, unix or windows)."},{"field":"user_agent.os.version","type":"keyword","normalization":"","example":"10.14.1","description":"Operating system version as a raw string."},{"field":"user_agent.version","type":"keyword","normalization":"","example":12,"description":"Version of the user agent."},{"field":"vulnerability.category","type":"keyword","normalization":"array","example":["Firewall"],"description":"Category of a vulnerability."},{"field":"vulnerability.classification","type":"keyword","normalization":"","example":"CVSS","description":"Classification of the vulnerability."},{"field":"vulnerability.description","type":"keyword","normalization":"","example":"In macOS before 2.12.6, there is a vulnerability in the RPC...","description":"Description of the vulnerability."},{"field":"vulnerability.description.text","type":"match_only_text","normalization":"","example":"In macOS before 2.12.6, there is a vulnerability in the RPC...","description":"Description of the vulnerability."},{"field":"vulnerability.enumeration","type":"keyword","normalization":"","example":"CVE","description":"Identifier of the vulnerability."},{"field":"vulnerability.id","type":"keyword","normalization":"","example":"CVE-2019-00001","description":"ID of the vulnerability."},{"field":"vulnerability.reference","type":"keyword","normalization":"","example":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111","description":"Reference of the vulnerability."},{"field":"vulnerability.report_id","type":"keyword","normalization":"","example":20191018.0001,"description":"Scan identification number."},{"field":"vulnerability.scanner.vendor","type":"keyword","normalization":"","example":"Tenable","description":"Name of the scanner vendor."},{"field":"vulnerability.score.base","type":"float","normalization":"","example":5.5,"description":"Vulnerability Base score."},{"field":"vulnerability.score.environmental","type":"float","normalization":"","example":5.5,"description":"Vulnerability Environmental score."},{"field":"vulnerability.score.temporal","type":"float","normalization":"","example":"","description":"Vulnerability Temporal score."},{"field":"vulnerability.score.version","type":"keyword","normalization":"","example":2,"description":"CVSS version."},{"field":"vulnerability.severity","type":"keyword","normalization":"","example":"Critical","description":"Severity of the vulnerability."}] \ No newline at end of file diff --git a/x-pack/plugins/osquery/public/common/schemas/osquery/v5.0.1.json b/x-pack/plugins/osquery/public/common/schemas/osquery/v5.0.1.json deleted file mode 100644 index ef44a10db9dff..0000000000000 --- a/x-pack/plugins/osquery/public/common/schemas/osquery/v5.0.1.json +++ /dev/null @@ -1 +0,0 @@ -[{"name":"account_policy_data","description":"Additional OS X user account data from the AccountPolicy section of OpenDirectory.","platforms":["darwin"],"columns":[{"name":"uid","description":"User ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"creation_time","description":"When the account was first created","type":"double","hidden":false,"required":false,"index":false},{"name":"failed_login_count","description":"The number of failed login attempts using an incorrect password. Count resets after a correct password is entered.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"failed_login_timestamp","description":"The time of the last failed login attempt. Resets after a correct password is entered","type":"double","hidden":false,"required":false,"index":false},{"name":"password_last_set_time","description":"The time the password was last changed","type":"double","hidden":false,"required":false,"index":false}]},{"name":"acpi_tables","description":"Firmware ACPI functional table common metadata and content.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"ACPI table name","type":"text","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of compiled table data","type":"integer","hidden":false,"required":false,"index":false},{"name":"md5","description":"MD5 hash of table content","type":"text","hidden":false,"required":false,"index":false}]},{"name":"ad_config","description":"OS X Active Directory configuration.","platforms":["darwin"],"columns":[{"name":"name","description":"The OS X-specific configuration name","type":"text","hidden":false,"required":false,"index":false},{"name":"domain","description":"Active Directory trust domain","type":"text","hidden":false,"required":false,"index":false},{"name":"option","description":"Canonical name of option","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"Variable typed option value","type":"text","hidden":false,"required":false,"index":false}]},{"name":"alf","description":"OS X application layer firewall (ALF) service details.","platforms":["darwin"],"columns":[{"name":"allow_signed_enabled","description":"1 If allow signed mode is enabled else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"firewall_unload","description":"1 If firewall unloading enabled else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"global_state","description":"1 If the firewall is enabled with exceptions, 2 if the firewall is configured to block all incoming connections, else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"logging_enabled","description":"1 If logging mode is enabled else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"logging_option","description":"Firewall logging option","type":"integer","hidden":false,"required":false,"index":false},{"name":"stealth_enabled","description":"1 If stealth mode is enabled else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"version","description":"Application Layer Firewall version","type":"text","hidden":false,"required":false,"index":false}]},{"name":"alf_exceptions","description":"OS X application layer firewall (ALF) service exceptions.","platforms":["darwin"],"columns":[{"name":"path","description":"Path to the executable that is excepted","type":"text","hidden":false,"required":false,"index":false},{"name":"state","description":"Firewall exception state","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"alf_explicit_auths","description":"ALF services explicitly allowed to perform networking.","platforms":["darwin"],"columns":[{"name":"process","description":"Process name explicitly allowed","type":"text","hidden":false,"required":false,"index":false}]},{"name":"app_schemes","description":"OS X application schemes and handlers (e.g., http, file, mailto).","platforms":["darwin"],"columns":[{"name":"scheme","description":"Name of the scheme/protocol","type":"text","hidden":false,"required":false,"index":false},{"name":"handler","description":"Application label for the handler","type":"text","hidden":false,"required":false,"index":false},{"name":"enabled","description":"1 if this handler is the OS default, else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"external","description":"1 if this handler does NOT exist on OS X by default, else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"protected","description":"1 if this handler is protected (reserved) by OS X, else 0","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"apparmor_events","description":"Track AppArmor events.","platforms":["linux"],"columns":[{"name":"type","description":"Event type","type":"text","hidden":false,"required":false,"index":false},{"name":"message","description":"Raw audit message","type":"text","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","hidden":true,"required":false,"index":false},{"name":"apparmor","description":"Apparmor Status like ALLOWED, DENIED etc.","type":"text","hidden":false,"required":false,"index":false},{"name":"operation","description":"Permission requested by the process","type":"text","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent process PID","type":"unsigned_bigint","hidden":false,"required":false,"index":false},{"name":"profile","description":"Apparmor profile name","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"Process name","type":"text","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"unsigned_bigint","hidden":false,"required":false,"index":false},{"name":"comm","description":"Command-line name of the command that was used to invoke the analyzed process","type":"text","hidden":false,"required":false,"index":false},{"name":"denied_mask","description":"Denied permissions for the process","type":"text","hidden":false,"required":false,"index":false},{"name":"capname","description":"Capability requested by the process","type":"text","hidden":false,"required":false,"index":false},{"name":"fsuid","description":"Filesystem user ID","type":"unsigned_bigint","hidden":false,"required":false,"index":false},{"name":"ouid","description":"Object owner's user ID","type":"unsigned_bigint","hidden":false,"required":false,"index":false},{"name":"capability","description":"Capability number","type":"bigint","hidden":false,"required":false,"index":false},{"name":"requested_mask","description":"Requested access mask","type":"text","hidden":false,"required":false,"index":false},{"name":"info","description":"Additional information","type":"text","hidden":false,"required":false,"index":false},{"name":"error","description":"Error information","type":"text","hidden":false,"required":false,"index":false},{"name":"namespace","description":"AppArmor namespace","type":"text","hidden":false,"required":false,"index":false},{"name":"label","description":"AppArmor label","type":"text","hidden":false,"required":false,"index":false}]},{"name":"apparmor_profiles","description":"Track active AppArmor profiles.","platforms":["linux"],"columns":[{"name":"path","description":"Unique, aa-status compatible, policy identifier.","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"Policy name.","type":"text","hidden":false,"required":false,"index":false},{"name":"attach","description":"Which executable(s) a profile will attach to.","type":"text","hidden":false,"required":false,"index":false},{"name":"mode","description":"How the policy is applied.","type":"text","hidden":false,"required":false,"index":false},{"name":"sha1","description":"A unique hash that identifies this policy.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"appcompat_shims","description":"Application Compatibility shims are a way to persist malware. This table presents the AppCompat Shim information from the registry in a nice format. See http://files.brucon.org/2015/Tomczak_and_Ballenthin_Shims_for_the_Win.pdf for more details.","platforms":["windows"],"columns":[{"name":"executable","description":"Name of the executable that is being shimmed. This is pulled from the registry.","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"This is the path to the SDB database.","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"Description of the SDB.","type":"text","hidden":false,"required":false,"index":false},{"name":"install_time","description":"Install time of the SDB","type":"integer","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of the SDB database.","type":"text","hidden":false,"required":false,"index":false},{"name":"sdb_id","description":"Unique GUID of the SDB.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"apps","description":"OS X applications installed in known search paths (e.g., /Applications).","platforms":["darwin"],"columns":[{"name":"name","description":"Name of the Name.app folder","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Absolute and full Name.app path","type":"text","hidden":false,"required":false,"index":false},{"name":"bundle_executable","description":"Info properties CFBundleExecutable label","type":"text","hidden":false,"required":false,"index":false},{"name":"bundle_identifier","description":"Info properties CFBundleIdentifier label","type":"text","hidden":false,"required":false,"index":false},{"name":"bundle_name","description":"Info properties CFBundleName label","type":"text","hidden":false,"required":false,"index":false},{"name":"bundle_short_version","description":"Info properties CFBundleShortVersionString label","type":"text","hidden":false,"required":false,"index":false},{"name":"bundle_version","description":"Info properties CFBundleVersion label","type":"text","hidden":false,"required":false,"index":false},{"name":"bundle_package_type","description":"Info properties CFBundlePackageType label","type":"text","hidden":false,"required":false,"index":false},{"name":"environment","description":"Application-set environment variables","type":"text","hidden":false,"required":false,"index":false},{"name":"element","description":"Does the app identify as a background agent","type":"text","hidden":false,"required":false,"index":false},{"name":"compiler","description":"Info properties DTCompiler label","type":"text","hidden":false,"required":false,"index":false},{"name":"development_region","description":"Info properties CFBundleDevelopmentRegion label","type":"text","hidden":false,"required":false,"index":false},{"name":"display_name","description":"Info properties CFBundleDisplayName label","type":"text","hidden":false,"required":false,"index":false},{"name":"info_string","description":"Info properties CFBundleGetInfoString label","type":"text","hidden":false,"required":false,"index":false},{"name":"minimum_system_version","description":"Minimum version of OS X required for the app to run","type":"text","hidden":false,"required":false,"index":false},{"name":"category","description":"The UTI that categorizes the app for the App Store","type":"text","hidden":false,"required":false,"index":false},{"name":"applescript_enabled","description":"Info properties NSAppleScriptEnabled label","type":"text","hidden":false,"required":false,"index":false},{"name":"copyright","description":"Info properties NSHumanReadableCopyright label","type":"text","hidden":false,"required":false,"index":false},{"name":"last_opened_time","description":"The time that the app was last used","type":"double","hidden":false,"required":false,"index":false}]},{"name":"apt_sources","description":"Current list of APT repositories or software channels.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Repository name","type":"text","hidden":false,"required":false,"index":false},{"name":"source","description":"Source file","type":"text","hidden":false,"required":false,"index":false},{"name":"base_uri","description":"Repository base URI","type":"text","hidden":false,"required":false,"index":false},{"name":"release","description":"Release name","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Repository source version","type":"text","hidden":false,"required":false,"index":false},{"name":"maintainer","description":"Repository maintainer","type":"text","hidden":false,"required":false,"index":false},{"name":"components","description":"Repository components","type":"text","hidden":false,"required":false,"index":false},{"name":"architectures","description":"Repository architectures","type":"text","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","hidden":true,"required":false,"index":false}]},{"name":"arp_cache","description":"Address resolution cache, both static and dynamic (from ARP, NDP).","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"address","description":"IPv4 address target","type":"text","hidden":false,"required":false,"index":false},{"name":"mac","description":"MAC address of broadcasted address","type":"text","hidden":false,"required":false,"index":false},{"name":"interface","description":"Interface of the network for the MAC","type":"text","hidden":false,"required":false,"index":false},{"name":"permanent","description":"1 for true, 0 for false","type":"text","hidden":false,"required":false,"index":false}]},{"name":"asl","description":"Queries the Apple System Log data structure for system events.","platforms":["darwin"],"columns":[{"name":"time","description":"Unix timestamp. Set automatically","type":"integer","hidden":false,"required":false,"index":false},{"name":"time_nano_sec","description":"Nanosecond time.","type":"integer","hidden":false,"required":false,"index":false},{"name":"host","description":"Sender's address (set by the server).","type":"text","hidden":false,"required":false,"index":false},{"name":"sender","description":"Sender's identification string. Default is process name.","type":"text","hidden":false,"required":false,"index":false},{"name":"facility","description":"Sender's facility. Default is 'user'.","type":"text","hidden":false,"required":false,"index":false},{"name":"pid","description":"Sending process ID encoded as a string. Set automatically.","type":"integer","hidden":false,"required":false,"index":false},{"name":"gid","description":"GID that sent the log message (set by the server).","type":"bigint","hidden":false,"required":false,"index":false},{"name":"uid","description":"UID that sent the log message (set by the server).","type":"bigint","hidden":false,"required":false,"index":false},{"name":"level","description":"Log level number. See levels in asl.h.","type":"integer","hidden":false,"required":false,"index":false},{"name":"message","description":"Message text.","type":"text","hidden":false,"required":false,"index":false},{"name":"ref_pid","description":"Reference PID for messages proxied by launchd","type":"integer","hidden":false,"required":false,"index":false},{"name":"ref_proc","description":"Reference process for messages proxied by launchd","type":"text","hidden":false,"required":false,"index":false},{"name":"extra","description":"Extra columns, in JSON format. Queries against this column are performed entirely in SQLite, so do not benefit from efficient querying via asl.h.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"atom_packages","description":"Lists all atom packages in a directory or globally installed in a system.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"name","description":"Package display name","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Package supplied version","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"Package supplied description","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Package's package.json path","type":"text","hidden":false,"required":false,"index":false},{"name":"license","description":"License for package","type":"text","hidden":false,"required":false,"index":false},{"name":"homepage","description":"Package supplied homepage","type":"text","hidden":false,"required":false,"index":false},{"name":"uid","description":"The local user that owns the plugin","type":"bigint","hidden":false,"required":false,"index":false}]},{"name":"augeas","description":"Configuration files parsed by augeas.","platforms":["darwin","linux"],"columns":[{"name":"node","description":"The node path of the configuration item","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"The value of the configuration item","type":"text","hidden":false,"required":false,"index":false},{"name":"label","description":"The label of the configuration item","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"The path to the configuration file","type":"text","hidden":false,"required":false,"index":false}]},{"name":"authenticode","description":"File (executable, bundle, installer, disk) code signing status.","platforms":["windows"],"columns":[{"name":"path","description":"Must provide a path or directory","type":"text","hidden":false,"required":true,"index":false},{"name":"original_program_name","description":"The original program name that the publisher has signed","type":"text","hidden":false,"required":false,"index":false},{"name":"serial_number","description":"The certificate serial number","type":"text","hidden":false,"required":false,"index":false},{"name":"issuer_name","description":"The certificate issuer name","type":"text","hidden":false,"required":false,"index":false},{"name":"subject_name","description":"The certificate subject name","type":"text","hidden":false,"required":false,"index":false},{"name":"result","description":"The signature check result","type":"text","hidden":false,"required":false,"index":false}]},{"name":"authorization_mechanisms","description":"OS X Authorization mechanisms database.","platforms":["darwin"],"columns":[{"name":"label","description":"Label of the authorization right","type":"text","hidden":false,"required":false,"index":false},{"name":"plugin","description":"Authorization plugin name","type":"text","hidden":false,"required":false,"index":false},{"name":"mechanism","description":"Name of the mechanism that will be called","type":"text","hidden":false,"required":false,"index":false},{"name":"privileged","description":"If privileged it will run as root, else as an anonymous user","type":"text","hidden":false,"required":false,"index":false},{"name":"entry","description":"The whole string entry","type":"text","hidden":false,"required":false,"index":false}]},{"name":"authorizations","description":"OS X Authorization rights database.","platforms":["darwin"],"columns":[{"name":"label","description":"Item name, usually in reverse domain format","type":"text","hidden":false,"required":false,"index":false},{"name":"modified","description":"Label top-level key","type":"text","hidden":false,"required":false,"index":false},{"name":"allow_root","description":"Label top-level key","type":"text","hidden":false,"required":false,"index":false},{"name":"timeout","description":"Label top-level key","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Label top-level key","type":"text","hidden":false,"required":false,"index":false},{"name":"tries","description":"Label top-level key","type":"text","hidden":false,"required":false,"index":false},{"name":"authenticate_user","description":"Label top-level key","type":"text","hidden":false,"required":false,"index":false},{"name":"shared","description":"Label top-level key","type":"text","hidden":false,"required":false,"index":false},{"name":"comment","description":"Label top-level key","type":"text","hidden":false,"required":false,"index":false},{"name":"created","description":"Label top-level key","type":"text","hidden":false,"required":false,"index":false},{"name":"class","description":"Label top-level key","type":"text","hidden":false,"required":false,"index":false},{"name":"session_owner","description":"Label top-level key","type":"text","hidden":false,"required":false,"index":false}]},{"name":"authorized_keys","description":"A line-delimited authorized_keys table.","platforms":["darwin","linux"],"columns":[{"name":"uid","description":"The local owner of authorized_keys file","type":"bigint","hidden":false,"required":false,"index":false},{"name":"algorithm","description":"algorithm of key","type":"text","hidden":false,"required":false,"index":false},{"name":"key","description":"parsed authorized keys line","type":"text","hidden":false,"required":false,"index":false},{"name":"key_file","description":"Path to the authorized_keys file","type":"text","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","hidden":true,"required":false,"index":false}]},{"name":"autoexec","description":"Aggregate of executables that will automatically execute on the target machine. This is an amalgamation of other tables like services, scheduled_tasks, startup_items and more.","platforms":["windows"],"columns":[{"name":"path","description":"Path to the executable","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of the program","type":"text","hidden":false,"required":false,"index":false},{"name":"source","description":"Source table of the autoexec item","type":"text","hidden":false,"required":false,"index":false}]},{"name":"azure_instance_metadata","description":"Azure instance metadata.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"location","description":"Azure Region the VM is running in","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of the VM","type":"text","hidden":false,"required":false,"index":false},{"name":"offer","description":"Offer information for the VM image (Azure image gallery VMs only)","type":"text","hidden":false,"required":false,"index":false},{"name":"publisher","description":"Publisher of the VM image","type":"text","hidden":false,"required":false,"index":false},{"name":"sku","description":"SKU for the VM image","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Version of the VM image","type":"text","hidden":false,"required":false,"index":false},{"name":"os_type","description":"Linux or Windows","type":"text","hidden":false,"required":false,"index":false},{"name":"platform_update_domain","description":"Update domain the VM is running in","type":"text","hidden":false,"required":false,"index":false},{"name":"platform_fault_domain","description":"Fault domain the VM is running in","type":"text","hidden":false,"required":false,"index":false},{"name":"vm_id","description":"Unique identifier for the VM","type":"text","hidden":false,"required":false,"index":false},{"name":"vm_size","description":"VM size","type":"text","hidden":false,"required":false,"index":false},{"name":"subscription_id","description":"Azure subscription for the VM","type":"text","hidden":false,"required":false,"index":false},{"name":"resource_group_name","description":"Resource group for the VM","type":"text","hidden":false,"required":false,"index":false},{"name":"placement_group_id","description":"Placement group for the VM scale set","type":"text","hidden":false,"required":false,"index":false},{"name":"vm_scale_set_name","description":"VM scale set name","type":"text","hidden":false,"required":false,"index":false},{"name":"zone","description":"Availability zone of the VM","type":"text","hidden":false,"required":false,"index":false}]},{"name":"azure_instance_tags","description":"Azure instance tags.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"vm_id","description":"Unique identifier for the VM","type":"text","hidden":false,"required":false,"index":false},{"name":"key","description":"The tag key","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"The tag value","type":"text","hidden":false,"required":false,"index":false}]},{"name":"background_activities_moderator","description":"Background Activities Moderator (BAM) tracks application execution.","platforms":["windows"],"columns":[{"name":"path","description":"Application file path.","type":"text","hidden":false,"required":false,"index":false},{"name":"last_execution_time","description":"Most recent time application was executed.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"sid","description":"User SID.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"battery","description":"Provides information about the internal battery of a Macbook.","platforms":["darwin"],"columns":[{"name":"manufacturer","description":"The battery manufacturer's name","type":"text","hidden":false,"required":false,"index":false},{"name":"manufacture_date","description":"The date the battery was manufactured UNIX Epoch","type":"integer","hidden":false,"required":false,"index":false},{"name":"model","description":"The battery's model number","type":"text","hidden":false,"required":false,"index":false},{"name":"serial_number","description":"The battery's unique serial number","type":"text","hidden":false,"required":false,"index":false},{"name":"cycle_count","description":"The number of charge/discharge cycles","type":"integer","hidden":false,"required":false,"index":false},{"name":"health","description":"One of the following: \"Good\" describes a well-performing battery, \"Fair\" describes a functional battery with limited capacity, or \"Poor\" describes a battery that's not capable of providing power","type":"text","hidden":false,"required":false,"index":false},{"name":"condition","description":"One of the following: \"Normal\" indicates the condition of the battery is within normal tolerances, \"Service Needed\" indicates that the battery should be checked out by a licensed Mac repair service, \"Permanent Failure\" indicates the battery needs replacement","type":"text","hidden":false,"required":false,"index":false},{"name":"state","description":"One of the following: \"AC Power\" indicates the battery is connected to an external power source, \"Battery Power\" indicates that the battery is drawing internal power, \"Off Line\" indicates the battery is off-line or no longer connected","type":"text","hidden":false,"required":false,"index":false},{"name":"charging","description":"1 if the battery is currently being charged by a power source. 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"charged","description":"1 if the battery is currently completely charged. 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"designed_capacity","description":"The battery's designed capacity in mAh","type":"integer","hidden":false,"required":false,"index":false},{"name":"max_capacity","description":"The battery's actual capacity when it is fully charged in mAh","type":"integer","hidden":false,"required":false,"index":false},{"name":"current_capacity","description":"The battery's current charged capacity in mAh","type":"integer","hidden":false,"required":false,"index":false},{"name":"percent_remaining","description":"The percentage of battery remaining before it is drained","type":"integer","hidden":false,"required":false,"index":false},{"name":"amperage","description":"The battery's current amperage in mA","type":"integer","hidden":false,"required":false,"index":false},{"name":"voltage","description":"The battery's current voltage in mV","type":"integer","hidden":false,"required":false,"index":false},{"name":"minutes_until_empty","description":"The number of minutes until the battery is fully depleted. This value is -1 if this time is still being calculated","type":"integer","hidden":false,"required":false,"index":false},{"name":"minutes_to_full_charge","description":"The number of minutes until the battery is fully charged. This value is -1 if this time is still being calculated","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"bitlocker_info","description":"Retrieve bitlocker status of the machine.","platforms":["windows"],"columns":[{"name":"device_id","description":"ID of the encrypted drive.","type":"text","hidden":false,"required":false,"index":false},{"name":"drive_letter","description":"Drive letter of the encrypted drive.","type":"text","hidden":false,"required":false,"index":false},{"name":"persistent_volume_id","description":"Persistent ID of the drive.","type":"text","hidden":false,"required":false,"index":false},{"name":"conversion_status","description":"The bitlocker conversion status of the drive.","type":"integer","hidden":false,"required":false,"index":false},{"name":"protection_status","description":"The bitlocker protection status of the drive.","type":"integer","hidden":false,"required":false,"index":false},{"name":"encryption_method","description":"The encryption type of the device.","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"The FVE metadata version of the drive.","type":"integer","hidden":false,"required":false,"index":false},{"name":"percentage_encrypted","description":"The percentage of the drive that is encrypted.","type":"integer","hidden":false,"required":false,"index":false},{"name":"lock_status","description":"The accessibility status of the drive from Windows.","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"block_devices","description":"Block (buffered access) device file nodes: disks, ramdisks, and DMG containers.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Block device name","type":"text","hidden":false,"required":false,"index":false},{"name":"parent","description":"Block device parent name","type":"text","hidden":false,"required":false,"index":false},{"name":"vendor","description":"Block device vendor string","type":"text","hidden":false,"required":false,"index":false},{"name":"model","description":"Block device model string identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"size","description":"Block device size in blocks","type":"bigint","hidden":false,"required":false,"index":false},{"name":"block_size","description":"Block size in bytes","type":"integer","hidden":false,"required":false,"index":false},{"name":"uuid","description":"Block device Universally Unique Identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Block device type string","type":"text","hidden":false,"required":false,"index":false},{"name":"label","description":"Block device label string","type":"text","hidden":false,"required":false,"index":false}]},{"name":"bpf_process_events","description":"Track time/action process executions.","platforms":["linux"],"columns":[{"name":"tid","description":"Thread ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent process ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"cid","description":"Cgroup ID","type":"integer","hidden":false,"required":false,"index":false},{"name":"exit_code","description":"Exit code of the system call","type":"text","hidden":false,"required":false,"index":false},{"name":"probe_error","description":"Set to 1 if one or more buffers could not be captured","type":"integer","hidden":false,"required":false,"index":false},{"name":"syscall","description":"System call name","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Binary path","type":"text","hidden":false,"required":false,"index":false},{"name":"cwd","description":"Current working directory","type":"text","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Command line arguments","type":"text","hidden":false,"required":false,"index":false},{"name":"duration","description":"How much time was spent inside the syscall (nsecs)","type":"integer","hidden":false,"required":false,"index":false},{"name":"json_cmdline","description":"Command line arguments, in JSON format","type":"text","hidden":true,"required":false,"index":false},{"name":"ntime","description":"The nsecs uptime timestamp as obtained from BPF","type":"text","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","hidden":true,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"integer","hidden":true,"required":false,"index":false}]},{"name":"bpf_socket_events","description":"Track network socket opens and closes.","platforms":["linux"],"columns":[{"name":"tid","description":"Thread ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent process ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"cid","description":"Cgroup ID","type":"integer","hidden":false,"required":false,"index":false},{"name":"exit_code","description":"Exit code of the system call","type":"text","hidden":false,"required":false,"index":false},{"name":"probe_error","description":"Set to 1 if one or more buffers could not be captured","type":"integer","hidden":false,"required":false,"index":false},{"name":"syscall","description":"System call name","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed file","type":"text","hidden":false,"required":false,"index":false},{"name":"fd","description":"The file description for the process socket","type":"text","hidden":false,"required":false,"index":false},{"name":"family","description":"The Internet protocol family ID","type":"integer","hidden":false,"required":false,"index":false},{"name":"type","description":"The socket type","type":"integer","hidden":false,"required":false,"index":false},{"name":"protocol","description":"The network protocol ID","type":"integer","hidden":false,"required":false,"index":false},{"name":"local_address","description":"Local address associated with socket","type":"text","hidden":false,"required":false,"index":false},{"name":"remote_address","description":"Remote address associated with socket","type":"text","hidden":false,"required":false,"index":false},{"name":"local_port","description":"Local network protocol port number","type":"integer","hidden":false,"required":false,"index":false},{"name":"remote_port","description":"Remote network protocol port number","type":"integer","hidden":false,"required":false,"index":false},{"name":"duration","description":"How much time was spent inside the syscall (nsecs)","type":"integer","hidden":false,"required":false,"index":false},{"name":"ntime","description":"The nsecs uptime timestamp as obtained from BPF","type":"text","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","hidden":true,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"integer","hidden":true,"required":false,"index":false}]},{"name":"browser_plugins","description":"All C/NPAPI browser plugin details for all users.","platforms":["darwin"],"columns":[{"name":"uid","description":"The local user that owns the plugin","type":"bigint","hidden":false,"required":false,"index":false},{"name":"name","description":"Plugin display name","type":"text","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Plugin identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Plugin short version","type":"text","hidden":false,"required":false,"index":false},{"name":"sdk","description":"Build SDK used to compile plugin","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"Plugin description text","type":"text","hidden":false,"required":false,"index":false},{"name":"development_region","description":"Plugin language-localization","type":"text","hidden":false,"required":false,"index":false},{"name":"native","description":"Plugin requires native execution","type":"integer","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to plugin bundle","type":"text","hidden":false,"required":false,"index":false},{"name":"disabled","description":"Is the plugin disabled. 1 = Disabled","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"carbon_black_info","description":"Returns info about a Carbon Black sensor install.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"sensor_id","description":"Sensor ID of the Carbon Black sensor","type":"integer","hidden":false,"required":false,"index":false},{"name":"config_name","description":"Sensor group","type":"text","hidden":false,"required":false,"index":false},{"name":"collect_store_files","description":"If the sensor is configured to send back binaries to the Carbon Black server","type":"integer","hidden":false,"required":false,"index":false},{"name":"collect_module_loads","description":"If the sensor is configured to capture module loads","type":"integer","hidden":false,"required":false,"index":false},{"name":"collect_module_info","description":"If the sensor is configured to collect metadata of binaries","type":"integer","hidden":false,"required":false,"index":false},{"name":"collect_file_mods","description":"If the sensor is configured to collect file modification events","type":"integer","hidden":false,"required":false,"index":false},{"name":"collect_reg_mods","description":"If the sensor is configured to collect registry modification events","type":"integer","hidden":false,"required":false,"index":false},{"name":"collect_net_conns","description":"If the sensor is configured to collect network connections","type":"integer","hidden":false,"required":false,"index":false},{"name":"collect_processes","description":"If the sensor is configured to process events","type":"integer","hidden":false,"required":false,"index":false},{"name":"collect_cross_processes","description":"If the sensor is configured to cross process events","type":"integer","hidden":false,"required":false,"index":false},{"name":"collect_emet_events","description":"If the sensor is configured to EMET events","type":"integer","hidden":false,"required":false,"index":false},{"name":"collect_data_file_writes","description":"If the sensor is configured to collect non binary file writes","type":"integer","hidden":false,"required":false,"index":false},{"name":"collect_process_user_context","description":"If the sensor is configured to collect the user running a process","type":"integer","hidden":false,"required":false,"index":false},{"name":"collect_sensor_operations","description":"Unknown","type":"integer","hidden":false,"required":false,"index":false},{"name":"log_file_disk_quota_mb","description":"Event file disk quota in MB","type":"integer","hidden":false,"required":false,"index":false},{"name":"log_file_disk_quota_percentage","description":"Event file disk quota in a percentage","type":"integer","hidden":false,"required":false,"index":false},{"name":"protection_disabled","description":"If the sensor is configured to report tamper events","type":"integer","hidden":false,"required":false,"index":false},{"name":"sensor_ip_addr","description":"IP address of the sensor","type":"text","hidden":false,"required":false,"index":false},{"name":"sensor_backend_server","description":"Carbon Black server","type":"text","hidden":false,"required":false,"index":false},{"name":"event_queue","description":"Size in bytes of Carbon Black event files on disk","type":"integer","hidden":false,"required":false,"index":false},{"name":"binary_queue","description":"Size in bytes of binaries waiting to be sent to Carbon Black server","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"carves","description":"List the set of completed and in-progress carves. If carve=1 then the query is treated as a new carve request.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"time","description":"Time at which the carve was kicked off","type":"bigint","hidden":false,"required":false,"index":false},{"name":"sha256","description":"A SHA256 sum of the carved archive","type":"text","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of the carved archive","type":"integer","hidden":false,"required":false,"index":false},{"name":"path","description":"The path of the requested carve","type":"text","hidden":false,"required":false,"index":false},{"name":"status","description":"Status of the carve, can be STARTING, PENDING, SUCCESS, or FAILED","type":"text","hidden":false,"required":false,"index":false},{"name":"carve_guid","description":"Identifying value of the carve session","type":"text","hidden":false,"required":false,"index":false},{"name":"request_id","description":"Identifying value of the carve request (e.g., scheduled query name, distributed request, etc)","type":"text","hidden":false,"required":false,"index":false},{"name":"carve","description":"Set this value to '1' to start a file carve","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"certificates","description":"Certificate Authorities installed in Keychains/ca-bundles.","platforms":["darwin","windows"],"columns":[{"name":"common_name","description":"Certificate CommonName","type":"text","hidden":false,"required":false,"index":false},{"name":"subject","description":"Certificate distinguished name","type":"text","hidden":false,"required":false,"index":false},{"name":"issuer","description":"Certificate issuer distinguished name","type":"text","hidden":false,"required":false,"index":false},{"name":"ca","description":"1 if CA: true (certificate is an authority) else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"self_signed","description":"1 if self-signed, else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"not_valid_before","description":"Lower bound of valid date","type":"text","hidden":false,"required":false,"index":false},{"name":"not_valid_after","description":"Certificate expiration data","type":"text","hidden":false,"required":false,"index":false},{"name":"signing_algorithm","description":"Signing algorithm used","type":"text","hidden":false,"required":false,"index":false},{"name":"key_algorithm","description":"Key algorithm used","type":"text","hidden":false,"required":false,"index":false},{"name":"key_strength","description":"Key size used for RSA/DSA, or curve name","type":"text","hidden":false,"required":false,"index":false},{"name":"key_usage","description":"Certificate key usage and extended key usage","type":"text","hidden":false,"required":false,"index":false},{"name":"subject_key_id","description":"SKID an optionally included SHA1","type":"text","hidden":false,"required":false,"index":false},{"name":"authority_key_id","description":"AKID an optionally included SHA1","type":"text","hidden":false,"required":false,"index":false},{"name":"sha1","description":"SHA1 hash of the raw certificate contents","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to Keychain or PEM bundle","type":"text","hidden":false,"required":false,"index":false},{"name":"serial","description":"Certificate serial number","type":"text","hidden":false,"required":false,"index":false},{"name":"sid","description":"SID","type":"text","hidden":true,"required":false,"index":false},{"name":"store_location","description":"Certificate system store location","type":"text","hidden":true,"required":false,"index":false},{"name":"store","description":"Certificate system store","type":"text","hidden":true,"required":false,"index":false},{"name":"username","description":"Username","type":"text","hidden":true,"required":false,"index":false},{"name":"store_id","description":"Exists for service/user stores. Contains raw store id provided by WinAPI.","type":"text","hidden":true,"required":false,"index":false}]},{"name":"chassis_info","description":"Display information pertaining to the chassis and its security status.","platforms":["windows"],"columns":[{"name":"audible_alarm","description":"If TRUE, the frame is equipped with an audible alarm.","type":"text","hidden":false,"required":false,"index":false},{"name":"breach_description","description":"If provided, gives a more detailed description of a detected security breach.","type":"text","hidden":false,"required":false,"index":false},{"name":"chassis_types","description":"A comma-separated list of chassis types, such as Desktop or Laptop.","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"An extended description of the chassis if available.","type":"text","hidden":false,"required":false,"index":false},{"name":"lock","description":"If TRUE, the frame is equipped with a lock.","type":"text","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"The manufacturer of the chassis.","type":"text","hidden":false,"required":false,"index":false},{"name":"model","description":"The model of the chassis.","type":"text","hidden":false,"required":false,"index":false},{"name":"security_breach","description":"The physical status of the chassis such as Breach Successful, Breach Attempted, etc.","type":"text","hidden":false,"required":false,"index":false},{"name":"serial","description":"The serial number of the chassis.","type":"text","hidden":false,"required":false,"index":false},{"name":"smbios_tag","description":"The assigned asset tag number of the chassis.","type":"text","hidden":false,"required":false,"index":false},{"name":"sku","description":"The Stock Keeping Unit number if available.","type":"text","hidden":false,"required":false,"index":false},{"name":"status","description":"If available, gives various operational or nonoperational statuses such as OK, Degraded, and Pred Fail.","type":"text","hidden":false,"required":false,"index":false},{"name":"visible_alarm","description":"If TRUE, the frame is equipped with a visual alarm.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"chocolatey_packages","description":"Chocolatey packages installed in a system.","platforms":["windows"],"columns":[{"name":"name","description":"Package display name","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Package-supplied version","type":"text","hidden":false,"required":false,"index":false},{"name":"summary","description":"Package-supplied summary","type":"text","hidden":false,"required":false,"index":false},{"name":"author","description":"Optional package author","type":"text","hidden":false,"required":false,"index":false},{"name":"license","description":"License under which package is launched","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Path at which this package resides","type":"text","hidden":false,"required":false,"index":false}]},{"name":"chrome_extension_content_scripts","description":"Chrome browser extension content scripts.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"browser_type","description":"The browser type (Valid values: chrome, chromium, opera, yandex, brave)","type":"text","hidden":false,"required":false,"index":false},{"name":"uid","description":"The local user that owns the extension","type":"bigint","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Extension identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension-supplied version","type":"text","hidden":false,"required":false,"index":false},{"name":"script","description":"The content script used by the extension","type":"text","hidden":false,"required":false,"index":false},{"name":"match","description":"The pattern that the script is matched against","type":"text","hidden":false,"required":false,"index":false},{"name":"profile_path","description":"The profile path","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to extension folder","type":"text","hidden":false,"required":false,"index":false},{"name":"referenced","description":"1 if this extension is referenced by the Preferences file of the profile","type":"bigint","hidden":false,"required":false,"index":false}]},{"name":"chrome_extensions","description":"Chrome-based browser extensions.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"browser_type","description":"The browser type (Valid values: chrome, chromium, opera, yandex, brave, edge, edge_beta)","type":"text","hidden":false,"required":false,"index":false},{"name":"uid","description":"The local user that owns the extension","type":"bigint","hidden":false,"required":false,"index":false},{"name":"name","description":"Extension display name","type":"text","hidden":false,"required":false,"index":false},{"name":"profile","description":"The name of the Chrome profile that contains this extension","type":"text","hidden":false,"required":false,"index":false},{"name":"profile_path","description":"The profile path","type":"text","hidden":false,"required":false,"index":false},{"name":"referenced_identifier","description":"Extension identifier, as specified by the preferences file. Empty if the extension is not in the profile.","type":"text","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Extension identifier, computed from its manifest. Empty in case of error.","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension-supplied version","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"Extension-optional description","type":"text","hidden":false,"required":false,"index":false},{"name":"default_locale","description":"Default locale supported by extension","type":"text","hidden":false,"required":false,"index":false},{"name":"current_locale","description":"Current locale supported by extension","type":"text","hidden":false,"required":false,"index":false},{"name":"update_url","description":"Extension-supplied update URI","type":"text","hidden":false,"required":false,"index":false},{"name":"author","description":"Optional extension author","type":"text","hidden":false,"required":false,"index":false},{"name":"persistent","description":"1 If extension is persistent across all tabs else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to extension folder","type":"text","hidden":false,"required":false,"index":false},{"name":"permissions","description":"The permissions required by the extension","type":"text","hidden":false,"required":false,"index":false},{"name":"permissions_json","description":"The JSON-encoded permissions required by the extension","type":"text","hidden":true,"required":false,"index":false},{"name":"optional_permissions","description":"The permissions optionally required by the extensions","type":"text","hidden":false,"required":false,"index":false},{"name":"optional_permissions_json","description":"The JSON-encoded permissions optionally required by the extensions","type":"text","hidden":true,"required":false,"index":false},{"name":"manifest_hash","description":"The SHA256 hash of the manifest.json file","type":"text","hidden":false,"required":false,"index":false},{"name":"referenced","description":"1 if this extension is referenced by the Preferences file of the profile","type":"bigint","hidden":false,"required":false,"index":false},{"name":"from_webstore","description":"True if this extension was installed from the web store","type":"text","hidden":false,"required":false,"index":false},{"name":"state","description":"1 if this extension is enabled","type":"text","hidden":false,"required":false,"index":false},{"name":"install_time","description":"Extension install time, in its original Webkit format","type":"text","hidden":false,"required":false,"index":false},{"name":"install_timestamp","description":"Extension install time, converted to unix time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"manifest_json","description":"The manifest file of the extension","type":"text","hidden":true,"required":false,"index":false},{"name":"key","description":"The extension key, from the manifest file","type":"text","hidden":true,"required":false,"index":false}]},{"name":"connectivity","description":"Provides the overall system's network state.","platforms":["windows"],"columns":[{"name":"disconnected","description":"True if the all interfaces are not connected to any network","type":"integer","hidden":false,"required":false,"index":false},{"name":"ipv4_no_traffic","description":"True if any interface is connected via IPv4, but has seen no traffic","type":"integer","hidden":false,"required":false,"index":false},{"name":"ipv6_no_traffic","description":"True if any interface is connected via IPv6, but has seen no traffic","type":"integer","hidden":false,"required":false,"index":false},{"name":"ipv4_subnet","description":"True if any interface is connected to the local subnet via IPv4","type":"integer","hidden":false,"required":false,"index":false},{"name":"ipv4_local_network","description":"True if any interface is connected to a routed network via IPv4","type":"integer","hidden":false,"required":false,"index":false},{"name":"ipv4_internet","description":"True if any interface is connected to the Internet via IPv4","type":"integer","hidden":false,"required":false,"index":false},{"name":"ipv6_subnet","description":"True if any interface is connected to the local subnet via IPv6","type":"integer","hidden":false,"required":false,"index":false},{"name":"ipv6_local_network","description":"True if any interface is connected to a routed network via IPv6","type":"integer","hidden":false,"required":false,"index":false},{"name":"ipv6_internet","description":"True if any interface is connected to the Internet via IPv6","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"cpu_info","description":"Retrieve cpu hardware info of the machine.","platforms":["windows"],"columns":[{"name":"device_id","description":"The DeviceID of the CPU.","type":"text","hidden":false,"required":false,"index":false},{"name":"model","description":"The model of the CPU.","type":"text","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"The manufacturer of the CPU.","type":"text","hidden":false,"required":false,"index":false},{"name":"processor_type","description":"The processor type, such as Central, Math, or Video.","type":"text","hidden":false,"required":false,"index":false},{"name":"availability","description":"The availability and status of the CPU.","type":"text","hidden":false,"required":false,"index":false},{"name":"cpu_status","description":"The current operating status of the CPU.","type":"integer","hidden":false,"required":false,"index":false},{"name":"number_of_cores","description":"The number of cores of the CPU.","type":"text","hidden":false,"required":false,"index":false},{"name":"logical_processors","description":"The number of logical processors of the CPU.","type":"integer","hidden":false,"required":false,"index":false},{"name":"address_width","description":"The width of the CPU address bus.","type":"text","hidden":false,"required":false,"index":false},{"name":"current_clock_speed","description":"The current frequency of the CPU.","type":"integer","hidden":false,"required":false,"index":false},{"name":"max_clock_speed","description":"The maximum possible frequency of the CPU.","type":"integer","hidden":false,"required":false,"index":false},{"name":"socket_designation","description":"The assigned socket on the board for the given CPU.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"cpu_time","description":"Displays information from /proc/stat file about the time the cpu cores spent in different parts of the system.","platforms":["darwin","linux"],"columns":[{"name":"core","description":"Name of the cpu (core)","type":"integer","hidden":false,"required":false,"index":false},{"name":"user","description":"Time spent in user mode","type":"bigint","hidden":false,"required":false,"index":false},{"name":"nice","description":"Time spent in user mode with low priority (nice)","type":"bigint","hidden":false,"required":false,"index":false},{"name":"system","description":"Time spent in system mode","type":"bigint","hidden":false,"required":false,"index":false},{"name":"idle","description":"Time spent in the idle task","type":"bigint","hidden":false,"required":false,"index":false},{"name":"iowait","description":"Time spent waiting for I/O to complete","type":"bigint","hidden":false,"required":false,"index":false},{"name":"irq","description":"Time spent servicing interrupts","type":"bigint","hidden":false,"required":false,"index":false},{"name":"softirq","description":"Time spent servicing softirqs","type":"bigint","hidden":false,"required":false,"index":false},{"name":"steal","description":"Time spent in other operating systems when running in a virtualized environment","type":"bigint","hidden":false,"required":false,"index":false},{"name":"guest","description":"Time spent running a virtual CPU for a guest OS under the control of the Linux kernel","type":"bigint","hidden":false,"required":false,"index":false},{"name":"guest_nice","description":"Time spent running a niced guest ","type":"bigint","hidden":false,"required":false,"index":false}]},{"name":"cpuid","description":"Useful CPU features from the cpuid ASM call.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"feature","description":"Present feature flags","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"Bit value or string","type":"text","hidden":false,"required":false,"index":false},{"name":"output_register","description":"Register used to for feature value","type":"text","hidden":false,"required":false,"index":false},{"name":"output_bit","description":"Bit in register value for feature value","type":"integer","hidden":false,"required":false,"index":false},{"name":"input_eax","description":"Value of EAX used","type":"text","hidden":false,"required":false,"index":false}]},{"name":"crashes","description":"Application, System, and Mobile App crash logs.","platforms":["darwin"],"columns":[{"name":"type","description":"Type of crash log","type":"text","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID of the crashed process","type":"bigint","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to the crashed process","type":"text","hidden":false,"required":false,"index":false},{"name":"crash_path","description":"Location of log file","type":"text","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Identifier of the crashed process","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Version info of the crashed process","type":"text","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent PID of the crashed process","type":"bigint","hidden":false,"required":false,"index":false},{"name":"responsible","description":"Process responsible for the crashed process","type":"text","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID of the crashed process","type":"integer","hidden":false,"required":false,"index":false},{"name":"datetime","description":"Date/Time at which the crash occurred","type":"text","hidden":false,"required":false,"index":false},{"name":"crashed_thread","description":"Thread ID which crashed","type":"bigint","hidden":false,"required":false,"index":false},{"name":"stack_trace","description":"Most recent frame from the stack trace","type":"text","hidden":false,"required":false,"index":false},{"name":"exception_type","description":"Exception type of the crash","type":"text","hidden":false,"required":false,"index":false},{"name":"exception_codes","description":"Exception codes from the crash","type":"text","hidden":false,"required":false,"index":false},{"name":"exception_notes","description":"Exception notes from the crash","type":"text","hidden":false,"required":false,"index":false},{"name":"registers","description":"The value of the system registers","type":"text","hidden":false,"required":false,"index":false}]},{"name":"crontab","description":"Line parsed values from system and user cron/tab.","platforms":["darwin","linux"],"columns":[{"name":"event","description":"The job @event name (rare)","type":"text","hidden":false,"required":false,"index":false},{"name":"minute","description":"The exact minute for the job","type":"text","hidden":false,"required":false,"index":false},{"name":"hour","description":"The hour of the day for the job","type":"text","hidden":false,"required":false,"index":false},{"name":"day_of_month","description":"The day of the month for the job","type":"text","hidden":false,"required":false,"index":false},{"name":"month","description":"The month of the year for the job","type":"text","hidden":false,"required":false,"index":false},{"name":"day_of_week","description":"The day of the week for the job","type":"text","hidden":false,"required":false,"index":false},{"name":"command","description":"Raw command string","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"File parsed","type":"text","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","hidden":true,"required":false,"index":false}]},{"name":"cups_destinations","description":"Returns all configured printers.","platforms":["darwin"],"columns":[{"name":"name","description":"Name of the printer","type":"text","hidden":false,"required":false,"index":false},{"name":"option_name","description":"Option name","type":"text","hidden":false,"required":false,"index":false},{"name":"option_value","description":"Option value","type":"text","hidden":false,"required":false,"index":false}]},{"name":"cups_jobs","description":"Returns all completed print jobs from cups.","platforms":["darwin"],"columns":[{"name":"title","description":"Title of the printed job","type":"text","hidden":false,"required":false,"index":false},{"name":"destination","description":"The printer the job was sent to","type":"text","hidden":false,"required":false,"index":false},{"name":"user","description":"The user who printed the job","type":"text","hidden":false,"required":false,"index":false},{"name":"format","description":"The format of the print job","type":"text","hidden":false,"required":false,"index":false},{"name":"size","description":"The size of the print job","type":"integer","hidden":false,"required":false,"index":false},{"name":"completed_time","description":"When the job completed printing","type":"integer","hidden":false,"required":false,"index":false},{"name":"processing_time","description":"How long the job took to process","type":"integer","hidden":false,"required":false,"index":false},{"name":"creation_time","description":"When the print request was initiated","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"curl","description":"Perform an http request and return stats about it.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"url","description":"The url for the request","type":"text","hidden":false,"required":true,"index":false},{"name":"method","description":"The HTTP method for the request","type":"text","hidden":false,"required":false,"index":false},{"name":"user_agent","description":"The user-agent string to use for the request","type":"text","hidden":false,"required":false,"index":false},{"name":"response_code","description":"The HTTP status code for the response","type":"integer","hidden":false,"required":false,"index":false},{"name":"round_trip_time","description":"Time taken to complete the request","type":"bigint","hidden":false,"required":false,"index":false},{"name":"bytes","description":"Number of bytes in the response","type":"bigint","hidden":false,"required":false,"index":false},{"name":"result","description":"The HTTP response body","type":"text","hidden":false,"required":false,"index":false}]},{"name":"curl_certificate","description":"Inspect TLS certificates by connecting to input hostnames.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"hostname","description":"Hostname (domain[:port]) to CURL","type":"text","hidden":false,"required":true,"index":false},{"name":"common_name","description":"Common name of company issued to","type":"text","hidden":false,"required":false,"index":false},{"name":"organization","description":"Organization issued to","type":"text","hidden":false,"required":false,"index":false},{"name":"organization_unit","description":"Organization unit issued to","type":"text","hidden":false,"required":false,"index":false},{"name":"serial_number","description":"Certificate serial number","type":"text","hidden":false,"required":false,"index":false},{"name":"issuer_common_name","description":"Issuer common name","type":"text","hidden":false,"required":false,"index":false},{"name":"issuer_organization","description":"Issuer organization","type":"text","hidden":false,"required":false,"index":false},{"name":"issuer_organization_unit","description":"Issuer organization unit","type":"text","hidden":false,"required":false,"index":false},{"name":"valid_from","description":"Period of validity start date","type":"text","hidden":false,"required":false,"index":false},{"name":"valid_to","description":"Period of validity end date","type":"text","hidden":false,"required":false,"index":false},{"name":"sha256_fingerprint","description":"SHA-256 fingerprint","type":"text","hidden":false,"required":false,"index":false},{"name":"sha1_fingerprint","description":"SHA1 fingerprint","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Version Number","type":"integer","hidden":false,"required":false,"index":false},{"name":"signature_algorithm","description":"Signature Algorithm","type":"text","hidden":false,"required":false,"index":false},{"name":"signature","description":"Signature","type":"text","hidden":false,"required":false,"index":false},{"name":"subject_key_identifier","description":"Subject Key Identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"authority_key_identifier","description":"Authority Key Identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"key_usage","description":"Usage of key in certificate","type":"text","hidden":false,"required":false,"index":false},{"name":"extended_key_usage","description":"Extended usage of key in certificate","type":"text","hidden":false,"required":false,"index":false},{"name":"policies","description":"Certificate Policies","type":"text","hidden":false,"required":false,"index":false},{"name":"subject_alternative_names","description":"Subject Alternative Name","type":"text","hidden":false,"required":false,"index":false},{"name":"issuer_alternative_names","description":"Issuer Alternative Name","type":"text","hidden":false,"required":false,"index":false},{"name":"info_access","description":"Authority Information Access","type":"text","hidden":false,"required":false,"index":false},{"name":"subject_info_access","description":"Subject Information Access","type":"text","hidden":false,"required":false,"index":false},{"name":"policy_mappings","description":"Policy Mappings","type":"text","hidden":false,"required":false,"index":false},{"name":"has_expired","description":"1 if the certificate has expired, 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"basic_constraint","description":"Basic Constraints","type":"text","hidden":false,"required":false,"index":false},{"name":"name_constraints","description":"Name Constraints","type":"text","hidden":false,"required":false,"index":false},{"name":"policy_constraints","description":"Policy Constraints","type":"text","hidden":false,"required":false,"index":false},{"name":"dump_certificate","description":"Set this value to '1' to dump certificate","type":"integer","hidden":true,"required":false,"index":false},{"name":"timeout","description":"Set this value to the timeout in seconds to complete the TLS handshake (default 4s, use 0 for no timeout)","type":"integer","hidden":true,"required":false,"index":false},{"name":"pem","description":"Certificate PEM format","type":"text","hidden":false,"required":false,"index":false}]},{"name":"deb_packages","description":"The installed DEB package database.","platforms":["linux"],"columns":[{"name":"name","description":"Package name","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Package version","type":"text","hidden":false,"required":false,"index":false},{"name":"source","description":"Package source","type":"text","hidden":false,"required":false,"index":false},{"name":"size","description":"Package size in bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"arch","description":"Package architecture","type":"text","hidden":false,"required":false,"index":false},{"name":"revision","description":"Package revision","type":"text","hidden":false,"required":false,"index":false},{"name":"status","description":"Package status","type":"text","hidden":false,"required":false,"index":false},{"name":"maintainer","description":"Package maintainer","type":"text","hidden":false,"required":false,"index":false},{"name":"section","description":"Package section","type":"text","hidden":false,"required":false,"index":false},{"name":"priority","description":"Package priority","type":"text","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","hidden":true,"required":false,"index":false},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","hidden":true,"required":false,"index":false}]},{"name":"default_environment","description":"Default environment variables and values.","platforms":["windows"],"columns":[{"name":"variable","description":"Name of the environment variable","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"Value of the environment variable","type":"text","hidden":false,"required":false,"index":false},{"name":"expand","description":"1 if the variable needs expanding, 0 otherwise","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"device_file","description":"Similar to the file table, but use TSK and allow block address access.","platforms":["darwin","linux"],"columns":[{"name":"device","description":"Absolute file path to device node","type":"text","hidden":false,"required":true,"index":false},{"name":"partition","description":"A partition number","type":"text","hidden":false,"required":true,"index":false},{"name":"path","description":"A logical path within the device node","type":"text","hidden":false,"required":false,"index":false},{"name":"filename","description":"Name portion of file path","type":"text","hidden":false,"required":false,"index":false},{"name":"inode","description":"Filesystem inode number","type":"bigint","hidden":false,"required":false,"index":false},{"name":"uid","description":"Owning user ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"gid","description":"Owning group ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"mode","description":"Permission bits","type":"text","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of file in bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"block_size","description":"Block size of filesystem","type":"integer","hidden":false,"required":false,"index":false},{"name":"atime","description":"Last access time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"mtime","description":"Last modification time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"ctime","description":"Creation time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"hard_links","description":"Number of hard links","type":"integer","hidden":false,"required":false,"index":false},{"name":"type","description":"File status","type":"text","hidden":false,"required":false,"index":false}]},{"name":"device_firmware","description":"A best-effort list of discovered firmware versions.","platforms":["darwin"],"columns":[{"name":"type","description":"Type of device","type":"text","hidden":false,"required":false,"index":false},{"name":"device","description":"The device name","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Firmware version","type":"text","hidden":false,"required":false,"index":false}]},{"name":"device_hash","description":"Similar to the hash table, but use TSK and allow block address access.","platforms":["darwin","linux"],"columns":[{"name":"device","description":"Absolute file path to device node","type":"text","hidden":false,"required":true,"index":false},{"name":"partition","description":"A partition number","type":"text","hidden":false,"required":true,"index":false},{"name":"inode","description":"Filesystem inode number","type":"bigint","hidden":false,"required":true,"index":false},{"name":"md5","description":"MD5 hash of provided inode data","type":"text","hidden":false,"required":false,"index":false},{"name":"sha1","description":"SHA1 hash of provided inode data","type":"text","hidden":false,"required":false,"index":false},{"name":"sha256","description":"SHA256 hash of provided inode data","type":"text","hidden":false,"required":false,"index":false}]},{"name":"device_partitions","description":"Use TSK to enumerate details about partitions on a disk device.","platforms":["darwin","linux"],"columns":[{"name":"device","description":"Absolute file path to device node","type":"text","hidden":false,"required":true,"index":false},{"name":"partition","description":"A partition number or description","type":"integer","hidden":false,"required":false,"index":false},{"name":"label","description":"","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"","type":"text","hidden":false,"required":false,"index":false},{"name":"offset","description":"","type":"bigint","hidden":false,"required":false,"index":false},{"name":"blocks_size","description":"Byte size of each block","type":"bigint","hidden":false,"required":false,"index":false},{"name":"blocks","description":"Number of blocks","type":"bigint","hidden":false,"required":false,"index":false},{"name":"inodes","description":"Number of meta nodes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"flags","description":"","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"disk_encryption","description":"Disk encryption status and information.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Disk name","type":"text","hidden":false,"required":false,"index":false},{"name":"uuid","description":"Disk Universally Unique Identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"encrypted","description":"1 If encrypted: true (disk is encrypted), else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"type","description":"Description of cipher type and mode if available","type":"text","hidden":false,"required":false,"index":false},{"name":"encryption_status","description":"Disk encryption status with one of following values: encrypted | not encrypted | undefined","type":"text","hidden":false,"required":false,"index":false},{"name":"uid","description":"Currently authenticated user if available","type":"text","hidden":false,"required":false,"index":false},{"name":"user_uuid","description":"UUID of authenticated user if available","type":"text","hidden":false,"required":false,"index":false},{"name":"filevault_status","description":"FileVault status with one of following values: on | off | unknown","type":"text","hidden":false,"required":false,"index":false}]},{"name":"disk_events","description":"Track DMG disk image events (appearance/disappearance) when opened.","platforms":["darwin"],"columns":[{"name":"action","description":"Appear or disappear","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of the DMG file accessed","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"Disk event name","type":"text","hidden":false,"required":false,"index":false},{"name":"device","description":"Disk event BSD name","type":"text","hidden":false,"required":false,"index":false},{"name":"uuid","description":"UUID of the volume inside DMG if available","type":"text","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of partition in bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"ejectable","description":"1 if ejectable, 0 if not","type":"integer","hidden":false,"required":false,"index":false},{"name":"mountable","description":"1 if mountable, 0 if not","type":"integer","hidden":false,"required":false,"index":false},{"name":"writable","description":"1 if writable, 0 if not","type":"integer","hidden":false,"required":false,"index":false},{"name":"content","description":"Disk event content","type":"text","hidden":false,"required":false,"index":false},{"name":"media_name","description":"Disk event media name string","type":"text","hidden":false,"required":false,"index":false},{"name":"vendor","description":"Disk event vendor string","type":"text","hidden":false,"required":false,"index":false},{"name":"filesystem","description":"Filesystem if available","type":"text","hidden":false,"required":false,"index":false},{"name":"checksum","description":"UDIF Master checksum if available (CRC32)","type":"text","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of appearance/disappearance in UNIX time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","hidden":true,"required":false,"index":false}]},{"name":"disk_info","description":"Retrieve basic information about the physical disks of a system.","platforms":["windows"],"columns":[{"name":"partitions","description":"Number of detected partitions on disk.","type":"integer","hidden":false,"required":false,"index":false},{"name":"disk_index","description":"Physical drive number of the disk.","type":"integer","hidden":false,"required":false,"index":false},{"name":"type","description":"The interface type of the disk.","type":"text","hidden":false,"required":false,"index":false},{"name":"id","description":"The unique identifier of the drive on the system.","type":"text","hidden":false,"required":false,"index":false},{"name":"pnp_device_id","description":"The unique identifier of the drive on the system.","type":"text","hidden":false,"required":false,"index":false},{"name":"disk_size","description":"Size of the disk.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"The manufacturer of the disk.","type":"text","hidden":false,"required":false,"index":false},{"name":"hardware_model","description":"Hard drive model.","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"The label of the disk object.","type":"text","hidden":false,"required":false,"index":false},{"name":"serial","description":"The serial number of the disk.","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"The OS's description of the disk.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"dns_cache","description":"Enumerate the DNS cache using the undocumented DnsGetCacheDataTable function in dnsapi.dll.","platforms":["windows"],"columns":[{"name":"name","description":"DNS record name","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"DNS record type","type":"text","hidden":false,"required":false,"index":false},{"name":"flags","description":"DNS record flags","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"dns_resolvers","description":"Resolvers used by this host.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Address type index or order","type":"integer","hidden":false,"required":false,"index":false},{"name":"type","description":"Address type: sortlist, nameserver, search","type":"text","hidden":false,"required":false,"index":false},{"name":"address","description":"Resolver IP/IPv6 address","type":"text","hidden":false,"required":false,"index":false},{"name":"netmask","description":"Address (sortlist) netmask length","type":"text","hidden":false,"required":false,"index":false},{"name":"options","description":"Resolver options","type":"bigint","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","hidden":true,"required":false,"index":false}]},{"name":"docker_container_fs_changes","description":"Changes to files or directories on container's filesystem.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","hidden":false,"required":true,"index":false},{"name":"path","description":"FIle or directory path relative to rootfs","type":"text","hidden":false,"required":false,"index":false},{"name":"change_type","description":"Type of change: C:Modified, A:Added, D:Deleted","type":"text","hidden":false,"required":false,"index":false}]},{"name":"docker_container_labels","description":"Docker container labels.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","hidden":false,"required":false,"index":false},{"name":"key","description":"Label key","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"Optional label value","type":"text","hidden":false,"required":false,"index":false}]},{"name":"docker_container_mounts","description":"Docker container mounts.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of mount (bind, volume)","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"Optional mount name","type":"text","hidden":false,"required":false,"index":false},{"name":"source","description":"Source path on host","type":"text","hidden":false,"required":false,"index":false},{"name":"destination","description":"Destination path inside container","type":"text","hidden":false,"required":false,"index":false},{"name":"driver","description":"Driver providing the mount","type":"text","hidden":false,"required":false,"index":false},{"name":"mode","description":"Mount options (rw, ro)","type":"text","hidden":false,"required":false,"index":false},{"name":"rw","description":"1 if read/write. 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"propagation","description":"Mount propagation","type":"text","hidden":false,"required":false,"index":false}]},{"name":"docker_container_networks","description":"Docker container networks.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"Network name","type":"text","hidden":false,"required":false,"index":false},{"name":"network_id","description":"Network ID","type":"text","hidden":false,"required":false,"index":false},{"name":"endpoint_id","description":"Endpoint ID","type":"text","hidden":false,"required":false,"index":false},{"name":"gateway","description":"Gateway","type":"text","hidden":false,"required":false,"index":false},{"name":"ip_address","description":"IP address","type":"text","hidden":false,"required":false,"index":false},{"name":"ip_prefix_len","description":"IP subnet prefix length","type":"integer","hidden":false,"required":false,"index":false},{"name":"ipv6_gateway","description":"IPv6 gateway","type":"text","hidden":false,"required":false,"index":false},{"name":"ipv6_address","description":"IPv6 address","type":"text","hidden":false,"required":false,"index":false},{"name":"ipv6_prefix_len","description":"IPv6 subnet prefix length","type":"integer","hidden":false,"required":false,"index":false},{"name":"mac_address","description":"MAC address","type":"text","hidden":false,"required":false,"index":false}]},{"name":"docker_container_ports","description":"Docker container ports.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Protocol (tcp, udp)","type":"text","hidden":false,"required":false,"index":false},{"name":"port","description":"Port inside the container","type":"integer","hidden":false,"required":false,"index":false},{"name":"host_ip","description":"Host IP address on which public port is listening","type":"text","hidden":false,"required":false,"index":false},{"name":"host_port","description":"Host port","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"docker_container_processes","description":"Docker container processes.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","hidden":false,"required":true,"index":false},{"name":"pid","description":"Process ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"name","description":"The process path or shorthand argv[0]","type":"text","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Complete argv","type":"text","hidden":false,"required":false,"index":false},{"name":"state","description":"Process state","type":"text","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"euid","description":"Effective user ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"egid","description":"Effective group ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"suid","description":"Saved user ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"sgid","description":"Saved group ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"wired_size","description":"Bytes of unpageable memory used by process","type":"bigint","hidden":false,"required":false,"index":false},{"name":"resident_size","description":"Bytes of private memory used by process","type":"bigint","hidden":false,"required":false,"index":false},{"name":"total_size","description":"Total virtual memory size","type":"bigint","hidden":false,"required":false,"index":false},{"name":"start_time","description":"Process start in seconds since boot (non-sleeping)","type":"bigint","hidden":false,"required":false,"index":false},{"name":"parent","description":"Process parent's PID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"pgroup","description":"Process group","type":"bigint","hidden":false,"required":false,"index":false},{"name":"threads","description":"Number of threads used by process","type":"integer","hidden":false,"required":false,"index":false},{"name":"nice","description":"Process nice level (-20 to 20, default 0)","type":"integer","hidden":false,"required":false,"index":false},{"name":"user","description":"User name","type":"text","hidden":false,"required":false,"index":false},{"name":"time","description":"Cumulative CPU time. [DD-]HH:MM:SS format","type":"text","hidden":false,"required":false,"index":false},{"name":"cpu","description":"CPU utilization as percentage","type":"double","hidden":false,"required":false,"index":false},{"name":"mem","description":"Memory utilization as percentage","type":"double","hidden":false,"required":false,"index":false}]},{"name":"docker_container_stats","description":"Docker container statistics. Queries on this table take at least one second.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","hidden":false,"required":true,"index":false},{"name":"name","description":"Container name","type":"text","hidden":false,"required":false,"index":false},{"name":"pids","description":"Number of processes","type":"integer","hidden":false,"required":false,"index":false},{"name":"read","description":"UNIX time when stats were read","type":"bigint","hidden":false,"required":false,"index":false},{"name":"preread","description":"UNIX time when stats were last read","type":"bigint","hidden":false,"required":false,"index":false},{"name":"interval","description":"Difference between read and preread in nano-seconds","type":"bigint","hidden":false,"required":false,"index":false},{"name":"disk_read","description":"Total disk read bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"disk_write","description":"Total disk write bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"num_procs","description":"Number of processors","type":"integer","hidden":false,"required":false,"index":false},{"name":"cpu_total_usage","description":"Total CPU usage","type":"bigint","hidden":false,"required":false,"index":false},{"name":"cpu_kernelmode_usage","description":"CPU kernel mode usage","type":"bigint","hidden":false,"required":false,"index":false},{"name":"cpu_usermode_usage","description":"CPU user mode usage","type":"bigint","hidden":false,"required":false,"index":false},{"name":"system_cpu_usage","description":"CPU system usage","type":"bigint","hidden":false,"required":false,"index":false},{"name":"online_cpus","description":"Online CPUs","type":"integer","hidden":false,"required":false,"index":false},{"name":"pre_cpu_total_usage","description":"Last read total CPU usage","type":"bigint","hidden":false,"required":false,"index":false},{"name":"pre_cpu_kernelmode_usage","description":"Last read CPU kernel mode usage","type":"bigint","hidden":false,"required":false,"index":false},{"name":"pre_cpu_usermode_usage","description":"Last read CPU user mode usage","type":"bigint","hidden":false,"required":false,"index":false},{"name":"pre_system_cpu_usage","description":"Last read CPU system usage","type":"bigint","hidden":false,"required":false,"index":false},{"name":"pre_online_cpus","description":"Last read online CPUs","type":"integer","hidden":false,"required":false,"index":false},{"name":"memory_usage","description":"Memory usage","type":"bigint","hidden":false,"required":false,"index":false},{"name":"memory_max_usage","description":"Memory maximum usage","type":"bigint","hidden":false,"required":false,"index":false},{"name":"memory_limit","description":"Memory limit","type":"bigint","hidden":false,"required":false,"index":false},{"name":"network_rx_bytes","description":"Total network bytes read","type":"bigint","hidden":false,"required":false,"index":false},{"name":"network_tx_bytes","description":"Total network bytes transmitted","type":"bigint","hidden":false,"required":false,"index":false}]},{"name":"docker_containers","description":"Docker containers information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"Container name","type":"text","hidden":false,"required":false,"index":false},{"name":"image","description":"Docker image (name) used to launch this container","type":"text","hidden":false,"required":false,"index":false},{"name":"image_id","description":"Docker image ID","type":"text","hidden":false,"required":false,"index":false},{"name":"command","description":"Command with arguments","type":"text","hidden":false,"required":false,"index":false},{"name":"created","description":"Time of creation as UNIX time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"state","description":"Container state (created, restarting, running, removing, paused, exited, dead)","type":"text","hidden":false,"required":false,"index":false},{"name":"status","description":"Container status information","type":"text","hidden":false,"required":false,"index":false},{"name":"pid","description":"Identifier of the initial process","type":"bigint","hidden":false,"required":false,"index":false},{"name":"path","description":"Container path","type":"text","hidden":false,"required":false,"index":false},{"name":"config_entrypoint","description":"Container entrypoint(s)","type":"text","hidden":false,"required":false,"index":false},{"name":"started_at","description":"Container start time as string","type":"text","hidden":false,"required":false,"index":false},{"name":"finished_at","description":"Container finish time as string","type":"text","hidden":false,"required":false,"index":false},{"name":"privileged","description":"Is the container privileged","type":"integer","hidden":false,"required":false,"index":false},{"name":"security_options","description":"List of container security options","type":"text","hidden":false,"required":false,"index":false},{"name":"env_variables","description":"Container environmental variables","type":"text","hidden":false,"required":false,"index":false},{"name":"readonly_rootfs","description":"Is the root filesystem mounted as read only","type":"integer","hidden":false,"required":false,"index":false},{"name":"cgroup_namespace","description":"cgroup namespace","type":"text","hidden":true,"required":false,"index":false},{"name":"ipc_namespace","description":"IPC namespace","type":"text","hidden":true,"required":false,"index":false},{"name":"mnt_namespace","description":"Mount namespace","type":"text","hidden":true,"required":false,"index":false},{"name":"net_namespace","description":"Network namespace","type":"text","hidden":true,"required":false,"index":false},{"name":"pid_namespace","description":"PID namespace","type":"text","hidden":true,"required":false,"index":false},{"name":"user_namespace","description":"User namespace","type":"text","hidden":true,"required":false,"index":false},{"name":"uts_namespace","description":"UTS namespace","type":"text","hidden":true,"required":false,"index":false}]},{"name":"docker_image_history","description":"Docker image history information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Image ID","type":"text","hidden":false,"required":false,"index":false},{"name":"created","description":"Time of creation as UNIX time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of instruction in bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"created_by","description":"Created by instruction","type":"text","hidden":false,"required":false,"index":false},{"name":"tags","description":"Comma-separated list of tags","type":"text","hidden":false,"required":false,"index":false},{"name":"comment","description":"Instruction comment","type":"text","hidden":false,"required":false,"index":false}]},{"name":"docker_image_labels","description":"Docker image labels.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Image ID","type":"text","hidden":false,"required":false,"index":false},{"name":"key","description":"Label key","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"Optional label value","type":"text","hidden":false,"required":false,"index":false}]},{"name":"docker_image_layers","description":"Docker image layers information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Image ID","type":"text","hidden":false,"required":false,"index":false},{"name":"layer_id","description":"Layer ID","type":"text","hidden":false,"required":false,"index":false},{"name":"layer_order","description":"Layer Order (1 = base layer)","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"docker_images","description":"Docker images information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Image ID","type":"text","hidden":false,"required":false,"index":false},{"name":"created","description":"Time of creation as UNIX time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"size_bytes","description":"Size of image in bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"tags","description":"Comma-separated list of repository tags","type":"text","hidden":false,"required":false,"index":false}]},{"name":"docker_info","description":"Docker system information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Docker system ID","type":"text","hidden":false,"required":false,"index":false},{"name":"containers","description":"Total number of containers","type":"integer","hidden":false,"required":false,"index":false},{"name":"containers_running","description":"Number of containers currently running","type":"integer","hidden":false,"required":false,"index":false},{"name":"containers_paused","description":"Number of containers in paused state","type":"integer","hidden":false,"required":false,"index":false},{"name":"containers_stopped","description":"Number of containers in stopped state","type":"integer","hidden":false,"required":false,"index":false},{"name":"images","description":"Number of images","type":"integer","hidden":false,"required":false,"index":false},{"name":"storage_driver","description":"Storage driver","type":"text","hidden":false,"required":false,"index":false},{"name":"memory_limit","description":"1 if memory limit support is enabled. 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"swap_limit","description":"1 if swap limit support is enabled. 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"kernel_memory","description":"1 if kernel memory limit support is enabled. 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"cpu_cfs_period","description":"1 if CPU Completely Fair Scheduler (CFS) period support is enabled. 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"cpu_cfs_quota","description":"1 if CPU Completely Fair Scheduler (CFS) quota support is enabled. 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"cpu_shares","description":"1 if CPU share weighting support is enabled. 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"cpu_set","description":"1 if CPU set selection support is enabled. 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"ipv4_forwarding","description":"1 if IPv4 forwarding is enabled. 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"bridge_nf_iptables","description":"1 if bridge netfilter iptables is enabled. 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"bridge_nf_ip6tables","description":"1 if bridge netfilter ip6tables is enabled. 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"oom_kill_disable","description":"1 if Out-of-memory kill is disabled. 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"logging_driver","description":"Logging driver","type":"text","hidden":false,"required":false,"index":false},{"name":"cgroup_driver","description":"Control groups driver","type":"text","hidden":false,"required":false,"index":false},{"name":"kernel_version","description":"Kernel version","type":"text","hidden":false,"required":false,"index":false},{"name":"os","description":"Operating system","type":"text","hidden":false,"required":false,"index":false},{"name":"os_type","description":"Operating system type","type":"text","hidden":false,"required":false,"index":false},{"name":"architecture","description":"Hardware architecture","type":"text","hidden":false,"required":false,"index":false},{"name":"cpus","description":"Number of CPUs","type":"integer","hidden":false,"required":false,"index":false},{"name":"memory","description":"Total memory","type":"bigint","hidden":false,"required":false,"index":false},{"name":"http_proxy","description":"HTTP proxy","type":"text","hidden":false,"required":false,"index":false},{"name":"https_proxy","description":"HTTPS proxy","type":"text","hidden":false,"required":false,"index":false},{"name":"no_proxy","description":"Comma-separated list of domain extensions proxy should not be used for","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of the docker host","type":"text","hidden":false,"required":false,"index":false},{"name":"server_version","description":"Server version","type":"text","hidden":false,"required":false,"index":false},{"name":"root_dir","description":"Docker root directory","type":"text","hidden":false,"required":false,"index":false}]},{"name":"docker_network_labels","description":"Docker network labels.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Network ID","type":"text","hidden":false,"required":false,"index":false},{"name":"key","description":"Label key","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"Optional label value","type":"text","hidden":false,"required":false,"index":false}]},{"name":"docker_networks","description":"Docker networks information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Network ID","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"Network name","type":"text","hidden":false,"required":false,"index":false},{"name":"driver","description":"Network driver","type":"text","hidden":false,"required":false,"index":false},{"name":"created","description":"Time of creation as UNIX time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"enable_ipv6","description":"1 if IPv6 is enabled on this network. 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"subnet","description":"Network subnet","type":"text","hidden":false,"required":false,"index":false},{"name":"gateway","description":"Network gateway","type":"text","hidden":false,"required":false,"index":false}]},{"name":"docker_version","description":"Docker version information.","platforms":["darwin","linux"],"columns":[{"name":"version","description":"Docker version","type":"text","hidden":false,"required":false,"index":false},{"name":"api_version","description":"API version","type":"text","hidden":false,"required":false,"index":false},{"name":"min_api_version","description":"Minimum API version supported","type":"text","hidden":false,"required":false,"index":false},{"name":"git_commit","description":"Docker build git commit","type":"text","hidden":false,"required":false,"index":false},{"name":"go_version","description":"Go version","type":"text","hidden":false,"required":false,"index":false},{"name":"os","description":"Operating system","type":"text","hidden":false,"required":false,"index":false},{"name":"arch","description":"Hardware architecture","type":"text","hidden":false,"required":false,"index":false},{"name":"kernel_version","description":"Kernel version","type":"text","hidden":false,"required":false,"index":false},{"name":"build_time","description":"Build time","type":"text","hidden":false,"required":false,"index":false}]},{"name":"docker_volume_labels","description":"Docker volume labels.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Volume name","type":"text","hidden":false,"required":false,"index":false},{"name":"key","description":"Label key","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"Optional label value","type":"text","hidden":false,"required":false,"index":false}]},{"name":"docker_volumes","description":"Docker volumes information.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Volume name","type":"text","hidden":false,"required":false,"index":false},{"name":"driver","description":"Volume driver","type":"text","hidden":false,"required":false,"index":false},{"name":"mount_point","description":"Mount point","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Volume type","type":"text","hidden":false,"required":false,"index":false}]},{"name":"drivers","description":"Details for in-use Windows device drivers. This does not display installed but unused drivers.","platforms":["windows"],"columns":[{"name":"device_id","description":"Device ID","type":"text","hidden":false,"required":false,"index":false},{"name":"device_name","description":"Device name","type":"text","hidden":false,"required":false,"index":false},{"name":"image","description":"Path to driver image file","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"Driver description","type":"text","hidden":false,"required":false,"index":false},{"name":"service","description":"Driver service name, if one exists","type":"text","hidden":false,"required":false,"index":false},{"name":"service_key","description":"Driver service registry key","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Driver version","type":"text","hidden":false,"required":false,"index":false},{"name":"inf","description":"Associated inf file","type":"text","hidden":false,"required":false,"index":false},{"name":"class","description":"Device/driver class name","type":"text","hidden":false,"required":false,"index":false},{"name":"provider","description":"Driver provider","type":"text","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"Device manufacturer","type":"text","hidden":false,"required":false,"index":false},{"name":"driver_key","description":"Driver key","type":"text","hidden":false,"required":false,"index":false},{"name":"date","description":"Driver date","type":"bigint","hidden":false,"required":false,"index":false},{"name":"signed","description":"Whether the driver is signed or not","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"ec2_instance_metadata","description":"EC2 instance metadata.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"instance_id","description":"EC2 instance ID","type":"text","hidden":false,"required":false,"index":false},{"name":"instance_type","description":"EC2 instance type","type":"text","hidden":false,"required":false,"index":false},{"name":"architecture","description":"Hardware architecture of this EC2 instance","type":"text","hidden":false,"required":false,"index":false},{"name":"region","description":"AWS region in which this instance launched","type":"text","hidden":false,"required":false,"index":false},{"name":"availability_zone","description":"Availability zone in which this instance launched","type":"text","hidden":false,"required":false,"index":false},{"name":"local_hostname","description":"Private IPv4 DNS hostname of the first interface of this instance","type":"text","hidden":false,"required":false,"index":false},{"name":"local_ipv4","description":"Private IPv4 address of the first interface of this instance","type":"text","hidden":false,"required":false,"index":false},{"name":"mac","description":"MAC address for the first network interface of this EC2 instance","type":"text","hidden":false,"required":false,"index":false},{"name":"security_groups","description":"Comma separated list of security group names","type":"text","hidden":false,"required":false,"index":false},{"name":"iam_arn","description":"If there is an IAM role associated with the instance, contains instance profile ARN","type":"text","hidden":false,"required":false,"index":false},{"name":"ami_id","description":"AMI ID used to launch this EC2 instance","type":"text","hidden":false,"required":false,"index":false},{"name":"reservation_id","description":"ID of the reservation","type":"text","hidden":false,"required":false,"index":false},{"name":"account_id","description":"AWS account ID which owns this EC2 instance","type":"text","hidden":false,"required":false,"index":false},{"name":"ssh_public_key","description":"SSH public key. Only available if supplied at instance launch time","type":"text","hidden":false,"required":false,"index":false}]},{"name":"ec2_instance_tags","description":"EC2 instance tag key value pairs.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"instance_id","description":"EC2 instance ID","type":"text","hidden":false,"required":false,"index":false},{"name":"key","description":"Tag key","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"Tag value","type":"text","hidden":false,"required":false,"index":false}]},{"name":"elf_dynamic","description":"ELF dynamic section information.","platforms":["linux"],"columns":[{"name":"tag","description":"Tag ID","type":"integer","hidden":false,"required":false,"index":false},{"name":"value","description":"Tag value","type":"integer","hidden":false,"required":false,"index":false},{"name":"class","description":"Class (32 or 64)","type":"integer","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to ELF file","type":"text","hidden":false,"required":true,"index":false}]},{"name":"elf_info","description":"ELF file information.","platforms":["linux"],"columns":[{"name":"class","description":"Class type, 32 or 64bit","type":"text","hidden":false,"required":false,"index":false},{"name":"abi","description":"Section type","type":"text","hidden":false,"required":false,"index":false},{"name":"abi_version","description":"Section virtual address in memory","type":"integer","hidden":false,"required":false,"index":false},{"name":"type","description":"Offset of section in file","type":"text","hidden":false,"required":false,"index":false},{"name":"machine","description":"Machine type","type":"integer","hidden":false,"required":false,"index":false},{"name":"version","description":"Object file version","type":"integer","hidden":false,"required":false,"index":false},{"name":"entry","description":"Entry point address","type":"bigint","hidden":false,"required":false,"index":false},{"name":"flags","description":"ELF header flags","type":"integer","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to ELF file","type":"text","hidden":false,"required":true,"index":false}]},{"name":"elf_sections","description":"ELF section information.","platforms":["linux"],"columns":[{"name":"name","description":"Section name","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Section type","type":"integer","hidden":false,"required":false,"index":false},{"name":"vaddr","description":"Section virtual address in memory","type":"integer","hidden":false,"required":false,"index":false},{"name":"offset","description":"Offset of section in file","type":"integer","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of section","type":"integer","hidden":false,"required":false,"index":false},{"name":"flags","description":"Section attributes","type":"text","hidden":false,"required":false,"index":false},{"name":"link","description":"Link to other section","type":"text","hidden":false,"required":false,"index":false},{"name":"align","description":"Segment alignment","type":"integer","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to ELF file","type":"text","hidden":false,"required":true,"index":false}]},{"name":"elf_segments","description":"ELF segment information.","platforms":["linux"],"columns":[{"name":"name","description":"Segment type/name","type":"text","hidden":false,"required":false,"index":false},{"name":"offset","description":"Segment offset in file","type":"integer","hidden":false,"required":false,"index":false},{"name":"vaddr","description":"Segment virtual address in memory","type":"integer","hidden":false,"required":false,"index":false},{"name":"psize","description":"Size of segment in file","type":"integer","hidden":false,"required":false,"index":false},{"name":"msize","description":"Segment offset in memory","type":"integer","hidden":false,"required":false,"index":false},{"name":"flags","description":"Segment attributes","type":"text","hidden":false,"required":false,"index":false},{"name":"align","description":"Segment alignment","type":"integer","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to ELF file","type":"text","hidden":false,"required":true,"index":false}]},{"name":"elf_symbols","description":"ELF symbol list.","platforms":["linux"],"columns":[{"name":"name","description":"Symbol name","type":"text","hidden":false,"required":false,"index":false},{"name":"addr","description":"Symbol address (value)","type":"integer","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of object","type":"integer","hidden":false,"required":false,"index":false},{"name":"type","description":"Symbol type","type":"text","hidden":false,"required":false,"index":false},{"name":"binding","description":"Binding type","type":"text","hidden":false,"required":false,"index":false},{"name":"offset","description":"Section table index","type":"integer","hidden":false,"required":false,"index":false},{"name":"table","description":"Table name containing symbol","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to ELF file","type":"text","hidden":false,"required":true,"index":false}]},{"name":"es_process_events","description":"Process execution events from EndpointSecurity.","platforms":["darwin"],"columns":[{"name":"version","description":"Version of EndpointSecurity event","type":"integer","hidden":false,"required":false,"index":false},{"name":"seq_num","description":"Per event sequence number","type":"bigint","hidden":false,"required":false,"index":false},{"name":"global_seq_num","description":"Global sequence number","type":"bigint","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed file","type":"text","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent process ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"original_parent","description":"Original parent process ID in case of reparenting","type":"bigint","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Command line arguments (argv)","type":"text","hidden":false,"required":false,"index":false},{"name":"cmdline_count","description":"Number of command line arguments","type":"bigint","hidden":false,"required":false,"index":false},{"name":"env","description":"Environment variables delimited by spaces","type":"text","hidden":false,"required":false,"index":false},{"name":"env_count","description":"Number of environment variables","type":"bigint","hidden":false,"required":false,"index":false},{"name":"cwd","description":"The process current working directory","type":"text","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID of the process","type":"bigint","hidden":false,"required":false,"index":false},{"name":"euid","description":"Effective User ID of the process","type":"bigint","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID of the process","type":"bigint","hidden":false,"required":false,"index":false},{"name":"egid","description":"Effective Group ID of the process","type":"bigint","hidden":false,"required":false,"index":false},{"name":"username","description":"Username","type":"text","hidden":false,"required":false,"index":false},{"name":"signing_id","description":"Signature identifier of the process","type":"text","hidden":false,"required":false,"index":false},{"name":"team_id","description":"Team identifier of thd process","type":"text","hidden":false,"required":false,"index":false},{"name":"cdhash","description":"Codesigning hash of the process","type":"text","hidden":false,"required":false,"index":false},{"name":"platform_binary","description":"Indicates if the binary is Apple signed binary (1) or not (0)","type":"integer","hidden":false,"required":false,"index":false},{"name":"exit_code","description":"Exit code of a process in case of an exit event","type":"integer","hidden":false,"required":false,"index":false},{"name":"child_pid","description":"Process ID of a child process in case of a fork event","type":"bigint","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"event_type","description":"Type of EndpointSecurity event","type":"text","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","hidden":true,"required":false,"index":false}]},{"name":"etc_hosts","description":"Line-parsed /etc/hosts.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"address","description":"IP address mapping","type":"text","hidden":false,"required":false,"index":false},{"name":"hostnames","description":"Raw hosts mapping","type":"text","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","hidden":true,"required":false,"index":false}]},{"name":"etc_protocols","description":"Line-parsed /etc/protocols.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"name","description":"Protocol name","type":"text","hidden":false,"required":false,"index":false},{"name":"number","description":"Protocol number","type":"integer","hidden":false,"required":false,"index":false},{"name":"alias","description":"Protocol alias","type":"text","hidden":false,"required":false,"index":false},{"name":"comment","description":"Comment with protocol description","type":"text","hidden":false,"required":false,"index":false}]},{"name":"etc_services","description":"Line-parsed /etc/services.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"name","description":"Service name","type":"text","hidden":false,"required":false,"index":false},{"name":"port","description":"Service port number","type":"integer","hidden":false,"required":false,"index":false},{"name":"protocol","description":"Transport protocol (TCP/UDP)","type":"text","hidden":false,"required":false,"index":false},{"name":"aliases","description":"Optional space separated list of other names for a service","type":"text","hidden":false,"required":false,"index":false},{"name":"comment","description":"Optional comment for a service.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"event_taps","description":"Returns information about installed event taps.","platforms":["darwin"],"columns":[{"name":"enabled","description":"Is the Event Tap enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"event_tap_id","description":"Unique ID for the Tap","type":"integer","hidden":false,"required":false,"index":false},{"name":"event_tapped","description":"The mask that identifies the set of events to be observed.","type":"text","hidden":false,"required":false,"index":false},{"name":"process_being_tapped","description":"The process ID of the target application","type":"integer","hidden":false,"required":false,"index":false},{"name":"tapping_process","description":"The process ID of the application that created the event tap.","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"example","description":"This is an example table spec.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"name","description":"Description for name column","type":"text","hidden":false,"required":false,"index":false},{"name":"points","description":"This is a signed SQLite int column","type":"integer","hidden":false,"required":false,"index":false},{"name":"size","description":"This is a signed SQLite bigint column","type":"bigint","hidden":false,"required":false,"index":false},{"name":"action","description":"Action performed in generation","type":"text","hidden":false,"required":true,"index":false},{"name":"id","description":"An index of some sort","type":"integer","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of example","type":"text","hidden":false,"required":false,"index":false}]},{"name":"extended_attributes","description":"Returns the extended attributes for files (similar to Windows ADS).","platforms":["darwin","linux"],"columns":[{"name":"path","description":"Absolute file path","type":"text","hidden":false,"required":true,"index":false},{"name":"directory","description":"Directory of file(s)","type":"text","hidden":false,"required":true,"index":false},{"name":"key","description":"Name of the value generated from the extended attribute","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"The parsed information from the attribute","type":"text","hidden":false,"required":false,"index":false},{"name":"base64","description":"1 if the value is base64 encoded else 0","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"fan_speed_sensors","description":"Fan speeds.","platforms":["darwin"],"columns":[{"name":"fan","description":"Fan number","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"Fan name","type":"text","hidden":false,"required":false,"index":false},{"name":"actual","description":"Actual speed","type":"integer","hidden":false,"required":false,"index":false},{"name":"min","description":"Minimum speed","type":"integer","hidden":false,"required":false,"index":false},{"name":"max","description":"Maximum speed","type":"integer","hidden":false,"required":false,"index":false},{"name":"target","description":"Target speed","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"fbsd_kmods","description":"Loaded FreeBSD kernel modules.","platforms":["freebsd"],"columns":[{"name":"name","description":"Module name","type":"text","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of module content","type":"integer","hidden":false,"required":false,"index":false},{"name":"refs","description":"Module reverse dependencies","type":"integer","hidden":false,"required":false,"index":false},{"name":"address","description":"Kernel module address","type":"text","hidden":false,"required":false,"index":false}]},{"name":"file","description":"Interactive filesystem attributes and metadata.","platforms":["darwin","linux","freebsd","windows"],"columns":[{"name":"path","description":"Absolute file path","type":"text","hidden":false,"required":true,"index":false},{"name":"directory","description":"Directory of file(s)","type":"text","hidden":false,"required":true,"index":false},{"name":"filename","description":"Name portion of file path","type":"text","hidden":false,"required":false,"index":false},{"name":"inode","description":"Filesystem inode number","type":"bigint","hidden":false,"required":false,"index":false},{"name":"uid","description":"Owning user ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"gid","description":"Owning group ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"mode","description":"Permission bits","type":"text","hidden":false,"required":false,"index":false},{"name":"device","description":"Device ID (optional)","type":"bigint","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of file in bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"block_size","description":"Block size of filesystem","type":"integer","hidden":false,"required":false,"index":false},{"name":"atime","description":"Last access time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"mtime","description":"Last modification time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"ctime","description":"Last status change time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"btime","description":"(B)irth or (cr)eate time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"hard_links","description":"Number of hard links","type":"integer","hidden":false,"required":false,"index":false},{"name":"symlink","description":"1 if the path is a symlink, otherwise 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"type","description":"File status","type":"text","hidden":false,"required":false,"index":false},{"name":"attributes","description":"File attrib string. See: https://ss64.com/nt/attrib.html","type":"text","hidden":true,"required":false,"index":false},{"name":"volume_serial","description":"Volume serial number","type":"text","hidden":true,"required":false,"index":false},{"name":"file_id","description":"file ID","type":"text","hidden":true,"required":false,"index":false},{"name":"file_version","description":"File version","type":"text","hidden":true,"required":false,"index":false},{"name":"product_version","description":"File product version","type":"text","hidden":true,"required":false,"index":false},{"name":"bsd_flags","description":"The BSD file flags (chflags). Possible values: NODUMP, UF_IMMUTABLE, UF_APPEND, OPAQUE, HIDDEN, ARCHIVED, SF_IMMUTABLE, SF_APPEND","type":"text","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","hidden":true,"required":false,"index":false},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","hidden":true,"required":false,"index":false}]},{"name":"file_events","description":"Track time/action changes to files specified in configuration data.","platforms":["darwin","linux"],"columns":[{"name":"target_path","description":"The path associated with the event","type":"text","hidden":false,"required":false,"index":false},{"name":"category","description":"The category of the file defined in the config","type":"text","hidden":false,"required":false,"index":false},{"name":"action","description":"Change action (UPDATE, REMOVE, etc)","type":"text","hidden":false,"required":false,"index":false},{"name":"transaction_id","description":"ID used during bulk update","type":"bigint","hidden":false,"required":false,"index":false},{"name":"inode","description":"Filesystem inode number","type":"bigint","hidden":false,"required":false,"index":false},{"name":"uid","description":"Owning user ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"gid","description":"Owning group ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"mode","description":"Permission bits","type":"text","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of file in bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"atime","description":"Last access time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"mtime","description":"Last modification time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"ctime","description":"Last status change time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"md5","description":"The MD5 of the file after change","type":"text","hidden":false,"required":false,"index":false},{"name":"sha1","description":"The SHA1 of the file after change","type":"text","hidden":false,"required":false,"index":false},{"name":"sha256","description":"The SHA256 of the file after change","type":"text","hidden":false,"required":false,"index":false},{"name":"hashed","description":"1 if the file was hashed, 0 if not, -1 if hashing failed","type":"integer","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of file event","type":"bigint","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","hidden":true,"required":false,"index":false}]},{"name":"firefox_addons","description":"Firefox browser extensions, webapps, and addons.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"uid","description":"The local user that owns the addon","type":"bigint","hidden":false,"required":false,"index":false},{"name":"name","description":"Addon display name","type":"text","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Addon identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"creator","description":"Addon-supported creator string","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Extension, addon, webapp","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Addon-supplied version string","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"Addon-supplied description string","type":"text","hidden":false,"required":false,"index":false},{"name":"source_url","description":"URL that installed the addon","type":"text","hidden":false,"required":false,"index":false},{"name":"visible","description":"1 If the addon is shown in browser else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"active","description":"1 If the addon is active else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"disabled","description":"1 If the addon is application-disabled else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"autoupdate","description":"1 If the addon applies background updates else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"native","description":"1 If the addon includes binary components else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"location","description":"Global, profile location","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to plugin bundle","type":"text","hidden":false,"required":false,"index":false}]},{"name":"gatekeeper","description":"OS X Gatekeeper Details.","platforms":["darwin"],"columns":[{"name":"assessments_enabled","description":"1 If a Gatekeeper is enabled else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"dev_id_enabled","description":"1 If a Gatekeeper allows execution from identified developers else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"version","description":"Version of Gatekeeper's gke.bundle","type":"text","hidden":false,"required":false,"index":false},{"name":"opaque_version","description":"Version of Gatekeeper's gkopaque.bundle","type":"text","hidden":false,"required":false,"index":false}]},{"name":"gatekeeper_approved_apps","description":"Gatekeeper apps a user has allowed to run.","platforms":["darwin"],"columns":[{"name":"path","description":"Path of executable allowed to run","type":"text","hidden":false,"required":false,"index":false},{"name":"requirement","description":"Code signing requirement language","type":"text","hidden":false,"required":false,"index":false},{"name":"ctime","description":"Last change time","type":"double","hidden":false,"required":false,"index":false},{"name":"mtime","description":"Last modification time","type":"double","hidden":false,"required":false,"index":false}]},{"name":"groups","description":"Local system groups.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"gid","description":"Unsigned int64 group ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"gid_signed","description":"A signed int64 version of gid","type":"bigint","hidden":false,"required":false,"index":false},{"name":"groupname","description":"Canonical local group name","type":"text","hidden":false,"required":false,"index":false},{"name":"group_sid","description":"Unique group ID","type":"text","hidden":true,"required":false,"index":false},{"name":"comment","description":"Remarks or comments associated with the group","type":"text","hidden":true,"required":false,"index":false},{"name":"is_hidden","description":"IsHidden attribute set in OpenDirectory","type":"integer","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","hidden":true,"required":false,"index":false}]},{"name":"hardware_events","description":"Hardware (PCI/USB/HID) events from UDEV or IOKit.","platforms":["darwin","linux"],"columns":[{"name":"action","description":"Remove, insert, change properties, etc","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Local device path assigned (optional)","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of hardware and hardware event","type":"text","hidden":false,"required":false,"index":false},{"name":"driver","description":"Driver claiming the device","type":"text","hidden":false,"required":false,"index":false},{"name":"vendor","description":"Hardware device vendor","type":"text","hidden":false,"required":false,"index":false},{"name":"vendor_id","description":"Hex encoded Hardware vendor identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"model","description":"Hardware device model","type":"text","hidden":false,"required":false,"index":false},{"name":"model_id","description":"Hex encoded Hardware model identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"serial","description":"Device serial (optional)","type":"text","hidden":false,"required":false,"index":false},{"name":"revision","description":"Device revision (optional)","type":"text","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of hardware event","type":"bigint","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","hidden":true,"required":false,"index":false}]},{"name":"hash","description":"Filesystem hash data.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"path","description":"Must provide a path or directory","type":"text","hidden":false,"required":true,"index":false},{"name":"directory","description":"Must provide a path or directory","type":"text","hidden":false,"required":true,"index":false},{"name":"md5","description":"MD5 hash of provided filesystem data","type":"text","hidden":false,"required":false,"index":false},{"name":"sha1","description":"SHA1 hash of provided filesystem data","type":"text","hidden":false,"required":false,"index":false},{"name":"sha256","description":"SHA256 hash of provided filesystem data","type":"text","hidden":false,"required":false,"index":false},{"name":"ssdeep","description":"ssdeep hash of provided filesystem data","type":"text","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","hidden":true,"required":false,"index":false},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","hidden":true,"required":false,"index":false}]},{"name":"homebrew_packages","description":"The installed homebrew package database.","platforms":["darwin"],"columns":[{"name":"name","description":"Package name","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Package install path","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Current 'linked' version","type":"text","hidden":false,"required":false,"index":false},{"name":"prefix","description":"Homebrew install prefix","type":"text","hidden":true,"required":false,"index":false}]},{"name":"hvci_status","description":"Retrieve HVCI info of the machine.","platforms":["windows"],"columns":[{"name":"version","description":"The version number of the Device Guard build.","type":"text","hidden":false,"required":false,"index":false},{"name":"instance_identifier","description":"The instance ID of Device Guard.","type":"text","hidden":false,"required":false,"index":false},{"name":"vbs_status","description":"The status of the virtualization based security settings. Returns UNKNOWN if an error is encountered.","type":"text","hidden":false,"required":false,"index":false},{"name":"code_integrity_policy_enforcement_status","description":"The status of the code integrity policy enforcement settings. Returns UNKNOWN if an error is encountered.","type":"text","hidden":false,"required":false,"index":false},{"name":"umci_policy_status","description":"The status of the User Mode Code Integrity security settings. Returns UNKNOWN if an error is encountered.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"ibridge_info","description":"Information about the Apple iBridge hardware controller.","platforms":["darwin"],"columns":[{"name":"boot_uuid","description":"Boot UUID of the iBridge controller","type":"text","hidden":false,"required":false,"index":false},{"name":"coprocessor_version","description":"The manufacturer and chip version","type":"text","hidden":false,"required":false,"index":false},{"name":"firmware_version","description":"The build version of the firmware","type":"text","hidden":false,"required":false,"index":false},{"name":"unique_chip_id","description":"Unique id of the iBridge controller","type":"text","hidden":false,"required":false,"index":false}]},{"name":"ie_extensions","description":"Internet Explorer browser extensions.","platforms":["windows"],"columns":[{"name":"name","description":"Extension display name","type":"text","hidden":false,"required":false,"index":false},{"name":"registry_path","description":"Extension identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Version of the executable","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to executable","type":"text","hidden":false,"required":false,"index":false}]},{"name":"intel_me_info","description":"Intel ME/CSE Info.","platforms":["darwin","linux","freebsd","windows"],"columns":[{"name":"version","description":"Intel ME version","type":"text","hidden":false,"required":false,"index":false}]},{"name":"interface_addresses","description":"Network interfaces and relevant metadata.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"interface","description":"Interface name","type":"text","hidden":false,"required":false,"index":false},{"name":"address","description":"Specific address for interface","type":"text","hidden":false,"required":false,"index":false},{"name":"mask","description":"Interface netmask","type":"text","hidden":false,"required":false,"index":false},{"name":"broadcast","description":"Broadcast address for the interface","type":"text","hidden":false,"required":false,"index":false},{"name":"point_to_point","description":"PtP address for the interface","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of address. One of dhcp, manual, auto, other, unknown","type":"text","hidden":false,"required":false,"index":false},{"name":"friendly_name","description":"The friendly display name of the interface.","type":"text","hidden":true,"required":false,"index":false}]},{"name":"interface_details","description":"Detailed information and stats of network interfaces.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"interface","description":"Interface name","type":"text","hidden":false,"required":false,"index":false},{"name":"mac","description":"MAC of interface (optional)","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Interface type (includes virtual)","type":"integer","hidden":false,"required":false,"index":false},{"name":"mtu","description":"Network MTU","type":"integer","hidden":false,"required":false,"index":false},{"name":"metric","description":"Metric based on the speed of the interface","type":"integer","hidden":false,"required":false,"index":false},{"name":"flags","description":"Flags (netdevice) for the device","type":"integer","hidden":false,"required":false,"index":false},{"name":"ipackets","description":"Input packets","type":"bigint","hidden":false,"required":false,"index":false},{"name":"opackets","description":"Output packets","type":"bigint","hidden":false,"required":false,"index":false},{"name":"ibytes","description":"Input bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"obytes","description":"Output bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"ierrors","description":"Input errors","type":"bigint","hidden":false,"required":false,"index":false},{"name":"oerrors","description":"Output errors","type":"bigint","hidden":false,"required":false,"index":false},{"name":"idrops","description":"Input drops","type":"bigint","hidden":false,"required":false,"index":false},{"name":"odrops","description":"Output drops","type":"bigint","hidden":false,"required":false,"index":false},{"name":"collisions","description":"Packet Collisions detected","type":"bigint","hidden":false,"required":false,"index":false},{"name":"last_change","description":"Time of last device modification (optional)","type":"bigint","hidden":false,"required":false,"index":false},{"name":"link_speed","description":"Interface speed in Mb/s","type":"bigint","hidden":false,"required":false,"index":false},{"name":"pci_slot","description":"PCI slot number","type":"text","hidden":true,"required":false,"index":false},{"name":"friendly_name","description":"The friendly display name of the interface.","type":"text","hidden":true,"required":false,"index":false},{"name":"description","description":"Short description of the object a one-line string.","type":"text","hidden":true,"required":false,"index":false},{"name":"manufacturer","description":"Name of the network adapter's manufacturer.","type":"text","hidden":true,"required":false,"index":false},{"name":"connection_id","description":"Name of the network connection as it appears in the Network Connections Control Panel program.","type":"text","hidden":true,"required":false,"index":false},{"name":"connection_status","description":"State of the network adapter connection to the network.","type":"text","hidden":true,"required":false,"index":false},{"name":"enabled","description":"Indicates whether the adapter is enabled or not.","type":"integer","hidden":true,"required":false,"index":false},{"name":"physical_adapter","description":"Indicates whether the adapter is a physical or a logical adapter.","type":"integer","hidden":true,"required":false,"index":false},{"name":"speed","description":"Estimate of the current bandwidth in bits per second.","type":"integer","hidden":true,"required":false,"index":false},{"name":"service","description":"The name of the service the network adapter uses.","type":"text","hidden":true,"required":false,"index":false},{"name":"dhcp_enabled","description":"If TRUE, the dynamic host configuration protocol (DHCP) server automatically assigns an IP address to the computer system when establishing a network connection.","type":"integer","hidden":true,"required":false,"index":false},{"name":"dhcp_lease_expires","description":"Expiration date and time for a leased IP address that was assigned to the computer by the dynamic host configuration protocol (DHCP) server.","type":"text","hidden":true,"required":false,"index":false},{"name":"dhcp_lease_obtained","description":"Date and time the lease was obtained for the IP address assigned to the computer by the dynamic host configuration protocol (DHCP) server.","type":"text","hidden":true,"required":false,"index":false},{"name":"dhcp_server","description":"IP address of the dynamic host configuration protocol (DHCP) server.","type":"text","hidden":true,"required":false,"index":false},{"name":"dns_domain","description":"Organization name followed by a period and an extension that indicates the type of organization, such as 'microsoft.com'.","type":"text","hidden":true,"required":false,"index":false},{"name":"dns_domain_suffix_search_order","description":"Array of DNS domain suffixes to be appended to the end of host names during name resolution.","type":"text","hidden":true,"required":false,"index":false},{"name":"dns_host_name","description":"Host name used to identify the local computer for authentication by some utilities.","type":"text","hidden":true,"required":false,"index":false},{"name":"dns_server_search_order","description":"Array of server IP addresses to be used in querying for DNS servers.","type":"text","hidden":true,"required":false,"index":false}]},{"name":"interface_ipv6","description":"IPv6 configuration and stats of network interfaces.","platforms":["darwin","linux"],"columns":[{"name":"interface","description":"Interface name","type":"text","hidden":false,"required":false,"index":false},{"name":"hop_limit","description":"Current Hop Limit","type":"integer","hidden":false,"required":false,"index":false},{"name":"forwarding_enabled","description":"Enable IP forwarding","type":"integer","hidden":false,"required":false,"index":false},{"name":"redirect_accept","description":"Accept ICMP redirect messages","type":"integer","hidden":false,"required":false,"index":false},{"name":"rtadv_accept","description":"Accept ICMP Router Advertisement","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"iokit_devicetree","description":"The IOKit registry matching the DeviceTree plane.","platforms":["darwin"],"columns":[{"name":"name","description":"Device node name","type":"text","hidden":false,"required":false,"index":false},{"name":"class","description":"Best matching device class (most-specific category)","type":"text","hidden":false,"required":false,"index":false},{"name":"id","description":"IOKit internal registry ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent device registry ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"device_path","description":"Device tree path","type":"text","hidden":false,"required":false,"index":false},{"name":"service","description":"1 if the device conforms to IOService else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"busy_state","description":"1 if the device is in a busy state else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"retain_count","description":"The device reference count","type":"integer","hidden":false,"required":false,"index":false},{"name":"depth","description":"Device nested depth","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"iokit_registry","description":"The full IOKit registry without selecting a plane.","platforms":["darwin"],"columns":[{"name":"name","description":"Default name of the node","type":"text","hidden":false,"required":false,"index":false},{"name":"class","description":"Best matching device class (most-specific category)","type":"text","hidden":false,"required":false,"index":false},{"name":"id","description":"IOKit internal registry ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent registry ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"busy_state","description":"1 if the node is in a busy state else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"retain_count","description":"The node reference count","type":"integer","hidden":false,"required":false,"index":false},{"name":"depth","description":"Node nested depth","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"iptables","description":"Linux IP packet filtering and NAT tool.","platforms":["linux"],"columns":[{"name":"filter_name","description":"Packet matching filter table name.","type":"text","hidden":false,"required":false,"index":false},{"name":"chain","description":"Size of module content.","type":"text","hidden":false,"required":false,"index":false},{"name":"policy","description":"Policy that applies for this rule.","type":"text","hidden":false,"required":false,"index":false},{"name":"target","description":"Target that applies for this rule.","type":"text","hidden":false,"required":false,"index":false},{"name":"protocol","description":"Protocol number identification.","type":"integer","hidden":false,"required":false,"index":false},{"name":"src_port","description":"Protocol source port(s).","type":"text","hidden":false,"required":false,"index":false},{"name":"dst_port","description":"Protocol destination port(s).","type":"text","hidden":false,"required":false,"index":false},{"name":"src_ip","description":"Source IP address.","type":"text","hidden":false,"required":false,"index":false},{"name":"src_mask","description":"Source IP address mask.","type":"text","hidden":false,"required":false,"index":false},{"name":"iniface","description":"Input interface for the rule.","type":"text","hidden":false,"required":false,"index":false},{"name":"iniface_mask","description":"Input interface mask for the rule.","type":"text","hidden":false,"required":false,"index":false},{"name":"dst_ip","description":"Destination IP address.","type":"text","hidden":false,"required":false,"index":false},{"name":"dst_mask","description":"Destination IP address mask.","type":"text","hidden":false,"required":false,"index":false},{"name":"outiface","description":"Output interface for the rule.","type":"text","hidden":false,"required":false,"index":false},{"name":"outiface_mask","description":"Output interface mask for the rule.","type":"text","hidden":false,"required":false,"index":false},{"name":"match","description":"Matching rule that applies.","type":"text","hidden":false,"required":false,"index":false},{"name":"packets","description":"Number of matching packets for this rule.","type":"integer","hidden":false,"required":false,"index":false},{"name":"bytes","description":"Number of matching bytes for this rule.","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"kernel_extensions","description":"OS X's kernel extensions, both loaded and within the load search path.","platforms":["darwin"],"columns":[{"name":"idx","description":"Extension load tag or index","type":"integer","hidden":false,"required":false,"index":false},{"name":"refs","description":"Reference count","type":"integer","hidden":false,"required":false,"index":false},{"name":"size","description":"Bytes of wired memory used by extension","type":"bigint","hidden":false,"required":false,"index":false},{"name":"name","description":"Extension label","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension version","type":"text","hidden":false,"required":false,"index":false},{"name":"linked_against","description":"Indexes of extensions this extension is linked against","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Optional path to extension bundle","type":"text","hidden":false,"required":false,"index":false}]},{"name":"kernel_info","description":"Basic active kernel information.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"version","description":"Kernel version","type":"text","hidden":false,"required":false,"index":false},{"name":"arguments","description":"Kernel arguments","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Kernel path","type":"text","hidden":false,"required":false,"index":false},{"name":"device","description":"Kernel device identifier","type":"text","hidden":false,"required":false,"index":false}]},{"name":"kernel_modules","description":"Linux kernel modules both loaded and within the load search path.","platforms":["linux"],"columns":[{"name":"name","description":"Module name","type":"text","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of module content","type":"bigint","hidden":false,"required":false,"index":false},{"name":"used_by","description":"Module reverse dependencies","type":"text","hidden":false,"required":false,"index":false},{"name":"status","description":"Kernel module status","type":"text","hidden":false,"required":false,"index":false},{"name":"address","description":"Kernel module address","type":"text","hidden":false,"required":false,"index":false}]},{"name":"kernel_panics","description":"System kernel panic logs.","platforms":["darwin"],"columns":[{"name":"path","description":"Location of log file","type":"text","hidden":false,"required":false,"index":false},{"name":"time","description":"Formatted time of the event","type":"text","hidden":false,"required":false,"index":false},{"name":"registers","description":"A space delimited line of register:value pairs","type":"text","hidden":false,"required":false,"index":false},{"name":"frame_backtrace","description":"Backtrace of the crashed module","type":"text","hidden":false,"required":false,"index":false},{"name":"module_backtrace","description":"Modules appearing in the crashed module's backtrace","type":"text","hidden":false,"required":false,"index":false},{"name":"dependencies","description":"Module dependencies existing in crashed module's backtrace","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"Process name corresponding to crashed thread","type":"text","hidden":false,"required":false,"index":false},{"name":"os_version","description":"Version of the operating system","type":"text","hidden":false,"required":false,"index":false},{"name":"kernel_version","description":"Version of the system kernel","type":"text","hidden":false,"required":false,"index":false},{"name":"system_model","description":"Physical system model, for example 'MacBookPro12,1 (Mac-E43C1C25D4880AD6)'","type":"text","hidden":false,"required":false,"index":false},{"name":"uptime","description":"System uptime at kernel panic in nanoseconds","type":"bigint","hidden":false,"required":false,"index":false},{"name":"last_loaded","description":"Last loaded module before panic","type":"text","hidden":false,"required":false,"index":false},{"name":"last_unloaded","description":"Last unloaded module before panic","type":"text","hidden":false,"required":false,"index":false}]},{"name":"keychain_acls","description":"Applications that have ACL entries in the keychain.","platforms":["darwin"],"columns":[{"name":"keychain_path","description":"The path of the keychain","type":"text","hidden":false,"required":false,"index":false},{"name":"authorizations","description":"A space delimited set of authorization attributes","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"The path of the authorized application","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"The description included with the ACL entry","type":"text","hidden":false,"required":false,"index":false},{"name":"label","description":"An optional label tag that may be included with the keychain entry","type":"text","hidden":false,"required":false,"index":false}]},{"name":"keychain_items","description":"Generic details about keychain items.","platforms":["darwin"],"columns":[{"name":"label","description":"Generic item name","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"Optional item description","type":"text","hidden":false,"required":false,"index":false},{"name":"comment","description":"Optional keychain comment","type":"text","hidden":false,"required":false,"index":false},{"name":"created","description":"Data item was created","type":"text","hidden":false,"required":false,"index":false},{"name":"modified","description":"Date of last modification","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Keychain item type (class)","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to keychain containing item","type":"text","hidden":false,"required":false,"index":false}]},{"name":"known_hosts","description":"A line-delimited known_hosts table.","platforms":["darwin","linux"],"columns":[{"name":"uid","description":"The local user that owns the known_hosts file","type":"bigint","hidden":false,"required":false,"index":false},{"name":"key","description":"parsed authorized keys line","type":"text","hidden":false,"required":false,"index":false},{"name":"key_file","description":"Path to known_hosts file","type":"text","hidden":false,"required":false,"index":false}]},{"name":"kva_speculative_info","description":"Display kernel virtual address and speculative execution information for the system.","platforms":["windows"],"columns":[{"name":"kva_shadow_enabled","description":"Kernel Virtual Address shadowing is enabled.","type":"integer","hidden":false,"required":false,"index":false},{"name":"kva_shadow_user_global","description":"User pages are marked as global.","type":"integer","hidden":false,"required":false,"index":false},{"name":"kva_shadow_pcid","description":"Kernel VA PCID flushing optimization is enabled.","type":"integer","hidden":false,"required":false,"index":false},{"name":"kva_shadow_inv_pcid","description":"Kernel VA INVPCID is enabled.","type":"integer","hidden":false,"required":false,"index":false},{"name":"bp_mitigations","description":"Branch Prediction mitigations are enabled.","type":"integer","hidden":false,"required":false,"index":false},{"name":"bp_system_pol_disabled","description":"Branch Predictions are disabled via system policy.","type":"integer","hidden":false,"required":false,"index":false},{"name":"bp_microcode_disabled","description":"Branch Predictions are disabled due to lack of microcode update.","type":"integer","hidden":false,"required":false,"index":false},{"name":"cpu_spec_ctrl_supported","description":"SPEC_CTRL MSR supported by CPU Microcode.","type":"integer","hidden":false,"required":false,"index":false},{"name":"ibrs_support_enabled","description":"Windows uses IBRS.","type":"integer","hidden":false,"required":false,"index":false},{"name":"stibp_support_enabled","description":"Windows uses STIBP.","type":"integer","hidden":false,"required":false,"index":false},{"name":"cpu_pred_cmd_supported","description":"PRED_CMD MSR supported by CPU Microcode.","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"last","description":"System logins and logouts.","platforms":["darwin","linux"],"columns":[{"name":"username","description":"Entry username","type":"text","hidden":false,"required":false,"index":false},{"name":"tty","description":"Entry terminal","type":"text","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"integer","hidden":false,"required":false,"index":false},{"name":"type","description":"Entry type, according to ut_type types (utmp.h)","type":"integer","hidden":false,"required":false,"index":false},{"name":"type_name","description":"Entry type name, according to ut_type types (utmp.h)","type":"text","hidden":false,"required":false,"index":false},{"name":"time","description":"Entry timestamp","type":"integer","hidden":false,"required":false,"index":false},{"name":"host","description":"Entry hostname","type":"text","hidden":false,"required":false,"index":false}]},{"name":"launchd","description":"LaunchAgents and LaunchDaemons from default search paths.","platforms":["darwin"],"columns":[{"name":"path","description":"Path to daemon or agent plist","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"File name of plist (used by launchd)","type":"text","hidden":false,"required":false,"index":false},{"name":"label","description":"Daemon or agent service name","type":"text","hidden":false,"required":false,"index":false},{"name":"program","description":"Path to target program","type":"text","hidden":false,"required":false,"index":false},{"name":"run_at_load","description":"Should the program run on launch load","type":"text","hidden":false,"required":false,"index":false},{"name":"keep_alive","description":"Should the process be restarted if killed","type":"text","hidden":false,"required":false,"index":false},{"name":"on_demand","description":"Deprecated key, replaced by keep_alive","type":"text","hidden":false,"required":false,"index":false},{"name":"disabled","description":"Skip loading this daemon or agent on boot","type":"text","hidden":false,"required":false,"index":false},{"name":"username","description":"Run this daemon or agent as this username","type":"text","hidden":false,"required":false,"index":false},{"name":"groupname","description":"Run this daemon or agent as this group","type":"text","hidden":false,"required":false,"index":false},{"name":"stdout_path","description":"Pipe stdout to a target path","type":"text","hidden":false,"required":false,"index":false},{"name":"stderr_path","description":"Pipe stderr to a target path","type":"text","hidden":false,"required":false,"index":false},{"name":"start_interval","description":"Frequency to run in seconds","type":"text","hidden":false,"required":false,"index":false},{"name":"program_arguments","description":"Command line arguments passed to program","type":"text","hidden":false,"required":false,"index":false},{"name":"watch_paths","description":"Key that launches daemon or agent if path is modified","type":"text","hidden":false,"required":false,"index":false},{"name":"queue_directories","description":"Similar to watch_paths but only with non-empty directories","type":"text","hidden":false,"required":false,"index":false},{"name":"inetd_compatibility","description":"Run this daemon or agent as it was launched from inetd","type":"text","hidden":false,"required":false,"index":false},{"name":"start_on_mount","description":"Run daemon or agent every time a filesystem is mounted","type":"text","hidden":false,"required":false,"index":false},{"name":"root_directory","description":"Key used to specify a directory to chroot to before launch","type":"text","hidden":false,"required":false,"index":false},{"name":"working_directory","description":"Key used to specify a directory to chdir to before launch","type":"text","hidden":false,"required":false,"index":false},{"name":"process_type","description":"Key describes the intended purpose of the job","type":"text","hidden":false,"required":false,"index":false}]},{"name":"launchd_overrides","description":"Override keys, per user, for LaunchDaemons and Agents.","platforms":["darwin"],"columns":[{"name":"label","description":"Daemon or agent service name","type":"text","hidden":false,"required":false,"index":false},{"name":"key","description":"Name of the override key","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"Overridden value","type":"text","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID applied to the override, 0 applies to all","type":"bigint","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to daemon or agent plist","type":"text","hidden":false,"required":false,"index":false}]},{"name":"listening_ports","description":"Processes with listening (bound) network sockets/ports.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"integer","hidden":false,"required":false,"index":false},{"name":"port","description":"Transport layer port","type":"integer","hidden":false,"required":false,"index":false},{"name":"protocol","description":"Transport protocol (TCP/UDP)","type":"integer","hidden":false,"required":false,"index":false},{"name":"family","description":"Network protocol (IPv4, IPv6)","type":"integer","hidden":false,"required":false,"index":false},{"name":"address","description":"Specific address for bind","type":"text","hidden":false,"required":false,"index":false},{"name":"fd","description":"Socket file descriptor number","type":"bigint","hidden":false,"required":false,"index":false},{"name":"socket","description":"Socket handle or inode number","type":"bigint","hidden":false,"required":false,"index":false},{"name":"path","description":"Path for UNIX domain sockets","type":"text","hidden":false,"required":false,"index":false},{"name":"net_namespace","description":"The inode number of the network namespace","type":"text","hidden":true,"required":false,"index":false}]},{"name":"lldp_neighbors","description":"LLDP neighbors of interfaces.","platforms":["linux"],"columns":[{"name":"interface","description":"Interface name","type":"text","hidden":false,"required":false,"index":false},{"name":"rid","description":"Neighbor chassis index","type":"integer","hidden":false,"required":false,"index":false},{"name":"chassis_id_type","description":"Neighbor chassis ID type","type":"text","hidden":false,"required":false,"index":false},{"name":"chassis_id","description":"Neighbor chassis ID value","type":"text","hidden":false,"required":false,"index":false},{"name":"chassis_sysname","description":"CPU brand string, contains vendor and model","type":"text","hidden":false,"required":false,"index":false},{"name":"chassis_sys_description","description":"Max number of CPU physical cores","type":"integer","hidden":false,"required":false,"index":false},{"name":"chassis_bridge_capability_available","description":"Chassis bridge capability availability","type":"integer","hidden":false,"required":false,"index":false},{"name":"chassis_bridge_capability_enabled","description":"Is chassis bridge capability enabled.","type":"integer","hidden":false,"required":false,"index":false},{"name":"chassis_router_capability_available","description":"Chassis router capability availability","type":"integer","hidden":false,"required":false,"index":false},{"name":"chassis_router_capability_enabled","description":"Chassis router capability enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"chassis_repeater_capability_available","description":"Chassis repeater capability availability","type":"integer","hidden":false,"required":false,"index":false},{"name":"chassis_repeater_capability_enabled","description":"Chassis repeater capability enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"chassis_wlan_capability_available","description":"Chassis wlan capability availability","type":"integer","hidden":false,"required":false,"index":false},{"name":"chassis_wlan_capability_enabled","description":"Chassis wlan capability enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"chassis_tel_capability_available","description":"Chassis telephone capability availability","type":"integer","hidden":false,"required":false,"index":false},{"name":"chassis_tel_capability_enabled","description":"Chassis telephone capability enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"chassis_docsis_capability_available","description":"Chassis DOCSIS capability availability","type":"integer","hidden":false,"required":false,"index":false},{"name":"chassis_docsis_capability_enabled","description":"Chassis DOCSIS capability enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"chassis_station_capability_available","description":"Chassis station capability availability","type":"integer","hidden":false,"required":false,"index":false},{"name":"chassis_station_capability_enabled","description":"Chassis station capability enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"chassis_other_capability_available","description":"Chassis other capability availability","type":"integer","hidden":false,"required":false,"index":false},{"name":"chassis_other_capability_enabled","description":"Chassis other capability enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"chassis_mgmt_ips","description":"Comma delimited list of chassis management IPS","type":"text","hidden":false,"required":false,"index":false},{"name":"port_id_type","description":"Port ID type","type":"text","hidden":false,"required":false,"index":false},{"name":"port_id","description":"Port ID value","type":"text","hidden":false,"required":false,"index":false},{"name":"port_description","description":"Port description","type":"text","hidden":false,"required":false,"index":false},{"name":"port_ttl","description":"Age of neighbor port","type":"bigint","hidden":false,"required":false,"index":false},{"name":"port_mfs","description":"Port max frame size","type":"bigint","hidden":false,"required":false,"index":false},{"name":"port_aggregation_id","description":"Port aggregation ID","type":"text","hidden":false,"required":false,"index":false},{"name":"port_autoneg_supported","description":"Auto negotiation supported","type":"integer","hidden":false,"required":false,"index":false},{"name":"port_autoneg_enabled","description":"Is auto negotiation enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"port_mau_type","description":"MAU type","type":"text","hidden":false,"required":false,"index":false},{"name":"port_autoneg_10baset_hd_enabled","description":"10Base-T HD auto negotiation enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"port_autoneg_10baset_fd_enabled","description":"10Base-T FD auto negotiation enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"port_autoneg_100basetx_hd_enabled","description":"100Base-TX HD auto negotiation enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"port_autoneg_100basetx_fd_enabled","description":"100Base-TX FD auto negotiation enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"port_autoneg_100baset2_hd_enabled","description":"100Base-T2 HD auto negotiation enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"port_autoneg_100baset2_fd_enabled","description":"100Base-T2 FD auto negotiation enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"port_autoneg_100baset4_hd_enabled","description":"100Base-T4 HD auto negotiation enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"port_autoneg_100baset4_fd_enabled","description":"100Base-T4 FD auto negotiation enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"port_autoneg_1000basex_hd_enabled","description":"1000Base-X HD auto negotiation enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"port_autoneg_1000basex_fd_enabled","description":"1000Base-X FD auto negotiation enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"port_autoneg_1000baset_hd_enabled","description":"1000Base-T HD auto negotiation enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"port_autoneg_1000baset_fd_enabled","description":"1000Base-T FD auto negotiation enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"power_device_type","description":"Dot3 power device type","type":"text","hidden":false,"required":false,"index":false},{"name":"power_mdi_supported","description":"MDI power supported","type":"integer","hidden":false,"required":false,"index":false},{"name":"power_mdi_enabled","description":"Is MDI power enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"power_paircontrol_enabled","description":"Is power pair control enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"power_pairs","description":"Dot3 power pairs","type":"text","hidden":false,"required":false,"index":false},{"name":"power_class","description":"Power class","type":"text","hidden":false,"required":false,"index":false},{"name":"power_8023at_enabled","description":"Is 802.3at enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"power_8023at_power_type","description":"802.3at power type","type":"text","hidden":false,"required":false,"index":false},{"name":"power_8023at_power_source","description":"802.3at power source","type":"text","hidden":false,"required":false,"index":false},{"name":"power_8023at_power_priority","description":"802.3at power priority","type":"text","hidden":false,"required":false,"index":false},{"name":"power_8023at_power_allocated","description":"802.3at power allocated","type":"text","hidden":false,"required":false,"index":false},{"name":"power_8023at_power_requested","description":"802.3at power requested","type":"text","hidden":false,"required":false,"index":false},{"name":"med_device_type","description":"Chassis MED type","type":"text","hidden":false,"required":false,"index":false},{"name":"med_capability_capabilities","description":"Is MED capabilities enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"med_capability_policy","description":"Is MED policy capability enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"med_capability_location","description":"Is MED location capability enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"med_capability_mdi_pse","description":"Is MED MDI PSE capability enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"med_capability_mdi_pd","description":"Is MED MDI PD capability enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"med_capability_inventory","description":"Is MED inventory capability enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"med_policies","description":"Comma delimited list of MED policies","type":"text","hidden":false,"required":false,"index":false},{"name":"vlans","description":"Comma delimited list of vlan ids","type":"text","hidden":false,"required":false,"index":false},{"name":"pvid","description":"Primary VLAN id","type":"text","hidden":false,"required":false,"index":false},{"name":"ppvids_supported","description":"Comma delimited list of supported PPVIDs","type":"text","hidden":false,"required":false,"index":false},{"name":"ppvids_enabled","description":"Comma delimited list of enabled PPVIDs","type":"text","hidden":false,"required":false,"index":false},{"name":"pids","description":"Comma delimited list of PIDs","type":"text","hidden":false,"required":false,"index":false}]},{"name":"load_average","description":"Displays information about the system wide load averages.","platforms":["darwin","linux"],"columns":[{"name":"period","description":"Period over which the average is calculated.","type":"text","hidden":false,"required":false,"index":false},{"name":"average","description":"Load average over the specified period.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"location_services","description":"Reports the status of the Location Services feature of the OS.","platforms":["darwin"],"columns":[{"name":"enabled","description":"1 if Location Services are enabled, else 0","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"logged_in_users","description":"Users with an active shell on the system.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"type","description":"Login type","type":"text","hidden":false,"required":false,"index":false},{"name":"user","description":"User login name","type":"text","hidden":false,"required":false,"index":false},{"name":"tty","description":"Device name","type":"text","hidden":false,"required":false,"index":false},{"name":"host","description":"Remote hostname","type":"text","hidden":false,"required":false,"index":false},{"name":"time","description":"Time entry was made","type":"bigint","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"integer","hidden":false,"required":false,"index":false},{"name":"sid","description":"The user's unique security identifier","type":"text","hidden":true,"required":false,"index":false},{"name":"registry_hive","description":"HKEY_USERS registry hive","type":"text","hidden":true,"required":false,"index":false}]},{"name":"logical_drives","description":"Details for logical drives on the system. A logical drive generally represents a single partition.","platforms":["windows"],"columns":[{"name":"device_id","description":"The drive id, usually the drive name, e.g., 'C:'.","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Deprecated (always 'Unknown').","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"The canonical description of the drive, e.g. 'Logical Fixed Disk', 'CD-ROM Disk'.","type":"text","hidden":false,"required":false,"index":false},{"name":"free_space","description":"The amount of free space, in bytes, of the drive (-1 on failure).","type":"bigint","hidden":false,"required":false,"index":false},{"name":"size","description":"The total amount of space, in bytes, of the drive (-1 on failure).","type":"bigint","hidden":false,"required":false,"index":false},{"name":"file_system","description":"The file system of the drive.","type":"text","hidden":false,"required":false,"index":false},{"name":"boot_partition","description":"True if Windows booted from this drive.","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"logon_sessions","description":"Windows Logon Session.","platforms":["windows"],"columns":[{"name":"logon_id","description":"A locally unique identifier (LUID) that identifies a logon session.","type":"integer","hidden":false,"required":false,"index":false},{"name":"user","description":"The account name of the security principal that owns the logon session.","type":"text","hidden":false,"required":false,"index":false},{"name":"logon_domain","description":"The name of the domain used to authenticate the owner of the logon session.","type":"text","hidden":false,"required":false,"index":false},{"name":"authentication_package","description":"The authentication package used to authenticate the owner of the logon session.","type":"text","hidden":false,"required":false,"index":false},{"name":"logon_type","description":"The logon method.","type":"text","hidden":false,"required":false,"index":false},{"name":"session_id","description":"The Terminal Services session identifier.","type":"integer","hidden":false,"required":false,"index":false},{"name":"logon_sid","description":"The user's security identifier (SID).","type":"text","hidden":false,"required":false,"index":false},{"name":"logon_time","description":"The time the session owner logged on.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"logon_server","description":"The name of the server used to authenticate the owner of the logon session.","type":"text","hidden":false,"required":false,"index":false},{"name":"dns_domain_name","description":"The DNS name for the owner of the logon session.","type":"text","hidden":false,"required":false,"index":false},{"name":"upn","description":"The user principal name (UPN) for the owner of the logon session.","type":"text","hidden":false,"required":false,"index":false},{"name":"logon_script","description":"The script used for logging on.","type":"text","hidden":false,"required":false,"index":false},{"name":"profile_path","description":"The home directory for the logon session.","type":"text","hidden":false,"required":false,"index":false},{"name":"home_directory","description":"The home directory for the logon session.","type":"text","hidden":false,"required":false,"index":false},{"name":"home_directory_drive","description":"The drive location of the home directory of the logon session.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"lxd_certificates","description":"LXD certificates information.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Name of the certificate","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of the certificate","type":"text","hidden":false,"required":false,"index":false},{"name":"fingerprint","description":"SHA256 hash of the certificate","type":"text","hidden":false,"required":false,"index":false},{"name":"certificate","description":"Certificate content","type":"text","hidden":false,"required":false,"index":false}]},{"name":"lxd_cluster","description":"LXD cluster information.","platforms":["darwin","linux"],"columns":[{"name":"server_name","description":"Name of the LXD server node","type":"text","hidden":false,"required":false,"index":false},{"name":"enabled","description":"Whether clustering enabled (1) or not (0) on this node","type":"integer","hidden":false,"required":false,"index":false},{"name":"member_config_entity","description":"Type of configuration parameter for this node","type":"text","hidden":false,"required":false,"index":false},{"name":"member_config_name","description":"Name of configuration parameter","type":"text","hidden":false,"required":false,"index":false},{"name":"member_config_key","description":"Config key","type":"text","hidden":false,"required":false,"index":false},{"name":"member_config_value","description":"Config value","type":"text","hidden":false,"required":false,"index":false},{"name":"member_config_description","description":"Config description","type":"text","hidden":false,"required":false,"index":false}]},{"name":"lxd_cluster_members","description":"LXD cluster members information.","platforms":["darwin","linux"],"columns":[{"name":"server_name","description":"Name of the LXD server node","type":"text","hidden":false,"required":false,"index":false},{"name":"url","description":"URL of the node","type":"text","hidden":false,"required":false,"index":false},{"name":"database","description":"Whether the server is a database node (1) or not (0)","type":"integer","hidden":false,"required":false,"index":false},{"name":"status","description":"Status of the node (Online/Offline)","type":"text","hidden":false,"required":false,"index":false},{"name":"message","description":"Message from the node (Online/Offline)","type":"text","hidden":false,"required":false,"index":false}]},{"name":"lxd_images","description":"LXD images information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Image ID","type":"text","hidden":false,"required":false,"index":false},{"name":"architecture","description":"Target architecture for the image","type":"text","hidden":false,"required":false,"index":false},{"name":"os","description":"OS on which image is based","type":"text","hidden":false,"required":false,"index":false},{"name":"release","description":"OS release version on which the image is based","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"Image description","type":"text","hidden":false,"required":false,"index":false},{"name":"aliases","description":"Comma-separated list of image aliases","type":"text","hidden":false,"required":false,"index":false},{"name":"filename","description":"Filename of the image file","type":"text","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of image in bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"auto_update","description":"Whether the image auto-updates (1) or not (0)","type":"integer","hidden":false,"required":false,"index":false},{"name":"cached","description":"Whether image is cached (1) or not (0)","type":"integer","hidden":false,"required":false,"index":false},{"name":"public","description":"Whether image is public (1) or not (0)","type":"integer","hidden":false,"required":false,"index":false},{"name":"created_at","description":"ISO time of image creation","type":"text","hidden":false,"required":false,"index":false},{"name":"expires_at","description":"ISO time of image expiration","type":"text","hidden":false,"required":false,"index":false},{"name":"uploaded_at","description":"ISO time of image upload","type":"text","hidden":false,"required":false,"index":false},{"name":"last_used_at","description":"ISO time for the most recent use of this image in terms of container spawn","type":"text","hidden":false,"required":false,"index":false},{"name":"update_source_server","description":"Server for image update","type":"text","hidden":false,"required":false,"index":false},{"name":"update_source_protocol","description":"Protocol used for image information update and image import from source server","type":"text","hidden":false,"required":false,"index":false},{"name":"update_source_certificate","description":"Certificate for update source server","type":"text","hidden":false,"required":false,"index":false},{"name":"update_source_alias","description":"Alias of image at update source server","type":"text","hidden":false,"required":false,"index":false}]},{"name":"lxd_instance_config","description":"LXD instance configuration information.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Instance name","type":"text","hidden":false,"required":true,"index":false},{"name":"key","description":"Configuration parameter name","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"Configuration parameter value","type":"text","hidden":false,"required":false,"index":false}]},{"name":"lxd_instance_devices","description":"LXD instance devices information.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Instance name","type":"text","hidden":false,"required":true,"index":false},{"name":"device","description":"Name of the device","type":"text","hidden":false,"required":false,"index":false},{"name":"device_type","description":"Device type","type":"text","hidden":false,"required":false,"index":false},{"name":"key","description":"Device info param name","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"Device info param value","type":"text","hidden":false,"required":false,"index":false}]},{"name":"lxd_instances","description":"LXD instances information.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Instance name","type":"text","hidden":false,"required":false,"index":false},{"name":"status","description":"Instance state (running, stopped, etc.)","type":"text","hidden":false,"required":false,"index":false},{"name":"stateful","description":"Whether the instance is stateful(1) or not(0)","type":"integer","hidden":false,"required":false,"index":false},{"name":"ephemeral","description":"Whether the instance is ephemeral(1) or not(0)","type":"integer","hidden":false,"required":false,"index":false},{"name":"created_at","description":"ISO time of creation","type":"text","hidden":false,"required":false,"index":false},{"name":"base_image","description":"ID of image used to launch this instance","type":"text","hidden":false,"required":false,"index":false},{"name":"architecture","description":"Instance architecture","type":"text","hidden":false,"required":false,"index":false},{"name":"os","description":"The OS of this instance","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"Instance description","type":"text","hidden":false,"required":false,"index":false},{"name":"pid","description":"Instance's process ID","type":"integer","hidden":false,"required":false,"index":false},{"name":"processes","description":"Number of processes running inside this instance","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"lxd_networks","description":"LXD network information.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Name of the network","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of network","type":"text","hidden":false,"required":false,"index":false},{"name":"managed","description":"1 if network created by LXD, 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"ipv4_address","description":"IPv4 address","type":"text","hidden":false,"required":false,"index":false},{"name":"ipv6_address","description":"IPv6 address","type":"text","hidden":false,"required":false,"index":false},{"name":"used_by","description":"URLs for containers using this network","type":"text","hidden":false,"required":false,"index":false},{"name":"bytes_received","description":"Number of bytes received on this network","type":"bigint","hidden":false,"required":false,"index":false},{"name":"bytes_sent","description":"Number of bytes sent on this network","type":"bigint","hidden":false,"required":false,"index":false},{"name":"packets_received","description":"Number of packets received on this network","type":"bigint","hidden":false,"required":false,"index":false},{"name":"packets_sent","description":"Number of packets sent on this network","type":"bigint","hidden":false,"required":false,"index":false},{"name":"hwaddr","description":"Hardware address for this network","type":"text","hidden":false,"required":false,"index":false},{"name":"state","description":"Network status","type":"text","hidden":false,"required":false,"index":false},{"name":"mtu","description":"MTU size","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"lxd_storage_pools","description":"LXD storage pool information.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Name of the storage pool","type":"text","hidden":false,"required":false,"index":false},{"name":"driver","description":"Storage driver","type":"text","hidden":false,"required":false,"index":false},{"name":"source","description":"Storage pool source","type":"text","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of the storage pool","type":"text","hidden":false,"required":false,"index":false},{"name":"space_used","description":"Storage space used in bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"space_total","description":"Total available storage space in bytes for this storage pool","type":"bigint","hidden":false,"required":false,"index":false},{"name":"inodes_used","description":"Number of inodes used","type":"bigint","hidden":false,"required":false,"index":false},{"name":"inodes_total","description":"Total number of inodes available in this storage pool","type":"bigint","hidden":false,"required":false,"index":false}]},{"name":"magic","description":"Magic number recognition library table.","platforms":["darwin","linux"],"columns":[{"name":"path","description":"Absolute path to target file","type":"text","hidden":false,"required":true,"index":false},{"name":"magic_db_files","description":"Colon(:) separated list of files where the magic db file can be found. By default one of the following is used: /usr/share/file/magic/magic, /usr/share/misc/magic or /usr/share/misc/magic.mgc","type":"text","hidden":false,"required":false,"index":false},{"name":"data","description":"Magic number data from libmagic","type":"text","hidden":false,"required":false,"index":false},{"name":"mime_type","description":"MIME type data from libmagic","type":"text","hidden":false,"required":false,"index":false},{"name":"mime_encoding","description":"MIME encoding data from libmagic","type":"text","hidden":false,"required":false,"index":false}]},{"name":"managed_policies","description":"The managed configuration policies from AD, MDM, MCX, etc.","platforms":["darwin"],"columns":[{"name":"domain","description":"System or manager-chosen domain key","type":"text","hidden":false,"required":false,"index":false},{"name":"uuid","description":"Optional UUID assigned to policy set","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"Policy key name","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"Policy value","type":"text","hidden":false,"required":false,"index":false},{"name":"username","description":"Policy applies only this user","type":"text","hidden":false,"required":false,"index":false},{"name":"manual","description":"1 if policy was loaded manually, otherwise 0","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"md_devices","description":"Software RAID array settings.","platforms":["linux"],"columns":[{"name":"device_name","description":"md device name","type":"text","hidden":false,"required":false,"index":false},{"name":"status","description":"Current state of the array","type":"text","hidden":false,"required":false,"index":false},{"name":"raid_level","description":"Current raid level of the array","type":"integer","hidden":false,"required":false,"index":false},{"name":"size","description":"size of the array in blocks","type":"bigint","hidden":false,"required":false,"index":false},{"name":"chunk_size","description":"chunk size in bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"raid_disks","description":"Number of configured RAID disks in array","type":"integer","hidden":false,"required":false,"index":false},{"name":"nr_raid_disks","description":"Number of partitions or disk devices to comprise the array","type":"integer","hidden":false,"required":false,"index":false},{"name":"working_disks","description":"Number of working disks in array","type":"integer","hidden":false,"required":false,"index":false},{"name":"active_disks","description":"Number of active disks in array","type":"integer","hidden":false,"required":false,"index":false},{"name":"failed_disks","description":"Number of failed disks in array","type":"integer","hidden":false,"required":false,"index":false},{"name":"spare_disks","description":"Number of idle disks in array","type":"integer","hidden":false,"required":false,"index":false},{"name":"superblock_state","description":"State of the superblock","type":"text","hidden":false,"required":false,"index":false},{"name":"superblock_version","description":"Version of the superblock","type":"text","hidden":false,"required":false,"index":false},{"name":"superblock_update_time","description":"Unix timestamp of last update","type":"bigint","hidden":false,"required":false,"index":false},{"name":"bitmap_on_mem","description":"Pages allocated in in-memory bitmap, if enabled","type":"text","hidden":false,"required":false,"index":false},{"name":"bitmap_chunk_size","description":"Bitmap chunk size","type":"text","hidden":false,"required":false,"index":false},{"name":"bitmap_external_file","description":"External referenced bitmap file","type":"text","hidden":false,"required":false,"index":false},{"name":"recovery_progress","description":"Progress of the recovery activity","type":"text","hidden":false,"required":false,"index":false},{"name":"recovery_finish","description":"Estimated duration of recovery activity","type":"text","hidden":false,"required":false,"index":false},{"name":"recovery_speed","description":"Speed of recovery activity","type":"text","hidden":false,"required":false,"index":false},{"name":"resync_progress","description":"Progress of the resync activity","type":"text","hidden":false,"required":false,"index":false},{"name":"resync_finish","description":"Estimated duration of resync activity","type":"text","hidden":false,"required":false,"index":false},{"name":"resync_speed","description":"Speed of resync activity","type":"text","hidden":false,"required":false,"index":false},{"name":"reshape_progress","description":"Progress of the reshape activity","type":"text","hidden":false,"required":false,"index":false},{"name":"reshape_finish","description":"Estimated duration of reshape activity","type":"text","hidden":false,"required":false,"index":false},{"name":"reshape_speed","description":"Speed of reshape activity","type":"text","hidden":false,"required":false,"index":false},{"name":"check_array_progress","description":"Progress of the check array activity","type":"text","hidden":false,"required":false,"index":false},{"name":"check_array_finish","description":"Estimated duration of the check array activity","type":"text","hidden":false,"required":false,"index":false},{"name":"check_array_speed","description":"Speed of the check array activity","type":"text","hidden":false,"required":false,"index":false},{"name":"unused_devices","description":"Unused devices","type":"text","hidden":false,"required":false,"index":false},{"name":"other","description":"Other information associated with array from /proc/mdstat","type":"text","hidden":false,"required":false,"index":false}]},{"name":"md_drives","description":"Drive devices used for Software RAID.","platforms":["linux"],"columns":[{"name":"md_device_name","description":"md device name","type":"text","hidden":false,"required":false,"index":false},{"name":"drive_name","description":"Drive device name","type":"text","hidden":false,"required":false,"index":false},{"name":"slot","description":"Slot position of disk","type":"integer","hidden":false,"required":false,"index":false},{"name":"state","description":"State of the drive","type":"text","hidden":false,"required":false,"index":false}]},{"name":"md_personalities","description":"Software RAID setting supported by the kernel.","platforms":["linux"],"columns":[{"name":"name","description":"Name of personality supported by kernel","type":"text","hidden":false,"required":false,"index":false}]},{"name":"mdfind","description":"Run searches against the spotlight database.","platforms":["darwin"],"columns":[{"name":"path","description":"Path of the file returned from spotlight","type":"text","hidden":false,"required":false,"index":false},{"name":"query","description":"The query that was run to find the file","type":"text","hidden":false,"required":true,"index":false}]},{"name":"mdls","description":"Query file metadata in the Spotlight database.","platforms":["darwin"],"columns":[{"name":"path","description":"Path of the file","type":"text","hidden":false,"required":true,"index":false},{"name":"key","description":"Name of the metadata key","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"Value stored in the metadata key","type":"text","hidden":false,"required":false,"index":false},{"name":"valuetype","description":"CoreFoundation type of data stored in value","type":"text","hidden":true,"required":false,"index":false}]},{"name":"memory_array_mapped_addresses","description":"Data associated for address mapping of physical memory arrays.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the structure","type":"text","hidden":false,"required":false,"index":false},{"name":"memory_array_handle","description":"Handle of the memory array associated with this structure","type":"text","hidden":false,"required":false,"index":false},{"name":"starting_address","description":"Physical stating address, in kilobytes, of a range of memory mapped to physical memory array","type":"text","hidden":false,"required":false,"index":false},{"name":"ending_address","description":"Physical ending address of last kilobyte of a range of memory mapped to physical memory array","type":"text","hidden":false,"required":false,"index":false},{"name":"partition_width","description":"Number of memory devices that form a single row of memory for the address partition of this structure","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"memory_arrays","description":"Data associated with collection of memory devices that operate to form a memory address.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the array","type":"text","hidden":false,"required":false,"index":false},{"name":"location","description":"Physical location of the memory array","type":"text","hidden":false,"required":false,"index":false},{"name":"use","description":"Function for which the array is used","type":"text","hidden":false,"required":false,"index":false},{"name":"memory_error_correction","description":"Primary hardware error correction or detection method supported","type":"text","hidden":false,"required":false,"index":false},{"name":"max_capacity","description":"Maximum capacity of array in gigabytes","type":"integer","hidden":false,"required":false,"index":false},{"name":"memory_error_info_handle","description":"Handle, or instance number, associated with any error that was detected for the array","type":"text","hidden":false,"required":false,"index":false},{"name":"number_memory_devices","description":"Number of memory devices on array","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"memory_device_mapped_addresses","description":"Data associated for address mapping of physical memory devices.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the structure","type":"text","hidden":false,"required":false,"index":false},{"name":"memory_device_handle","description":"Handle of the memory device structure associated with this structure","type":"text","hidden":false,"required":false,"index":false},{"name":"memory_array_mapped_address_handle","description":"Handle of the memory array mapped address to which this device range is mapped to","type":"text","hidden":false,"required":false,"index":false},{"name":"starting_address","description":"Physical stating address, in kilobytes, of a range of memory mapped to physical memory array","type":"text","hidden":false,"required":false,"index":false},{"name":"ending_address","description":"Physical ending address of last kilobyte of a range of memory mapped to physical memory array","type":"text","hidden":false,"required":false,"index":false},{"name":"partition_row_position","description":"Identifies the position of the referenced memory device in a row of the address partition","type":"integer","hidden":false,"required":false,"index":false},{"name":"interleave_position","description":"The position of the device in a interleave, i.e. 0 indicates non-interleave, 1 indicates 1st interleave, 2 indicates 2nd interleave, etc.","type":"integer","hidden":false,"required":false,"index":false},{"name":"interleave_data_depth","description":"The max number of consecutive rows from memory device that are accessed in a single interleave transfer; 0 indicates device is non-interleave","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"memory_devices","description":"Physical memory device (type 17) information retrieved from SMBIOS.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the structure in SMBIOS","type":"text","hidden":false,"required":false,"index":false},{"name":"array_handle","description":"The memory array that the device is attached to","type":"text","hidden":false,"required":false,"index":false},{"name":"form_factor","description":"Implementation form factor for this memory device","type":"text","hidden":false,"required":false,"index":false},{"name":"total_width","description":"Total width, in bits, of this memory device, including any check or error-correction bits","type":"integer","hidden":false,"required":false,"index":false},{"name":"data_width","description":"Data width, in bits, of this memory device","type":"integer","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of memory device in Megabyte","type":"integer","hidden":false,"required":false,"index":false},{"name":"set","description":"Identifies if memory device is one of a set of devices. A value of 0 indicates no set affiliation.","type":"integer","hidden":false,"required":false,"index":false},{"name":"device_locator","description":"String number of the string that identifies the physically-labeled socket or board position where the memory device is located","type":"text","hidden":false,"required":false,"index":false},{"name":"bank_locator","description":"String number of the string that identifies the physically-labeled bank where the memory device is located","type":"text","hidden":false,"required":false,"index":false},{"name":"memory_type","description":"Type of memory used","type":"text","hidden":false,"required":false,"index":false},{"name":"memory_type_details","description":"Additional details for memory device","type":"text","hidden":false,"required":false,"index":false},{"name":"max_speed","description":"Max speed of memory device in megatransfers per second (MT/s)","type":"integer","hidden":false,"required":false,"index":false},{"name":"configured_clock_speed","description":"Configured speed of memory device in megatransfers per second (MT/s)","type":"integer","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"Manufacturer ID string","type":"text","hidden":false,"required":false,"index":false},{"name":"serial_number","description":"Serial number of memory device","type":"text","hidden":false,"required":false,"index":false},{"name":"asset_tag","description":"Manufacturer specific asset tag of memory device","type":"text","hidden":false,"required":false,"index":false},{"name":"part_number","description":"Manufacturer specific serial number of memory device","type":"text","hidden":false,"required":false,"index":false},{"name":"min_voltage","description":"Minimum operating voltage of device in millivolts","type":"integer","hidden":false,"required":false,"index":false},{"name":"max_voltage","description":"Maximum operating voltage of device in millivolts","type":"integer","hidden":false,"required":false,"index":false},{"name":"configured_voltage","description":"Configured operating voltage of device in millivolts","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"memory_error_info","description":"Data associated with errors of a physical memory array.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the structure","type":"text","hidden":false,"required":false,"index":false},{"name":"error_type","description":"type of error associated with current error status for array or device","type":"text","hidden":false,"required":false,"index":false},{"name":"error_granularity","description":"Granularity to which the error can be resolved","type":"text","hidden":false,"required":false,"index":false},{"name":"error_operation","description":"Memory access operation that caused the error","type":"text","hidden":false,"required":false,"index":false},{"name":"vendor_syndrome","description":"Vendor specific ECC syndrome or CRC data associated with the erroneous access","type":"text","hidden":false,"required":false,"index":false},{"name":"memory_array_error_address","description":"32 bit physical address of the error based on the addressing of the bus to which the memory array is connected","type":"text","hidden":false,"required":false,"index":false},{"name":"device_error_address","description":"32 bit physical address of the error relative to the start of the failing memory address, in bytes","type":"text","hidden":false,"required":false,"index":false},{"name":"error_resolution","description":"Range, in bytes, within which this error can be determined, when an error address is given","type":"text","hidden":false,"required":false,"index":false}]},{"name":"memory_info","description":"Main memory information in bytes.","platforms":["linux"],"columns":[{"name":"memory_total","description":"Total amount of physical RAM, in bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"memory_free","description":"The amount of physical RAM, in bytes, left unused by the system","type":"bigint","hidden":false,"required":false,"index":false},{"name":"buffers","description":"The amount of physical RAM, in bytes, used for file buffers","type":"bigint","hidden":false,"required":false,"index":false},{"name":"cached","description":"The amount of physical RAM, in bytes, used as cache memory","type":"bigint","hidden":false,"required":false,"index":false},{"name":"swap_cached","description":"The amount of swap, in bytes, used as cache memory","type":"bigint","hidden":false,"required":false,"index":false},{"name":"active","description":"The total amount of buffer or page cache memory, in bytes, that is in active use","type":"bigint","hidden":false,"required":false,"index":false},{"name":"inactive","description":"The total amount of buffer or page cache memory, in bytes, that are free and available","type":"bigint","hidden":false,"required":false,"index":false},{"name":"swap_total","description":"The total amount of swap available, in bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"swap_free","description":"The total amount of swap free, in bytes","type":"bigint","hidden":false,"required":false,"index":false}]},{"name":"memory_map","description":"OS memory region map.","platforms":["linux"],"columns":[{"name":"name","description":"Region name","type":"text","hidden":false,"required":false,"index":false},{"name":"start","description":"Start address of memory region","type":"text","hidden":false,"required":false,"index":false},{"name":"end","description":"End address of memory region","type":"text","hidden":false,"required":false,"index":false}]},{"name":"mounts","description":"System mounted devices and filesystems (not process specific).","platforms":["darwin","linux"],"columns":[{"name":"device","description":"Mounted device","type":"text","hidden":false,"required":false,"index":false},{"name":"device_alias","description":"Mounted device alias","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Mounted device path","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Mounted device type","type":"text","hidden":false,"required":false,"index":false},{"name":"blocks_size","description":"Block size in bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"blocks","description":"Mounted device used blocks","type":"bigint","hidden":false,"required":false,"index":false},{"name":"blocks_free","description":"Mounted device free blocks","type":"bigint","hidden":false,"required":false,"index":false},{"name":"blocks_available","description":"Mounted device available blocks","type":"bigint","hidden":false,"required":false,"index":false},{"name":"inodes","description":"Mounted device used inodes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"inodes_free","description":"Mounted device free inodes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"flags","description":"Mounted device flags","type":"text","hidden":false,"required":false,"index":false}]},{"name":"msr","description":"Various pieces of data stored in the model specific register per processor. NOTE: the msr kernel module must be enabled, and osquery must be run as root.","platforms":["linux"],"columns":[{"name":"processor_number","description":"The processor number as reported in /proc/cpuinfo","type":"bigint","hidden":false,"required":false,"index":false},{"name":"turbo_disabled","description":"Whether the turbo feature is disabled.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"turbo_ratio_limit","description":"The turbo feature ratio limit.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"platform_info","description":"Platform information.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"perf_ctl","description":"Performance setting for the processor.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"perf_status","description":"Performance status for the processor.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"feature_control","description":"Bitfield controlling enabled features.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"rapl_power_limit","description":"Run Time Average Power Limiting power limit.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"rapl_energy_status","description":"Run Time Average Power Limiting energy status.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"rapl_power_units","description":"Run Time Average Power Limiting power units.","type":"bigint","hidden":false,"required":false,"index":false}]},{"name":"nfs_shares","description":"NFS shares exported by the host.","platforms":["darwin"],"columns":[{"name":"share","description":"Filesystem path to the share","type":"text","hidden":false,"required":false,"index":false},{"name":"options","description":"Options string set on the export share","type":"text","hidden":false,"required":false,"index":false},{"name":"readonly","description":"1 if the share is exported readonly else 0","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"npm_packages","description":"Lists all npm packages in a directory or globally installed in a system.","platforms":["linux"],"columns":[{"name":"name","description":"Package display name","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Package supplied version","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"Package supplied description","type":"text","hidden":false,"required":false,"index":false},{"name":"author","description":"Package author name","type":"text","hidden":false,"required":false,"index":false},{"name":"license","description":"License for package","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Module's package.json path","type":"text","hidden":false,"required":false,"index":false},{"name":"directory","description":"Node module's directory where this package is located","type":"text","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","hidden":true,"required":false,"index":false},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","hidden":true,"required":false,"index":false}]},{"name":"ntdomains","description":"Display basic NT domain information of a Windows machine.","platforms":["windows"],"columns":[{"name":"name","description":"The label by which the object is known.","type":"text","hidden":false,"required":false,"index":false},{"name":"client_site_name","description":"The name of the site where the domain controller is configured.","type":"text","hidden":false,"required":false,"index":false},{"name":"dc_site_name","description":"The name of the site where the domain controller is located.","type":"text","hidden":false,"required":false,"index":false},{"name":"dns_forest_name","description":"The name of the root of the DNS tree.","type":"text","hidden":false,"required":false,"index":false},{"name":"domain_controller_address","description":"The IP Address of the discovered domain controller..","type":"text","hidden":false,"required":false,"index":false},{"name":"domain_controller_name","description":"The name of the discovered domain controller.","type":"text","hidden":false,"required":false,"index":false},{"name":"domain_name","description":"The name of the domain.","type":"text","hidden":false,"required":false,"index":false},{"name":"status","description":"The current status of the domain object.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"ntfs_acl_permissions","description":"Retrieve NTFS ACL permission information for files and directories.","platforms":["windows"],"columns":[{"name":"path","description":"Path to the file or directory.","type":"text","hidden":false,"required":true,"index":false},{"name":"type","description":"Type of access mode for the access control entry.","type":"text","hidden":false,"required":false,"index":false},{"name":"principal","description":"User or group to which the ACE applies.","type":"text","hidden":false,"required":false,"index":false},{"name":"access","description":"Specific permissions that indicate the rights described by the ACE.","type":"text","hidden":false,"required":false,"index":false},{"name":"inherited_from","description":"The inheritance policy of the ACE.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"ntfs_journal_events","description":"Track time/action changes to files specified in configuration data.","platforms":["windows"],"columns":[{"name":"action","description":"Change action (Write, Delete, etc)","type":"text","hidden":false,"required":false,"index":false},{"name":"category","description":"The category that the event originated from","type":"text","hidden":false,"required":false,"index":false},{"name":"old_path","description":"Old path (renames only)","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Path","type":"text","hidden":false,"required":false,"index":false},{"name":"record_timestamp","description":"Journal record timestamp","type":"text","hidden":false,"required":false,"index":false},{"name":"record_usn","description":"The update sequence number that identifies the journal record","type":"text","hidden":false,"required":false,"index":false},{"name":"node_ref_number","description":"The ordinal that associates a journal record with a filename","type":"text","hidden":false,"required":false,"index":false},{"name":"parent_ref_number","description":"The ordinal that associates a journal record with a filename's parent directory","type":"text","hidden":false,"required":false,"index":false},{"name":"drive_letter","description":"The drive letter identifying the source journal","type":"text","hidden":false,"required":false,"index":false},{"name":"file_attributes","description":"File attributes","type":"text","hidden":false,"required":false,"index":false},{"name":"partial","description":"Set to 1 if either path or old_path only contains the file or folder name","type":"bigint","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of file event","type":"bigint","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","hidden":true,"required":false,"index":false}]},{"name":"nvram","description":"Apple NVRAM variable listing.","platforms":["darwin"],"columns":[{"name":"name","description":"Variable name","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Data type (CFData, CFString, etc)","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"Raw variable data","type":"text","hidden":false,"required":false,"index":false}]},{"name":"oem_strings","description":"OEM defined strings retrieved from SMBIOS.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the Type 11 structure","type":"text","hidden":false,"required":false,"index":false},{"name":"number","description":"The string index of the structure","type":"integer","hidden":false,"required":false,"index":false},{"name":"value","description":"The value of the OEM string","type":"text","hidden":false,"required":false,"index":false}]},{"name":"office_mru","description":"View recently opened Office documents.","platforms":["windows"],"columns":[{"name":"application","description":"Associated Office application","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Office application version number","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"File path","type":"text","hidden":false,"required":false,"index":false},{"name":"last_opened_time","description":"Most recent opened time file was opened","type":"bigint","hidden":false,"required":false,"index":false},{"name":"sid","description":"User SID","type":"text","hidden":false,"required":false,"index":false}]},{"name":"os_version","description":"A single row containing the operating system name and version.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"name","description":"Distribution or product name","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Pretty, suitable for presentation, OS version","type":"text","hidden":false,"required":false,"index":false},{"name":"major","description":"Major release version","type":"integer","hidden":false,"required":false,"index":false},{"name":"minor","description":"Minor release version","type":"integer","hidden":false,"required":false,"index":false},{"name":"patch","description":"Optional patch release","type":"integer","hidden":false,"required":false,"index":false},{"name":"build","description":"Optional build-specific or variant string","type":"text","hidden":false,"required":false,"index":false},{"name":"platform","description":"OS Platform or ID","type":"text","hidden":false,"required":false,"index":false},{"name":"platform_like","description":"Closely related platforms","type":"text","hidden":false,"required":false,"index":false},{"name":"codename","description":"OS version codename","type":"text","hidden":false,"required":false,"index":false},{"name":"arch","description":"OS Architecture","type":"text","hidden":false,"required":false,"index":false},{"name":"install_date","description":"The install date of the OS.","type":"bigint","hidden":true,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","hidden":true,"required":false,"index":false},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","hidden":true,"required":false,"index":false}]},{"name":"osquery_events","description":"Information about the event publishers and subscribers.","platforms":["darwin","linux","freebsd","windows"],"columns":[{"name":"name","description":"Event publisher or subscriber name","type":"text","hidden":false,"required":false,"index":false},{"name":"publisher","description":"Name of the associated publisher","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Either publisher or subscriber","type":"text","hidden":false,"required":false,"index":false},{"name":"subscriptions","description":"Number of subscriptions the publisher received or subscriber used","type":"integer","hidden":false,"required":false,"index":false},{"name":"events","description":"Number of events emitted or received since osquery started","type":"integer","hidden":false,"required":false,"index":false},{"name":"refreshes","description":"Publisher only: number of runloop restarts","type":"integer","hidden":false,"required":false,"index":false},{"name":"active","description":"1 if the publisher or subscriber is active else 0","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"osquery_extensions","description":"List of active osquery extensions.","platforms":["darwin","linux","freebsd","windows"],"columns":[{"name":"uuid","description":"The transient ID assigned for communication","type":"bigint","hidden":false,"required":false,"index":false},{"name":"name","description":"Extension's name","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension's version","type":"text","hidden":false,"required":false,"index":false},{"name":"sdk_version","description":"osquery SDK version used to build the extension","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of the extension's Thrift connection or library path","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"SDK extension type: extension or module","type":"text","hidden":false,"required":false,"index":false}]},{"name":"osquery_flags","description":"Configurable flags that modify osquery's behavior.","platforms":["darwin","linux","freebsd","windows"],"columns":[{"name":"name","description":"Flag name","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Flag type","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"Flag description","type":"text","hidden":false,"required":false,"index":false},{"name":"default_value","description":"Flag default value","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"Flag value","type":"text","hidden":false,"required":false,"index":false},{"name":"shell_only","description":"Is the flag shell only?","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"osquery_info","description":"Top level information about the running version of osquery.","platforms":["darwin","linux","freebsd","windows"],"columns":[{"name":"pid","description":"Process (or thread/handle) ID","type":"integer","hidden":false,"required":false,"index":false},{"name":"uuid","description":"Unique ID provided by the system","type":"text","hidden":false,"required":false,"index":false},{"name":"instance_id","description":"Unique, long-lived ID per instance of osquery","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"osquery toolkit version","type":"text","hidden":false,"required":false,"index":false},{"name":"config_hash","description":"Hash of the working configuration state","type":"text","hidden":false,"required":false,"index":false},{"name":"config_valid","description":"1 if the config was loaded and considered valid, else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"extensions","description":"osquery extensions status","type":"text","hidden":false,"required":false,"index":false},{"name":"build_platform","description":"osquery toolkit build platform","type":"text","hidden":false,"required":false,"index":false},{"name":"build_distro","description":"osquery toolkit platform distribution name (os version)","type":"text","hidden":false,"required":false,"index":false},{"name":"start_time","description":"UNIX time in seconds when the process started","type":"integer","hidden":false,"required":false,"index":false},{"name":"watcher","description":"Process (or thread/handle) ID of optional watcher process","type":"integer","hidden":false,"required":false,"index":false},{"name":"platform_mask","description":"The osquery platform bitmask","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"osquery_packs","description":"Information about the current query packs that are loaded in osquery.","platforms":["darwin","linux","freebsd","windows"],"columns":[{"name":"name","description":"The given name for this query pack","type":"text","hidden":false,"required":false,"index":false},{"name":"platform","description":"Platforms this query is supported on","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Minimum osquery version that this query will run on","type":"text","hidden":false,"required":false,"index":false},{"name":"shard","description":"Shard restriction limit, 1-100, 0 meaning no restriction","type":"integer","hidden":false,"required":false,"index":false},{"name":"discovery_cache_hits","description":"The number of times that the discovery query used cached values since the last time the config was reloaded","type":"integer","hidden":false,"required":false,"index":false},{"name":"discovery_executions","description":"The number of times that the discovery queries have been executed since the last time the config was reloaded","type":"integer","hidden":false,"required":false,"index":false},{"name":"active","description":"Whether this pack is active (the version, platform and discovery queries match) yes=1, no=0.","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"osquery_registry","description":"List the osquery registry plugins.","platforms":["darwin","linux","freebsd","windows"],"columns":[{"name":"registry","description":"Name of the osquery registry","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of the plugin item","type":"text","hidden":false,"required":false,"index":false},{"name":"owner_uuid","description":"Extension route UUID (0 for core)","type":"integer","hidden":false,"required":false,"index":false},{"name":"internal","description":"1 If the plugin is internal else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"active","description":"1 If this plugin is active else 0","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"osquery_schedule","description":"Information about the current queries that are scheduled in osquery.","platforms":["darwin","linux","freebsd","windows"],"columns":[{"name":"name","description":"The given name for this query","type":"text","hidden":false,"required":false,"index":false},{"name":"query","description":"The exact query to run","type":"text","hidden":false,"required":false,"index":false},{"name":"interval","description":"The interval in seconds to run this query, not an exact interval","type":"integer","hidden":false,"required":false,"index":false},{"name":"executions","description":"Number of times the query was executed","type":"bigint","hidden":false,"required":false,"index":false},{"name":"last_executed","description":"UNIX time stamp in seconds of the last completed execution","type":"bigint","hidden":false,"required":false,"index":false},{"name":"denylisted","description":"1 if the query is denylisted else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"output_size","description":"Total number of bytes generated by the query","type":"bigint","hidden":false,"required":false,"index":false},{"name":"wall_time","description":"Total wall time spent executing","type":"bigint","hidden":false,"required":false,"index":false},{"name":"user_time","description":"Total user time spent executing","type":"bigint","hidden":false,"required":false,"index":false},{"name":"system_time","description":"Total system time spent executing","type":"bigint","hidden":false,"required":false,"index":false},{"name":"average_memory","description":"Average private memory left after executing","type":"bigint","hidden":false,"required":false,"index":false}]},{"name":"package_bom","description":"OS X package bill of materials (BOM) file list.","platforms":["darwin"],"columns":[{"name":"filepath","description":"Package file or directory","type":"text","hidden":false,"required":false,"index":false},{"name":"uid","description":"Expected user of file or directory","type":"integer","hidden":false,"required":false,"index":false},{"name":"gid","description":"Expected group of file or directory","type":"integer","hidden":false,"required":false,"index":false},{"name":"mode","description":"Expected permissions","type":"integer","hidden":false,"required":false,"index":false},{"name":"size","description":"Expected file size","type":"bigint","hidden":false,"required":false,"index":false},{"name":"modified_time","description":"Timestamp the file was installed","type":"integer","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of package bom","type":"text","hidden":false,"required":true,"index":false}]},{"name":"package_install_history","description":"OS X package install history.","platforms":["darwin"],"columns":[{"name":"package_id","description":"Label packageIdentifiers","type":"text","hidden":false,"required":false,"index":false},{"name":"time","description":"Label date as UNIX timestamp","type":"integer","hidden":false,"required":false,"index":false},{"name":"name","description":"Package display name","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Package display version","type":"text","hidden":false,"required":false,"index":false},{"name":"source","description":"Install source: usually the installer process name","type":"text","hidden":false,"required":false,"index":false},{"name":"content_type","description":"Package content_type (optional)","type":"text","hidden":false,"required":false,"index":false}]},{"name":"package_receipts","description":"OS X package receipt details.","platforms":["darwin"],"columns":[{"name":"package_id","description":"Package domain identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"package_filename","description":"Filename of original .pkg file","type":"text","hidden":true,"required":false,"index":false},{"name":"version","description":"Installed package version","type":"text","hidden":false,"required":false,"index":false},{"name":"location","description":"Optional relative install path on volume","type":"text","hidden":false,"required":false,"index":false},{"name":"install_time","description":"Timestamp of install time","type":"double","hidden":false,"required":false,"index":false},{"name":"installer_name","description":"Name of installer process","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of receipt plist","type":"text","hidden":false,"required":false,"index":false}]},{"name":"patches","description":"Lists all the patches applied. Note: This does not include patches applied via MSI or downloaded from Windows Update (e.g. Service Packs).","platforms":["windows"],"columns":[{"name":"csname","description":"The name of the host the patch is installed on.","type":"text","hidden":false,"required":false,"index":false},{"name":"hotfix_id","description":"The KB ID of the patch.","type":"text","hidden":false,"required":false,"index":false},{"name":"caption","description":"Short description of the patch.","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"Fuller description of the patch.","type":"text","hidden":false,"required":false,"index":false},{"name":"fix_comments","description":"Additional comments about the patch.","type":"text","hidden":false,"required":false,"index":false},{"name":"installed_by","description":"The system context in which the patch as installed.","type":"text","hidden":false,"required":false,"index":false},{"name":"install_date","description":"Indicates when the patch was installed. Lack of a value does not indicate that the patch was not installed.","type":"text","hidden":false,"required":false,"index":false},{"name":"installed_on","description":"The date when the patch was installed.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"pci_devices","description":"PCI devices active on the host system.","platforms":["darwin","linux"],"columns":[{"name":"pci_slot","description":"PCI Device used slot","type":"text","hidden":false,"required":false,"index":false},{"name":"pci_class","description":"PCI Device class","type":"text","hidden":false,"required":false,"index":false},{"name":"driver","description":"PCI Device used driver","type":"text","hidden":false,"required":false,"index":false},{"name":"vendor","description":"PCI Device vendor","type":"text","hidden":false,"required":false,"index":false},{"name":"vendor_id","description":"Hex encoded PCI Device vendor identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"model","description":"PCI Device model","type":"text","hidden":false,"required":false,"index":false},{"name":"model_id","description":"Hex encoded PCI Device model identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"pci_class_id","description":"PCI Device class ID in hex format","type":"text","hidden":true,"required":false,"index":false},{"name":"pci_subclass_id","description":"PCI Device subclass in hex format","type":"text","hidden":true,"required":false,"index":false},{"name":"pci_subclass","description":"PCI Device subclass","type":"text","hidden":true,"required":false,"index":false},{"name":"subsystem_vendor_id","description":"Vendor ID of PCI device subsystem","type":"text","hidden":true,"required":false,"index":false},{"name":"subsystem_vendor","description":"Vendor of PCI device subsystem","type":"text","hidden":true,"required":false,"index":false},{"name":"subsystem_model_id","description":"Model ID of PCI device subsystem","type":"text","hidden":true,"required":false,"index":false},{"name":"subsystem_model","description":"Device description of PCI device subsystem","type":"text","hidden":true,"required":false,"index":false}]},{"name":"physical_disk_performance","description":"Provides provides raw data from performance counters that monitor hard or fixed disk drives on the system.","platforms":["windows"],"columns":[{"name":"name","description":"Name of the physical disk","type":"text","hidden":false,"required":false,"index":false},{"name":"avg_disk_bytes_per_read","description":"Average number of bytes transferred from the disk during read operations","type":"bigint","hidden":false,"required":false,"index":false},{"name":"avg_disk_bytes_per_write","description":"Average number of bytes transferred to the disk during write operations","type":"bigint","hidden":false,"required":false,"index":false},{"name":"avg_disk_read_queue_length","description":"Average number of read requests that were queued for the selected disk during the sample interval","type":"bigint","hidden":false,"required":false,"index":false},{"name":"avg_disk_write_queue_length","description":"Average number of write requests that were queued for the selected disk during the sample interval","type":"bigint","hidden":false,"required":false,"index":false},{"name":"avg_disk_sec_per_read","description":"Average time, in seconds, of a read operation of data from the disk","type":"integer","hidden":false,"required":false,"index":false},{"name":"avg_disk_sec_per_write","description":"Average time, in seconds, of a write operation of data to the disk","type":"integer","hidden":false,"required":false,"index":false},{"name":"current_disk_queue_length","description":"Number of requests outstanding on the disk at the time the performance data is collected","type":"integer","hidden":false,"required":false,"index":false},{"name":"percent_disk_read_time","description":"Percentage of elapsed time that the selected disk drive is busy servicing read requests","type":"bigint","hidden":false,"required":false,"index":false},{"name":"percent_disk_write_time","description":"Percentage of elapsed time that the selected disk drive is busy servicing write requests","type":"bigint","hidden":false,"required":false,"index":false},{"name":"percent_disk_time","description":"Percentage of elapsed time that the selected disk drive is busy servicing read or write requests","type":"bigint","hidden":false,"required":false,"index":false},{"name":"percent_idle_time","description":"Percentage of time during the sample interval that the disk was idle","type":"bigint","hidden":false,"required":false,"index":false}]},{"name":"pipes","description":"Named and Anonymous pipes.","platforms":["windows"],"columns":[{"name":"pid","description":"Process ID of the process to which the pipe belongs","type":"bigint","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of the pipe","type":"text","hidden":false,"required":false,"index":false},{"name":"instances","description":"Number of instances of the named pipe","type":"integer","hidden":false,"required":false,"index":false},{"name":"max_instances","description":"The maximum number of instances creatable for this pipe","type":"integer","hidden":false,"required":false,"index":false},{"name":"flags","description":"The flags indicating whether this pipe connection is a server or client end, and if the pipe for sending messages or bytes","type":"text","hidden":false,"required":false,"index":false}]},{"name":"pkg_packages","description":"pkgng packages that are currently installed on the host system.","platforms":["freebsd"],"columns":[{"name":"name","description":"Package name","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Package version","type":"text","hidden":false,"required":false,"index":false},{"name":"flatsize","description":"Package size in bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"arch","description":"Architecture(s) supported","type":"text","hidden":false,"required":false,"index":false}]},{"name":"platform_info","description":"Information about EFI/UEFI/ROM and platform/boot.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"vendor","description":"Platform code vendor","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Platform code version","type":"text","hidden":false,"required":false,"index":false},{"name":"date","description":"Self-reported platform code update date","type":"text","hidden":false,"required":false,"index":false},{"name":"revision","description":"BIOS major and minor revision","type":"text","hidden":false,"required":false,"index":false},{"name":"address","description":"Relative address of firmware mapping","type":"text","hidden":false,"required":false,"index":false},{"name":"size","description":"Size in bytes of firmware","type":"text","hidden":false,"required":false,"index":false},{"name":"volume_size","description":"(Optional) size of firmware volume","type":"integer","hidden":false,"required":false,"index":false},{"name":"extra","description":"Platform-specific additional information","type":"text","hidden":false,"required":false,"index":false}]},{"name":"plist","description":"Read and parse a plist file.","platforms":["darwin"],"columns":[{"name":"key","description":"Preference top-level key","type":"text","hidden":false,"required":false,"index":false},{"name":"subkey","description":"Intermediate key path, includes lists/dicts","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"String value of most CF types","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"(required) read preferences from a plist","type":"text","hidden":false,"required":true,"index":false}]},{"name":"portage_keywords","description":"A summary about portage configurations like keywords, mask and unmask.","platforms":["linux"],"columns":[{"name":"package","description":"Package name","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"The version which are affected by the use flags, empty means all","type":"text","hidden":false,"required":false,"index":false},{"name":"keyword","description":"The keyword applied to the package","type":"text","hidden":false,"required":false,"index":false},{"name":"mask","description":"If the package is masked","type":"integer","hidden":false,"required":false,"index":false},{"name":"unmask","description":"If the package is unmasked","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"portage_packages","description":"List of currently installed packages.","platforms":["linux"],"columns":[{"name":"package","description":"Package name","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"The version which are affected by the use flags, empty means all","type":"text","hidden":false,"required":false,"index":false},{"name":"slot","description":"The slot used by package","type":"text","hidden":false,"required":false,"index":false},{"name":"build_time","description":"Unix time when package was built","type":"bigint","hidden":false,"required":false,"index":false},{"name":"repository","description":"From which repository the ebuild was used","type":"text","hidden":false,"required":false,"index":false},{"name":"eapi","description":"The eapi for the ebuild","type":"bigint","hidden":false,"required":false,"index":false},{"name":"size","description":"The size of the package","type":"bigint","hidden":false,"required":false,"index":false},{"name":"world","description":"If package is in the world file","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"portage_use","description":"List of enabled portage USE values for specific package.","platforms":["linux"],"columns":[{"name":"package","description":"Package name","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"The version of the installed package","type":"text","hidden":false,"required":false,"index":false},{"name":"use","description":"USE flag which has been enabled for package","type":"text","hidden":false,"required":false,"index":false}]},{"name":"power_sensors","description":"Machine power (currents, voltages, wattages, etc) sensors.","platforms":["darwin"],"columns":[{"name":"key","description":"The SMC key on OS X","type":"text","hidden":false,"required":false,"index":false},{"name":"category","description":"The sensor category: currents, voltage, wattage","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of power source","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"Power in Watts","type":"text","hidden":false,"required":false,"index":false}]},{"name":"powershell_events","description":"Powershell script blocks reconstructed to their full script content, this table requires script block logging to be enabled.","platforms":["windows"],"columns":[{"name":"time","description":"Timestamp the event was received by the osquery event publisher","type":"bigint","hidden":false,"required":false,"index":false},{"name":"datetime","description":"System time at which the Powershell script event occurred","type":"text","hidden":false,"required":false,"index":false},{"name":"script_block_id","description":"The unique GUID of the powershell script to which this block belongs","type":"text","hidden":false,"required":false,"index":false},{"name":"script_block_count","description":"The total number of script blocks for this script","type":"integer","hidden":false,"required":false,"index":false},{"name":"script_text","description":"The text content of the Powershell script","type":"text","hidden":false,"required":false,"index":false},{"name":"script_name","description":"The name of the Powershell script","type":"text","hidden":false,"required":false,"index":false},{"name":"script_path","description":"The path for the Powershell script","type":"text","hidden":false,"required":false,"index":false},{"name":"cosine_similarity","description":"How similar the Powershell script is to a provided 'normal' character frequency","type":"double","hidden":false,"required":false,"index":false}]},{"name":"preferences","description":"OS X defaults and managed preferences.","platforms":["darwin"],"columns":[{"name":"domain","description":"Application ID usually in com.name.product format","type":"text","hidden":false,"required":false,"index":false},{"name":"key","description":"Preference top-level key","type":"text","hidden":false,"required":false,"index":false},{"name":"subkey","description":"Intemediate key path, includes lists/dicts","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"String value of most CF types","type":"text","hidden":false,"required":false,"index":false},{"name":"forced","description":"1 if the value is forced/managed, else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"username","description":"(optional) read preferences for a specific user","type":"text","hidden":false,"required":false,"index":false},{"name":"host","description":"'current' or 'any' host, where 'current' takes precedence","type":"text","hidden":false,"required":false,"index":false}]},{"name":"prefetch","description":"Prefetch files show metadata related to file execution.","platforms":["windows"],"columns":[{"name":"path","description":"Prefetch file path.","type":"text","hidden":false,"required":false,"index":false},{"name":"filename","description":"Executable filename.","type":"text","hidden":false,"required":false,"index":false},{"name":"hash","description":"Prefetch CRC hash.","type":"text","hidden":false,"required":false,"index":false},{"name":"last_run_time","description":"Most recent time application was run.","type":"integer","hidden":false,"required":false,"index":false},{"name":"other_run_times","description":"Other execution times in prefetch file.","type":"text","hidden":false,"required":false,"index":false},{"name":"run_count","description":"Number of times the application has been run.","type":"integer","hidden":false,"required":false,"index":false},{"name":"size","description":"Application file size.","type":"integer","hidden":false,"required":false,"index":false},{"name":"volume_serial","description":"Volume serial number.","type":"text","hidden":false,"required":false,"index":false},{"name":"volume_creation","description":"Volume creation time.","type":"text","hidden":false,"required":false,"index":false},{"name":"accessed_files_count","description":"Number of files accessed.","type":"integer","hidden":false,"required":false,"index":false},{"name":"accessed_directories_count","description":"Number of directories accessed.","type":"integer","hidden":false,"required":false,"index":false},{"name":"accessed_files","description":"Files accessed by application within ten seconds of launch.","type":"text","hidden":false,"required":false,"index":false},{"name":"accessed_directories","description":"Directories accessed by application within ten seconds of launch.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"process_envs","description":"A key/value table of environment variables for each process.","platforms":["darwin","linux"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"integer","hidden":false,"required":false,"index":false},{"name":"key","description":"Environment variable name","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"Environment variable value","type":"text","hidden":false,"required":false,"index":false}]},{"name":"process_events","description":"Track time/action process executions.","platforms":["darwin","linux"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed file","type":"text","hidden":false,"required":false,"index":false},{"name":"mode","description":"File mode permissions","type":"text","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Command line arguments (argv)","type":"text","hidden":false,"required":false,"index":false},{"name":"cmdline_size","description":"Actual size (bytes) of command line arguments","type":"bigint","hidden":true,"required":false,"index":false},{"name":"env","description":"Environment variables delimited by spaces","type":"text","hidden":true,"required":false,"index":false},{"name":"env_count","description":"Number of environment variables","type":"bigint","hidden":true,"required":false,"index":false},{"name":"env_size","description":"Actual size (bytes) of environment list","type":"bigint","hidden":true,"required":false,"index":false},{"name":"cwd","description":"The process current working directory","type":"text","hidden":false,"required":false,"index":false},{"name":"auid","description":"Audit User ID at process start","type":"bigint","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID at process start","type":"bigint","hidden":false,"required":false,"index":false},{"name":"euid","description":"Effective user ID at process start","type":"bigint","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID at process start","type":"bigint","hidden":false,"required":false,"index":false},{"name":"egid","description":"Effective group ID at process start","type":"bigint","hidden":false,"required":false,"index":false},{"name":"owner_uid","description":"File owner user ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"owner_gid","description":"File owner group ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"atime","description":"File last access in UNIX time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"mtime","description":"File modification in UNIX time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"ctime","description":"File last metadata change in UNIX time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"btime","description":"File creation in UNIX time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"overflows","description":"List of structures that overflowed","type":"text","hidden":true,"required":false,"index":false},{"name":"parent","description":"Process parent's PID, or -1 if cannot be determined.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","hidden":true,"required":false,"index":false},{"name":"status","description":"OpenBSM Attribute: Status of the process","type":"bigint","hidden":false,"required":false,"index":false},{"name":"fsuid","description":"Filesystem user ID at process start","type":"bigint","hidden":true,"required":false,"index":false},{"name":"suid","description":"Saved user ID at process start","type":"bigint","hidden":true,"required":false,"index":false},{"name":"fsgid","description":"Filesystem group ID at process start","type":"bigint","hidden":true,"required":false,"index":false},{"name":"sgid","description":"Saved group ID at process start","type":"bigint","hidden":true,"required":false,"index":false},{"name":"syscall","description":"Syscall name: fork, vfork, clone, execve, execveat","type":"text","hidden":true,"required":false,"index":false}]},{"name":"process_file_events","description":"A File Integrity Monitor implementation using the audit service.","platforms":["linux"],"columns":[{"name":"operation","description":"Operation type","type":"text","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"ppid","description":"Parent process ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"executable","description":"The executable path","type":"text","hidden":false,"required":false,"index":false},{"name":"partial","description":"True if this is a partial event (i.e.: this process existed before we started osquery)","type":"text","hidden":false,"required":false,"index":false},{"name":"cwd","description":"The current working directory of the process","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"The path associated with the event","type":"text","hidden":false,"required":false,"index":false},{"name":"dest_path","description":"The canonical path associated with the event","type":"text","hidden":false,"required":false,"index":false},{"name":"uid","description":"The uid of the process performing the action","type":"text","hidden":false,"required":false,"index":false},{"name":"gid","description":"The gid of the process performing the action","type":"text","hidden":false,"required":false,"index":false},{"name":"auid","description":"Audit user ID of the process using the file","type":"text","hidden":false,"required":false,"index":false},{"name":"euid","description":"Effective user ID of the process using the file","type":"text","hidden":false,"required":false,"index":false},{"name":"egid","description":"Effective group ID of the process using the file","type":"text","hidden":false,"required":false,"index":false},{"name":"fsuid","description":"Filesystem user ID of the process using the file","type":"text","hidden":false,"required":false,"index":false},{"name":"fsgid","description":"Filesystem group ID of the process using the file","type":"text","hidden":false,"required":false,"index":false},{"name":"suid","description":"Saved user ID of the process using the file","type":"text","hidden":false,"required":false,"index":false},{"name":"sgid","description":"Saved group ID of the process using the file","type":"text","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","hidden":true,"required":false,"index":false}]},{"name":"process_memory_map","description":"Process memory mapped files and pseudo device/regions.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"integer","hidden":false,"required":false,"index":false},{"name":"start","description":"Virtual start address (hex)","type":"text","hidden":false,"required":false,"index":false},{"name":"end","description":"Virtual end address (hex)","type":"text","hidden":false,"required":false,"index":false},{"name":"permissions","description":"r=read, w=write, x=execute, p=private (cow)","type":"text","hidden":false,"required":false,"index":false},{"name":"offset","description":"Offset into mapped path","type":"bigint","hidden":false,"required":false,"index":false},{"name":"device","description":"MA:MI Major/minor device ID","type":"text","hidden":false,"required":false,"index":false},{"name":"inode","description":"Mapped path inode, 0 means uninitialized (BSS)","type":"integer","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to mapped file or mapped type","type":"text","hidden":false,"required":false,"index":false},{"name":"pseudo","description":"1 If path is a pseudo path, else 0","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"process_namespaces","description":"Linux namespaces for processes running on the host system.","platforms":["linux"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"integer","hidden":false,"required":false,"index":false},{"name":"cgroup_namespace","description":"cgroup namespace inode","type":"text","hidden":false,"required":false,"index":false},{"name":"ipc_namespace","description":"ipc namespace inode","type":"text","hidden":false,"required":false,"index":false},{"name":"mnt_namespace","description":"mnt namespace inode","type":"text","hidden":false,"required":false,"index":false},{"name":"net_namespace","description":"net namespace inode","type":"text","hidden":false,"required":false,"index":false},{"name":"pid_namespace","description":"pid namespace inode","type":"text","hidden":false,"required":false,"index":false},{"name":"user_namespace","description":"user namespace inode","type":"text","hidden":false,"required":false,"index":false},{"name":"uts_namespace","description":"uts namespace inode","type":"text","hidden":false,"required":false,"index":false}]},{"name":"process_open_files","description":"File descriptors for each process.","platforms":["darwin","linux"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"fd","description":"Process-specific file descriptor number","type":"bigint","hidden":false,"required":false,"index":false},{"name":"path","description":"Filesystem path of descriptor","type":"text","hidden":false,"required":false,"index":false}]},{"name":"process_open_pipes","description":"Pipes and partner processes for each process.","platforms":["darwin","linux"],"columns":[{"name":"pid","description":"Process ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"fd","description":"File descriptor","type":"bigint","hidden":false,"required":false,"index":false},{"name":"mode","description":"Pipe open mode (r/w)","type":"text","hidden":false,"required":false,"index":false},{"name":"inode","description":"Pipe inode number","type":"bigint","hidden":false,"required":false,"index":false},{"name":"type","description":"Pipe Type: named vs unnamed/anonymous","type":"text","hidden":false,"required":false,"index":false},{"name":"partner_pid","description":"Process ID of partner process sharing a particular pipe","type":"bigint","hidden":false,"required":false,"index":false},{"name":"partner_fd","description":"File descriptor of shared pipe at partner's end","type":"bigint","hidden":false,"required":false,"index":false},{"name":"partner_mode","description":"Mode of shared pipe at partner's end","type":"text","hidden":false,"required":false,"index":false}]},{"name":"process_open_sockets","description":"Processes which have open network sockets on the system.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"integer","hidden":false,"required":false,"index":false},{"name":"fd","description":"Socket file descriptor number","type":"bigint","hidden":false,"required":false,"index":false},{"name":"socket","description":"Socket handle or inode number","type":"bigint","hidden":false,"required":false,"index":false},{"name":"family","description":"Network protocol (IPv4, IPv6)","type":"integer","hidden":false,"required":false,"index":false},{"name":"protocol","description":"Transport protocol (TCP/UDP)","type":"integer","hidden":false,"required":false,"index":false},{"name":"local_address","description":"Socket local address","type":"text","hidden":false,"required":false,"index":false},{"name":"remote_address","description":"Socket remote address","type":"text","hidden":false,"required":false,"index":false},{"name":"local_port","description":"Socket local port","type":"integer","hidden":false,"required":false,"index":false},{"name":"remote_port","description":"Socket remote port","type":"integer","hidden":false,"required":false,"index":false},{"name":"path","description":"For UNIX sockets (family=AF_UNIX), the domain path","type":"text","hidden":false,"required":false,"index":false},{"name":"state","description":"TCP socket state","type":"text","hidden":false,"required":false,"index":false},{"name":"net_namespace","description":"The inode number of the network namespace","type":"text","hidden":true,"required":false,"index":false}]},{"name":"processes","description":"All running processes on the host system.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"name","description":"The process path or shorthand argv[0]","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to executed binary","type":"text","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Complete argv","type":"text","hidden":false,"required":false,"index":false},{"name":"state","description":"Process state","type":"text","hidden":false,"required":false,"index":false},{"name":"cwd","description":"Process current working directory","type":"text","hidden":false,"required":false,"index":false},{"name":"root","description":"Process virtual root directory","type":"text","hidden":false,"required":false,"index":false},{"name":"uid","description":"Unsigned user ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"gid","description":"Unsigned group ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"euid","description":"Unsigned effective user ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"egid","description":"Unsigned effective group ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"suid","description":"Unsigned saved user ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"sgid","description":"Unsigned saved group ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"on_disk","description":"The process path exists yes=1, no=0, unknown=-1","type":"integer","hidden":false,"required":false,"index":false},{"name":"wired_size","description":"Bytes of unpageable memory used by process","type":"bigint","hidden":false,"required":false,"index":false},{"name":"resident_size","description":"Bytes of private memory used by process","type":"bigint","hidden":false,"required":false,"index":false},{"name":"total_size","description":"Total virtual memory size","type":"bigint","hidden":false,"required":false,"index":false},{"name":"user_time","description":"CPU time in milliseconds spent in user space","type":"bigint","hidden":false,"required":false,"index":false},{"name":"system_time","description":"CPU time in milliseconds spent in kernel space","type":"bigint","hidden":false,"required":false,"index":false},{"name":"disk_bytes_read","description":"Bytes read from disk","type":"bigint","hidden":false,"required":false,"index":false},{"name":"disk_bytes_written","description":"Bytes written to disk","type":"bigint","hidden":false,"required":false,"index":false},{"name":"start_time","description":"Process start time in seconds since Epoch, in case of error -1","type":"bigint","hidden":false,"required":false,"index":false},{"name":"parent","description":"Process parent's PID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"pgroup","description":"Process group","type":"bigint","hidden":false,"required":false,"index":false},{"name":"threads","description":"Number of threads used by process","type":"integer","hidden":false,"required":false,"index":false},{"name":"nice","description":"Process nice level (-20 to 20, default 0)","type":"integer","hidden":false,"required":false,"index":false},{"name":"elevated_token","description":"Process uses elevated token yes=1, no=0","type":"integer","hidden":true,"required":false,"index":false},{"name":"secure_process","description":"Process is secure (IUM) yes=1, no=0","type":"integer","hidden":true,"required":false,"index":false},{"name":"protection_type","description":"The protection type of the process","type":"text","hidden":true,"required":false,"index":false},{"name":"virtual_process","description":"Process is virtual (e.g. System, Registry, vmmem) yes=1, no=0","type":"integer","hidden":true,"required":false,"index":false},{"name":"elapsed_time","description":"Elapsed time in seconds this process has been running.","type":"bigint","hidden":true,"required":false,"index":false},{"name":"handle_count","description":"Total number of handles that the process has open. This number is the sum of the handles currently opened by each thread in the process.","type":"bigint","hidden":true,"required":false,"index":false},{"name":"percent_processor_time","description":"Returns elapsed time that all of the threads of this process used the processor to execute instructions in 100 nanoseconds ticks.","type":"bigint","hidden":true,"required":false,"index":false},{"name":"upid","description":"A 64bit pid that is never reused. Returns -1 if we couldn't gather them from the system.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"uppid","description":"The 64bit parent pid that is never reused. Returns -1 if we couldn't gather them from the system.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"cpu_type","description":"Indicates the specific processor designed for installation.","type":"integer","hidden":false,"required":false,"index":false},{"name":"cpu_subtype","description":"Indicates the specific processor on which an entry may be used.","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"programs","description":"Represents products as they are installed by Windows Installer. A product generally correlates to one installation package on Windows. Some fields may be blank as Windows installation details are left to the discretion of the product author.","platforms":["windows"],"columns":[{"name":"name","description":"Commonly used product name.","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Product version information.","type":"text","hidden":false,"required":false,"index":false},{"name":"install_location","description":"The installation location directory of the product.","type":"text","hidden":false,"required":false,"index":false},{"name":"install_source","description":"The installation source of the product.","type":"text","hidden":false,"required":false,"index":false},{"name":"language","description":"The language of the product.","type":"text","hidden":false,"required":false,"index":false},{"name":"publisher","description":"Name of the product supplier.","type":"text","hidden":false,"required":false,"index":false},{"name":"uninstall_string","description":"Path and filename of the uninstaller.","type":"text","hidden":false,"required":false,"index":false},{"name":"install_date","description":"Date that this product was installed on the system. ","type":"text","hidden":false,"required":false,"index":false},{"name":"identifying_number","description":"Product identification such as a serial number on software, or a die number on a hardware chip.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"prometheus_metrics","description":"Retrieve metrics from a Prometheus server.","platforms":["darwin","linux"],"columns":[{"name":"target_name","description":"Address of prometheus target","type":"text","hidden":false,"required":false,"index":false},{"name":"metric_name","description":"Name of collected Prometheus metric","type":"text","hidden":false,"required":false,"index":false},{"name":"metric_value","description":"Value of collected Prometheus metric","type":"double","hidden":false,"required":false,"index":false},{"name":"timestamp_ms","description":"Unix timestamp of collected data in MS","type":"bigint","hidden":false,"required":false,"index":false}]},{"name":"python_packages","description":"Python packages installed in a system.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"name","description":"Package display name","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Package-supplied version","type":"text","hidden":false,"required":false,"index":false},{"name":"summary","description":"Package-supplied summary","type":"text","hidden":false,"required":false,"index":false},{"name":"author","description":"Optional package author","type":"text","hidden":false,"required":false,"index":false},{"name":"license","description":"License under which package is launched","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Path at which this module resides","type":"text","hidden":false,"required":false,"index":false},{"name":"directory","description":"Directory where Python modules are located","type":"text","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","hidden":true,"required":false,"index":false}]},{"name":"quicklook_cache","description":"Files and thumbnails within OS X's Quicklook Cache.","platforms":["darwin"],"columns":[{"name":"path","description":"Path of file","type":"text","hidden":false,"required":false,"index":false},{"name":"rowid","description":"Quicklook file rowid key","type":"integer","hidden":false,"required":false,"index":false},{"name":"fs_id","description":"Quicklook file fs_id key","type":"text","hidden":false,"required":false,"index":false},{"name":"volume_id","description":"Parsed volume ID from fs_id","type":"integer","hidden":false,"required":false,"index":false},{"name":"inode","description":"Parsed file ID (inode) from fs_id","type":"integer","hidden":false,"required":false,"index":false},{"name":"mtime","description":"Parsed version date field","type":"integer","hidden":false,"required":false,"index":false},{"name":"size","description":"Parsed version size field","type":"bigint","hidden":false,"required":false,"index":false},{"name":"label","description":"Parsed version 'gen' field","type":"text","hidden":false,"required":false,"index":false},{"name":"last_hit_date","description":"Apple date format for last thumbnail cache hit","type":"integer","hidden":false,"required":false,"index":false},{"name":"hit_count","description":"Number of cache hits on thumbnail","type":"text","hidden":false,"required":false,"index":false},{"name":"icon_mode","description":"Thumbnail icon mode","type":"bigint","hidden":false,"required":false,"index":false},{"name":"cache_path","description":"Path to cache data","type":"text","hidden":false,"required":false,"index":false}]},{"name":"registry","description":"All of the Windows registry hives.","platforms":["windows"],"columns":[{"name":"key","description":"Name of the key to search for","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Full path to the value","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of the registry value entry","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of the registry value, or 'subkey' if item is a subkey","type":"text","hidden":false,"required":false,"index":false},{"name":"data","description":"Data content of registry value","type":"text","hidden":false,"required":false,"index":false},{"name":"mtime","description":"timestamp of the most recent registry write","type":"bigint","hidden":false,"required":false,"index":false}]},{"name":"routes","description":"The active route table for the host system.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"destination","description":"Destination IP address","type":"text","hidden":false,"required":false,"index":false},{"name":"netmask","description":"Netmask length","type":"integer","hidden":false,"required":false,"index":false},{"name":"gateway","description":"Route gateway","type":"text","hidden":false,"required":false,"index":false},{"name":"source","description":"Route source","type":"text","hidden":false,"required":false,"index":false},{"name":"flags","description":"Flags to describe route","type":"integer","hidden":false,"required":false,"index":false},{"name":"interface","description":"Route local interface","type":"text","hidden":false,"required":false,"index":false},{"name":"mtu","description":"Maximum Transmission Unit for the route","type":"integer","hidden":false,"required":false,"index":false},{"name":"metric","description":"Cost of route. Lowest is preferred","type":"integer","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of route","type":"text","hidden":false,"required":false,"index":false},{"name":"hopcount","description":"Max hops expected","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"rpm_package_files","description":"RPM packages that are currently installed on the host system.","platforms":["linux"],"columns":[{"name":"package","description":"RPM package name","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"File path within the package","type":"text","hidden":false,"required":false,"index":false},{"name":"username","description":"File default username from info DB","type":"text","hidden":false,"required":false,"index":false},{"name":"groupname","description":"File default groupname from info DB","type":"text","hidden":false,"required":false,"index":false},{"name":"mode","description":"File permissions mode from info DB","type":"text","hidden":false,"required":false,"index":false},{"name":"size","description":"Expected file size in bytes from RPM info DB","type":"bigint","hidden":false,"required":false,"index":false},{"name":"sha256","description":"SHA256 file digest from RPM info DB","type":"text","hidden":false,"required":false,"index":false}]},{"name":"rpm_packages","description":"RPM packages that are currently installed on the host system.","platforms":["linux"],"columns":[{"name":"name","description":"RPM package name","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Package version","type":"text","hidden":false,"required":false,"index":false},{"name":"release","description":"Package release","type":"text","hidden":false,"required":false,"index":false},{"name":"source","description":"Source RPM package name (optional)","type":"text","hidden":false,"required":false,"index":false},{"name":"size","description":"Package size in bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"sha1","description":"SHA1 hash of the package contents","type":"text","hidden":false,"required":false,"index":false},{"name":"arch","description":"Architecture(s) supported","type":"text","hidden":false,"required":false,"index":false},{"name":"epoch","description":"Package epoch value","type":"integer","hidden":false,"required":false,"index":false},{"name":"install_time","description":"When the package was installed","type":"integer","hidden":false,"required":false,"index":false},{"name":"vendor","description":"Package vendor","type":"text","hidden":false,"required":false,"index":false},{"name":"package_group","description":"Package group","type":"text","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","hidden":true,"required":false,"index":false},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","hidden":true,"required":false,"index":false}]},{"name":"running_apps","description":"macOS applications currently running on the host system.","platforms":["darwin"],"columns":[{"name":"pid","description":"The pid of the application","type":"integer","hidden":false,"required":false,"index":false},{"name":"bundle_identifier","description":"The bundle identifier of the application","type":"text","hidden":false,"required":false,"index":false},{"name":"is_active","description":"1 if the application is in focus, 0 otherwise","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"safari_extensions","description":"Safari browser extension details for all users.","platforms":["darwin"],"columns":[{"name":"uid","description":"The local user that owns the extension","type":"bigint","hidden":false,"required":false,"index":false},{"name":"name","description":"Extension display name","type":"text","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Extension identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension long version","type":"text","hidden":false,"required":false,"index":false},{"name":"sdk","description":"Bundle SDK used to compile extension","type":"text","hidden":false,"required":false,"index":false},{"name":"update_url","description":"Extension-supplied update URI","type":"text","hidden":false,"required":false,"index":false},{"name":"author","description":"Optional extension author","type":"text","hidden":false,"required":false,"index":false},{"name":"developer_id","description":"Optional developer identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"Optional extension description text","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to extension XAR bundle","type":"text","hidden":false,"required":false,"index":false}]},{"name":"sandboxes","description":"OS X application sandboxes container details.","platforms":["darwin"],"columns":[{"name":"label","description":"UTI-format bundle or label ID","type":"text","hidden":false,"required":false,"index":false},{"name":"user","description":"Sandbox owner","type":"text","hidden":false,"required":false,"index":false},{"name":"enabled","description":"Application sandboxings enabled on container","type":"integer","hidden":false,"required":false,"index":false},{"name":"build_id","description":"Sandbox-specific identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"bundle_path","description":"Application bundle used by the sandbox","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to sandbox container directory","type":"text","hidden":false,"required":false,"index":false}]},{"name":"scheduled_tasks","description":"Lists all of the tasks in the Windows task scheduler.","platforms":["windows"],"columns":[{"name":"name","description":"Name of the scheduled task","type":"text","hidden":false,"required":false,"index":false},{"name":"action","description":"Actions executed by the scheduled task","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to the executable to be run","type":"text","hidden":false,"required":false,"index":false},{"name":"enabled","description":"Whether or not the scheduled task is enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"state","description":"State of the scheduled task","type":"text","hidden":false,"required":false,"index":false},{"name":"hidden","description":"Whether or not the task is visible in the UI","type":"integer","hidden":false,"required":false,"index":false},{"name":"last_run_time","description":"Timestamp the task last ran","type":"bigint","hidden":false,"required":false,"index":false},{"name":"next_run_time","description":"Timestamp the task is scheduled to run next","type":"bigint","hidden":false,"required":false,"index":false},{"name":"last_run_message","description":"Exit status message of the last task run","type":"text","hidden":false,"required":false,"index":false},{"name":"last_run_code","description":"Exit status code of the last task run","type":"text","hidden":false,"required":false,"index":false}]},{"name":"screenlock","description":"macOS screenlock status for the current logged in user context.","platforms":["darwin"],"columns":[{"name":"enabled","description":"1 If a password is required after sleep or the screensaver begins; else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"grace_period","description":"The amount of time in seconds the screen must be asleep or the screensaver on before a password is required on-wake. 0 = immediately; -1 = no password is required on-wake","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"seccomp_events","description":"A virtual table that tracks seccomp events.","platforms":["linux"],"columns":[{"name":"time","description":"Time of execution in UNIX time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","hidden":false,"required":false,"index":false},{"name":"auid","description":"Audit user ID (loginuid) of the user who started the analyzed process","type":"unsigned_bigint","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID of the user who started the analyzed process","type":"unsigned_bigint","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID of the user who started the analyzed process","type":"unsigned_bigint","hidden":false,"required":false,"index":false},{"name":"ses","description":"Session ID of the session from which the analyzed process was invoked","type":"unsigned_bigint","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"unsigned_bigint","hidden":false,"required":false,"index":false},{"name":"comm","description":"Command-line name of the command that was used to invoke the analyzed process","type":"text","hidden":false,"required":false,"index":false},{"name":"exe","description":"The path to the executable that was used to invoke the analyzed process","type":"text","hidden":false,"required":false,"index":false},{"name":"sig","description":"Signal value sent to process by seccomp","type":"bigint","hidden":false,"required":false,"index":false},{"name":"arch","description":"Information about the CPU architecture","type":"text","hidden":false,"required":false,"index":false},{"name":"syscall","description":"Type of the system call","type":"text","hidden":false,"required":false,"index":false},{"name":"compat","description":"Is system call in compatibility mode","type":"bigint","hidden":false,"required":false,"index":false},{"name":"ip","description":"Instruction pointer value","type":"text","hidden":false,"required":false,"index":false},{"name":"code","description":"The seccomp action","type":"text","hidden":false,"required":false,"index":false}]},{"name":"secureboot","description":"Secure Boot UEFI Settings.","platforms":["darwin","linux","freebsd","windows"],"columns":[{"name":"secure_boot","description":"Whether secure boot is enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"setup_mode","description":"Whether setup mode is enabled","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"selinux_events","description":"Track SELinux events.","platforms":["linux"],"columns":[{"name":"type","description":"Event type","type":"text","hidden":false,"required":false,"index":false},{"name":"message","description":"Message","type":"text","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","hidden":true,"required":false,"index":false}]},{"name":"selinux_settings","description":"Track active SELinux settings.","platforms":["linux"],"columns":[{"name":"scope","description":"Where the key is located inside the SELinuxFS mount point.","type":"text","hidden":false,"required":false,"index":false},{"name":"key","description":"Key or class name.","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"Active value.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"services","description":"Lists all installed Windows services and their relevant data.","platforms":["windows"],"columns":[{"name":"name","description":"Service name","type":"text","hidden":false,"required":false,"index":false},{"name":"service_type","description":"Service Type: OWN_PROCESS, SHARE_PROCESS and maybe Interactive (can interact with the desktop)","type":"text","hidden":false,"required":false,"index":false},{"name":"display_name","description":"Service Display name","type":"text","hidden":false,"required":false,"index":false},{"name":"status","description":"Service Current status: STOPPED, START_PENDING, STOP_PENDING, RUNNING, CONTINUE_PENDING, PAUSE_PENDING, PAUSED","type":"text","hidden":false,"required":false,"index":false},{"name":"pid","description":"the Process ID of the service","type":"integer","hidden":false,"required":false,"index":false},{"name":"start_type","description":"Service start type: BOOT_START, SYSTEM_START, AUTO_START, DEMAND_START, DISABLED","type":"text","hidden":false,"required":false,"index":false},{"name":"win32_exit_code","description":"The error code that the service uses to report an error that occurs when it is starting or stopping","type":"integer","hidden":false,"required":false,"index":false},{"name":"service_exit_code","description":"The service-specific error code that the service returns when an error occurs while the service is starting or stopping","type":"integer","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to Service Executable","type":"text","hidden":false,"required":false,"index":false},{"name":"module_path","description":"Path to ServiceDll","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"Service Description","type":"text","hidden":false,"required":false,"index":false},{"name":"user_account","description":"The name of the account that the service process will be logged on as when it runs. This name can be of the form Domain\\UserName. If the account belongs to the built-in domain, the name can be of the form .\\UserName.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"shadow","description":"Local system users encrypted passwords and related information. Please note, that you usually need superuser rights to access `/etc/shadow`.","platforms":["linux"],"columns":[{"name":"password_status","description":"Password status","type":"text","hidden":false,"required":false,"index":false},{"name":"hash_alg","description":"Password hashing algorithm","type":"text","hidden":false,"required":false,"index":false},{"name":"last_change","description":"Date of last password change (starting from UNIX epoch date)","type":"bigint","hidden":false,"required":false,"index":false},{"name":"min","description":"Minimal number of days between password changes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"max","description":"Maximum number of days between password changes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"warning","description":"Number of days before password expires to warn user about it","type":"bigint","hidden":false,"required":false,"index":false},{"name":"inactive","description":"Number of days after password expires until account is blocked","type":"bigint","hidden":false,"required":false,"index":false},{"name":"expire","description":"Number of days since UNIX epoch date until account is disabled","type":"bigint","hidden":false,"required":false,"index":false},{"name":"flag","description":"Reserved","type":"bigint","hidden":false,"required":false,"index":false},{"name":"username","description":"Username","type":"text","hidden":false,"required":false,"index":false}]},{"name":"shared_folders","description":"Folders available to others via SMB or AFP.","platforms":["darwin"],"columns":[{"name":"name","description":"The shared name of the folder as it appears to other users","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Absolute path of shared folder on the local system","type":"text","hidden":false,"required":false,"index":false}]},{"name":"shared_memory","description":"OS shared memory regions.","platforms":["linux"],"columns":[{"name":"shmid","description":"Shared memory segment ID","type":"integer","hidden":false,"required":false,"index":false},{"name":"owner_uid","description":"User ID of owning process","type":"bigint","hidden":false,"required":false,"index":false},{"name":"creator_uid","description":"User ID of creator process","type":"bigint","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID to last use the segment","type":"bigint","hidden":false,"required":false,"index":false},{"name":"creator_pid","description":"Process ID that created the segment","type":"bigint","hidden":false,"required":false,"index":false},{"name":"atime","description":"Attached time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"dtime","description":"Detached time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"ctime","description":"Changed time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"permissions","description":"Memory segment permissions","type":"text","hidden":false,"required":false,"index":false},{"name":"size","description":"Size in bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"attached","description":"Number of attached processes","type":"integer","hidden":false,"required":false,"index":false},{"name":"status","description":"Destination/attach status","type":"text","hidden":false,"required":false,"index":false},{"name":"locked","description":"1 if segment is locked else 0","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"shared_resources","description":"Displays shared resources on a computer system running Windows. This may be a disk drive, printer, interprocess communication, or other sharable device.","platforms":["windows"],"columns":[{"name":"description","description":"A textual description of the object","type":"text","hidden":false,"required":false,"index":false},{"name":"install_date","description":"Indicates when the object was installed. Lack of a value does not indicate that the object is not installed.","type":"text","hidden":false,"required":false,"index":false},{"name":"status","description":"String that indicates the current status of the object.","type":"text","hidden":false,"required":false,"index":false},{"name":"allow_maximum","description":"Number of concurrent users for this resource has been limited. If True, the value in the MaximumAllowed property is ignored.","type":"integer","hidden":false,"required":false,"index":false},{"name":"maximum_allowed","description":"Limit on the maximum number of users allowed to use this resource concurrently. The value is only valid if the AllowMaximum property is set to FALSE.","type":"integer","hidden":false,"required":false,"index":false},{"name":"name","description":"Alias given to a path set up as a share on a computer system running Windows.","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Local path of the Windows share.","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of resource being shared. Types include: disk drives, print queues, interprocess communications (IPC), and general devices.","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"sharing_preferences","description":"OS X Sharing preferences.","platforms":["darwin"],"columns":[{"name":"screen_sharing","description":"1 If screen sharing is enabled else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"file_sharing","description":"1 If file sharing is enabled else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"printer_sharing","description":"1 If printer sharing is enabled else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"remote_login","description":"1 If remote login is enabled else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"remote_management","description":"1 If remote management is enabled else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"remote_apple_events","description":"1 If remote apple events are enabled else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"internet_sharing","description":"1 If internet sharing is enabled else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"bluetooth_sharing","description":"1 If bluetooth sharing is enabled for any user else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"disc_sharing","description":"1 If CD or DVD sharing is enabled else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"content_caching","description":"1 If content caching is enabled else 0","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"shell_history","description":"A line-delimited (command) table of per-user .*_history data.","platforms":["darwin","linux"],"columns":[{"name":"uid","description":"Shell history owner","type":"bigint","hidden":false,"required":false,"index":false},{"name":"time","description":"Entry timestamp. It could be absent, default value is 0.","type":"integer","hidden":false,"required":false,"index":false},{"name":"command","description":"Unparsed date/line/command history line","type":"text","hidden":false,"required":false,"index":false},{"name":"history_file","description":"Path to the .*_history for this user","type":"text","hidden":false,"required":false,"index":false}]},{"name":"shellbags","description":"Shows directories accessed via Windows Explorer.","platforms":["windows"],"columns":[{"name":"sid","description":"User SID","type":"text","hidden":false,"required":false,"index":false},{"name":"source","description":"Shellbags source Registry file","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Directory name.","type":"text","hidden":false,"required":false,"index":false},{"name":"modified_time","description":"Directory Modified time.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"created_time","description":"Directory Created time.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"accessed_time","description":"Directory Accessed time.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"mft_entry","description":"Directory master file table entry.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"mft_sequence","description":"Directory master file table sequence.","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"shimcache","description":"Application Compatibility Cache, contains artifacts of execution.","platforms":["windows"],"columns":[{"name":"entry","description":"Execution order.","type":"integer","hidden":false,"required":false,"index":false},{"name":"path","description":"This is the path to the executed file.","type":"text","hidden":false,"required":false,"index":false},{"name":"modified_time","description":"File Modified time.","type":"integer","hidden":false,"required":false,"index":false},{"name":"execution_flag","description":"Boolean Execution flag, 1 for execution, 0 for no execution, -1 for missing (this flag does not exist on Windows 10 and higher).","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"shortcut_files","description":"View data about Windows Shortcut files.","platforms":["windows"],"columns":[{"name":"path","description":"Directory name.","type":"text","hidden":false,"required":true,"index":false},{"name":"target_path","description":"Target file path","type":"text","hidden":false,"required":false,"index":false},{"name":"target_modified","description":"Target Modified time.","type":"integer","hidden":false,"required":false,"index":false},{"name":"target_created","description":"Target Created time.","type":"integer","hidden":false,"required":false,"index":false},{"name":"target_accessed","description":"Target Accessed time.","type":"integer","hidden":false,"required":false,"index":false},{"name":"target_size","description":"Size of target file.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"relative_path","description":"Relative path to target file from lnk file.","type":"text","hidden":false,"required":false,"index":false},{"name":"local_path","description":"Local system path to target file.","type":"text","hidden":false,"required":false,"index":false},{"name":"working_path","description":"Target file directory.","type":"text","hidden":false,"required":false,"index":false},{"name":"icon_path","description":"Lnk file icon location.","type":"text","hidden":false,"required":false,"index":false},{"name":"common_path","description":"Common system path to target file.","type":"text","hidden":false,"required":false,"index":false},{"name":"command_args","description":"Command args passed to lnk file.","type":"text","hidden":false,"required":false,"index":false},{"name":"hostname","description":"Optional hostname of the target file.","type":"text","hidden":false,"required":false,"index":false},{"name":"share_name","description":"Share name of the target file.","type":"text","hidden":false,"required":false,"index":false},{"name":"device_type","description":"Device containing the target file.","type":"text","hidden":false,"required":false,"index":false},{"name":"volume_serial","description":"Volume serial number.","type":"text","hidden":false,"required":false,"index":false},{"name":"mft_entry","description":"Target mft entry.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"mft_sequence","description":"Target mft sequence.","type":"integer","hidden":false,"required":false,"index":false},{"name":"description","description":"Lnk file description.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"signature","description":"File (executable, bundle, installer, disk) code signing status.","platforms":["darwin"],"columns":[{"name":"path","description":"Must provide a path or directory","type":"text","hidden":false,"required":true,"index":false},{"name":"hash_resources","description":"Set to 1 to also hash resources, or 0 otherwise. Default is 1","type":"integer","hidden":false,"required":false,"index":false},{"name":"arch","description":"If applicable, the arch of the signed code","type":"text","hidden":false,"required":false,"index":false},{"name":"signed","description":"1 If the file is signed else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"identifier","description":"The signing identifier sealed into the signature","type":"text","hidden":false,"required":false,"index":false},{"name":"cdhash","description":"Hash of the application Code Directory","type":"text","hidden":false,"required":false,"index":false},{"name":"team_identifier","description":"The team signing identifier sealed into the signature","type":"text","hidden":false,"required":false,"index":false},{"name":"authority","description":"Certificate Common Name","type":"text","hidden":false,"required":false,"index":false}]},{"name":"sip_config","description":"Apple's System Integrity Protection (rootless) status.","platforms":["darwin"],"columns":[{"name":"config_flag","description":"The System Integrity Protection config flag","type":"text","hidden":false,"required":false,"index":false},{"name":"enabled","description":"1 if this configuration is enabled, otherwise 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"enabled_nvram","description":"1 if this configuration is enabled, otherwise 0","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"smart_drive_info","description":"Drive information read by SMART controller utilizing autodetect.","platforms":["darwin","linux"],"columns":[{"name":"device_name","description":"Name of block device","type":"text","hidden":false,"required":false,"index":false},{"name":"disk_id","description":"Physical slot number of device, only exists when hardware storage controller exists","type":"integer","hidden":false,"required":false,"index":false},{"name":"driver_type","description":"The explicit device type used to retrieve the SMART information","type":"text","hidden":false,"required":false,"index":false},{"name":"model_family","description":"Drive model family","type":"text","hidden":false,"required":false,"index":false},{"name":"device_model","description":"Device Model","type":"text","hidden":false,"required":false,"index":false},{"name":"serial_number","description":"Device serial number","type":"text","hidden":false,"required":false,"index":false},{"name":"lu_wwn_device_id","description":"Device Identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"additional_product_id","description":"An additional drive identifier if any","type":"text","hidden":false,"required":false,"index":false},{"name":"firmware_version","description":"Drive firmware version","type":"text","hidden":false,"required":false,"index":false},{"name":"user_capacity","description":"Bytes of drive capacity","type":"text","hidden":false,"required":false,"index":false},{"name":"sector_sizes","description":"Bytes of drive sector sizes","type":"text","hidden":false,"required":false,"index":false},{"name":"rotation_rate","description":"Drive RPM","type":"text","hidden":false,"required":false,"index":false},{"name":"form_factor","description":"Form factor if reported","type":"text","hidden":false,"required":false,"index":false},{"name":"in_smartctl_db","description":"Boolean value for if drive is recognized","type":"integer","hidden":false,"required":false,"index":false},{"name":"ata_version","description":"ATA version of drive","type":"text","hidden":false,"required":false,"index":false},{"name":"transport_type","description":"Drive transport type","type":"text","hidden":false,"required":false,"index":false},{"name":"sata_version","description":"SATA version, if any","type":"text","hidden":false,"required":false,"index":false},{"name":"read_device_identity_failure","description":"Error string for device id read, if any","type":"text","hidden":false,"required":false,"index":false},{"name":"smart_supported","description":"SMART support status","type":"text","hidden":false,"required":false,"index":false},{"name":"smart_enabled","description":"SMART enabled status","type":"text","hidden":false,"required":false,"index":false},{"name":"packet_device_type","description":"Packet device type","type":"text","hidden":false,"required":false,"index":false},{"name":"power_mode","description":"Device power mode","type":"text","hidden":false,"required":false,"index":false},{"name":"warnings","description":"Warning messages from SMART controller","type":"text","hidden":false,"required":false,"index":false}]},{"name":"smbios_tables","description":"BIOS (DMI) structure common details and content.","platforms":["darwin","linux"],"columns":[{"name":"number","description":"Table entry number","type":"integer","hidden":false,"required":false,"index":false},{"name":"type","description":"Table entry type","type":"integer","hidden":false,"required":false,"index":false},{"name":"description","description":"Table entry description","type":"text","hidden":false,"required":false,"index":false},{"name":"handle","description":"Table entry handle","type":"integer","hidden":false,"required":false,"index":false},{"name":"header_size","description":"Header size in bytes","type":"integer","hidden":false,"required":false,"index":false},{"name":"size","description":"Table entry size in bytes","type":"integer","hidden":false,"required":false,"index":false},{"name":"md5","description":"MD5 hash of table entry","type":"text","hidden":false,"required":false,"index":false}]},{"name":"smc_keys","description":"Apple's system management controller keys.","platforms":["darwin"],"columns":[{"name":"key","description":"4-character key","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"SMC-reported type literal type","type":"text","hidden":false,"required":false,"index":false},{"name":"size","description":"Reported size of data in bytes","type":"integer","hidden":false,"required":false,"index":false},{"name":"value","description":"A type-encoded representation of the key value","type":"text","hidden":false,"required":false,"index":false},{"name":"hidden","description":"1 if this key is normally hidden, otherwise 0","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"socket_events","description":"Track network socket opens and closes.","platforms":["darwin","linux"],"columns":[{"name":"action","description":"The socket action (bind, listen, close)","type":"text","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed file","type":"text","hidden":false,"required":false,"index":false},{"name":"fd","description":"The file description for the process socket","type":"text","hidden":false,"required":false,"index":false},{"name":"auid","description":"Audit User ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"status","description":"Either 'succeeded', 'failed', 'in_progress' (connect() on non-blocking socket) or 'no_client' (null accept() on non-blocking socket)","type":"text","hidden":false,"required":false,"index":false},{"name":"family","description":"The Internet protocol family ID","type":"integer","hidden":false,"required":false,"index":false},{"name":"protocol","description":"The network protocol ID","type":"integer","hidden":true,"required":false,"index":false},{"name":"local_address","description":"Local address associated with socket","type":"text","hidden":false,"required":false,"index":false},{"name":"remote_address","description":"Remote address associated with socket","type":"text","hidden":false,"required":false,"index":false},{"name":"local_port","description":"Local network protocol port number","type":"integer","hidden":false,"required":false,"index":false},{"name":"remote_port","description":"Remote network protocol port number","type":"integer","hidden":false,"required":false,"index":false},{"name":"socket","description":"The local path (UNIX domain socket only)","type":"text","hidden":true,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","hidden":true,"required":false,"index":false},{"name":"success","description":"Deprecated. Use the 'status' column instead","type":"integer","hidden":true,"required":false,"index":false}]},{"name":"ssh_configs","description":"A table of parsed ssh_configs.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"uid","description":"The local owner of the ssh_config file","type":"bigint","hidden":false,"required":false,"index":false},{"name":"block","description":"The host or match block","type":"text","hidden":false,"required":false,"index":false},{"name":"option","description":"The option and value","type":"text","hidden":false,"required":false,"index":false},{"name":"ssh_config_file","description":"Path to the ssh_config file","type":"text","hidden":false,"required":false,"index":false}]},{"name":"startup_items","description":"Applications and binaries set as user/login startup items.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"name","description":"Name of startup item","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of startup item","type":"text","hidden":false,"required":false,"index":false},{"name":"args","description":"Arguments provided to startup executable","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Startup Item or Login Item","type":"text","hidden":false,"required":false,"index":false},{"name":"source","description":"Directory or plist containing startup item","type":"text","hidden":false,"required":false,"index":false},{"name":"status","description":"Startup status; either enabled or disabled","type":"text","hidden":false,"required":false,"index":false},{"name":"username","description":"The user associated with the startup item","type":"text","hidden":false,"required":false,"index":false}]},{"name":"sudoers","description":"Rules for running commands as other users via sudo.","platforms":["darwin","linux"],"columns":[{"name":"source","description":"Source file containing the given rule","type":"text","hidden":false,"required":false,"index":false},{"name":"header","description":"Symbol for given rule","type":"text","hidden":false,"required":false,"index":false},{"name":"rule_details","description":"Rule definition","type":"text","hidden":false,"required":false,"index":false}]},{"name":"suid_bin","description":"suid binaries in common locations.","platforms":["darwin","linux"],"columns":[{"name":"path","description":"Binary path","type":"text","hidden":false,"required":false,"index":false},{"name":"username","description":"Binary owner username","type":"text","hidden":false,"required":false,"index":false},{"name":"groupname","description":"Binary owner group","type":"text","hidden":false,"required":false,"index":false},{"name":"permissions","description":"Binary permissions","type":"text","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","hidden":true,"required":false,"index":false}]},{"name":"syslog_events","description":"","platforms":["linux"],"columns":[{"name":"time","description":"Current unix epoch time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"datetime","description":"Time known to syslog","type":"text","hidden":false,"required":false,"index":false},{"name":"host","description":"Hostname configured for syslog","type":"text","hidden":false,"required":false,"index":false},{"name":"severity","description":"Syslog severity","type":"integer","hidden":false,"required":false,"index":false},{"name":"facility","description":"Syslog facility","type":"text","hidden":false,"required":false,"index":false},{"name":"tag","description":"The syslog tag","type":"text","hidden":false,"required":false,"index":false},{"name":"message","description":"The syslog message","type":"text","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","hidden":true,"required":false,"index":false}]},{"name":"system_controls","description":"sysctl names, values, and settings information.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Full sysctl MIB name","type":"text","hidden":false,"required":false,"index":false},{"name":"oid","description":"Control MIB","type":"text","hidden":false,"required":false,"index":false},{"name":"subsystem","description":"Subsystem ID, control type","type":"text","hidden":false,"required":false,"index":false},{"name":"current_value","description":"Value of setting","type":"text","hidden":false,"required":false,"index":false},{"name":"config_value","description":"The MIB value set in /etc/sysctl.conf","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Data type","type":"text","hidden":false,"required":false,"index":false},{"name":"field_name","description":"Specific attribute of opaque type","type":"text","hidden":false,"required":false,"index":false}]},{"name":"system_extensions","description":"macOS (>= 10.15) system extension table.","platforms":["darwin"],"columns":[{"name":"path","description":"Original path of system extension","type":"text","hidden":false,"required":false,"index":false},{"name":"UUID","description":"Extension unique id","type":"text","hidden":false,"required":false,"index":false},{"name":"state","description":"System extension state","type":"text","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Identifier name","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"System extension version","type":"text","hidden":false,"required":false,"index":false},{"name":"category","description":"System extension category","type":"text","hidden":false,"required":false,"index":false},{"name":"bundle_path","description":"System extension bundle path","type":"text","hidden":false,"required":false,"index":false},{"name":"team","description":"Signing team ID","type":"text","hidden":false,"required":false,"index":false},{"name":"mdm_managed","description":"1 if managed by MDM system extension payload configuration, 0 otherwise","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"system_info","description":"System information for identification.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"hostname","description":"Network hostname including domain","type":"text","hidden":false,"required":false,"index":false},{"name":"uuid","description":"Unique ID provided by the system","type":"text","hidden":false,"required":false,"index":false},{"name":"cpu_type","description":"CPU type","type":"text","hidden":false,"required":false,"index":false},{"name":"cpu_subtype","description":"CPU subtype","type":"text","hidden":false,"required":false,"index":false},{"name":"cpu_brand","description":"CPU brand string, contains vendor and model","type":"text","hidden":false,"required":false,"index":false},{"name":"cpu_physical_cores","description":"Number of physical CPU cores in to the system","type":"integer","hidden":false,"required":false,"index":false},{"name":"cpu_logical_cores","description":"Number of logical CPU cores available to the system","type":"integer","hidden":false,"required":false,"index":false},{"name":"cpu_microcode","description":"Microcode version","type":"text","hidden":false,"required":false,"index":false},{"name":"physical_memory","description":"Total physical memory in bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"hardware_vendor","description":"Hardware vendor","type":"text","hidden":false,"required":false,"index":false},{"name":"hardware_model","description":"Hardware model","type":"text","hidden":false,"required":false,"index":false},{"name":"hardware_version","description":"Hardware version","type":"text","hidden":false,"required":false,"index":false},{"name":"hardware_serial","description":"Device serial number","type":"text","hidden":false,"required":false,"index":false},{"name":"board_vendor","description":"Board vendor","type":"text","hidden":false,"required":false,"index":false},{"name":"board_model","description":"Board model","type":"text","hidden":false,"required":false,"index":false},{"name":"board_version","description":"Board version","type":"text","hidden":false,"required":false,"index":false},{"name":"board_serial","description":"Board serial number","type":"text","hidden":false,"required":false,"index":false},{"name":"computer_name","description":"Friendly computer name (optional)","type":"text","hidden":false,"required":false,"index":false},{"name":"local_hostname","description":"Local hostname (optional)","type":"text","hidden":false,"required":false,"index":false}]},{"name":"systemd_units","description":"Track systemd units.","platforms":["linux"],"columns":[{"name":"id","description":"Unique unit identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"Unit description","type":"text","hidden":false,"required":false,"index":false},{"name":"load_state","description":"Reflects whether the unit definition was properly loaded","type":"text","hidden":false,"required":false,"index":false},{"name":"active_state","description":"The high-level unit activation state, i.e. generalization of SUB","type":"text","hidden":false,"required":false,"index":false},{"name":"sub_state","description":"The low-level unit activation state, values depend on unit type","type":"text","hidden":false,"required":false,"index":false},{"name":"following","description":"The name of another unit that this unit follows in state","type":"text","hidden":false,"required":false,"index":false},{"name":"object_path","description":"The object path for this unit","type":"text","hidden":false,"required":false,"index":false},{"name":"job_id","description":"Next queued job id","type":"bigint","hidden":false,"required":false,"index":false},{"name":"job_type","description":"Job type","type":"text","hidden":false,"required":false,"index":false},{"name":"job_path","description":"The object path for the job","type":"text","hidden":false,"required":false,"index":false},{"name":"fragment_path","description":"The unit file path this unit was read from, if there is any","type":"text","hidden":false,"required":false,"index":false},{"name":"user","description":"The configured user, if any","type":"text","hidden":false,"required":false,"index":false},{"name":"source_path","description":"Path to the (possibly generated) unit configuration file","type":"text","hidden":false,"required":false,"index":false}]},{"name":"temperature_sensors","description":"Machine's temperature sensors.","platforms":["darwin"],"columns":[{"name":"key","description":"The SMC key on OS X","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of temperature source","type":"text","hidden":false,"required":false,"index":false},{"name":"celsius","description":"Temperature in Celsius","type":"double","hidden":false,"required":false,"index":false},{"name":"fahrenheit","description":"Temperature in Fahrenheit","type":"double","hidden":false,"required":false,"index":false}]},{"name":"time","description":"Track current date and time in the system.","platforms":["darwin","linux","freebsd","windows"],"columns":[{"name":"weekday","description":"Current weekday in the system","type":"text","hidden":false,"required":false,"index":false},{"name":"year","description":"Current year in the system","type":"integer","hidden":false,"required":false,"index":false},{"name":"month","description":"Current month in the system","type":"integer","hidden":false,"required":false,"index":false},{"name":"day","description":"Current day in the system","type":"integer","hidden":false,"required":false,"index":false},{"name":"hour","description":"Current hour in the system","type":"integer","hidden":false,"required":false,"index":false},{"name":"minutes","description":"Current minutes in the system","type":"integer","hidden":false,"required":false,"index":false},{"name":"seconds","description":"Current seconds in the system","type":"integer","hidden":false,"required":false,"index":false},{"name":"timezone","description":"Current timezone in the system","type":"text","hidden":false,"required":false,"index":false},{"name":"local_time","description":"Current local UNIX time in the system","type":"integer","hidden":false,"required":false,"index":false},{"name":"local_timezone","description":"Current local timezone in the system","type":"text","hidden":false,"required":false,"index":false},{"name":"unix_time","description":"Current UNIX time in the system, converted to UTC if --utc enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"timestamp","description":"Current timestamp (log format) in the system","type":"text","hidden":false,"required":false,"index":false},{"name":"datetime","description":"Current date and time (ISO format) in the system","type":"text","hidden":false,"required":false,"index":false},{"name":"iso_8601","description":"Current time (ISO format) in the system","type":"text","hidden":false,"required":false,"index":false},{"name":"win_timestamp","description":"Timestamp value in 100 nanosecond units.","type":"bigint","hidden":true,"required":false,"index":false}]},{"name":"time_machine_backups","description":"Backups to drives using TimeMachine.","platforms":["darwin"],"columns":[{"name":"destination_id","description":"Time Machine destination ID","type":"text","hidden":false,"required":false,"index":false},{"name":"backup_date","description":"Backup Date","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"time_machine_destinations","description":"Locations backed up to using Time Machine.","platforms":["darwin"],"columns":[{"name":"alias","description":"Human readable name of drive","type":"text","hidden":false,"required":false,"index":false},{"name":"destination_id","description":"Time Machine destination ID","type":"text","hidden":false,"required":false,"index":false},{"name":"consistency_scan_date","description":"Consistency scan date","type":"integer","hidden":false,"required":false,"index":false},{"name":"root_volume_uuid","description":"Root UUID of backup volume","type":"text","hidden":false,"required":false,"index":false},{"name":"bytes_available","description":"Bytes available on volume","type":"integer","hidden":false,"required":false,"index":false},{"name":"bytes_used","description":"Bytes used on volume","type":"integer","hidden":false,"required":false,"index":false},{"name":"encryption","description":"Last known encrypted state","type":"text","hidden":false,"required":false,"index":false}]},{"name":"tpm_info","description":"A table that lists the TPM related information.","platforms":["windows"],"columns":[{"name":"activated","description":"TPM is activated","type":"integer","hidden":false,"required":false,"index":false},{"name":"enabled","description":"TPM is enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"owned","description":"TPM is ownned","type":"integer","hidden":false,"required":false,"index":false},{"name":"manufacturer_version","description":"TPM version","type":"text","hidden":false,"required":false,"index":false},{"name":"manufacturer_id","description":"TPM manufacturers ID","type":"integer","hidden":false,"required":false,"index":false},{"name":"manufacturer_name","description":"TPM manufacturers name","type":"text","hidden":false,"required":false,"index":false},{"name":"product_name","description":"Product name of the TPM","type":"text","hidden":false,"required":false,"index":false},{"name":"physical_presence_version","description":"Version of the Physical Presence Interface","type":"text","hidden":false,"required":false,"index":false},{"name":"spec_version","description":"Trusted Computing Group specification that the TPM supports","type":"text","hidden":false,"required":false,"index":false}]},{"name":"ulimit_info","description":"System resource usage limits.","platforms":["darwin","linux"],"columns":[{"name":"type","description":"System resource to be limited","type":"text","hidden":false,"required":false,"index":false},{"name":"soft_limit","description":"Current limit value","type":"text","hidden":false,"required":false,"index":false},{"name":"hard_limit","description":"Maximum limit value","type":"text","hidden":false,"required":false,"index":false}]},{"name":"uptime","description":"Track time passed since last boot. Some systems track this as calendar time, some as runtime.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"days","description":"Days of uptime","type":"integer","hidden":false,"required":false,"index":false},{"name":"hours","description":"Hours of uptime","type":"integer","hidden":false,"required":false,"index":false},{"name":"minutes","description":"Minutes of uptime","type":"integer","hidden":false,"required":false,"index":false},{"name":"seconds","description":"Seconds of uptime","type":"integer","hidden":false,"required":false,"index":false},{"name":"total_seconds","description":"Total uptime seconds","type":"bigint","hidden":false,"required":false,"index":false}]},{"name":"usb_devices","description":"USB devices that are actively plugged into the host system.","platforms":["darwin","linux"],"columns":[{"name":"usb_address","description":"USB Device used address","type":"integer","hidden":false,"required":false,"index":false},{"name":"usb_port","description":"USB Device used port","type":"integer","hidden":false,"required":false,"index":false},{"name":"vendor","description":"USB Device vendor string","type":"text","hidden":false,"required":false,"index":false},{"name":"vendor_id","description":"Hex encoded USB Device vendor identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"USB Device version number","type":"text","hidden":false,"required":false,"index":false},{"name":"model","description":"USB Device model string","type":"text","hidden":false,"required":false,"index":false},{"name":"model_id","description":"Hex encoded USB Device model identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"serial","description":"USB Device serial connection","type":"text","hidden":false,"required":false,"index":false},{"name":"class","description":"USB Device class","type":"text","hidden":false,"required":false,"index":false},{"name":"subclass","description":"USB Device subclass","type":"text","hidden":false,"required":false,"index":false},{"name":"protocol","description":"USB Device protocol","type":"text","hidden":false,"required":false,"index":false},{"name":"removable","description":"1 If USB device is removable else 0","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"user_events","description":"Track user events from the audit framework.","platforms":["darwin","linux"],"columns":[{"name":"uid","description":"User ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"auid","description":"Audit User ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"message","description":"Message from the event","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"The file description for the process socket","type":"integer","hidden":false,"required":false,"index":false},{"name":"path","description":"Supplied path from event","type":"text","hidden":false,"required":false,"index":false},{"name":"address","description":"The Internet protocol address or family ID","type":"text","hidden":false,"required":false,"index":false},{"name":"terminal","description":"The network protocol ID","type":"text","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","hidden":true,"required":false,"index":false}]},{"name":"user_groups","description":"Local system user group relationships.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"uid","description":"User ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID","type":"bigint","hidden":false,"required":false,"index":false}]},{"name":"user_interaction_events","description":"Track user interaction events from macOS' event tapping framework.","platforms":["darwin"],"columns":[{"name":"time","description":"Time","type":"bigint","hidden":false,"required":false,"index":false}]},{"name":"user_ssh_keys","description":"Returns the private keys in the users ~/.ssh directory and whether or not they are encrypted.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"uid","description":"The local user that owns the key file","type":"bigint","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to key file","type":"text","hidden":false,"required":false,"index":false},{"name":"encrypted","description":"1 if key is encrypted, 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"key_type","description":"The type of the private key. One of [rsa, dsa, dh, ec, hmac, cmac], or the empty string.","type":"text","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","hidden":true,"required":false,"index":false}]},{"name":"userassist","description":"UserAssist Registry Key tracks when a user executes an application from Windows Explorer.","platforms":["windows"],"columns":[{"name":"path","description":"Application file path.","type":"text","hidden":false,"required":false,"index":false},{"name":"last_execution_time","description":"Most recent time application was executed.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"count","description":"Number of times the application has been executed.","type":"integer","hidden":false,"required":false,"index":false},{"name":"sid","description":"User SID.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"users","description":"Local user accounts (including domain accounts that have logged on locally (Windows)).","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"uid","description":"User ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID (unsigned)","type":"bigint","hidden":false,"required":false,"index":false},{"name":"uid_signed","description":"User ID as int64 signed (Apple)","type":"bigint","hidden":false,"required":false,"index":false},{"name":"gid_signed","description":"Default group ID as int64 signed (Apple)","type":"bigint","hidden":false,"required":false,"index":false},{"name":"username","description":"Username","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"Optional user description","type":"text","hidden":false,"required":false,"index":false},{"name":"directory","description":"User's home directory","type":"text","hidden":false,"required":false,"index":false},{"name":"shell","description":"User's configured default shell","type":"text","hidden":false,"required":false,"index":false},{"name":"uuid","description":"User's UUID (Apple) or SID (Windows)","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Whether the account is roaming (domain), local, or a system profile","type":"text","hidden":true,"required":false,"index":false},{"name":"is_hidden","description":"IsHidden attribute set in OpenDirectory","type":"integer","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","hidden":true,"required":false,"index":false}]},{"name":"video_info","description":"Retrieve video card information of the machine.","platforms":["windows"],"columns":[{"name":"color_depth","description":"The amount of bits per pixel to represent color.","type":"integer","hidden":false,"required":false,"index":false},{"name":"driver","description":"The driver of the device.","type":"text","hidden":false,"required":false,"index":false},{"name":"driver_date","description":"The date listed on the installed driver.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"driver_version","description":"The version of the installed driver.","type":"text","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"The manufacturer of the gpu.","type":"text","hidden":false,"required":false,"index":false},{"name":"model","description":"The model of the gpu.","type":"text","hidden":false,"required":false,"index":false},{"name":"series","description":"The series of the gpu.","type":"text","hidden":false,"required":false,"index":false},{"name":"video_mode","description":"The current resolution of the display.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"virtual_memory_info","description":"Darwin Virtual Memory statistics.","platforms":["darwin"],"columns":[{"name":"free","description":"Total number of free pages.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"active","description":"Total number of active pages.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"inactive","description":"Total number of inactive pages.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"speculative","description":"Total number of speculative pages.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"throttled","description":"Total number of throttled pages.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"wired","description":"Total number of wired down pages.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"purgeable","description":"Total number of purgeable pages.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"faults","description":"Total number of calls to vm_faults.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"copy","description":"Total number of copy-on-write pages.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"zero_fill","description":"Total number of zero filled pages.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"reactivated","description":"Total number of reactivated pages.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"purged","description":"Total number of purged pages.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"file_backed","description":"Total number of file backed pages.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"anonymous","description":"Total number of anonymous pages.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"uncompressed","description":"Total number of uncompressed pages.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"compressor","description":"The number of pages used to store compressed VM pages.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"decompressed","description":"The total number of pages that have been decompressed by the VM compressor.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"compressed","description":"The total number of pages that have been compressed by the VM compressor.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"page_ins","description":"The total number of requests for pages from a pager.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"page_outs","description":"Total number of pages paged out.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"swap_ins","description":"The total number of compressed pages that have been swapped out to disk.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"swap_outs","description":"The total number of compressed pages that have been swapped back in from disk.","type":"bigint","hidden":false,"required":false,"index":false}]},{"name":"wifi_networks","description":"OS X known/remembered Wi-Fi networks list.","platforms":["darwin"],"columns":[{"name":"ssid","description":"SSID octets of the network","type":"text","hidden":false,"required":false,"index":false},{"name":"network_name","description":"Name of the network","type":"text","hidden":false,"required":false,"index":false},{"name":"security_type","description":"Type of security on this network","type":"text","hidden":false,"required":false,"index":false},{"name":"last_connected","description":"Last time this netword was connected to as a unix_time","type":"integer","hidden":false,"required":false,"index":false},{"name":"passpoint","description":"1 if Passpoint is supported, 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"possibly_hidden","description":"1 if network is possibly a hidden network, 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"roaming","description":"1 if roaming is supported, 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"roaming_profile","description":"Describe the roaming profile, usually one of Single, Dual or Multi","type":"text","hidden":false,"required":false,"index":false},{"name":"captive_portal","description":"1 if this network has a captive portal, 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"auto_login","description":"1 if auto login is enabled, 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"temporarily_disabled","description":"1 if this network is temporarily disabled, 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"disabled","description":"1 if this network is disabled, 0 otherwise","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"wifi_status","description":"OS X current WiFi status.","platforms":["darwin"],"columns":[{"name":"interface","description":"Name of the interface","type":"text","hidden":false,"required":false,"index":false},{"name":"ssid","description":"SSID octets of the network","type":"text","hidden":false,"required":false,"index":false},{"name":"bssid","description":"The current basic service set identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"network_name","description":"Name of the network","type":"text","hidden":false,"required":false,"index":false},{"name":"country_code","description":"The country code (ISO/IEC 3166-1:1997) for the network","type":"text","hidden":false,"required":false,"index":false},{"name":"security_type","description":"Type of security on this network","type":"text","hidden":false,"required":false,"index":false},{"name":"rssi","description":"The current received signal strength indication (dbm)","type":"integer","hidden":false,"required":false,"index":false},{"name":"noise","description":"The current noise measurement (dBm)","type":"integer","hidden":false,"required":false,"index":false},{"name":"channel","description":"Channel number","type":"integer","hidden":false,"required":false,"index":false},{"name":"channel_width","description":"Channel width","type":"integer","hidden":false,"required":false,"index":false},{"name":"channel_band","description":"Channel band","type":"integer","hidden":false,"required":false,"index":false},{"name":"transmit_rate","description":"The current transmit rate","type":"text","hidden":false,"required":false,"index":false},{"name":"mode","description":"The current operating mode for the Wi-Fi interface","type":"text","hidden":false,"required":false,"index":false}]},{"name":"wifi_survey","description":"Scan for nearby WiFi networks.","platforms":["darwin"],"columns":[{"name":"interface","description":"Name of the interface","type":"text","hidden":false,"required":false,"index":false},{"name":"ssid","description":"SSID octets of the network","type":"text","hidden":false,"required":false,"index":false},{"name":"bssid","description":"The current basic service set identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"network_name","description":"Name of the network","type":"text","hidden":false,"required":false,"index":false},{"name":"country_code","description":"The country code (ISO/IEC 3166-1:1997) for the network","type":"text","hidden":false,"required":false,"index":false},{"name":"rssi","description":"The current received signal strength indication (dbm)","type":"integer","hidden":false,"required":false,"index":false},{"name":"noise","description":"The current noise measurement (dBm)","type":"integer","hidden":false,"required":false,"index":false},{"name":"channel","description":"Channel number","type":"integer","hidden":false,"required":false,"index":false},{"name":"channel_width","description":"Channel width","type":"integer","hidden":false,"required":false,"index":false},{"name":"channel_band","description":"Channel band","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"winbaseobj","description":"Lists named Windows objects in the default object directories, across all terminal services sessions. Example Windows ojbect types include Mutexes, Events, Jobs and Semaphors.","platforms":["windows"],"columns":[{"name":"session_id","description":"Terminal Services Session Id","type":"integer","hidden":false,"required":false,"index":false},{"name":"object_name","description":"Object Name","type":"text","hidden":false,"required":false,"index":false},{"name":"object_type","description":"Object Type","type":"text","hidden":false,"required":false,"index":false}]},{"name":"windows_crashes","description":"Extracted information from Windows crash logs (Minidumps).","platforms":["windows"],"columns":[{"name":"datetime","description":"Timestamp (log format) of the crash","type":"text","hidden":false,"required":false,"index":false},{"name":"module","description":"Path of the crashed module within the process","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of the executable file for the crashed process","type":"text","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID of the crashed process","type":"bigint","hidden":false,"required":false,"index":false},{"name":"tid","description":"Thread ID of the crashed thread","type":"bigint","hidden":false,"required":false,"index":false},{"name":"version","description":"File version info of the crashed process","type":"text","hidden":false,"required":false,"index":false},{"name":"process_uptime","description":"Uptime of the process in seconds","type":"bigint","hidden":false,"required":false,"index":false},{"name":"stack_trace","description":"Multiple stack frames from the stack trace","type":"text","hidden":false,"required":false,"index":false},{"name":"exception_code","description":"The Windows exception code","type":"text","hidden":false,"required":false,"index":false},{"name":"exception_message","description":"The NTSTATUS error message associated with the exception code","type":"text","hidden":false,"required":false,"index":false},{"name":"exception_address","description":"Address (in hex) where the exception occurred","type":"text","hidden":false,"required":false,"index":false},{"name":"registers","description":"The values of the system registers","type":"text","hidden":false,"required":false,"index":false},{"name":"command_line","description":"Command-line string passed to the crashed process","type":"text","hidden":false,"required":false,"index":false},{"name":"current_directory","description":"Current working directory of the crashed process","type":"text","hidden":false,"required":false,"index":false},{"name":"username","description":"Username of the user who ran the crashed process","type":"text","hidden":false,"required":false,"index":false},{"name":"machine_name","description":"Name of the machine where the crash happened","type":"text","hidden":false,"required":false,"index":false},{"name":"major_version","description":"Windows major version of the machine","type":"integer","hidden":false,"required":false,"index":false},{"name":"minor_version","description":"Windows minor version of the machine","type":"integer","hidden":false,"required":false,"index":false},{"name":"build_number","description":"Windows build number of the crashing machine","type":"integer","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of crash log","type":"text","hidden":false,"required":false,"index":false},{"name":"crash_path","description":"Path of the log file","type":"text","hidden":false,"required":false,"index":false}]},{"name":"windows_eventlog","description":"Table for querying all recorded Windows event logs.","platforms":["windows"],"columns":[{"name":"channel","description":"Source or channel of the event","type":"text","hidden":false,"required":true,"index":false},{"name":"datetime","description":"System time at which the event occurred","type":"text","hidden":false,"required":false,"index":false},{"name":"task","description":"Task value associated with the event","type":"integer","hidden":false,"required":false,"index":false},{"name":"level","description":"Severity level associated with the event","type":"integer","hidden":false,"required":false,"index":false},{"name":"provider_name","description":"Provider name of the event","type":"text","hidden":false,"required":false,"index":false},{"name":"provider_guid","description":"Provider guid of the event","type":"text","hidden":false,"required":false,"index":false},{"name":"computer_name","description":"Hostname of system where event was generated","type":"text","hidden":false,"required":false,"index":false},{"name":"eventid","description":"Event ID of the event","type":"integer","hidden":false,"required":false,"index":false},{"name":"keywords","description":"A bitmask of the keywords defined in the event","type":"text","hidden":false,"required":false,"index":false},{"name":"data","description":"Data associated with the event","type":"text","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID which emitted the event record","type":"integer","hidden":false,"required":false,"index":false},{"name":"tid","description":"Thread ID which emitted the event record","type":"integer","hidden":false,"required":false,"index":false},{"name":"time_range","description":"System time to selectively filter the events","type":"text","hidden":true,"required":false,"index":false},{"name":"timestamp","description":"Timestamp to selectively filter the events","type":"text","hidden":true,"required":false,"index":false},{"name":"xpath","description":"The custom query to filter events","type":"text","hidden":true,"required":true,"index":false}]},{"name":"windows_events","description":"Windows Event logs.","platforms":["windows"],"columns":[{"name":"time","description":"Timestamp the event was received","type":"bigint","hidden":false,"required":false,"index":false},{"name":"datetime","description":"System time at which the event occurred","type":"text","hidden":false,"required":false,"index":false},{"name":"source","description":"Source or channel of the event","type":"text","hidden":false,"required":false,"index":false},{"name":"provider_name","description":"Provider name of the event","type":"text","hidden":false,"required":false,"index":false},{"name":"provider_guid","description":"Provider guid of the event","type":"text","hidden":false,"required":false,"index":false},{"name":"computer_name","description":"Hostname of system where event was generated","type":"text","hidden":false,"required":false,"index":false},{"name":"eventid","description":"Event ID of the event","type":"integer","hidden":false,"required":false,"index":false},{"name":"task","description":"Task value associated with the event","type":"integer","hidden":false,"required":false,"index":false},{"name":"level","description":"The severity level associated with the event","type":"integer","hidden":false,"required":false,"index":false},{"name":"keywords","description":"A bitmask of the keywords defined in the event","type":"text","hidden":false,"required":false,"index":false},{"name":"data","description":"Data associated with the event","type":"text","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","hidden":true,"required":false,"index":false}]},{"name":"windows_optional_features","description":"Lists names and installation states of windows features. Maps to Win32_OptionalFeature WMI class.","platforms":["windows"],"columns":[{"name":"name","description":"Name of the feature","type":"text","hidden":false,"required":false,"index":false},{"name":"caption","description":"Caption of feature in settings UI","type":"text","hidden":false,"required":false,"index":false},{"name":"state","description":"Installation state value. 1 == Enabled, 2 == Disabled, 3 == Absent","type":"integer","hidden":false,"required":false,"index":false},{"name":"statename","description":"Installation state name. 'Enabled','Disabled','Absent'","type":"text","hidden":false,"required":false,"index":false}]},{"name":"windows_security_center","description":"The health status of Window Security features. Health values can be \"Good\", \"Poor\". \"Snoozed\", \"Not Monitored\", and \"Error\".","platforms":["windows"],"columns":[{"name":"firewall","description":"The health of the monitored Firewall (see windows_security_products)","type":"text","hidden":false,"required":false,"index":false},{"name":"autoupdate","description":"The health of the Windows Autoupdate feature","type":"text","hidden":false,"required":false,"index":false},{"name":"antivirus","description":"The health of the monitored Antivirus solution (see windows_security_products)","type":"text","hidden":false,"required":false,"index":false},{"name":"antispyware","description":"The health of the monitored Antispyware solution (see windows_security_products)","type":"text","hidden":false,"required":false,"index":false},{"name":"internet_settings","description":"The health of the Internet Settings","type":"text","hidden":false,"required":false,"index":false},{"name":"windows_security_center_service","description":"The health of the Windows Security Center Service","type":"text","hidden":false,"required":false,"index":false},{"name":"user_account_control","description":"The health of the User Account Control (UAC) capability in Windows","type":"text","hidden":false,"required":false,"index":false}]},{"name":"windows_security_products","description":"Enumeration of registered Windows security products.","platforms":["windows"],"columns":[{"name":"type","description":"Type of security product","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of product","type":"text","hidden":false,"required":false,"index":false},{"name":"state","description":"State of protection","type":"text","hidden":false,"required":false,"index":false},{"name":"state_timestamp","description":"Timestamp for the product state","type":"text","hidden":false,"required":false,"index":false},{"name":"remediation_path","description":"Remediation path","type":"text","hidden":false,"required":false,"index":false},{"name":"signatures_up_to_date","description":"1 if product signatures are up to date, else 0","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"wmi_bios_info","description":"Lists important information from the system bios.","platforms":["windows"],"columns":[{"name":"name","description":"Name of the Bios setting","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"Value of the Bios setting","type":"text","hidden":false,"required":false,"index":false}]},{"name":"wmi_cli_event_consumers","description":"WMI CommandLineEventConsumer, which can be used for persistence on Windows. See https://www.blackhat.com/docs/us-15/materials/us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent%20Asynchronous-And-Fileless-Backdoor-wp.pdf for more details.","platforms":["windows"],"columns":[{"name":"name","description":"Unique name of a consumer.","type":"text","hidden":false,"required":false,"index":false},{"name":"command_line_template","description":"Standard string template that specifies the process to be started. This property can be NULL, and the ExecutablePath property is used as the command line.","type":"text","hidden":false,"required":false,"index":false},{"name":"executable_path","description":"Module to execute. The string can specify the full path and file name of the module to execute, or it can specify a partial name. If a partial name is specified, the current drive and current directory are assumed.","type":"text","hidden":false,"required":false,"index":false},{"name":"class","description":"The name of the class.","type":"text","hidden":false,"required":false,"index":false},{"name":"relative_path","description":"Relative path to the class or instance.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"wmi_event_filters","description":"Lists WMI event filters.","platforms":["windows"],"columns":[{"name":"name","description":"Unique identifier of an event filter.","type":"text","hidden":false,"required":false,"index":false},{"name":"query","description":"Windows Management Instrumentation Query Language (WQL) event query that specifies the set of events for consumer notification, and the specific conditions for notification.","type":"text","hidden":false,"required":false,"index":false},{"name":"query_language","description":"Query language that the query is written in.","type":"text","hidden":false,"required":false,"index":false},{"name":"class","description":"The name of the class.","type":"text","hidden":false,"required":false,"index":false},{"name":"relative_path","description":"Relative path to the class or instance.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"wmi_filter_consumer_binding","description":"Lists the relationship between event consumers and filters.","platforms":["windows"],"columns":[{"name":"consumer","description":"Reference to an instance of __EventConsumer that represents the object path to a logical consumer, the recipient of an event.","type":"text","hidden":false,"required":false,"index":false},{"name":"filter","description":"Reference to an instance of __EventFilter that represents the object path to an event filter which is a query that specifies the type of event to be received.","type":"text","hidden":false,"required":false,"index":false},{"name":"class","description":"The name of the class.","type":"text","hidden":false,"required":false,"index":false},{"name":"relative_path","description":"Relative path to the class or instance.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"wmi_script_event_consumers","description":"WMI ActiveScriptEventConsumer, which can be used for persistence on Windows. See https://www.blackhat.com/docs/us-15/materials/us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent%20Asynchronous-And-Fileless-Backdoor-wp.pdf for more details.","platforms":["windows"],"columns":[{"name":"name","description":"Unique identifier for the event consumer. ","type":"text","hidden":false,"required":false,"index":false},{"name":"scripting_engine","description":"Name of the scripting engine to use, for example, 'VBScript'. This property cannot be NULL.","type":"text","hidden":false,"required":false,"index":false},{"name":"script_file_name","description":"Name of the file from which the script text is read, intended as an alternative to specifying the text of the script in the ScriptText property.","type":"text","hidden":false,"required":false,"index":false},{"name":"script_text","description":"Text of the script that is expressed in a language known to the scripting engine. This property must be NULL if the ScriptFileName property is not NULL.","type":"text","hidden":false,"required":false,"index":false},{"name":"class","description":"The name of the class.","type":"text","hidden":false,"required":false,"index":false},{"name":"relative_path","description":"Relative path to the class or instance.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"xprotect_entries","description":"Database of the machine's XProtect signatures.","platforms":["darwin"],"columns":[{"name":"name","description":"Description of XProtected malware","type":"text","hidden":false,"required":false,"index":false},{"name":"launch_type","description":"Launch services content type","type":"text","hidden":false,"required":false,"index":false},{"name":"identity","description":"XProtect identity (SHA1) of content","type":"text","hidden":false,"required":false,"index":false},{"name":"filename","description":"Use this file name to match","type":"text","hidden":false,"required":false,"index":false},{"name":"filetype","description":"Use this file type to match","type":"text","hidden":false,"required":false,"index":false},{"name":"optional","description":"Match any of the identities/patterns for this XProtect name","type":"integer","hidden":false,"required":false,"index":false},{"name":"uses_pattern","description":"Uses a match pattern instead of identity","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"xprotect_meta","description":"Database of the machine's XProtect browser-related signatures.","platforms":["darwin"],"columns":[{"name":"identifier","description":"Browser plugin or extension identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Either plugin or extension","type":"text","hidden":false,"required":false,"index":false},{"name":"developer_id","description":"Developer identity (SHA1) of extension","type":"text","hidden":false,"required":false,"index":false},{"name":"min_version","description":"The minimum allowed plugin version.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"xprotect_reports","description":"Database of XProtect matches (if user generated/sent an XProtect report).","platforms":["darwin"],"columns":[{"name":"name","description":"Description of XProtected malware","type":"text","hidden":false,"required":false,"index":false},{"name":"user_action","description":"Action taken by user after prompted","type":"text","hidden":false,"required":false,"index":false},{"name":"time","description":"Quarantine alert time","type":"text","hidden":false,"required":false,"index":false}]},{"name":"yara","description":"Track YARA matches for files or PIDs.","platforms":["darwin","linux","windows"],"columns":[{"name":"path","description":"The path scanned","type":"text","hidden":false,"required":true,"index":false},{"name":"matches","description":"List of YARA matches","type":"text","hidden":false,"required":false,"index":false},{"name":"count","description":"Number of YARA matches","type":"integer","hidden":false,"required":false,"index":false},{"name":"sig_group","description":"Signature group used","type":"text","hidden":false,"required":false,"index":false},{"name":"sigfile","description":"Signature file used","type":"text","hidden":false,"required":false,"index":false},{"name":"sigrule","description":"Signature strings used","type":"text","hidden":true,"required":false,"index":false},{"name":"strings","description":"Matching strings","type":"text","hidden":false,"required":false,"index":false},{"name":"tags","description":"Matching tags","type":"text","hidden":false,"required":false,"index":false},{"name":"sigurl","description":"Signature url","type":"text","hidden":true,"required":false,"index":false}]},{"name":"yara_events","description":"Track YARA matches for files specified in configuration data.","platforms":["darwin","linux","windows"],"columns":[{"name":"target_path","description":"The path scanned","type":"text","hidden":false,"required":false,"index":false},{"name":"category","description":"The category of the file","type":"text","hidden":false,"required":false,"index":false},{"name":"action","description":"Change action (UPDATE, REMOVE, etc)","type":"text","hidden":false,"required":false,"index":false},{"name":"transaction_id","description":"ID used during bulk update","type":"bigint","hidden":false,"required":false,"index":false},{"name":"matches","description":"List of YARA matches","type":"text","hidden":false,"required":false,"index":false},{"name":"count","description":"Number of YARA matches","type":"integer","hidden":false,"required":false,"index":false},{"name":"strings","description":"Matching strings","type":"text","hidden":false,"required":false,"index":false},{"name":"tags","description":"Matching tags","type":"text","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of the scan","type":"bigint","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","hidden":true,"required":false,"index":false}]},{"name":"ycloud_instance_metadata","description":"Yandex.Cloud instance metadata.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"instance_id","description":"Unique identifier for the VM","type":"text","hidden":false,"required":false,"index":false},{"name":"folder_id","description":"Folder identifier for the VM","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of the VM","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"Description of the VM","type":"text","hidden":false,"required":false,"index":false},{"name":"hostname","description":"Hostname of the VM","type":"text","hidden":false,"required":false,"index":false},{"name":"zone","description":"Availability zone of the VM","type":"text","hidden":false,"required":false,"index":false},{"name":"ssh_public_key","description":"SSH public key. Only available if supplied at instance launch time","type":"text","hidden":false,"required":false,"index":false},{"name":"serial_port_enabled","description":"Indicates if serial port is enabled for the VM","type":"text","hidden":false,"required":false,"index":false},{"name":"metadata_endpoint","description":"Endpoint used to fetch VM metadata","type":"text","hidden":false,"required":false,"index":false}]},{"name":"yum_sources","description":"Current list of Yum repositories or software channels.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Repository name","type":"text","hidden":false,"required":false,"index":false},{"name":"baseurl","description":"Repository base URL","type":"text","hidden":false,"required":false,"index":false},{"name":"enabled","description":"Whether the repository is used","type":"text","hidden":false,"required":false,"index":false},{"name":"gpgcheck","description":"Whether packages are GPG checked","type":"text","hidden":false,"required":false,"index":false},{"name":"gpgkey","description":"URL to GPG key","type":"text","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","hidden":true,"required":false,"index":false}]},{"name":"host_users","description":"Local user accounts (including domain accounts that have logged on locally (Windows)).","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"uid","description":"User ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID (unsigned)","type":"bigint","hidden":false,"required":false,"index":false},{"name":"uid_signed","description":"User ID as int64 signed (Apple)","type":"bigint","hidden":false,"required":false,"index":false},{"name":"gid_signed","description":"Default group ID as int64 signed (Apple)","type":"bigint","hidden":false,"required":false,"index":false},{"name":"username","description":"Username","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"Optional user description","type":"text","hidden":false,"required":false,"index":false},{"name":"directory","description":"User's home directory","type":"text","hidden":false,"required":false,"index":false},{"name":"shell","description":"User's configured default shell","type":"text","hidden":false,"required":false,"index":false},{"name":"uuid","description":"User's UUID (Apple) or SID (Windows)","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Whether the account is roaming (domain), local, or a system profile","type":"text","hidden":true,"required":false,"index":false},{"name":"is_hidden","description":"IsHidden attribute set in OpenDirectory","type":"integer","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","hidden":true,"required":false,"index":false}]},{"name":"host_groups","description":"Local system groups.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"gid","description":"Unsigned int64 group ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"gid_signed","description":"A signed int64 version of gid","type":"bigint","hidden":false,"required":false,"index":false},{"name":"groupname","description":"Canonical local group name","type":"text","hidden":false,"required":false,"index":false},{"name":"group_sid","description":"Unique group ID","type":"text","hidden":true,"required":false,"index":false},{"name":"comment","description":"Remarks or comments associated with the group","type":"text","hidden":true,"required":false,"index":false},{"name":"is_hidden","description":"IsHidden attribute set in OpenDirectory","type":"integer","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","hidden":true,"required":false,"index":false}]},{"name":"host_processes","description":"All running processes on the host system.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"name","description":"The process path or shorthand argv[0]","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to executed binary","type":"text","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Complete argv","type":"text","hidden":false,"required":false,"index":false},{"name":"state","description":"Process state","type":"text","hidden":false,"required":false,"index":false},{"name":"cwd","description":"Process current working directory","type":"text","hidden":false,"required":false,"index":false},{"name":"root","description":"Process virtual root directory","type":"text","hidden":false,"required":false,"index":false},{"name":"uid","description":"Unsigned user ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"gid","description":"Unsigned group ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"euid","description":"Unsigned effective user ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"egid","description":"Unsigned effective group ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"suid","description":"Unsigned saved user ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"sgid","description":"Unsigned saved group ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"on_disk","description":"The process path exists yes=1, no=0, unknown=-1","type":"integer","hidden":false,"required":false,"index":false},{"name":"wired_size","description":"Bytes of unpageable memory used by process","type":"bigint","hidden":false,"required":false,"index":false},{"name":"resident_size","description":"Bytes of private memory used by process","type":"bigint","hidden":false,"required":false,"index":false},{"name":"total_size","description":"Total virtual memory size","type":"bigint","hidden":false,"required":false,"index":false},{"name":"user_time","description":"CPU time in milliseconds spent in user space","type":"bigint","hidden":false,"required":false,"index":false},{"name":"system_time","description":"CPU time in milliseconds spent in kernel space","type":"bigint","hidden":false,"required":false,"index":false},{"name":"disk_bytes_read","description":"Bytes read from disk","type":"bigint","hidden":false,"required":false,"index":false},{"name":"disk_bytes_written","description":"Bytes written to disk","type":"bigint","hidden":false,"required":false,"index":false},{"name":"start_time","description":"Process start time in seconds since Epoch, in case of error -1","type":"bigint","hidden":false,"required":false,"index":false},{"name":"parent","description":"Process parent's PID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"pgroup","description":"Process group","type":"bigint","hidden":false,"required":false,"index":false},{"name":"threads","description":"Number of threads used by process","type":"integer","hidden":false,"required":false,"index":false},{"name":"nice","description":"Process nice level (-20 to 20, default 0)","type":"integer","hidden":false,"required":false,"index":false},{"name":"elevated_token","description":"Process uses elevated token yes=1, no=0","type":"integer","hidden":true,"required":false,"index":false},{"name":"secure_process","description":"Process is secure (IUM) yes=1, no=0","type":"integer","hidden":true,"required":false,"index":false},{"name":"protection_type","description":"The protection type of the process","type":"text","hidden":true,"required":false,"index":false},{"name":"virtual_process","description":"Process is virtual (e.g. System, Registry, vmmem) yes=1, no=0","type":"integer","hidden":true,"required":false,"index":false},{"name":"elapsed_time","description":"Elapsed time in seconds this process has been running.","type":"bigint","hidden":true,"required":false,"index":false},{"name":"handle_count","description":"Total number of handles that the process has open. This number is the sum of the handles currently opened by each thread in the process.","type":"bigint","hidden":true,"required":false,"index":false},{"name":"percent_processor_time","description":"Returns elapsed time that all of the threads of this process used the processor to execute instructions in 100 nanoseconds ticks.","type":"bigint","hidden":true,"required":false,"index":false},{"name":"upid","description":"A 64bit pid that is never reused. Returns -1 if we couldn't gather them from the system.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"uppid","description":"The 64bit parent pid that is never reused. Returns -1 if we couldn't gather them from the system.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"cpu_type","description":"Indicates the specific processor designed for installation.","type":"integer","hidden":false,"required":false,"index":false},{"name":"cpu_subtype","description":"Indicates the specific processor on which an entry may be used.","type":"integer","hidden":false,"required":false,"index":false}]}] \ No newline at end of file diff --git a/x-pack/plugins/osquery/public/common/schemas/osquery/v5.2.2.json b/x-pack/plugins/osquery/public/common/schemas/osquery/v5.2.2.json new file mode 100644 index 0000000000000..e3301051b35ca --- /dev/null +++ b/x-pack/plugins/osquery/public/common/schemas/osquery/v5.2.2.json @@ -0,0 +1 @@ +[{"name":"account_policy_data","description":"Additional OS X user account data from the AccountPolicy section of OpenDirectory.","platforms":["darwin"],"columns":[{"name":"uid","description":"User ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"creation_time","description":"When the account was first created","type":"double","hidden":false,"required":false,"index":false},{"name":"failed_login_count","description":"The number of failed login attempts using an incorrect password. Count resets after a correct password is entered.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"failed_login_timestamp","description":"The time of the last failed login attempt. Resets after a correct password is entered","type":"double","hidden":false,"required":false,"index":false},{"name":"password_last_set_time","description":"The time the password was last changed","type":"double","hidden":false,"required":false,"index":false}]},{"name":"acpi_tables","description":"Firmware ACPI functional table common metadata and content.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"ACPI table name","type":"text","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of compiled table data","type":"integer","hidden":false,"required":false,"index":false},{"name":"md5","description":"MD5 hash of table content","type":"text","hidden":false,"required":false,"index":false}]},{"name":"ad_config","description":"OS X Active Directory configuration.","platforms":["darwin"],"columns":[{"name":"name","description":"The OS X-specific configuration name","type":"text","hidden":false,"required":false,"index":false},{"name":"domain","description":"Active Directory trust domain","type":"text","hidden":false,"required":false,"index":false},{"name":"option","description":"Canonical name of option","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"Variable typed option value","type":"text","hidden":false,"required":false,"index":false}]},{"name":"alf","description":"OS X application layer firewall (ALF) service details.","platforms":["darwin"],"columns":[{"name":"allow_signed_enabled","description":"1 If allow signed mode is enabled else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"firewall_unload","description":"1 If firewall unloading enabled else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"global_state","description":"1 If the firewall is enabled with exceptions, 2 if the firewall is configured to block all incoming connections, else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"logging_enabled","description":"1 If logging mode is enabled else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"logging_option","description":"Firewall logging option","type":"integer","hidden":false,"required":false,"index":false},{"name":"stealth_enabled","description":"1 If stealth mode is enabled else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"version","description":"Application Layer Firewall version","type":"text","hidden":false,"required":false,"index":false}]},{"name":"alf_exceptions","description":"OS X application layer firewall (ALF) service exceptions.","platforms":["darwin"],"columns":[{"name":"path","description":"Path to the executable that is excepted","type":"text","hidden":false,"required":false,"index":false},{"name":"state","description":"Firewall exception state","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"alf_explicit_auths","description":"ALF services explicitly allowed to perform networking.","platforms":["darwin"],"columns":[{"name":"process","description":"Process name explicitly allowed","type":"text","hidden":false,"required":false,"index":false}]},{"name":"app_schemes","description":"OS X application schemes and handlers (e.g., http, file, mailto).","platforms":["darwin"],"columns":[{"name":"scheme","description":"Name of the scheme/protocol","type":"text","hidden":false,"required":false,"index":false},{"name":"handler","description":"Application label for the handler","type":"text","hidden":false,"required":false,"index":false},{"name":"enabled","description":"1 if this handler is the OS default, else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"external","description":"1 if this handler does NOT exist on OS X by default, else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"protected","description":"1 if this handler is protected (reserved) by OS X, else 0","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"apparmor_events","description":"Track AppArmor events.","platforms":["linux"],"columns":[{"name":"type","description":"Event type","type":"text","hidden":false,"required":false,"index":false},{"name":"message","description":"Raw audit message","type":"text","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","hidden":true,"required":false,"index":false},{"name":"apparmor","description":"Apparmor Status like ALLOWED, DENIED etc.","type":"text","hidden":false,"required":false,"index":false},{"name":"operation","description":"Permission requested by the process","type":"text","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent process PID","type":"unsigned_bigint","hidden":false,"required":false,"index":false},{"name":"profile","description":"Apparmor profile name","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"Process name","type":"text","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"unsigned_bigint","hidden":false,"required":false,"index":false},{"name":"comm","description":"Command-line name of the command that was used to invoke the analyzed process","type":"text","hidden":false,"required":false,"index":false},{"name":"denied_mask","description":"Denied permissions for the process","type":"text","hidden":false,"required":false,"index":false},{"name":"capname","description":"Capability requested by the process","type":"text","hidden":false,"required":false,"index":false},{"name":"fsuid","description":"Filesystem user ID","type":"unsigned_bigint","hidden":false,"required":false,"index":false},{"name":"ouid","description":"Object owner's user ID","type":"unsigned_bigint","hidden":false,"required":false,"index":false},{"name":"capability","description":"Capability number","type":"bigint","hidden":false,"required":false,"index":false},{"name":"requested_mask","description":"Requested access mask","type":"text","hidden":false,"required":false,"index":false},{"name":"info","description":"Additional information","type":"text","hidden":false,"required":false,"index":false},{"name":"error","description":"Error information","type":"text","hidden":false,"required":false,"index":false},{"name":"namespace","description":"AppArmor namespace","type":"text","hidden":false,"required":false,"index":false},{"name":"label","description":"AppArmor label","type":"text","hidden":false,"required":false,"index":false}]},{"name":"apparmor_profiles","description":"Track active AppArmor profiles.","platforms":["linux"],"columns":[{"name":"path","description":"Unique, aa-status compatible, policy identifier.","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"Policy name.","type":"text","hidden":false,"required":false,"index":false},{"name":"attach","description":"Which executable(s) a profile will attach to.","type":"text","hidden":false,"required":false,"index":false},{"name":"mode","description":"How the policy is applied.","type":"text","hidden":false,"required":false,"index":false},{"name":"sha1","description":"A unique hash that identifies this policy.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"appcompat_shims","description":"Application Compatibility shims are a way to persist malware. This table presents the AppCompat Shim information from the registry in a nice format. See http://files.brucon.org/2015/Tomczak_and_Ballenthin_Shims_for_the_Win.pdf for more details.","platforms":["windows"],"columns":[{"name":"executable","description":"Name of the executable that is being shimmed. This is pulled from the registry.","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"This is the path to the SDB database.","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"Description of the SDB.","type":"text","hidden":false,"required":false,"index":false},{"name":"install_time","description":"Install time of the SDB","type":"integer","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of the SDB database.","type":"text","hidden":false,"required":false,"index":false},{"name":"sdb_id","description":"Unique GUID of the SDB.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"apps","description":"OS X applications installed in known search paths (e.g., /Applications).","platforms":["darwin"],"columns":[{"name":"name","description":"Name of the Name.app folder","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Absolute and full Name.app path","type":"text","hidden":false,"required":false,"index":false},{"name":"bundle_executable","description":"Info properties CFBundleExecutable label","type":"text","hidden":false,"required":false,"index":false},{"name":"bundle_identifier","description":"Info properties CFBundleIdentifier label","type":"text","hidden":false,"required":false,"index":false},{"name":"bundle_name","description":"Info properties CFBundleName label","type":"text","hidden":false,"required":false,"index":false},{"name":"bundle_short_version","description":"Info properties CFBundleShortVersionString label","type":"text","hidden":false,"required":false,"index":false},{"name":"bundle_version","description":"Info properties CFBundleVersion label","type":"text","hidden":false,"required":false,"index":false},{"name":"bundle_package_type","description":"Info properties CFBundlePackageType label","type":"text","hidden":false,"required":false,"index":false},{"name":"environment","description":"Application-set environment variables","type":"text","hidden":false,"required":false,"index":false},{"name":"element","description":"Does the app identify as a background agent","type":"text","hidden":false,"required":false,"index":false},{"name":"compiler","description":"Info properties DTCompiler label","type":"text","hidden":false,"required":false,"index":false},{"name":"development_region","description":"Info properties CFBundleDevelopmentRegion label","type":"text","hidden":false,"required":false,"index":false},{"name":"display_name","description":"Info properties CFBundleDisplayName label","type":"text","hidden":false,"required":false,"index":false},{"name":"info_string","description":"Info properties CFBundleGetInfoString label","type":"text","hidden":false,"required":false,"index":false},{"name":"minimum_system_version","description":"Minimum version of OS X required for the app to run","type":"text","hidden":false,"required":false,"index":false},{"name":"category","description":"The UTI that categorizes the app for the App Store","type":"text","hidden":false,"required":false,"index":false},{"name":"applescript_enabled","description":"Info properties NSAppleScriptEnabled label","type":"text","hidden":false,"required":false,"index":false},{"name":"copyright","description":"Info properties NSHumanReadableCopyright label","type":"text","hidden":false,"required":false,"index":false},{"name":"last_opened_time","description":"The time that the app was last used","type":"double","hidden":false,"required":false,"index":false}]},{"name":"apt_sources","description":"Current list of APT repositories or software channels.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Repository name","type":"text","hidden":false,"required":false,"index":false},{"name":"source","description":"Source file","type":"text","hidden":false,"required":false,"index":false},{"name":"base_uri","description":"Repository base URI","type":"text","hidden":false,"required":false,"index":false},{"name":"release","description":"Release name","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Repository source version","type":"text","hidden":false,"required":false,"index":false},{"name":"maintainer","description":"Repository maintainer","type":"text","hidden":false,"required":false,"index":false},{"name":"components","description":"Repository components","type":"text","hidden":false,"required":false,"index":false},{"name":"architectures","description":"Repository architectures","type":"text","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","hidden":true,"required":false,"index":false}]},{"name":"arp_cache","description":"Address resolution cache, both static and dynamic (from ARP, NDP).","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"address","description":"IPv4 address target","type":"text","hidden":false,"required":false,"index":false},{"name":"mac","description":"MAC address of broadcasted address","type":"text","hidden":false,"required":false,"index":false},{"name":"interface","description":"Interface of the network for the MAC","type":"text","hidden":false,"required":false,"index":false},{"name":"permanent","description":"1 for true, 0 for false","type":"text","hidden":false,"required":false,"index":false}]},{"name":"asl","description":"Queries the Apple System Log data structure for system events.","platforms":["darwin"],"columns":[{"name":"time","description":"Unix timestamp. Set automatically","type":"integer","hidden":false,"required":false,"index":false},{"name":"time_nano_sec","description":"Nanosecond time.","type":"integer","hidden":false,"required":false,"index":false},{"name":"host","description":"Sender's address (set by the server).","type":"text","hidden":false,"required":false,"index":false},{"name":"sender","description":"Sender's identification string. Default is process name.","type":"text","hidden":false,"required":false,"index":false},{"name":"facility","description":"Sender's facility. Default is 'user'.","type":"text","hidden":false,"required":false,"index":false},{"name":"pid","description":"Sending process ID encoded as a string. Set automatically.","type":"integer","hidden":false,"required":false,"index":false},{"name":"gid","description":"GID that sent the log message (set by the server).","type":"bigint","hidden":false,"required":false,"index":false},{"name":"uid","description":"UID that sent the log message (set by the server).","type":"bigint","hidden":false,"required":false,"index":false},{"name":"level","description":"Log level number. See levels in asl.h.","type":"integer","hidden":false,"required":false,"index":false},{"name":"message","description":"Message text.","type":"text","hidden":false,"required":false,"index":false},{"name":"ref_pid","description":"Reference PID for messages proxied by launchd","type":"integer","hidden":false,"required":false,"index":false},{"name":"ref_proc","description":"Reference process for messages proxied by launchd","type":"text","hidden":false,"required":false,"index":false},{"name":"extra","description":"Extra columns, in JSON format. Queries against this column are performed entirely in SQLite, so do not benefit from efficient querying via asl.h.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"atom_packages","description":"Lists all atom packages in a directory or globally installed in a system.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"name","description":"Package display name","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Package supplied version","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"Package supplied description","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Package's package.json path","type":"text","hidden":false,"required":false,"index":false},{"name":"license","description":"License for package","type":"text","hidden":false,"required":false,"index":false},{"name":"homepage","description":"Package supplied homepage","type":"text","hidden":false,"required":false,"index":false},{"name":"uid","description":"The local user that owns the plugin","type":"bigint","hidden":false,"required":false,"index":false}]},{"name":"augeas","description":"Configuration files parsed by augeas.","platforms":["darwin","linux"],"columns":[{"name":"node","description":"The node path of the configuration item","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"The value of the configuration item","type":"text","hidden":false,"required":false,"index":false},{"name":"label","description":"The label of the configuration item","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"The path to the configuration file","type":"text","hidden":false,"required":false,"index":false}]},{"name":"authenticode","description":"File (executable, bundle, installer, disk) code signing status.","platforms":["windows"],"columns":[{"name":"path","description":"Must provide a path or directory","type":"text","hidden":false,"required":true,"index":false},{"name":"original_program_name","description":"The original program name that the publisher has signed","type":"text","hidden":false,"required":false,"index":false},{"name":"serial_number","description":"The certificate serial number","type":"text","hidden":false,"required":false,"index":false},{"name":"issuer_name","description":"The certificate issuer name","type":"text","hidden":false,"required":false,"index":false},{"name":"subject_name","description":"The certificate subject name","type":"text","hidden":false,"required":false,"index":false},{"name":"result","description":"The signature check result","type":"text","hidden":false,"required":false,"index":false}]},{"name":"authorization_mechanisms","description":"OS X Authorization mechanisms database.","platforms":["darwin"],"columns":[{"name":"label","description":"Label of the authorization right","type":"text","hidden":false,"required":false,"index":false},{"name":"plugin","description":"Authorization plugin name","type":"text","hidden":false,"required":false,"index":false},{"name":"mechanism","description":"Name of the mechanism that will be called","type":"text","hidden":false,"required":false,"index":false},{"name":"privileged","description":"If privileged it will run as root, else as an anonymous user","type":"text","hidden":false,"required":false,"index":false},{"name":"entry","description":"The whole string entry","type":"text","hidden":false,"required":false,"index":false}]},{"name":"authorizations","description":"OS X Authorization rights database.","platforms":["darwin"],"columns":[{"name":"label","description":"Item name, usually in reverse domain format","type":"text","hidden":false,"required":false,"index":false},{"name":"modified","description":"Label top-level key","type":"text","hidden":false,"required":false,"index":false},{"name":"allow_root","description":"Label top-level key","type":"text","hidden":false,"required":false,"index":false},{"name":"timeout","description":"Label top-level key","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Label top-level key","type":"text","hidden":false,"required":false,"index":false},{"name":"tries","description":"Label top-level key","type":"text","hidden":false,"required":false,"index":false},{"name":"authenticate_user","description":"Label top-level key","type":"text","hidden":false,"required":false,"index":false},{"name":"shared","description":"Label top-level key","type":"text","hidden":false,"required":false,"index":false},{"name":"comment","description":"Label top-level key","type":"text","hidden":false,"required":false,"index":false},{"name":"created","description":"Label top-level key","type":"text","hidden":false,"required":false,"index":false},{"name":"class","description":"Label top-level key","type":"text","hidden":false,"required":false,"index":false},{"name":"session_owner","description":"Label top-level key","type":"text","hidden":false,"required":false,"index":false}]},{"name":"authorized_keys","description":"A line-delimited authorized_keys table.","platforms":["darwin","linux"],"columns":[{"name":"uid","description":"The local owner of authorized_keys file","type":"bigint","hidden":false,"required":false,"index":false},{"name":"algorithm","description":"algorithm of key","type":"text","hidden":false,"required":false,"index":false},{"name":"key","description":"parsed authorized keys line","type":"text","hidden":false,"required":false,"index":false},{"name":"key_file","description":"Path to the authorized_keys file","type":"text","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","hidden":true,"required":false,"index":false}]},{"name":"autoexec","description":"Aggregate of executables that will automatically execute on the target machine. This is an amalgamation of other tables like services, scheduled_tasks, startup_items and more.","platforms":["windows"],"columns":[{"name":"path","description":"Path to the executable","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of the program","type":"text","hidden":false,"required":false,"index":false},{"name":"source","description":"Source table of the autoexec item","type":"text","hidden":false,"required":false,"index":false}]},{"name":"azure_instance_metadata","description":"Azure instance metadata.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"location","description":"Azure Region the VM is running in","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of the VM","type":"text","hidden":false,"required":false,"index":false},{"name":"offer","description":"Offer information for the VM image (Azure image gallery VMs only)","type":"text","hidden":false,"required":false,"index":false},{"name":"publisher","description":"Publisher of the VM image","type":"text","hidden":false,"required":false,"index":false},{"name":"sku","description":"SKU for the VM image","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Version of the VM image","type":"text","hidden":false,"required":false,"index":false},{"name":"os_type","description":"Linux or Windows","type":"text","hidden":false,"required":false,"index":false},{"name":"platform_update_domain","description":"Update domain the VM is running in","type":"text","hidden":false,"required":false,"index":false},{"name":"platform_fault_domain","description":"Fault domain the VM is running in","type":"text","hidden":false,"required":false,"index":false},{"name":"vm_id","description":"Unique identifier for the VM","type":"text","hidden":false,"required":false,"index":false},{"name":"vm_size","description":"VM size","type":"text","hidden":false,"required":false,"index":false},{"name":"subscription_id","description":"Azure subscription for the VM","type":"text","hidden":false,"required":false,"index":false},{"name":"resource_group_name","description":"Resource group for the VM","type":"text","hidden":false,"required":false,"index":false},{"name":"placement_group_id","description":"Placement group for the VM scale set","type":"text","hidden":false,"required":false,"index":false},{"name":"vm_scale_set_name","description":"VM scale set name","type":"text","hidden":false,"required":false,"index":false},{"name":"zone","description":"Availability zone of the VM","type":"text","hidden":false,"required":false,"index":false}]},{"name":"azure_instance_tags","description":"Azure instance tags.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"vm_id","description":"Unique identifier for the VM","type":"text","hidden":false,"required":false,"index":false},{"name":"key","description":"The tag key","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"The tag value","type":"text","hidden":false,"required":false,"index":false}]},{"name":"background_activities_moderator","description":"Background Activities Moderator (BAM) tracks application execution.","platforms":["windows"],"columns":[{"name":"path","description":"Application file path.","type":"text","hidden":false,"required":false,"index":false},{"name":"last_execution_time","description":"Most recent time application was executed.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"sid","description":"User SID.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"battery","description":"Provides information about the internal battery of a Macbook.","platforms":["darwin"],"columns":[{"name":"manufacturer","description":"The battery manufacturer's name","type":"text","hidden":false,"required":false,"index":false},{"name":"manufacture_date","description":"The date the battery was manufactured UNIX Epoch","type":"integer","hidden":false,"required":false,"index":false},{"name":"model","description":"The battery's model number","type":"text","hidden":false,"required":false,"index":false},{"name":"serial_number","description":"The battery's unique serial number","type":"text","hidden":false,"required":false,"index":false},{"name":"cycle_count","description":"The number of charge/discharge cycles","type":"integer","hidden":false,"required":false,"index":false},{"name":"health","description":"One of the following: \"Good\" describes a well-performing battery, \"Fair\" describes a functional battery with limited capacity, or \"Poor\" describes a battery that's not capable of providing power","type":"text","hidden":false,"required":false,"index":false},{"name":"condition","description":"One of the following: \"Normal\" indicates the condition of the battery is within normal tolerances, \"Service Needed\" indicates that the battery should be checked out by a licensed Mac repair service, \"Permanent Failure\" indicates the battery needs replacement","type":"text","hidden":false,"required":false,"index":false},{"name":"state","description":"One of the following: \"AC Power\" indicates the battery is connected to an external power source, \"Battery Power\" indicates that the battery is drawing internal power, \"Off Line\" indicates the battery is off-line or no longer connected","type":"text","hidden":false,"required":false,"index":false},{"name":"charging","description":"1 if the battery is currently being charged by a power source. 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"charged","description":"1 if the battery is currently completely charged. 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"designed_capacity","description":"The battery's designed capacity in mAh","type":"integer","hidden":false,"required":false,"index":false},{"name":"max_capacity","description":"The battery's actual capacity when it is fully charged in mAh","type":"integer","hidden":false,"required":false,"index":false},{"name":"current_capacity","description":"The battery's current charged capacity in mAh","type":"integer","hidden":false,"required":false,"index":false},{"name":"percent_remaining","description":"The percentage of battery remaining before it is drained","type":"integer","hidden":false,"required":false,"index":false},{"name":"amperage","description":"The battery's current amperage in mA","type":"integer","hidden":false,"required":false,"index":false},{"name":"voltage","description":"The battery's current voltage in mV","type":"integer","hidden":false,"required":false,"index":false},{"name":"minutes_until_empty","description":"The number of minutes until the battery is fully depleted. This value is -1 if this time is still being calculated","type":"integer","hidden":false,"required":false,"index":false},{"name":"minutes_to_full_charge","description":"The number of minutes until the battery is fully charged. This value is -1 if this time is still being calculated","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"bitlocker_info","description":"Retrieve bitlocker status of the machine.","platforms":["windows"],"columns":[{"name":"device_id","description":"ID of the encrypted drive.","type":"text","hidden":false,"required":false,"index":false},{"name":"drive_letter","description":"Drive letter of the encrypted drive.","type":"text","hidden":false,"required":false,"index":false},{"name":"persistent_volume_id","description":"Persistent ID of the drive.","type":"text","hidden":false,"required":false,"index":false},{"name":"conversion_status","description":"The bitlocker conversion status of the drive.","type":"integer","hidden":false,"required":false,"index":false},{"name":"protection_status","description":"The bitlocker protection status of the drive.","type":"integer","hidden":false,"required":false,"index":false},{"name":"encryption_method","description":"The encryption type of the device.","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"The FVE metadata version of the drive.","type":"integer","hidden":false,"required":false,"index":false},{"name":"percentage_encrypted","description":"The percentage of the drive that is encrypted.","type":"integer","hidden":false,"required":false,"index":false},{"name":"lock_status","description":"The accessibility status of the drive from Windows.","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"block_devices","description":"Block (buffered access) device file nodes: disks, ramdisks, and DMG containers.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Block device name","type":"text","hidden":false,"required":false,"index":false},{"name":"parent","description":"Block device parent name","type":"text","hidden":false,"required":false,"index":false},{"name":"vendor","description":"Block device vendor string","type":"text","hidden":false,"required":false,"index":false},{"name":"model","description":"Block device model string identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"size","description":"Block device size in blocks","type":"bigint","hidden":false,"required":false,"index":false},{"name":"block_size","description":"Block size in bytes","type":"integer","hidden":false,"required":false,"index":false},{"name":"uuid","description":"Block device Universally Unique Identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Block device type string","type":"text","hidden":false,"required":false,"index":false},{"name":"label","description":"Block device label string","type":"text","hidden":false,"required":false,"index":false}]},{"name":"bpf_process_events","description":"Track time/action process executions.","platforms":["linux"],"columns":[{"name":"tid","description":"Thread ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent process ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"cid","description":"Cgroup ID","type":"integer","hidden":false,"required":false,"index":false},{"name":"exit_code","description":"Exit code of the system call","type":"text","hidden":false,"required":false,"index":false},{"name":"probe_error","description":"Set to 1 if one or more buffers could not be captured","type":"integer","hidden":false,"required":false,"index":false},{"name":"syscall","description":"System call name","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Binary path","type":"text","hidden":false,"required":false,"index":false},{"name":"cwd","description":"Current working directory","type":"text","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Command line arguments","type":"text","hidden":false,"required":false,"index":false},{"name":"duration","description":"How much time was spent inside the syscall (nsecs)","type":"integer","hidden":false,"required":false,"index":false},{"name":"json_cmdline","description":"Command line arguments, in JSON format","type":"text","hidden":true,"required":false,"index":false},{"name":"ntime","description":"The nsecs uptime timestamp as obtained from BPF","type":"text","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","hidden":true,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"integer","hidden":true,"required":false,"index":false}]},{"name":"bpf_socket_events","description":"Track network socket opens and closes.","platforms":["linux"],"columns":[{"name":"tid","description":"Thread ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent process ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"cid","description":"Cgroup ID","type":"integer","hidden":false,"required":false,"index":false},{"name":"exit_code","description":"Exit code of the system call","type":"text","hidden":false,"required":false,"index":false},{"name":"probe_error","description":"Set to 1 if one or more buffers could not be captured","type":"integer","hidden":false,"required":false,"index":false},{"name":"syscall","description":"System call name","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed file","type":"text","hidden":false,"required":false,"index":false},{"name":"fd","description":"The file description for the process socket","type":"text","hidden":false,"required":false,"index":false},{"name":"family","description":"The Internet protocol family ID","type":"integer","hidden":false,"required":false,"index":false},{"name":"type","description":"The socket type","type":"integer","hidden":false,"required":false,"index":false},{"name":"protocol","description":"The network protocol ID","type":"integer","hidden":false,"required":false,"index":false},{"name":"local_address","description":"Local address associated with socket","type":"text","hidden":false,"required":false,"index":false},{"name":"remote_address","description":"Remote address associated with socket","type":"text","hidden":false,"required":false,"index":false},{"name":"local_port","description":"Local network protocol port number","type":"integer","hidden":false,"required":false,"index":false},{"name":"remote_port","description":"Remote network protocol port number","type":"integer","hidden":false,"required":false,"index":false},{"name":"duration","description":"How much time was spent inside the syscall (nsecs)","type":"integer","hidden":false,"required":false,"index":false},{"name":"ntime","description":"The nsecs uptime timestamp as obtained from BPF","type":"text","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","hidden":true,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"integer","hidden":true,"required":false,"index":false}]},{"name":"browser_plugins","description":"All C/NPAPI browser plugin details for all users.","platforms":["darwin"],"columns":[{"name":"uid","description":"The local user that owns the plugin","type":"bigint","hidden":false,"required":false,"index":false},{"name":"name","description":"Plugin display name","type":"text","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Plugin identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Plugin short version","type":"text","hidden":false,"required":false,"index":false},{"name":"sdk","description":"Build SDK used to compile plugin","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"Plugin description text","type":"text","hidden":false,"required":false,"index":false},{"name":"development_region","description":"Plugin language-localization","type":"text","hidden":false,"required":false,"index":false},{"name":"native","description":"Plugin requires native execution","type":"integer","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to plugin bundle","type":"text","hidden":false,"required":false,"index":false},{"name":"disabled","description":"Is the plugin disabled. 1 = Disabled","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"carbon_black_info","description":"Returns info about a Carbon Black sensor install.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"sensor_id","description":"Sensor ID of the Carbon Black sensor","type":"integer","hidden":false,"required":false,"index":false},{"name":"config_name","description":"Sensor group","type":"text","hidden":false,"required":false,"index":false},{"name":"collect_store_files","description":"If the sensor is configured to send back binaries to the Carbon Black server","type":"integer","hidden":false,"required":false,"index":false},{"name":"collect_module_loads","description":"If the sensor is configured to capture module loads","type":"integer","hidden":false,"required":false,"index":false},{"name":"collect_module_info","description":"If the sensor is configured to collect metadata of binaries","type":"integer","hidden":false,"required":false,"index":false},{"name":"collect_file_mods","description":"If the sensor is configured to collect file modification events","type":"integer","hidden":false,"required":false,"index":false},{"name":"collect_reg_mods","description":"If the sensor is configured to collect registry modification events","type":"integer","hidden":false,"required":false,"index":false},{"name":"collect_net_conns","description":"If the sensor is configured to collect network connections","type":"integer","hidden":false,"required":false,"index":false},{"name":"collect_processes","description":"If the sensor is configured to process events","type":"integer","hidden":false,"required":false,"index":false},{"name":"collect_cross_processes","description":"If the sensor is configured to cross process events","type":"integer","hidden":false,"required":false,"index":false},{"name":"collect_emet_events","description":"If the sensor is configured to EMET events","type":"integer","hidden":false,"required":false,"index":false},{"name":"collect_data_file_writes","description":"If the sensor is configured to collect non binary file writes","type":"integer","hidden":false,"required":false,"index":false},{"name":"collect_process_user_context","description":"If the sensor is configured to collect the user running a process","type":"integer","hidden":false,"required":false,"index":false},{"name":"collect_sensor_operations","description":"Unknown","type":"integer","hidden":false,"required":false,"index":false},{"name":"log_file_disk_quota_mb","description":"Event file disk quota in MB","type":"integer","hidden":false,"required":false,"index":false},{"name":"log_file_disk_quota_percentage","description":"Event file disk quota in a percentage","type":"integer","hidden":false,"required":false,"index":false},{"name":"protection_disabled","description":"If the sensor is configured to report tamper events","type":"integer","hidden":false,"required":false,"index":false},{"name":"sensor_ip_addr","description":"IP address of the sensor","type":"text","hidden":false,"required":false,"index":false},{"name":"sensor_backend_server","description":"Carbon Black server","type":"text","hidden":false,"required":false,"index":false},{"name":"event_queue","description":"Size in bytes of Carbon Black event files on disk","type":"integer","hidden":false,"required":false,"index":false},{"name":"binary_queue","description":"Size in bytes of binaries waiting to be sent to Carbon Black server","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"carves","description":"List the set of completed and in-progress carves. If carve=1 then the query is treated as a new carve request.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"time","description":"Time at which the carve was kicked off","type":"bigint","hidden":false,"required":false,"index":false},{"name":"sha256","description":"A SHA256 sum of the carved archive","type":"text","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of the carved archive","type":"integer","hidden":false,"required":false,"index":false},{"name":"path","description":"The path of the requested carve","type":"text","hidden":false,"required":false,"index":false},{"name":"status","description":"Status of the carve, can be STARTING, PENDING, SUCCESS, or FAILED","type":"text","hidden":false,"required":false,"index":false},{"name":"carve_guid","description":"Identifying value of the carve session","type":"text","hidden":false,"required":false,"index":false},{"name":"request_id","description":"Identifying value of the carve request (e.g., scheduled query name, distributed request, etc)","type":"text","hidden":false,"required":false,"index":false},{"name":"carve","description":"Set this value to '1' to start a file carve","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"certificates","description":"Certificate Authorities installed in Keychains/ca-bundles.","platforms":["darwin","windows"],"columns":[{"name":"common_name","description":"Certificate CommonName","type":"text","hidden":false,"required":false,"index":false},{"name":"subject","description":"Certificate distinguished name","type":"text","hidden":false,"required":false,"index":false},{"name":"issuer","description":"Certificate issuer distinguished name","type":"text","hidden":false,"required":false,"index":false},{"name":"ca","description":"1 if CA: true (certificate is an authority) else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"self_signed","description":"1 if self-signed, else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"not_valid_before","description":"Lower bound of valid date","type":"text","hidden":false,"required":false,"index":false},{"name":"not_valid_after","description":"Certificate expiration data","type":"text","hidden":false,"required":false,"index":false},{"name":"signing_algorithm","description":"Signing algorithm used","type":"text","hidden":false,"required":false,"index":false},{"name":"key_algorithm","description":"Key algorithm used","type":"text","hidden":false,"required":false,"index":false},{"name":"key_strength","description":"Key size used for RSA/DSA, or curve name","type":"text","hidden":false,"required":false,"index":false},{"name":"key_usage","description":"Certificate key usage and extended key usage","type":"text","hidden":false,"required":false,"index":false},{"name":"subject_key_id","description":"SKID an optionally included SHA1","type":"text","hidden":false,"required":false,"index":false},{"name":"authority_key_id","description":"AKID an optionally included SHA1","type":"text","hidden":false,"required":false,"index":false},{"name":"sha1","description":"SHA1 hash of the raw certificate contents","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to Keychain or PEM bundle","type":"text","hidden":false,"required":false,"index":false},{"name":"serial","description":"Certificate serial number","type":"text","hidden":false,"required":false,"index":false},{"name":"sid","description":"SID","type":"text","hidden":true,"required":false,"index":false},{"name":"store_location","description":"Certificate system store location","type":"text","hidden":true,"required":false,"index":false},{"name":"store","description":"Certificate system store","type":"text","hidden":true,"required":false,"index":false},{"name":"username","description":"Username","type":"text","hidden":true,"required":false,"index":false},{"name":"store_id","description":"Exists for service/user stores. Contains raw store id provided by WinAPI.","type":"text","hidden":true,"required":false,"index":false}]},{"name":"chassis_info","description":"Display information pertaining to the chassis and its security status.","platforms":["windows"],"columns":[{"name":"audible_alarm","description":"If TRUE, the frame is equipped with an audible alarm.","type":"text","hidden":false,"required":false,"index":false},{"name":"breach_description","description":"If provided, gives a more detailed description of a detected security breach.","type":"text","hidden":false,"required":false,"index":false},{"name":"chassis_types","description":"A comma-separated list of chassis types, such as Desktop or Laptop.","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"An extended description of the chassis if available.","type":"text","hidden":false,"required":false,"index":false},{"name":"lock","description":"If TRUE, the frame is equipped with a lock.","type":"text","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"The manufacturer of the chassis.","type":"text","hidden":false,"required":false,"index":false},{"name":"model","description":"The model of the chassis.","type":"text","hidden":false,"required":false,"index":false},{"name":"security_breach","description":"The physical status of the chassis such as Breach Successful, Breach Attempted, etc.","type":"text","hidden":false,"required":false,"index":false},{"name":"serial","description":"The serial number of the chassis.","type":"text","hidden":false,"required":false,"index":false},{"name":"smbios_tag","description":"The assigned asset tag number of the chassis.","type":"text","hidden":false,"required":false,"index":false},{"name":"sku","description":"The Stock Keeping Unit number if available.","type":"text","hidden":false,"required":false,"index":false},{"name":"status","description":"If available, gives various operational or nonoperational statuses such as OK, Degraded, and Pred Fail.","type":"text","hidden":false,"required":false,"index":false},{"name":"visible_alarm","description":"If TRUE, the frame is equipped with a visual alarm.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"chocolatey_packages","description":"Chocolatey packages installed in a system.","platforms":["windows"],"columns":[{"name":"name","description":"Package display name","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Package-supplied version","type":"text","hidden":false,"required":false,"index":false},{"name":"summary","description":"Package-supplied summary","type":"text","hidden":false,"required":false,"index":false},{"name":"author","description":"Optional package author","type":"text","hidden":false,"required":false,"index":false},{"name":"license","description":"License under which package is launched","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Path at which this package resides","type":"text","hidden":false,"required":false,"index":false}]},{"name":"chrome_extension_content_scripts","description":"Chrome browser extension content scripts.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"browser_type","description":"The browser type (Valid values: chrome, chromium, opera, yandex, brave)","type":"text","hidden":false,"required":false,"index":false},{"name":"uid","description":"The local user that owns the extension","type":"bigint","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Extension identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension-supplied version","type":"text","hidden":false,"required":false,"index":false},{"name":"script","description":"The content script used by the extension","type":"text","hidden":false,"required":false,"index":false},{"name":"match","description":"The pattern that the script is matched against","type":"text","hidden":false,"required":false,"index":false},{"name":"profile_path","description":"The profile path","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to extension folder","type":"text","hidden":false,"required":false,"index":false},{"name":"referenced","description":"1 if this extension is referenced by the Preferences file of the profile","type":"bigint","hidden":false,"required":false,"index":false}]},{"name":"chrome_extensions","description":"Chrome-based browser extensions.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"browser_type","description":"The browser type (Valid values: chrome, chromium, opera, yandex, brave, edge, edge_beta)","type":"text","hidden":false,"required":false,"index":false},{"name":"uid","description":"The local user that owns the extension","type":"bigint","hidden":false,"required":false,"index":false},{"name":"name","description":"Extension display name","type":"text","hidden":false,"required":false,"index":false},{"name":"profile","description":"The name of the Chrome profile that contains this extension","type":"text","hidden":false,"required":false,"index":false},{"name":"profile_path","description":"The profile path","type":"text","hidden":false,"required":false,"index":false},{"name":"referenced_identifier","description":"Extension identifier, as specified by the preferences file. Empty if the extension is not in the profile.","type":"text","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Extension identifier, computed from its manifest. Empty in case of error.","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension-supplied version","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"Extension-optional description","type":"text","hidden":false,"required":false,"index":false},{"name":"default_locale","description":"Default locale supported by extension","type":"text","hidden":false,"required":false,"index":false},{"name":"current_locale","description":"Current locale supported by extension","type":"text","hidden":false,"required":false,"index":false},{"name":"update_url","description":"Extension-supplied update URI","type":"text","hidden":false,"required":false,"index":false},{"name":"author","description":"Optional extension author","type":"text","hidden":false,"required":false,"index":false},{"name":"persistent","description":"1 If extension is persistent across all tabs else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to extension folder","type":"text","hidden":false,"required":false,"index":false},{"name":"permissions","description":"The permissions required by the extension","type":"text","hidden":false,"required":false,"index":false},{"name":"permissions_json","description":"The JSON-encoded permissions required by the extension","type":"text","hidden":true,"required":false,"index":false},{"name":"optional_permissions","description":"The permissions optionally required by the extensions","type":"text","hidden":false,"required":false,"index":false},{"name":"optional_permissions_json","description":"The JSON-encoded permissions optionally required by the extensions","type":"text","hidden":true,"required":false,"index":false},{"name":"manifest_hash","description":"The SHA256 hash of the manifest.json file","type":"text","hidden":false,"required":false,"index":false},{"name":"referenced","description":"1 if this extension is referenced by the Preferences file of the profile","type":"bigint","hidden":false,"required":false,"index":false},{"name":"from_webstore","description":"True if this extension was installed from the web store","type":"text","hidden":false,"required":false,"index":false},{"name":"state","description":"1 if this extension is enabled","type":"text","hidden":false,"required":false,"index":false},{"name":"install_time","description":"Extension install time, in its original Webkit format","type":"text","hidden":false,"required":false,"index":false},{"name":"install_timestamp","description":"Extension install time, converted to unix time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"manifest_json","description":"The manifest file of the extension","type":"text","hidden":true,"required":false,"index":false},{"name":"key","description":"The extension key, from the manifest file","type":"text","hidden":true,"required":false,"index":false}]},{"name":"connectivity","description":"Provides the overall system's network state.","platforms":["windows"],"columns":[{"name":"disconnected","description":"True if the all interfaces are not connected to any network","type":"integer","hidden":false,"required":false,"index":false},{"name":"ipv4_no_traffic","description":"True if any interface is connected via IPv4, but has seen no traffic","type":"integer","hidden":false,"required":false,"index":false},{"name":"ipv6_no_traffic","description":"True if any interface is connected via IPv6, but has seen no traffic","type":"integer","hidden":false,"required":false,"index":false},{"name":"ipv4_subnet","description":"True if any interface is connected to the local subnet via IPv4","type":"integer","hidden":false,"required":false,"index":false},{"name":"ipv4_local_network","description":"True if any interface is connected to a routed network via IPv4","type":"integer","hidden":false,"required":false,"index":false},{"name":"ipv4_internet","description":"True if any interface is connected to the Internet via IPv4","type":"integer","hidden":false,"required":false,"index":false},{"name":"ipv6_subnet","description":"True if any interface is connected to the local subnet via IPv6","type":"integer","hidden":false,"required":false,"index":false},{"name":"ipv6_local_network","description":"True if any interface is connected to a routed network via IPv6","type":"integer","hidden":false,"required":false,"index":false},{"name":"ipv6_internet","description":"True if any interface is connected to the Internet via IPv6","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"cpu_info","description":"Retrieve cpu hardware info of the machine.","platforms":["windows"],"columns":[{"name":"device_id","description":"The DeviceID of the CPU.","type":"text","hidden":false,"required":false,"index":false},{"name":"model","description":"The model of the CPU.","type":"text","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"The manufacturer of the CPU.","type":"text","hidden":false,"required":false,"index":false},{"name":"processor_type","description":"The processor type, such as Central, Math, or Video.","type":"text","hidden":false,"required":false,"index":false},{"name":"availability","description":"The availability and status of the CPU.","type":"text","hidden":false,"required":false,"index":false},{"name":"cpu_status","description":"The current operating status of the CPU.","type":"integer","hidden":false,"required":false,"index":false},{"name":"number_of_cores","description":"The number of cores of the CPU.","type":"text","hidden":false,"required":false,"index":false},{"name":"logical_processors","description":"The number of logical processors of the CPU.","type":"integer","hidden":false,"required":false,"index":false},{"name":"address_width","description":"The width of the CPU address bus.","type":"text","hidden":false,"required":false,"index":false},{"name":"current_clock_speed","description":"The current frequency of the CPU.","type":"integer","hidden":false,"required":false,"index":false},{"name":"max_clock_speed","description":"The maximum possible frequency of the CPU.","type":"integer","hidden":false,"required":false,"index":false},{"name":"socket_designation","description":"The assigned socket on the board for the given CPU.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"cpu_time","description":"Displays information from /proc/stat file about the time the cpu cores spent in different parts of the system.","platforms":["darwin","linux"],"columns":[{"name":"core","description":"Name of the cpu (core)","type":"integer","hidden":false,"required":false,"index":false},{"name":"user","description":"Time spent in user mode","type":"bigint","hidden":false,"required":false,"index":false},{"name":"nice","description":"Time spent in user mode with low priority (nice)","type":"bigint","hidden":false,"required":false,"index":false},{"name":"system","description":"Time spent in system mode","type":"bigint","hidden":false,"required":false,"index":false},{"name":"idle","description":"Time spent in the idle task","type":"bigint","hidden":false,"required":false,"index":false},{"name":"iowait","description":"Time spent waiting for I/O to complete","type":"bigint","hidden":false,"required":false,"index":false},{"name":"irq","description":"Time spent servicing interrupts","type":"bigint","hidden":false,"required":false,"index":false},{"name":"softirq","description":"Time spent servicing softirqs","type":"bigint","hidden":false,"required":false,"index":false},{"name":"steal","description":"Time spent in other operating systems when running in a virtualized environment","type":"bigint","hidden":false,"required":false,"index":false},{"name":"guest","description":"Time spent running a virtual CPU for a guest OS under the control of the Linux kernel","type":"bigint","hidden":false,"required":false,"index":false},{"name":"guest_nice","description":"Time spent running a niced guest ","type":"bigint","hidden":false,"required":false,"index":false}]},{"name":"cpuid","description":"Useful CPU features from the cpuid ASM call.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"feature","description":"Present feature flags","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"Bit value or string","type":"text","hidden":false,"required":false,"index":false},{"name":"output_register","description":"Register used to for feature value","type":"text","hidden":false,"required":false,"index":false},{"name":"output_bit","description":"Bit in register value for feature value","type":"integer","hidden":false,"required":false,"index":false},{"name":"input_eax","description":"Value of EAX used","type":"text","hidden":false,"required":false,"index":false}]},{"name":"crashes","description":"Application, System, and Mobile App crash logs.","platforms":["darwin"],"columns":[{"name":"type","description":"Type of crash log","type":"text","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID of the crashed process","type":"bigint","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to the crashed process","type":"text","hidden":false,"required":false,"index":false},{"name":"crash_path","description":"Location of log file","type":"text","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Identifier of the crashed process","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Version info of the crashed process","type":"text","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent PID of the crashed process","type":"bigint","hidden":false,"required":false,"index":false},{"name":"responsible","description":"Process responsible for the crashed process","type":"text","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID of the crashed process","type":"integer","hidden":false,"required":false,"index":false},{"name":"datetime","description":"Date/Time at which the crash occurred","type":"text","hidden":false,"required":false,"index":false},{"name":"crashed_thread","description":"Thread ID which crashed","type":"bigint","hidden":false,"required":false,"index":false},{"name":"stack_trace","description":"Most recent frame from the stack trace","type":"text","hidden":false,"required":false,"index":false},{"name":"exception_type","description":"Exception type of the crash","type":"text","hidden":false,"required":false,"index":false},{"name":"exception_codes","description":"Exception codes from the crash","type":"text","hidden":false,"required":false,"index":false},{"name":"exception_notes","description":"Exception notes from the crash","type":"text","hidden":false,"required":false,"index":false},{"name":"registers","description":"The value of the system registers","type":"text","hidden":false,"required":false,"index":false}]},{"name":"crontab","description":"Line parsed values from system and user cron/tab.","platforms":["darwin","linux"],"columns":[{"name":"event","description":"The job @event name (rare)","type":"text","hidden":false,"required":false,"index":false},{"name":"minute","description":"The exact minute for the job","type":"text","hidden":false,"required":false,"index":false},{"name":"hour","description":"The hour of the day for the job","type":"text","hidden":false,"required":false,"index":false},{"name":"day_of_month","description":"The day of the month for the job","type":"text","hidden":false,"required":false,"index":false},{"name":"month","description":"The month of the year for the job","type":"text","hidden":false,"required":false,"index":false},{"name":"day_of_week","description":"The day of the week for the job","type":"text","hidden":false,"required":false,"index":false},{"name":"command","description":"Raw command string","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"File parsed","type":"text","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","hidden":true,"required":false,"index":false}]},{"name":"cups_destinations","description":"Returns all configured printers.","platforms":["darwin"],"columns":[{"name":"name","description":"Name of the printer","type":"text","hidden":false,"required":false,"index":false},{"name":"option_name","description":"Option name","type":"text","hidden":false,"required":false,"index":false},{"name":"option_value","description":"Option value","type":"text","hidden":false,"required":false,"index":false}]},{"name":"cups_jobs","description":"Returns all completed print jobs from cups.","platforms":["darwin"],"columns":[{"name":"title","description":"Title of the printed job","type":"text","hidden":false,"required":false,"index":false},{"name":"destination","description":"The printer the job was sent to","type":"text","hidden":false,"required":false,"index":false},{"name":"user","description":"The user who printed the job","type":"text","hidden":false,"required":false,"index":false},{"name":"format","description":"The format of the print job","type":"text","hidden":false,"required":false,"index":false},{"name":"size","description":"The size of the print job","type":"integer","hidden":false,"required":false,"index":false},{"name":"completed_time","description":"When the job completed printing","type":"integer","hidden":false,"required":false,"index":false},{"name":"processing_time","description":"How long the job took to process","type":"integer","hidden":false,"required":false,"index":false},{"name":"creation_time","description":"When the print request was initiated","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"curl","description":"Perform an http request and return stats about it.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"url","description":"The url for the request","type":"text","hidden":false,"required":true,"index":false},{"name":"method","description":"The HTTP method for the request","type":"text","hidden":false,"required":false,"index":false},{"name":"user_agent","description":"The user-agent string to use for the request","type":"text","hidden":false,"required":false,"index":false},{"name":"response_code","description":"The HTTP status code for the response","type":"integer","hidden":false,"required":false,"index":false},{"name":"round_trip_time","description":"Time taken to complete the request","type":"bigint","hidden":false,"required":false,"index":false},{"name":"bytes","description":"Number of bytes in the response","type":"bigint","hidden":false,"required":false,"index":false},{"name":"result","description":"The HTTP response body","type":"text","hidden":false,"required":false,"index":false}]},{"name":"curl_certificate","description":"Inspect TLS certificates by connecting to input hostnames.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"hostname","description":"Hostname (domain[:port]) to CURL","type":"text","hidden":false,"required":true,"index":false},{"name":"common_name","description":"Common name of company issued to","type":"text","hidden":false,"required":false,"index":false},{"name":"organization","description":"Organization issued to","type":"text","hidden":false,"required":false,"index":false},{"name":"organization_unit","description":"Organization unit issued to","type":"text","hidden":false,"required":false,"index":false},{"name":"serial_number","description":"Certificate serial number","type":"text","hidden":false,"required":false,"index":false},{"name":"issuer_common_name","description":"Issuer common name","type":"text","hidden":false,"required":false,"index":false},{"name":"issuer_organization","description":"Issuer organization","type":"text","hidden":false,"required":false,"index":false},{"name":"issuer_organization_unit","description":"Issuer organization unit","type":"text","hidden":false,"required":false,"index":false},{"name":"valid_from","description":"Period of validity start date","type":"text","hidden":false,"required":false,"index":false},{"name":"valid_to","description":"Period of validity end date","type":"text","hidden":false,"required":false,"index":false},{"name":"sha256_fingerprint","description":"SHA-256 fingerprint","type":"text","hidden":false,"required":false,"index":false},{"name":"sha1_fingerprint","description":"SHA1 fingerprint","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Version Number","type":"integer","hidden":false,"required":false,"index":false},{"name":"signature_algorithm","description":"Signature Algorithm","type":"text","hidden":false,"required":false,"index":false},{"name":"signature","description":"Signature","type":"text","hidden":false,"required":false,"index":false},{"name":"subject_key_identifier","description":"Subject Key Identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"authority_key_identifier","description":"Authority Key Identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"key_usage","description":"Usage of key in certificate","type":"text","hidden":false,"required":false,"index":false},{"name":"extended_key_usage","description":"Extended usage of key in certificate","type":"text","hidden":false,"required":false,"index":false},{"name":"policies","description":"Certificate Policies","type":"text","hidden":false,"required":false,"index":false},{"name":"subject_alternative_names","description":"Subject Alternative Name","type":"text","hidden":false,"required":false,"index":false},{"name":"issuer_alternative_names","description":"Issuer Alternative Name","type":"text","hidden":false,"required":false,"index":false},{"name":"info_access","description":"Authority Information Access","type":"text","hidden":false,"required":false,"index":false},{"name":"subject_info_access","description":"Subject Information Access","type":"text","hidden":false,"required":false,"index":false},{"name":"policy_mappings","description":"Policy Mappings","type":"text","hidden":false,"required":false,"index":false},{"name":"has_expired","description":"1 if the certificate has expired, 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"basic_constraint","description":"Basic Constraints","type":"text","hidden":false,"required":false,"index":false},{"name":"name_constraints","description":"Name Constraints","type":"text","hidden":false,"required":false,"index":false},{"name":"policy_constraints","description":"Policy Constraints","type":"text","hidden":false,"required":false,"index":false},{"name":"dump_certificate","description":"Set this value to '1' to dump certificate","type":"integer","hidden":true,"required":false,"index":false},{"name":"timeout","description":"Set this value to the timeout in seconds to complete the TLS handshake (default 4s, use 0 for no timeout)","type":"integer","hidden":true,"required":false,"index":false},{"name":"pem","description":"Certificate PEM format","type":"text","hidden":false,"required":false,"index":false}]},{"name":"deb_packages","description":"The installed DEB package database.","platforms":["linux"],"columns":[{"name":"name","description":"Package name","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Package version","type":"text","hidden":false,"required":false,"index":false},{"name":"source","description":"Package source","type":"text","hidden":false,"required":false,"index":false},{"name":"size","description":"Package size in bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"arch","description":"Package architecture","type":"text","hidden":false,"required":false,"index":false},{"name":"revision","description":"Package revision","type":"text","hidden":false,"required":false,"index":false},{"name":"status","description":"Package status","type":"text","hidden":false,"required":false,"index":false},{"name":"maintainer","description":"Package maintainer","type":"text","hidden":false,"required":false,"index":false},{"name":"section","description":"Package section","type":"text","hidden":false,"required":false,"index":false},{"name":"priority","description":"Package priority","type":"text","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","hidden":true,"required":false,"index":false},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","hidden":true,"required":false,"index":false}]},{"name":"default_environment","description":"Default environment variables and values.","platforms":["windows"],"columns":[{"name":"variable","description":"Name of the environment variable","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"Value of the environment variable","type":"text","hidden":false,"required":false,"index":false},{"name":"expand","description":"1 if the variable needs expanding, 0 otherwise","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"device_file","description":"Similar to the file table, but use TSK and allow block address access.","platforms":["darwin","linux"],"columns":[{"name":"device","description":"Absolute file path to device node","type":"text","hidden":false,"required":true,"index":false},{"name":"partition","description":"A partition number","type":"text","hidden":false,"required":true,"index":false},{"name":"path","description":"A logical path within the device node","type":"text","hidden":false,"required":false,"index":false},{"name":"filename","description":"Name portion of file path","type":"text","hidden":false,"required":false,"index":false},{"name":"inode","description":"Filesystem inode number","type":"bigint","hidden":false,"required":false,"index":false},{"name":"uid","description":"Owning user ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"gid","description":"Owning group ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"mode","description":"Permission bits","type":"text","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of file in bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"block_size","description":"Block size of filesystem","type":"integer","hidden":false,"required":false,"index":false},{"name":"atime","description":"Last access time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"mtime","description":"Last modification time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"ctime","description":"Creation time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"hard_links","description":"Number of hard links","type":"integer","hidden":false,"required":false,"index":false},{"name":"type","description":"File status","type":"text","hidden":false,"required":false,"index":false}]},{"name":"device_firmware","description":"A best-effort list of discovered firmware versions.","platforms":["darwin"],"columns":[{"name":"type","description":"Type of device","type":"text","hidden":false,"required":false,"index":false},{"name":"device","description":"The device name","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Firmware version","type":"text","hidden":false,"required":false,"index":false}]},{"name":"device_hash","description":"Similar to the hash table, but use TSK and allow block address access.","platforms":["darwin","linux"],"columns":[{"name":"device","description":"Absolute file path to device node","type":"text","hidden":false,"required":true,"index":false},{"name":"partition","description":"A partition number","type":"text","hidden":false,"required":true,"index":false},{"name":"inode","description":"Filesystem inode number","type":"bigint","hidden":false,"required":true,"index":false},{"name":"md5","description":"MD5 hash of provided inode data","type":"text","hidden":false,"required":false,"index":false},{"name":"sha1","description":"SHA1 hash of provided inode data","type":"text","hidden":false,"required":false,"index":false},{"name":"sha256","description":"SHA256 hash of provided inode data","type":"text","hidden":false,"required":false,"index":false}]},{"name":"device_partitions","description":"Use TSK to enumerate details about partitions on a disk device.","platforms":["darwin","linux"],"columns":[{"name":"device","description":"Absolute file path to device node","type":"text","hidden":false,"required":true,"index":false},{"name":"partition","description":"A partition number or description","type":"integer","hidden":false,"required":false,"index":false},{"name":"label","description":"","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"","type":"text","hidden":false,"required":false,"index":false},{"name":"offset","description":"","type":"bigint","hidden":false,"required":false,"index":false},{"name":"blocks_size","description":"Byte size of each block","type":"bigint","hidden":false,"required":false,"index":false},{"name":"blocks","description":"Number of blocks","type":"bigint","hidden":false,"required":false,"index":false},{"name":"inodes","description":"Number of meta nodes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"flags","description":"","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"disk_encryption","description":"Disk encryption status and information.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Disk name","type":"text","hidden":false,"required":false,"index":false},{"name":"uuid","description":"Disk Universally Unique Identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"encrypted","description":"1 If encrypted: true (disk is encrypted), else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"type","description":"Description of cipher type and mode if available","type":"text","hidden":false,"required":false,"index":false},{"name":"encryption_status","description":"Disk encryption status with one of following values: encrypted | not encrypted | undefined","type":"text","hidden":false,"required":false,"index":false},{"name":"uid","description":"Currently authenticated user if available","type":"text","hidden":false,"required":false,"index":false},{"name":"user_uuid","description":"UUID of authenticated user if available","type":"text","hidden":false,"required":false,"index":false},{"name":"filevault_status","description":"FileVault status with one of following values: on | off | unknown","type":"text","hidden":false,"required":false,"index":false}]},{"name":"disk_events","description":"Track DMG disk image events (appearance/disappearance) when opened.","platforms":["darwin"],"columns":[{"name":"action","description":"Appear or disappear","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of the DMG file accessed","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"Disk event name","type":"text","hidden":false,"required":false,"index":false},{"name":"device","description":"Disk event BSD name","type":"text","hidden":false,"required":false,"index":false},{"name":"uuid","description":"UUID of the volume inside DMG if available","type":"text","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of partition in bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"ejectable","description":"1 if ejectable, 0 if not","type":"integer","hidden":false,"required":false,"index":false},{"name":"mountable","description":"1 if mountable, 0 if not","type":"integer","hidden":false,"required":false,"index":false},{"name":"writable","description":"1 if writable, 0 if not","type":"integer","hidden":false,"required":false,"index":false},{"name":"content","description":"Disk event content","type":"text","hidden":false,"required":false,"index":false},{"name":"media_name","description":"Disk event media name string","type":"text","hidden":false,"required":false,"index":false},{"name":"vendor","description":"Disk event vendor string","type":"text","hidden":false,"required":false,"index":false},{"name":"filesystem","description":"Filesystem if available","type":"text","hidden":false,"required":false,"index":false},{"name":"checksum","description":"UDIF Master checksum if available (CRC32)","type":"text","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of appearance/disappearance in UNIX time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","hidden":true,"required":false,"index":false}]},{"name":"disk_info","description":"Retrieve basic information about the physical disks of a system.","platforms":["windows"],"columns":[{"name":"partitions","description":"Number of detected partitions on disk.","type":"integer","hidden":false,"required":false,"index":false},{"name":"disk_index","description":"Physical drive number of the disk.","type":"integer","hidden":false,"required":false,"index":false},{"name":"type","description":"The interface type of the disk.","type":"text","hidden":false,"required":false,"index":false},{"name":"id","description":"The unique identifier of the drive on the system.","type":"text","hidden":false,"required":false,"index":false},{"name":"pnp_device_id","description":"The unique identifier of the drive on the system.","type":"text","hidden":false,"required":false,"index":false},{"name":"disk_size","description":"Size of the disk.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"The manufacturer of the disk.","type":"text","hidden":false,"required":false,"index":false},{"name":"hardware_model","description":"Hard drive model.","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"The label of the disk object.","type":"text","hidden":false,"required":false,"index":false},{"name":"serial","description":"The serial number of the disk.","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"The OS's description of the disk.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"dns_cache","description":"Enumerate the DNS cache using the undocumented DnsGetCacheDataTable function in dnsapi.dll.","platforms":["windows"],"columns":[{"name":"name","description":"DNS record name","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"DNS record type","type":"text","hidden":false,"required":false,"index":false},{"name":"flags","description":"DNS record flags","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"dns_resolvers","description":"Resolvers used by this host.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Address type index or order","type":"integer","hidden":false,"required":false,"index":false},{"name":"type","description":"Address type: sortlist, nameserver, search","type":"text","hidden":false,"required":false,"index":false},{"name":"address","description":"Resolver IP/IPv6 address","type":"text","hidden":false,"required":false,"index":false},{"name":"netmask","description":"Address (sortlist) netmask length","type":"text","hidden":false,"required":false,"index":false},{"name":"options","description":"Resolver options","type":"bigint","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","hidden":true,"required":false,"index":false}]},{"name":"docker_container_envs","description":"Docker container environment variables.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","hidden":false,"required":false,"index":false},{"name":"key","description":"Environment variable name","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"Environment variable value","type":"text","hidden":false,"required":false,"index":false}]},{"name":"docker_container_fs_changes","description":"Changes to files or directories on container's filesystem.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","hidden":false,"required":true,"index":false},{"name":"path","description":"FIle or directory path relative to rootfs","type":"text","hidden":false,"required":false,"index":false},{"name":"change_type","description":"Type of change: C:Modified, A:Added, D:Deleted","type":"text","hidden":false,"required":false,"index":false}]},{"name":"docker_container_labels","description":"Docker container labels.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","hidden":false,"required":false,"index":false},{"name":"key","description":"Label key","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"Optional label value","type":"text","hidden":false,"required":false,"index":false}]},{"name":"docker_container_mounts","description":"Docker container mounts.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of mount (bind, volume)","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"Optional mount name","type":"text","hidden":false,"required":false,"index":false},{"name":"source","description":"Source path on host","type":"text","hidden":false,"required":false,"index":false},{"name":"destination","description":"Destination path inside container","type":"text","hidden":false,"required":false,"index":false},{"name":"driver","description":"Driver providing the mount","type":"text","hidden":false,"required":false,"index":false},{"name":"mode","description":"Mount options (rw, ro)","type":"text","hidden":false,"required":false,"index":false},{"name":"rw","description":"1 if read/write. 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"propagation","description":"Mount propagation","type":"text","hidden":false,"required":false,"index":false}]},{"name":"docker_container_networks","description":"Docker container networks.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"Network name","type":"text","hidden":false,"required":false,"index":false},{"name":"network_id","description":"Network ID","type":"text","hidden":false,"required":false,"index":false},{"name":"endpoint_id","description":"Endpoint ID","type":"text","hidden":false,"required":false,"index":false},{"name":"gateway","description":"Gateway","type":"text","hidden":false,"required":false,"index":false},{"name":"ip_address","description":"IP address","type":"text","hidden":false,"required":false,"index":false},{"name":"ip_prefix_len","description":"IP subnet prefix length","type":"integer","hidden":false,"required":false,"index":false},{"name":"ipv6_gateway","description":"IPv6 gateway","type":"text","hidden":false,"required":false,"index":false},{"name":"ipv6_address","description":"IPv6 address","type":"text","hidden":false,"required":false,"index":false},{"name":"ipv6_prefix_len","description":"IPv6 subnet prefix length","type":"integer","hidden":false,"required":false,"index":false},{"name":"mac_address","description":"MAC address","type":"text","hidden":false,"required":false,"index":false}]},{"name":"docker_container_ports","description":"Docker container ports.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Protocol (tcp, udp)","type":"text","hidden":false,"required":false,"index":false},{"name":"port","description":"Port inside the container","type":"integer","hidden":false,"required":false,"index":false},{"name":"host_ip","description":"Host IP address on which public port is listening","type":"text","hidden":false,"required":false,"index":false},{"name":"host_port","description":"Host port","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"docker_container_processes","description":"Docker container processes.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","hidden":false,"required":true,"index":false},{"name":"pid","description":"Process ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"name","description":"The process path or shorthand argv[0]","type":"text","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Complete argv","type":"text","hidden":false,"required":false,"index":false},{"name":"state","description":"Process state","type":"text","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"euid","description":"Effective user ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"egid","description":"Effective group ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"suid","description":"Saved user ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"sgid","description":"Saved group ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"wired_size","description":"Bytes of unpageable memory used by process","type":"bigint","hidden":false,"required":false,"index":false},{"name":"resident_size","description":"Bytes of private memory used by process","type":"bigint","hidden":false,"required":false,"index":false},{"name":"total_size","description":"Total virtual memory size","type":"bigint","hidden":false,"required":false,"index":false},{"name":"start_time","description":"Process start in seconds since boot (non-sleeping)","type":"bigint","hidden":false,"required":false,"index":false},{"name":"parent","description":"Process parent's PID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"pgroup","description":"Process group","type":"bigint","hidden":false,"required":false,"index":false},{"name":"threads","description":"Number of threads used by process","type":"integer","hidden":false,"required":false,"index":false},{"name":"nice","description":"Process nice level (-20 to 20, default 0)","type":"integer","hidden":false,"required":false,"index":false},{"name":"user","description":"User name","type":"text","hidden":false,"required":false,"index":false},{"name":"time","description":"Cumulative CPU time. [DD-]HH:MM:SS format","type":"text","hidden":false,"required":false,"index":false},{"name":"cpu","description":"CPU utilization as percentage","type":"double","hidden":false,"required":false,"index":false},{"name":"mem","description":"Memory utilization as percentage","type":"double","hidden":false,"required":false,"index":false}]},{"name":"docker_container_stats","description":"Docker container statistics. Queries on this table take at least one second.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","hidden":false,"required":true,"index":false},{"name":"name","description":"Container name","type":"text","hidden":false,"required":false,"index":false},{"name":"pids","description":"Number of processes","type":"integer","hidden":false,"required":false,"index":false},{"name":"read","description":"UNIX time when stats were read","type":"bigint","hidden":false,"required":false,"index":false},{"name":"preread","description":"UNIX time when stats were last read","type":"bigint","hidden":false,"required":false,"index":false},{"name":"interval","description":"Difference between read and preread in nano-seconds","type":"bigint","hidden":false,"required":false,"index":false},{"name":"disk_read","description":"Total disk read bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"disk_write","description":"Total disk write bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"num_procs","description":"Number of processors","type":"integer","hidden":false,"required":false,"index":false},{"name":"cpu_total_usage","description":"Total CPU usage","type":"bigint","hidden":false,"required":false,"index":false},{"name":"cpu_kernelmode_usage","description":"CPU kernel mode usage","type":"bigint","hidden":false,"required":false,"index":false},{"name":"cpu_usermode_usage","description":"CPU user mode usage","type":"bigint","hidden":false,"required":false,"index":false},{"name":"system_cpu_usage","description":"CPU system usage","type":"bigint","hidden":false,"required":false,"index":false},{"name":"online_cpus","description":"Online CPUs","type":"integer","hidden":false,"required":false,"index":false},{"name":"pre_cpu_total_usage","description":"Last read total CPU usage","type":"bigint","hidden":false,"required":false,"index":false},{"name":"pre_cpu_kernelmode_usage","description":"Last read CPU kernel mode usage","type":"bigint","hidden":false,"required":false,"index":false},{"name":"pre_cpu_usermode_usage","description":"Last read CPU user mode usage","type":"bigint","hidden":false,"required":false,"index":false},{"name":"pre_system_cpu_usage","description":"Last read CPU system usage","type":"bigint","hidden":false,"required":false,"index":false},{"name":"pre_online_cpus","description":"Last read online CPUs","type":"integer","hidden":false,"required":false,"index":false},{"name":"memory_usage","description":"Memory usage","type":"bigint","hidden":false,"required":false,"index":false},{"name":"memory_max_usage","description":"Memory maximum usage","type":"bigint","hidden":false,"required":false,"index":false},{"name":"memory_limit","description":"Memory limit","type":"bigint","hidden":false,"required":false,"index":false},{"name":"network_rx_bytes","description":"Total network bytes read","type":"bigint","hidden":false,"required":false,"index":false},{"name":"network_tx_bytes","description":"Total network bytes transmitted","type":"bigint","hidden":false,"required":false,"index":false}]},{"name":"docker_containers","description":"Docker containers information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"Container name","type":"text","hidden":false,"required":false,"index":false},{"name":"image","description":"Docker image (name) used to launch this container","type":"text","hidden":false,"required":false,"index":false},{"name":"image_id","description":"Docker image ID","type":"text","hidden":false,"required":false,"index":false},{"name":"command","description":"Command with arguments","type":"text","hidden":false,"required":false,"index":false},{"name":"created","description":"Time of creation as UNIX time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"state","description":"Container state (created, restarting, running, removing, paused, exited, dead)","type":"text","hidden":false,"required":false,"index":false},{"name":"status","description":"Container status information","type":"text","hidden":false,"required":false,"index":false},{"name":"pid","description":"Identifier of the initial process","type":"bigint","hidden":false,"required":false,"index":false},{"name":"path","description":"Container path","type":"text","hidden":false,"required":false,"index":false},{"name":"config_entrypoint","description":"Container entrypoint(s)","type":"text","hidden":false,"required":false,"index":false},{"name":"started_at","description":"Container start time as string","type":"text","hidden":false,"required":false,"index":false},{"name":"finished_at","description":"Container finish time as string","type":"text","hidden":false,"required":false,"index":false},{"name":"privileged","description":"Is the container privileged","type":"integer","hidden":false,"required":false,"index":false},{"name":"security_options","description":"List of container security options","type":"text","hidden":false,"required":false,"index":false},{"name":"env_variables","description":"Container environmental variables","type":"text","hidden":false,"required":false,"index":false},{"name":"readonly_rootfs","description":"Is the root filesystem mounted as read only","type":"integer","hidden":false,"required":false,"index":false},{"name":"cgroup_namespace","description":"cgroup namespace","type":"text","hidden":true,"required":false,"index":false},{"name":"ipc_namespace","description":"IPC namespace","type":"text","hidden":true,"required":false,"index":false},{"name":"mnt_namespace","description":"Mount namespace","type":"text","hidden":true,"required":false,"index":false},{"name":"net_namespace","description":"Network namespace","type":"text","hidden":true,"required":false,"index":false},{"name":"pid_namespace","description":"PID namespace","type":"text","hidden":true,"required":false,"index":false},{"name":"user_namespace","description":"User namespace","type":"text","hidden":true,"required":false,"index":false},{"name":"uts_namespace","description":"UTS namespace","type":"text","hidden":true,"required":false,"index":false}]},{"name":"docker_image_history","description":"Docker image history information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Image ID","type":"text","hidden":false,"required":false,"index":false},{"name":"created","description":"Time of creation as UNIX time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of instruction in bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"created_by","description":"Created by instruction","type":"text","hidden":false,"required":false,"index":false},{"name":"tags","description":"Comma-separated list of tags","type":"text","hidden":false,"required":false,"index":false},{"name":"comment","description":"Instruction comment","type":"text","hidden":false,"required":false,"index":false}]},{"name":"docker_image_labels","description":"Docker image labels.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Image ID","type":"text","hidden":false,"required":false,"index":false},{"name":"key","description":"Label key","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"Optional label value","type":"text","hidden":false,"required":false,"index":false}]},{"name":"docker_image_layers","description":"Docker image layers information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Image ID","type":"text","hidden":false,"required":false,"index":false},{"name":"layer_id","description":"Layer ID","type":"text","hidden":false,"required":false,"index":false},{"name":"layer_order","description":"Layer Order (1 = base layer)","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"docker_images","description":"Docker images information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Image ID","type":"text","hidden":false,"required":false,"index":false},{"name":"created","description":"Time of creation as UNIX time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"size_bytes","description":"Size of image in bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"tags","description":"Comma-separated list of repository tags","type":"text","hidden":false,"required":false,"index":false}]},{"name":"docker_info","description":"Docker system information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Docker system ID","type":"text","hidden":false,"required":false,"index":false},{"name":"containers","description":"Total number of containers","type":"integer","hidden":false,"required":false,"index":false},{"name":"containers_running","description":"Number of containers currently running","type":"integer","hidden":false,"required":false,"index":false},{"name":"containers_paused","description":"Number of containers in paused state","type":"integer","hidden":false,"required":false,"index":false},{"name":"containers_stopped","description":"Number of containers in stopped state","type":"integer","hidden":false,"required":false,"index":false},{"name":"images","description":"Number of images","type":"integer","hidden":false,"required":false,"index":false},{"name":"storage_driver","description":"Storage driver","type":"text","hidden":false,"required":false,"index":false},{"name":"memory_limit","description":"1 if memory limit support is enabled. 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"swap_limit","description":"1 if swap limit support is enabled. 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"kernel_memory","description":"1 if kernel memory limit support is enabled. 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"cpu_cfs_period","description":"1 if CPU Completely Fair Scheduler (CFS) period support is enabled. 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"cpu_cfs_quota","description":"1 if CPU Completely Fair Scheduler (CFS) quota support is enabled. 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"cpu_shares","description":"1 if CPU share weighting support is enabled. 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"cpu_set","description":"1 if CPU set selection support is enabled. 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"ipv4_forwarding","description":"1 if IPv4 forwarding is enabled. 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"bridge_nf_iptables","description":"1 if bridge netfilter iptables is enabled. 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"bridge_nf_ip6tables","description":"1 if bridge netfilter ip6tables is enabled. 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"oom_kill_disable","description":"1 if Out-of-memory kill is disabled. 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"logging_driver","description":"Logging driver","type":"text","hidden":false,"required":false,"index":false},{"name":"cgroup_driver","description":"Control groups driver","type":"text","hidden":false,"required":false,"index":false},{"name":"kernel_version","description":"Kernel version","type":"text","hidden":false,"required":false,"index":false},{"name":"os","description":"Operating system","type":"text","hidden":false,"required":false,"index":false},{"name":"os_type","description":"Operating system type","type":"text","hidden":false,"required":false,"index":false},{"name":"architecture","description":"Hardware architecture","type":"text","hidden":false,"required":false,"index":false},{"name":"cpus","description":"Number of CPUs","type":"integer","hidden":false,"required":false,"index":false},{"name":"memory","description":"Total memory","type":"bigint","hidden":false,"required":false,"index":false},{"name":"http_proxy","description":"HTTP proxy","type":"text","hidden":false,"required":false,"index":false},{"name":"https_proxy","description":"HTTPS proxy","type":"text","hidden":false,"required":false,"index":false},{"name":"no_proxy","description":"Comma-separated list of domain extensions proxy should not be used for","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of the docker host","type":"text","hidden":false,"required":false,"index":false},{"name":"server_version","description":"Server version","type":"text","hidden":false,"required":false,"index":false},{"name":"root_dir","description":"Docker root directory","type":"text","hidden":false,"required":false,"index":false}]},{"name":"docker_network_labels","description":"Docker network labels.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Network ID","type":"text","hidden":false,"required":false,"index":false},{"name":"key","description":"Label key","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"Optional label value","type":"text","hidden":false,"required":false,"index":false}]},{"name":"docker_networks","description":"Docker networks information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Network ID","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"Network name","type":"text","hidden":false,"required":false,"index":false},{"name":"driver","description":"Network driver","type":"text","hidden":false,"required":false,"index":false},{"name":"created","description":"Time of creation as UNIX time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"enable_ipv6","description":"1 if IPv6 is enabled on this network. 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"subnet","description":"Network subnet","type":"text","hidden":false,"required":false,"index":false},{"name":"gateway","description":"Network gateway","type":"text","hidden":false,"required":false,"index":false}]},{"name":"docker_version","description":"Docker version information.","platforms":["darwin","linux"],"columns":[{"name":"version","description":"Docker version","type":"text","hidden":false,"required":false,"index":false},{"name":"api_version","description":"API version","type":"text","hidden":false,"required":false,"index":false},{"name":"min_api_version","description":"Minimum API version supported","type":"text","hidden":false,"required":false,"index":false},{"name":"git_commit","description":"Docker build git commit","type":"text","hidden":false,"required":false,"index":false},{"name":"go_version","description":"Go version","type":"text","hidden":false,"required":false,"index":false},{"name":"os","description":"Operating system","type":"text","hidden":false,"required":false,"index":false},{"name":"arch","description":"Hardware architecture","type":"text","hidden":false,"required":false,"index":false},{"name":"kernel_version","description":"Kernel version","type":"text","hidden":false,"required":false,"index":false},{"name":"build_time","description":"Build time","type":"text","hidden":false,"required":false,"index":false}]},{"name":"docker_volume_labels","description":"Docker volume labels.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Volume name","type":"text","hidden":false,"required":false,"index":false},{"name":"key","description":"Label key","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"Optional label value","type":"text","hidden":false,"required":false,"index":false}]},{"name":"docker_volumes","description":"Docker volumes information.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Volume name","type":"text","hidden":false,"required":false,"index":false},{"name":"driver","description":"Volume driver","type":"text","hidden":false,"required":false,"index":false},{"name":"mount_point","description":"Mount point","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Volume type","type":"text","hidden":false,"required":false,"index":false}]},{"name":"drivers","description":"Details for in-use Windows device drivers. This does not display installed but unused drivers.","platforms":["windows"],"columns":[{"name":"device_id","description":"Device ID","type":"text","hidden":false,"required":false,"index":false},{"name":"device_name","description":"Device name","type":"text","hidden":false,"required":false,"index":false},{"name":"image","description":"Path to driver image file","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"Driver description","type":"text","hidden":false,"required":false,"index":false},{"name":"service","description":"Driver service name, if one exists","type":"text","hidden":false,"required":false,"index":false},{"name":"service_key","description":"Driver service registry key","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Driver version","type":"text","hidden":false,"required":false,"index":false},{"name":"inf","description":"Associated inf file","type":"text","hidden":false,"required":false,"index":false},{"name":"class","description":"Device/driver class name","type":"text","hidden":false,"required":false,"index":false},{"name":"provider","description":"Driver provider","type":"text","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"Device manufacturer","type":"text","hidden":false,"required":false,"index":false},{"name":"driver_key","description":"Driver key","type":"text","hidden":false,"required":false,"index":false},{"name":"date","description":"Driver date","type":"bigint","hidden":false,"required":false,"index":false},{"name":"signed","description":"Whether the driver is signed or not","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"ec2_instance_metadata","description":"EC2 instance metadata.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"instance_id","description":"EC2 instance ID","type":"text","hidden":false,"required":false,"index":false},{"name":"instance_type","description":"EC2 instance type","type":"text","hidden":false,"required":false,"index":false},{"name":"architecture","description":"Hardware architecture of this EC2 instance","type":"text","hidden":false,"required":false,"index":false},{"name":"region","description":"AWS region in which this instance launched","type":"text","hidden":false,"required":false,"index":false},{"name":"availability_zone","description":"Availability zone in which this instance launched","type":"text","hidden":false,"required":false,"index":false},{"name":"local_hostname","description":"Private IPv4 DNS hostname of the first interface of this instance","type":"text","hidden":false,"required":false,"index":false},{"name":"local_ipv4","description":"Private IPv4 address of the first interface of this instance","type":"text","hidden":false,"required":false,"index":false},{"name":"mac","description":"MAC address for the first network interface of this EC2 instance","type":"text","hidden":false,"required":false,"index":false},{"name":"security_groups","description":"Comma separated list of security group names","type":"text","hidden":false,"required":false,"index":false},{"name":"iam_arn","description":"If there is an IAM role associated with the instance, contains instance profile ARN","type":"text","hidden":false,"required":false,"index":false},{"name":"ami_id","description":"AMI ID used to launch this EC2 instance","type":"text","hidden":false,"required":false,"index":false},{"name":"reservation_id","description":"ID of the reservation","type":"text","hidden":false,"required":false,"index":false},{"name":"account_id","description":"AWS account ID which owns this EC2 instance","type":"text","hidden":false,"required":false,"index":false},{"name":"ssh_public_key","description":"SSH public key. Only available if supplied at instance launch time","type":"text","hidden":false,"required":false,"index":false}]},{"name":"ec2_instance_tags","description":"EC2 instance tag key value pairs.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"instance_id","description":"EC2 instance ID","type":"text","hidden":false,"required":false,"index":false},{"name":"key","description":"Tag key","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"Tag value","type":"text","hidden":false,"required":false,"index":false}]},{"name":"elf_dynamic","description":"ELF dynamic section information.","platforms":["linux"],"columns":[{"name":"tag","description":"Tag ID","type":"integer","hidden":false,"required":false,"index":false},{"name":"value","description":"Tag value","type":"integer","hidden":false,"required":false,"index":false},{"name":"class","description":"Class (32 or 64)","type":"integer","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to ELF file","type":"text","hidden":false,"required":true,"index":false}]},{"name":"elf_info","description":"ELF file information.","platforms":["linux"],"columns":[{"name":"class","description":"Class type, 32 or 64bit","type":"text","hidden":false,"required":false,"index":false},{"name":"abi","description":"Section type","type":"text","hidden":false,"required":false,"index":false},{"name":"abi_version","description":"Section virtual address in memory","type":"integer","hidden":false,"required":false,"index":false},{"name":"type","description":"Offset of section in file","type":"text","hidden":false,"required":false,"index":false},{"name":"machine","description":"Machine type","type":"integer","hidden":false,"required":false,"index":false},{"name":"version","description":"Object file version","type":"integer","hidden":false,"required":false,"index":false},{"name":"entry","description":"Entry point address","type":"bigint","hidden":false,"required":false,"index":false},{"name":"flags","description":"ELF header flags","type":"integer","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to ELF file","type":"text","hidden":false,"required":true,"index":false}]},{"name":"elf_sections","description":"ELF section information.","platforms":["linux"],"columns":[{"name":"name","description":"Section name","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Section type","type":"integer","hidden":false,"required":false,"index":false},{"name":"vaddr","description":"Section virtual address in memory","type":"integer","hidden":false,"required":false,"index":false},{"name":"offset","description":"Offset of section in file","type":"integer","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of section","type":"integer","hidden":false,"required":false,"index":false},{"name":"flags","description":"Section attributes","type":"text","hidden":false,"required":false,"index":false},{"name":"link","description":"Link to other section","type":"text","hidden":false,"required":false,"index":false},{"name":"align","description":"Segment alignment","type":"integer","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to ELF file","type":"text","hidden":false,"required":true,"index":false}]},{"name":"elf_segments","description":"ELF segment information.","platforms":["linux"],"columns":[{"name":"name","description":"Segment type/name","type":"text","hidden":false,"required":false,"index":false},{"name":"offset","description":"Segment offset in file","type":"integer","hidden":false,"required":false,"index":false},{"name":"vaddr","description":"Segment virtual address in memory","type":"integer","hidden":false,"required":false,"index":false},{"name":"psize","description":"Size of segment in file","type":"integer","hidden":false,"required":false,"index":false},{"name":"msize","description":"Segment offset in memory","type":"integer","hidden":false,"required":false,"index":false},{"name":"flags","description":"Segment attributes","type":"text","hidden":false,"required":false,"index":false},{"name":"align","description":"Segment alignment","type":"integer","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to ELF file","type":"text","hidden":false,"required":true,"index":false}]},{"name":"elf_symbols","description":"ELF symbol list.","platforms":["linux"],"columns":[{"name":"name","description":"Symbol name","type":"text","hidden":false,"required":false,"index":false},{"name":"addr","description":"Symbol address (value)","type":"integer","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of object","type":"integer","hidden":false,"required":false,"index":false},{"name":"type","description":"Symbol type","type":"text","hidden":false,"required":false,"index":false},{"name":"binding","description":"Binding type","type":"text","hidden":false,"required":false,"index":false},{"name":"offset","description":"Section table index","type":"integer","hidden":false,"required":false,"index":false},{"name":"table","description":"Table name containing symbol","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to ELF file","type":"text","hidden":false,"required":true,"index":false}]},{"name":"es_process_events","description":"Process execution events from EndpointSecurity.","platforms":["darwin"],"columns":[{"name":"version","description":"Version of EndpointSecurity event","type":"integer","hidden":false,"required":false,"index":false},{"name":"seq_num","description":"Per event sequence number","type":"bigint","hidden":false,"required":false,"index":false},{"name":"global_seq_num","description":"Global sequence number","type":"bigint","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed file","type":"text","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent process ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"original_parent","description":"Original parent process ID in case of reparenting","type":"bigint","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Command line arguments (argv)","type":"text","hidden":false,"required":false,"index":false},{"name":"cmdline_count","description":"Number of command line arguments","type":"bigint","hidden":false,"required":false,"index":false},{"name":"env","description":"Environment variables delimited by spaces","type":"text","hidden":false,"required":false,"index":false},{"name":"env_count","description":"Number of environment variables","type":"bigint","hidden":false,"required":false,"index":false},{"name":"cwd","description":"The process current working directory","type":"text","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID of the process","type":"bigint","hidden":false,"required":false,"index":false},{"name":"euid","description":"Effective User ID of the process","type":"bigint","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID of the process","type":"bigint","hidden":false,"required":false,"index":false},{"name":"egid","description":"Effective Group ID of the process","type":"bigint","hidden":false,"required":false,"index":false},{"name":"username","description":"Username","type":"text","hidden":false,"required":false,"index":false},{"name":"signing_id","description":"Signature identifier of the process","type":"text","hidden":false,"required":false,"index":false},{"name":"team_id","description":"Team identifier of thd process","type":"text","hidden":false,"required":false,"index":false},{"name":"cdhash","description":"Codesigning hash of the process","type":"text","hidden":false,"required":false,"index":false},{"name":"platform_binary","description":"Indicates if the binary is Apple signed binary (1) or not (0)","type":"integer","hidden":false,"required":false,"index":false},{"name":"exit_code","description":"Exit code of a process in case of an exit event","type":"integer","hidden":false,"required":false,"index":false},{"name":"child_pid","description":"Process ID of a child process in case of a fork event","type":"bigint","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"event_type","description":"Type of EndpointSecurity event","type":"text","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","hidden":true,"required":false,"index":false}]},{"name":"etc_hosts","description":"Line-parsed /etc/hosts.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"address","description":"IP address mapping","type":"text","hidden":false,"required":false,"index":false},{"name":"hostnames","description":"Raw hosts mapping","type":"text","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","hidden":true,"required":false,"index":false}]},{"name":"etc_protocols","description":"Line-parsed /etc/protocols.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"name","description":"Protocol name","type":"text","hidden":false,"required":false,"index":false},{"name":"number","description":"Protocol number","type":"integer","hidden":false,"required":false,"index":false},{"name":"alias","description":"Protocol alias","type":"text","hidden":false,"required":false,"index":false},{"name":"comment","description":"Comment with protocol description","type":"text","hidden":false,"required":false,"index":false}]},{"name":"etc_services","description":"Line-parsed /etc/services.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"name","description":"Service name","type":"text","hidden":false,"required":false,"index":false},{"name":"port","description":"Service port number","type":"integer","hidden":false,"required":false,"index":false},{"name":"protocol","description":"Transport protocol (TCP/UDP)","type":"text","hidden":false,"required":false,"index":false},{"name":"aliases","description":"Optional space separated list of other names for a service","type":"text","hidden":false,"required":false,"index":false},{"name":"comment","description":"Optional comment for a service.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"event_taps","description":"Returns information about installed event taps.","platforms":["darwin"],"columns":[{"name":"enabled","description":"Is the Event Tap enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"event_tap_id","description":"Unique ID for the Tap","type":"integer","hidden":false,"required":false,"index":false},{"name":"event_tapped","description":"The mask that identifies the set of events to be observed.","type":"text","hidden":false,"required":false,"index":false},{"name":"process_being_tapped","description":"The process ID of the target application","type":"integer","hidden":false,"required":false,"index":false},{"name":"tapping_process","description":"The process ID of the application that created the event tap.","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"example","description":"This is an example table spec.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"name","description":"Description for name column","type":"text","hidden":false,"required":false,"index":false},{"name":"points","description":"This is a signed SQLite int column","type":"integer","hidden":false,"required":false,"index":false},{"name":"size","description":"This is a signed SQLite bigint column","type":"bigint","hidden":false,"required":false,"index":false},{"name":"action","description":"Action performed in generation","type":"text","hidden":false,"required":true,"index":false},{"name":"id","description":"An index of some sort","type":"integer","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of example","type":"text","hidden":false,"required":false,"index":false}]},{"name":"extended_attributes","description":"Returns the extended attributes for files (similar to Windows ADS).","platforms":["darwin","linux"],"columns":[{"name":"path","description":"Absolute file path","type":"text","hidden":false,"required":true,"index":false},{"name":"directory","description":"Directory of file(s)","type":"text","hidden":false,"required":true,"index":false},{"name":"key","description":"Name of the value generated from the extended attribute","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"The parsed information from the attribute","type":"text","hidden":false,"required":false,"index":false},{"name":"base64","description":"1 if the value is base64 encoded else 0","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"fan_speed_sensors","description":"Fan speeds.","platforms":["darwin"],"columns":[{"name":"fan","description":"Fan number","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"Fan name","type":"text","hidden":false,"required":false,"index":false},{"name":"actual","description":"Actual speed","type":"integer","hidden":false,"required":false,"index":false},{"name":"min","description":"Minimum speed","type":"integer","hidden":false,"required":false,"index":false},{"name":"max","description":"Maximum speed","type":"integer","hidden":false,"required":false,"index":false},{"name":"target","description":"Target speed","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"fbsd_kmods","description":"Loaded FreeBSD kernel modules.","platforms":["freebsd"],"columns":[{"name":"name","description":"Module name","type":"text","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of module content","type":"integer","hidden":false,"required":false,"index":false},{"name":"refs","description":"Module reverse dependencies","type":"integer","hidden":false,"required":false,"index":false},{"name":"address","description":"Kernel module address","type":"text","hidden":false,"required":false,"index":false}]},{"name":"file","description":"Interactive filesystem attributes and metadata.","platforms":["darwin","linux","freebsd","windows"],"columns":[{"name":"path","description":"Absolute file path","type":"text","hidden":false,"required":true,"index":false},{"name":"directory","description":"Directory of file(s)","type":"text","hidden":false,"required":true,"index":false},{"name":"filename","description":"Name portion of file path","type":"text","hidden":false,"required":false,"index":false},{"name":"inode","description":"Filesystem inode number","type":"bigint","hidden":false,"required":false,"index":false},{"name":"uid","description":"Owning user ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"gid","description":"Owning group ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"mode","description":"Permission bits","type":"text","hidden":false,"required":false,"index":false},{"name":"device","description":"Device ID (optional)","type":"bigint","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of file in bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"block_size","description":"Block size of filesystem","type":"integer","hidden":false,"required":false,"index":false},{"name":"atime","description":"Last access time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"mtime","description":"Last modification time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"ctime","description":"Last status change time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"btime","description":"(B)irth or (cr)eate time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"hard_links","description":"Number of hard links","type":"integer","hidden":false,"required":false,"index":false},{"name":"symlink","description":"1 if the path is a symlink, otherwise 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"type","description":"File status","type":"text","hidden":false,"required":false,"index":false},{"name":"attributes","description":"File attrib string. See: https://ss64.com/nt/attrib.html","type":"text","hidden":true,"required":false,"index":false},{"name":"volume_serial","description":"Volume serial number","type":"text","hidden":true,"required":false,"index":false},{"name":"file_id","description":"file ID","type":"text","hidden":true,"required":false,"index":false},{"name":"file_version","description":"File version","type":"text","hidden":true,"required":false,"index":false},{"name":"product_version","description":"File product version","type":"text","hidden":true,"required":false,"index":false},{"name":"bsd_flags","description":"The BSD file flags (chflags). Possible values: NODUMP, UF_IMMUTABLE, UF_APPEND, OPAQUE, HIDDEN, ARCHIVED, SF_IMMUTABLE, SF_APPEND","type":"text","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","hidden":true,"required":false,"index":false},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","hidden":true,"required":false,"index":false}]},{"name":"file_events","description":"Track time/action changes to files specified in configuration data.","platforms":["darwin","linux"],"columns":[{"name":"target_path","description":"The path associated with the event","type":"text","hidden":false,"required":false,"index":false},{"name":"category","description":"The category of the file defined in the config","type":"text","hidden":false,"required":false,"index":false},{"name":"action","description":"Change action (UPDATE, REMOVE, etc)","type":"text","hidden":false,"required":false,"index":false},{"name":"transaction_id","description":"ID used during bulk update","type":"bigint","hidden":false,"required":false,"index":false},{"name":"inode","description":"Filesystem inode number","type":"bigint","hidden":false,"required":false,"index":false},{"name":"uid","description":"Owning user ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"gid","description":"Owning group ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"mode","description":"Permission bits","type":"text","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of file in bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"atime","description":"Last access time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"mtime","description":"Last modification time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"ctime","description":"Last status change time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"md5","description":"The MD5 of the file after change","type":"text","hidden":false,"required":false,"index":false},{"name":"sha1","description":"The SHA1 of the file after change","type":"text","hidden":false,"required":false,"index":false},{"name":"sha256","description":"The SHA256 of the file after change","type":"text","hidden":false,"required":false,"index":false},{"name":"hashed","description":"1 if the file was hashed, 0 if not, -1 if hashing failed","type":"integer","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of file event","type":"bigint","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","hidden":true,"required":false,"index":false}]},{"name":"firefox_addons","description":"Firefox browser extensions, webapps, and addons.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"uid","description":"The local user that owns the addon","type":"bigint","hidden":false,"required":false,"index":false},{"name":"name","description":"Addon display name","type":"text","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Addon identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"creator","description":"Addon-supported creator string","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Extension, addon, webapp","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Addon-supplied version string","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"Addon-supplied description string","type":"text","hidden":false,"required":false,"index":false},{"name":"source_url","description":"URL that installed the addon","type":"text","hidden":false,"required":false,"index":false},{"name":"visible","description":"1 If the addon is shown in browser else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"active","description":"1 If the addon is active else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"disabled","description":"1 If the addon is application-disabled else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"autoupdate","description":"1 If the addon applies background updates else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"native","description":"1 If the addon includes binary components else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"location","description":"Global, profile location","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to plugin bundle","type":"text","hidden":false,"required":false,"index":false}]},{"name":"gatekeeper","description":"OS X Gatekeeper Details.","platforms":["darwin"],"columns":[{"name":"assessments_enabled","description":"1 If a Gatekeeper is enabled else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"dev_id_enabled","description":"1 If a Gatekeeper allows execution from identified developers else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"version","description":"Version of Gatekeeper's gke.bundle","type":"text","hidden":false,"required":false,"index":false},{"name":"opaque_version","description":"Version of Gatekeeper's gkopaque.bundle","type":"text","hidden":false,"required":false,"index":false}]},{"name":"gatekeeper_approved_apps","description":"Gatekeeper apps a user has allowed to run.","platforms":["darwin"],"columns":[{"name":"path","description":"Path of executable allowed to run","type":"text","hidden":false,"required":false,"index":false},{"name":"requirement","description":"Code signing requirement language","type":"text","hidden":false,"required":false,"index":false},{"name":"ctime","description":"Last change time","type":"double","hidden":false,"required":false,"index":false},{"name":"mtime","description":"Last modification time","type":"double","hidden":false,"required":false,"index":false}]},{"name":"groups","description":"Local system groups.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"gid","description":"Unsigned int64 group ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"gid_signed","description":"A signed int64 version of gid","type":"bigint","hidden":false,"required":false,"index":false},{"name":"groupname","description":"Canonical local group name","type":"text","hidden":false,"required":false,"index":false},{"name":"group_sid","description":"Unique group ID","type":"text","hidden":true,"required":false,"index":false},{"name":"comment","description":"Remarks or comments associated with the group","type":"text","hidden":true,"required":false,"index":false},{"name":"is_hidden","description":"IsHidden attribute set in OpenDirectory","type":"integer","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","hidden":true,"required":false,"index":false}]},{"name":"hardware_events","description":"Hardware (PCI/USB/HID) events from UDEV or IOKit.","platforms":["darwin","linux"],"columns":[{"name":"action","description":"Remove, insert, change properties, etc","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Local device path assigned (optional)","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of hardware and hardware event","type":"text","hidden":false,"required":false,"index":false},{"name":"driver","description":"Driver claiming the device","type":"text","hidden":false,"required":false,"index":false},{"name":"vendor","description":"Hardware device vendor","type":"text","hidden":false,"required":false,"index":false},{"name":"vendor_id","description":"Hex encoded Hardware vendor identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"model","description":"Hardware device model","type":"text","hidden":false,"required":false,"index":false},{"name":"model_id","description":"Hex encoded Hardware model identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"serial","description":"Device serial (optional)","type":"text","hidden":false,"required":false,"index":false},{"name":"revision","description":"Device revision (optional)","type":"text","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of hardware event","type":"bigint","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","hidden":true,"required":false,"index":false}]},{"name":"hash","description":"Filesystem hash data.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"path","description":"Must provide a path or directory","type":"text","hidden":false,"required":true,"index":false},{"name":"directory","description":"Must provide a path or directory","type":"text","hidden":false,"required":true,"index":false},{"name":"md5","description":"MD5 hash of provided filesystem data","type":"text","hidden":false,"required":false,"index":false},{"name":"sha1","description":"SHA1 hash of provided filesystem data","type":"text","hidden":false,"required":false,"index":false},{"name":"sha256","description":"SHA256 hash of provided filesystem data","type":"text","hidden":false,"required":false,"index":false},{"name":"ssdeep","description":"ssdeep hash of provided filesystem data","type":"text","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","hidden":true,"required":false,"index":false},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","hidden":true,"required":false,"index":false}]},{"name":"homebrew_packages","description":"The installed homebrew package database.","platforms":["darwin"],"columns":[{"name":"name","description":"Package name","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Package install path","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Current 'linked' version","type":"text","hidden":false,"required":false,"index":false},{"name":"prefix","description":"Homebrew install prefix","type":"text","hidden":true,"required":false,"index":false}]},{"name":"hvci_status","description":"Retrieve HVCI info of the machine.","platforms":["windows"],"columns":[{"name":"version","description":"The version number of the Device Guard build.","type":"text","hidden":false,"required":false,"index":false},{"name":"instance_identifier","description":"The instance ID of Device Guard.","type":"text","hidden":false,"required":false,"index":false},{"name":"vbs_status","description":"The status of the virtualization based security settings. Returns UNKNOWN if an error is encountered.","type":"text","hidden":false,"required":false,"index":false},{"name":"code_integrity_policy_enforcement_status","description":"The status of the code integrity policy enforcement settings. Returns UNKNOWN if an error is encountered.","type":"text","hidden":false,"required":false,"index":false},{"name":"umci_policy_status","description":"The status of the User Mode Code Integrity security settings. Returns UNKNOWN if an error is encountered.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"ibridge_info","description":"Information about the Apple iBridge hardware controller.","platforms":["darwin"],"columns":[{"name":"boot_uuid","description":"Boot UUID of the iBridge controller","type":"text","hidden":false,"required":false,"index":false},{"name":"coprocessor_version","description":"The manufacturer and chip version","type":"text","hidden":false,"required":false,"index":false},{"name":"firmware_version","description":"The build version of the firmware","type":"text","hidden":false,"required":false,"index":false},{"name":"unique_chip_id","description":"Unique id of the iBridge controller","type":"text","hidden":false,"required":false,"index":false}]},{"name":"ie_extensions","description":"Internet Explorer browser extensions.","platforms":["windows"],"columns":[{"name":"name","description":"Extension display name","type":"text","hidden":false,"required":false,"index":false},{"name":"registry_path","description":"Extension identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Version of the executable","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to executable","type":"text","hidden":false,"required":false,"index":false}]},{"name":"intel_me_info","description":"Intel ME/CSE Info.","platforms":["darwin","linux","freebsd","windows"],"columns":[{"name":"version","description":"Intel ME version","type":"text","hidden":false,"required":false,"index":false}]},{"name":"interface_addresses","description":"Network interfaces and relevant metadata.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"interface","description":"Interface name","type":"text","hidden":false,"required":false,"index":false},{"name":"address","description":"Specific address for interface","type":"text","hidden":false,"required":false,"index":false},{"name":"mask","description":"Interface netmask","type":"text","hidden":false,"required":false,"index":false},{"name":"broadcast","description":"Broadcast address for the interface","type":"text","hidden":false,"required":false,"index":false},{"name":"point_to_point","description":"PtP address for the interface","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of address. One of dhcp, manual, auto, other, unknown","type":"text","hidden":false,"required":false,"index":false},{"name":"friendly_name","description":"The friendly display name of the interface.","type":"text","hidden":true,"required":false,"index":false}]},{"name":"interface_details","description":"Detailed information and stats of network interfaces.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"interface","description":"Interface name","type":"text","hidden":false,"required":false,"index":false},{"name":"mac","description":"MAC of interface (optional)","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Interface type (includes virtual)","type":"integer","hidden":false,"required":false,"index":false},{"name":"mtu","description":"Network MTU","type":"integer","hidden":false,"required":false,"index":false},{"name":"metric","description":"Metric based on the speed of the interface","type":"integer","hidden":false,"required":false,"index":false},{"name":"flags","description":"Flags (netdevice) for the device","type":"integer","hidden":false,"required":false,"index":false},{"name":"ipackets","description":"Input packets","type":"bigint","hidden":false,"required":false,"index":false},{"name":"opackets","description":"Output packets","type":"bigint","hidden":false,"required":false,"index":false},{"name":"ibytes","description":"Input bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"obytes","description":"Output bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"ierrors","description":"Input errors","type":"bigint","hidden":false,"required":false,"index":false},{"name":"oerrors","description":"Output errors","type":"bigint","hidden":false,"required":false,"index":false},{"name":"idrops","description":"Input drops","type":"bigint","hidden":false,"required":false,"index":false},{"name":"odrops","description":"Output drops","type":"bigint","hidden":false,"required":false,"index":false},{"name":"collisions","description":"Packet Collisions detected","type":"bigint","hidden":false,"required":false,"index":false},{"name":"last_change","description":"Time of last device modification (optional)","type":"bigint","hidden":false,"required":false,"index":false},{"name":"link_speed","description":"Interface speed in Mb/s","type":"bigint","hidden":false,"required":false,"index":false},{"name":"pci_slot","description":"PCI slot number","type":"text","hidden":true,"required":false,"index":false},{"name":"friendly_name","description":"The friendly display name of the interface.","type":"text","hidden":true,"required":false,"index":false},{"name":"description","description":"Short description of the object a one-line string.","type":"text","hidden":true,"required":false,"index":false},{"name":"manufacturer","description":"Name of the network adapter's manufacturer.","type":"text","hidden":true,"required":false,"index":false},{"name":"connection_id","description":"Name of the network connection as it appears in the Network Connections Control Panel program.","type":"text","hidden":true,"required":false,"index":false},{"name":"connection_status","description":"State of the network adapter connection to the network.","type":"text","hidden":true,"required":false,"index":false},{"name":"enabled","description":"Indicates whether the adapter is enabled or not.","type":"integer","hidden":true,"required":false,"index":false},{"name":"physical_adapter","description":"Indicates whether the adapter is a physical or a logical adapter.","type":"integer","hidden":true,"required":false,"index":false},{"name":"speed","description":"Estimate of the current bandwidth in bits per second.","type":"integer","hidden":true,"required":false,"index":false},{"name":"service","description":"The name of the service the network adapter uses.","type":"text","hidden":true,"required":false,"index":false},{"name":"dhcp_enabled","description":"If TRUE, the dynamic host configuration protocol (DHCP) server automatically assigns an IP address to the computer system when establishing a network connection.","type":"integer","hidden":true,"required":false,"index":false},{"name":"dhcp_lease_expires","description":"Expiration date and time for a leased IP address that was assigned to the computer by the dynamic host configuration protocol (DHCP) server.","type":"text","hidden":true,"required":false,"index":false},{"name":"dhcp_lease_obtained","description":"Date and time the lease was obtained for the IP address assigned to the computer by the dynamic host configuration protocol (DHCP) server.","type":"text","hidden":true,"required":false,"index":false},{"name":"dhcp_server","description":"IP address of the dynamic host configuration protocol (DHCP) server.","type":"text","hidden":true,"required":false,"index":false},{"name":"dns_domain","description":"Organization name followed by a period and an extension that indicates the type of organization, such as 'microsoft.com'.","type":"text","hidden":true,"required":false,"index":false},{"name":"dns_domain_suffix_search_order","description":"Array of DNS domain suffixes to be appended to the end of host names during name resolution.","type":"text","hidden":true,"required":false,"index":false},{"name":"dns_host_name","description":"Host name used to identify the local computer for authentication by some utilities.","type":"text","hidden":true,"required":false,"index":false},{"name":"dns_server_search_order","description":"Array of server IP addresses to be used in querying for DNS servers.","type":"text","hidden":true,"required":false,"index":false}]},{"name":"interface_ipv6","description":"IPv6 configuration and stats of network interfaces.","platforms":["darwin","linux"],"columns":[{"name":"interface","description":"Interface name","type":"text","hidden":false,"required":false,"index":false},{"name":"hop_limit","description":"Current Hop Limit","type":"integer","hidden":false,"required":false,"index":false},{"name":"forwarding_enabled","description":"Enable IP forwarding","type":"integer","hidden":false,"required":false,"index":false},{"name":"redirect_accept","description":"Accept ICMP redirect messages","type":"integer","hidden":false,"required":false,"index":false},{"name":"rtadv_accept","description":"Accept ICMP Router Advertisement","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"iokit_devicetree","description":"The IOKit registry matching the DeviceTree plane.","platforms":["darwin"],"columns":[{"name":"name","description":"Device node name","type":"text","hidden":false,"required":false,"index":false},{"name":"class","description":"Best matching device class (most-specific category)","type":"text","hidden":false,"required":false,"index":false},{"name":"id","description":"IOKit internal registry ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent device registry ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"device_path","description":"Device tree path","type":"text","hidden":false,"required":false,"index":false},{"name":"service","description":"1 if the device conforms to IOService else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"busy_state","description":"1 if the device is in a busy state else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"retain_count","description":"The device reference count","type":"integer","hidden":false,"required":false,"index":false},{"name":"depth","description":"Device nested depth","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"iokit_registry","description":"The full IOKit registry without selecting a plane.","platforms":["darwin"],"columns":[{"name":"name","description":"Default name of the node","type":"text","hidden":false,"required":false,"index":false},{"name":"class","description":"Best matching device class (most-specific category)","type":"text","hidden":false,"required":false,"index":false},{"name":"id","description":"IOKit internal registry ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent registry ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"busy_state","description":"1 if the node is in a busy state else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"retain_count","description":"The node reference count","type":"integer","hidden":false,"required":false,"index":false},{"name":"depth","description":"Node nested depth","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"iptables","description":"Linux IP packet filtering and NAT tool.","platforms":["linux"],"columns":[{"name":"filter_name","description":"Packet matching filter table name.","type":"text","hidden":false,"required":false,"index":false},{"name":"chain","description":"Size of module content.","type":"text","hidden":false,"required":false,"index":false},{"name":"policy","description":"Policy that applies for this rule.","type":"text","hidden":false,"required":false,"index":false},{"name":"target","description":"Target that applies for this rule.","type":"text","hidden":false,"required":false,"index":false},{"name":"protocol","description":"Protocol number identification.","type":"integer","hidden":false,"required":false,"index":false},{"name":"src_port","description":"Protocol source port(s).","type":"text","hidden":false,"required":false,"index":false},{"name":"dst_port","description":"Protocol destination port(s).","type":"text","hidden":false,"required":false,"index":false},{"name":"src_ip","description":"Source IP address.","type":"text","hidden":false,"required":false,"index":false},{"name":"src_mask","description":"Source IP address mask.","type":"text","hidden":false,"required":false,"index":false},{"name":"iniface","description":"Input interface for the rule.","type":"text","hidden":false,"required":false,"index":false},{"name":"iniface_mask","description":"Input interface mask for the rule.","type":"text","hidden":false,"required":false,"index":false},{"name":"dst_ip","description":"Destination IP address.","type":"text","hidden":false,"required":false,"index":false},{"name":"dst_mask","description":"Destination IP address mask.","type":"text","hidden":false,"required":false,"index":false},{"name":"outiface","description":"Output interface for the rule.","type":"text","hidden":false,"required":false,"index":false},{"name":"outiface_mask","description":"Output interface mask for the rule.","type":"text","hidden":false,"required":false,"index":false},{"name":"match","description":"Matching rule that applies.","type":"text","hidden":false,"required":false,"index":false},{"name":"packets","description":"Number of matching packets for this rule.","type":"integer","hidden":false,"required":false,"index":false},{"name":"bytes","description":"Number of matching bytes for this rule.","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"kernel_extensions","description":"OS X's kernel extensions, both loaded and within the load search path.","platforms":["darwin"],"columns":[{"name":"idx","description":"Extension load tag or index","type":"integer","hidden":false,"required":false,"index":false},{"name":"refs","description":"Reference count","type":"integer","hidden":false,"required":false,"index":false},{"name":"size","description":"Bytes of wired memory used by extension","type":"bigint","hidden":false,"required":false,"index":false},{"name":"name","description":"Extension label","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension version","type":"text","hidden":false,"required":false,"index":false},{"name":"linked_against","description":"Indexes of extensions this extension is linked against","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Optional path to extension bundle","type":"text","hidden":false,"required":false,"index":false}]},{"name":"kernel_info","description":"Basic active kernel information.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"version","description":"Kernel version","type":"text","hidden":false,"required":false,"index":false},{"name":"arguments","description":"Kernel arguments","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Kernel path","type":"text","hidden":false,"required":false,"index":false},{"name":"device","description":"Kernel device identifier","type":"text","hidden":false,"required":false,"index":false}]},{"name":"kernel_modules","description":"Linux kernel modules both loaded and within the load search path.","platforms":["linux"],"columns":[{"name":"name","description":"Module name","type":"text","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of module content","type":"bigint","hidden":false,"required":false,"index":false},{"name":"used_by","description":"Module reverse dependencies","type":"text","hidden":false,"required":false,"index":false},{"name":"status","description":"Kernel module status","type":"text","hidden":false,"required":false,"index":false},{"name":"address","description":"Kernel module address","type":"text","hidden":false,"required":false,"index":false}]},{"name":"kernel_panics","description":"System kernel panic logs.","platforms":["darwin"],"columns":[{"name":"path","description":"Location of log file","type":"text","hidden":false,"required":false,"index":false},{"name":"time","description":"Formatted time of the event","type":"text","hidden":false,"required":false,"index":false},{"name":"registers","description":"A space delimited line of register:value pairs","type":"text","hidden":false,"required":false,"index":false},{"name":"frame_backtrace","description":"Backtrace of the crashed module","type":"text","hidden":false,"required":false,"index":false},{"name":"module_backtrace","description":"Modules appearing in the crashed module's backtrace","type":"text","hidden":false,"required":false,"index":false},{"name":"dependencies","description":"Module dependencies existing in crashed module's backtrace","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"Process name corresponding to crashed thread","type":"text","hidden":false,"required":false,"index":false},{"name":"os_version","description":"Version of the operating system","type":"text","hidden":false,"required":false,"index":false},{"name":"kernel_version","description":"Version of the system kernel","type":"text","hidden":false,"required":false,"index":false},{"name":"system_model","description":"Physical system model, for example 'MacBookPro12,1 (Mac-E43C1C25D4880AD6)'","type":"text","hidden":false,"required":false,"index":false},{"name":"uptime","description":"System uptime at kernel panic in nanoseconds","type":"bigint","hidden":false,"required":false,"index":false},{"name":"last_loaded","description":"Last loaded module before panic","type":"text","hidden":false,"required":false,"index":false},{"name":"last_unloaded","description":"Last unloaded module before panic","type":"text","hidden":false,"required":false,"index":false}]},{"name":"keychain_acls","description":"Applications that have ACL entries in the keychain.","platforms":["darwin"],"columns":[{"name":"keychain_path","description":"The path of the keychain","type":"text","hidden":false,"required":false,"index":false},{"name":"authorizations","description":"A space delimited set of authorization attributes","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"The path of the authorized application","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"The description included with the ACL entry","type":"text","hidden":false,"required":false,"index":false},{"name":"label","description":"An optional label tag that may be included with the keychain entry","type":"text","hidden":false,"required":false,"index":false}]},{"name":"keychain_items","description":"Generic details about keychain items.","platforms":["darwin"],"columns":[{"name":"label","description":"Generic item name","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"Optional item description","type":"text","hidden":false,"required":false,"index":false},{"name":"comment","description":"Optional keychain comment","type":"text","hidden":false,"required":false,"index":false},{"name":"created","description":"Data item was created","type":"text","hidden":false,"required":false,"index":false},{"name":"modified","description":"Date of last modification","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Keychain item type (class)","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to keychain containing item","type":"text","hidden":false,"required":false,"index":false}]},{"name":"known_hosts","description":"A line-delimited known_hosts table.","platforms":["darwin","linux"],"columns":[{"name":"uid","description":"The local user that owns the known_hosts file","type":"bigint","hidden":false,"required":false,"index":false},{"name":"key","description":"parsed authorized keys line","type":"text","hidden":false,"required":false,"index":false},{"name":"key_file","description":"Path to known_hosts file","type":"text","hidden":false,"required":false,"index":false}]},{"name":"kva_speculative_info","description":"Display kernel virtual address and speculative execution information for the system.","platforms":["windows"],"columns":[{"name":"kva_shadow_enabled","description":"Kernel Virtual Address shadowing is enabled.","type":"integer","hidden":false,"required":false,"index":false},{"name":"kva_shadow_user_global","description":"User pages are marked as global.","type":"integer","hidden":false,"required":false,"index":false},{"name":"kva_shadow_pcid","description":"Kernel VA PCID flushing optimization is enabled.","type":"integer","hidden":false,"required":false,"index":false},{"name":"kva_shadow_inv_pcid","description":"Kernel VA INVPCID is enabled.","type":"integer","hidden":false,"required":false,"index":false},{"name":"bp_mitigations","description":"Branch Prediction mitigations are enabled.","type":"integer","hidden":false,"required":false,"index":false},{"name":"bp_system_pol_disabled","description":"Branch Predictions are disabled via system policy.","type":"integer","hidden":false,"required":false,"index":false},{"name":"bp_microcode_disabled","description":"Branch Predictions are disabled due to lack of microcode update.","type":"integer","hidden":false,"required":false,"index":false},{"name":"cpu_spec_ctrl_supported","description":"SPEC_CTRL MSR supported by CPU Microcode.","type":"integer","hidden":false,"required":false,"index":false},{"name":"ibrs_support_enabled","description":"Windows uses IBRS.","type":"integer","hidden":false,"required":false,"index":false},{"name":"stibp_support_enabled","description":"Windows uses STIBP.","type":"integer","hidden":false,"required":false,"index":false},{"name":"cpu_pred_cmd_supported","description":"PRED_CMD MSR supported by CPU Microcode.","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"last","description":"System logins and logouts.","platforms":["darwin","linux"],"columns":[{"name":"username","description":"Entry username","type":"text","hidden":false,"required":false,"index":false},{"name":"tty","description":"Entry terminal","type":"text","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"integer","hidden":false,"required":false,"index":false},{"name":"type","description":"Entry type, according to ut_type types (utmp.h)","type":"integer","hidden":false,"required":false,"index":false},{"name":"type_name","description":"Entry type name, according to ut_type types (utmp.h)","type":"text","hidden":false,"required":false,"index":false},{"name":"time","description":"Entry timestamp","type":"integer","hidden":false,"required":false,"index":false},{"name":"host","description":"Entry hostname","type":"text","hidden":false,"required":false,"index":false}]},{"name":"launchd","description":"LaunchAgents and LaunchDaemons from default search paths.","platforms":["darwin"],"columns":[{"name":"path","description":"Path to daemon or agent plist","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"File name of plist (used by launchd)","type":"text","hidden":false,"required":false,"index":false},{"name":"label","description":"Daemon or agent service name","type":"text","hidden":false,"required":false,"index":false},{"name":"program","description":"Path to target program","type":"text","hidden":false,"required":false,"index":false},{"name":"run_at_load","description":"Should the program run on launch load","type":"text","hidden":false,"required":false,"index":false},{"name":"keep_alive","description":"Should the process be restarted if killed","type":"text","hidden":false,"required":false,"index":false},{"name":"on_demand","description":"Deprecated key, replaced by keep_alive","type":"text","hidden":false,"required":false,"index":false},{"name":"disabled","description":"Skip loading this daemon or agent on boot","type":"text","hidden":false,"required":false,"index":false},{"name":"username","description":"Run this daemon or agent as this username","type":"text","hidden":false,"required":false,"index":false},{"name":"groupname","description":"Run this daemon or agent as this group","type":"text","hidden":false,"required":false,"index":false},{"name":"stdout_path","description":"Pipe stdout to a target path","type":"text","hidden":false,"required":false,"index":false},{"name":"stderr_path","description":"Pipe stderr to a target path","type":"text","hidden":false,"required":false,"index":false},{"name":"start_interval","description":"Frequency to run in seconds","type":"text","hidden":false,"required":false,"index":false},{"name":"program_arguments","description":"Command line arguments passed to program","type":"text","hidden":false,"required":false,"index":false},{"name":"watch_paths","description":"Key that launches daemon or agent if path is modified","type":"text","hidden":false,"required":false,"index":false},{"name":"queue_directories","description":"Similar to watch_paths but only with non-empty directories","type":"text","hidden":false,"required":false,"index":false},{"name":"inetd_compatibility","description":"Run this daemon or agent as it was launched from inetd","type":"text","hidden":false,"required":false,"index":false},{"name":"start_on_mount","description":"Run daemon or agent every time a filesystem is mounted","type":"text","hidden":false,"required":false,"index":false},{"name":"root_directory","description":"Key used to specify a directory to chroot to before launch","type":"text","hidden":false,"required":false,"index":false},{"name":"working_directory","description":"Key used to specify a directory to chdir to before launch","type":"text","hidden":false,"required":false,"index":false},{"name":"process_type","description":"Key describes the intended purpose of the job","type":"text","hidden":false,"required":false,"index":false}]},{"name":"launchd_overrides","description":"Override keys, per user, for LaunchDaemons and Agents.","platforms":["darwin"],"columns":[{"name":"label","description":"Daemon or agent service name","type":"text","hidden":false,"required":false,"index":false},{"name":"key","description":"Name of the override key","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"Overridden value","type":"text","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID applied to the override, 0 applies to all","type":"bigint","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to daemon or agent plist","type":"text","hidden":false,"required":false,"index":false}]},{"name":"listening_ports","description":"Processes with listening (bound) network sockets/ports.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"integer","hidden":false,"required":false,"index":false},{"name":"port","description":"Transport layer port","type":"integer","hidden":false,"required":false,"index":false},{"name":"protocol","description":"Transport protocol (TCP/UDP)","type":"integer","hidden":false,"required":false,"index":false},{"name":"family","description":"Network protocol (IPv4, IPv6)","type":"integer","hidden":false,"required":false,"index":false},{"name":"address","description":"Specific address for bind","type":"text","hidden":false,"required":false,"index":false},{"name":"fd","description":"Socket file descriptor number","type":"bigint","hidden":false,"required":false,"index":false},{"name":"socket","description":"Socket handle or inode number","type":"bigint","hidden":false,"required":false,"index":false},{"name":"path","description":"Path for UNIX domain sockets","type":"text","hidden":false,"required":false,"index":false},{"name":"net_namespace","description":"The inode number of the network namespace","type":"text","hidden":true,"required":false,"index":false}]},{"name":"lldp_neighbors","description":"LLDP neighbors of interfaces.","platforms":["linux"],"columns":[{"name":"interface","description":"Interface name","type":"text","hidden":false,"required":false,"index":false},{"name":"rid","description":"Neighbor chassis index","type":"integer","hidden":false,"required":false,"index":false},{"name":"chassis_id_type","description":"Neighbor chassis ID type","type":"text","hidden":false,"required":false,"index":false},{"name":"chassis_id","description":"Neighbor chassis ID value","type":"text","hidden":false,"required":false,"index":false},{"name":"chassis_sysname","description":"CPU brand string, contains vendor and model","type":"text","hidden":false,"required":false,"index":false},{"name":"chassis_sys_description","description":"Max number of CPU physical cores","type":"integer","hidden":false,"required":false,"index":false},{"name":"chassis_bridge_capability_available","description":"Chassis bridge capability availability","type":"integer","hidden":false,"required":false,"index":false},{"name":"chassis_bridge_capability_enabled","description":"Is chassis bridge capability enabled.","type":"integer","hidden":false,"required":false,"index":false},{"name":"chassis_router_capability_available","description":"Chassis router capability availability","type":"integer","hidden":false,"required":false,"index":false},{"name":"chassis_router_capability_enabled","description":"Chassis router capability enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"chassis_repeater_capability_available","description":"Chassis repeater capability availability","type":"integer","hidden":false,"required":false,"index":false},{"name":"chassis_repeater_capability_enabled","description":"Chassis repeater capability enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"chassis_wlan_capability_available","description":"Chassis wlan capability availability","type":"integer","hidden":false,"required":false,"index":false},{"name":"chassis_wlan_capability_enabled","description":"Chassis wlan capability enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"chassis_tel_capability_available","description":"Chassis telephone capability availability","type":"integer","hidden":false,"required":false,"index":false},{"name":"chassis_tel_capability_enabled","description":"Chassis telephone capability enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"chassis_docsis_capability_available","description":"Chassis DOCSIS capability availability","type":"integer","hidden":false,"required":false,"index":false},{"name":"chassis_docsis_capability_enabled","description":"Chassis DOCSIS capability enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"chassis_station_capability_available","description":"Chassis station capability availability","type":"integer","hidden":false,"required":false,"index":false},{"name":"chassis_station_capability_enabled","description":"Chassis station capability enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"chassis_other_capability_available","description":"Chassis other capability availability","type":"integer","hidden":false,"required":false,"index":false},{"name":"chassis_other_capability_enabled","description":"Chassis other capability enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"chassis_mgmt_ips","description":"Comma delimited list of chassis management IPS","type":"text","hidden":false,"required":false,"index":false},{"name":"port_id_type","description":"Port ID type","type":"text","hidden":false,"required":false,"index":false},{"name":"port_id","description":"Port ID value","type":"text","hidden":false,"required":false,"index":false},{"name":"port_description","description":"Port description","type":"text","hidden":false,"required":false,"index":false},{"name":"port_ttl","description":"Age of neighbor port","type":"bigint","hidden":false,"required":false,"index":false},{"name":"port_mfs","description":"Port max frame size","type":"bigint","hidden":false,"required":false,"index":false},{"name":"port_aggregation_id","description":"Port aggregation ID","type":"text","hidden":false,"required":false,"index":false},{"name":"port_autoneg_supported","description":"Auto negotiation supported","type":"integer","hidden":false,"required":false,"index":false},{"name":"port_autoneg_enabled","description":"Is auto negotiation enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"port_mau_type","description":"MAU type","type":"text","hidden":false,"required":false,"index":false},{"name":"port_autoneg_10baset_hd_enabled","description":"10Base-T HD auto negotiation enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"port_autoneg_10baset_fd_enabled","description":"10Base-T FD auto negotiation enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"port_autoneg_100basetx_hd_enabled","description":"100Base-TX HD auto negotiation enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"port_autoneg_100basetx_fd_enabled","description":"100Base-TX FD auto negotiation enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"port_autoneg_100baset2_hd_enabled","description":"100Base-T2 HD auto negotiation enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"port_autoneg_100baset2_fd_enabled","description":"100Base-T2 FD auto negotiation enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"port_autoneg_100baset4_hd_enabled","description":"100Base-T4 HD auto negotiation enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"port_autoneg_100baset4_fd_enabled","description":"100Base-T4 FD auto negotiation enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"port_autoneg_1000basex_hd_enabled","description":"1000Base-X HD auto negotiation enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"port_autoneg_1000basex_fd_enabled","description":"1000Base-X FD auto negotiation enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"port_autoneg_1000baset_hd_enabled","description":"1000Base-T HD auto negotiation enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"port_autoneg_1000baset_fd_enabled","description":"1000Base-T FD auto negotiation enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"power_device_type","description":"Dot3 power device type","type":"text","hidden":false,"required":false,"index":false},{"name":"power_mdi_supported","description":"MDI power supported","type":"integer","hidden":false,"required":false,"index":false},{"name":"power_mdi_enabled","description":"Is MDI power enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"power_paircontrol_enabled","description":"Is power pair control enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"power_pairs","description":"Dot3 power pairs","type":"text","hidden":false,"required":false,"index":false},{"name":"power_class","description":"Power class","type":"text","hidden":false,"required":false,"index":false},{"name":"power_8023at_enabled","description":"Is 802.3at enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"power_8023at_power_type","description":"802.3at power type","type":"text","hidden":false,"required":false,"index":false},{"name":"power_8023at_power_source","description":"802.3at power source","type":"text","hidden":false,"required":false,"index":false},{"name":"power_8023at_power_priority","description":"802.3at power priority","type":"text","hidden":false,"required":false,"index":false},{"name":"power_8023at_power_allocated","description":"802.3at power allocated","type":"text","hidden":false,"required":false,"index":false},{"name":"power_8023at_power_requested","description":"802.3at power requested","type":"text","hidden":false,"required":false,"index":false},{"name":"med_device_type","description":"Chassis MED type","type":"text","hidden":false,"required":false,"index":false},{"name":"med_capability_capabilities","description":"Is MED capabilities enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"med_capability_policy","description":"Is MED policy capability enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"med_capability_location","description":"Is MED location capability enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"med_capability_mdi_pse","description":"Is MED MDI PSE capability enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"med_capability_mdi_pd","description":"Is MED MDI PD capability enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"med_capability_inventory","description":"Is MED inventory capability enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"med_policies","description":"Comma delimited list of MED policies","type":"text","hidden":false,"required":false,"index":false},{"name":"vlans","description":"Comma delimited list of vlan ids","type":"text","hidden":false,"required":false,"index":false},{"name":"pvid","description":"Primary VLAN id","type":"text","hidden":false,"required":false,"index":false},{"name":"ppvids_supported","description":"Comma delimited list of supported PPVIDs","type":"text","hidden":false,"required":false,"index":false},{"name":"ppvids_enabled","description":"Comma delimited list of enabled PPVIDs","type":"text","hidden":false,"required":false,"index":false},{"name":"pids","description":"Comma delimited list of PIDs","type":"text","hidden":false,"required":false,"index":false}]},{"name":"load_average","description":"Displays information about the system wide load averages.","platforms":["darwin","linux"],"columns":[{"name":"period","description":"Period over which the average is calculated.","type":"text","hidden":false,"required":false,"index":false},{"name":"average","description":"Load average over the specified period.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"location_services","description":"Reports the status of the Location Services feature of the OS.","platforms":["darwin"],"columns":[{"name":"enabled","description":"1 if Location Services are enabled, else 0","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"logged_in_users","description":"Users with an active shell on the system.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"type","description":"Login type","type":"text","hidden":false,"required":false,"index":false},{"name":"user","description":"User login name","type":"text","hidden":false,"required":false,"index":false},{"name":"tty","description":"Device name","type":"text","hidden":false,"required":false,"index":false},{"name":"host","description":"Remote hostname","type":"text","hidden":false,"required":false,"index":false},{"name":"time","description":"Time entry was made","type":"bigint","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"integer","hidden":false,"required":false,"index":false},{"name":"sid","description":"The user's unique security identifier","type":"text","hidden":true,"required":false,"index":false},{"name":"registry_hive","description":"HKEY_USERS registry hive","type":"text","hidden":true,"required":false,"index":false}]},{"name":"logical_drives","description":"Details for logical drives on the system. A logical drive generally represents a single partition.","platforms":["windows"],"columns":[{"name":"device_id","description":"The drive id, usually the drive name, e.g., 'C:'.","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Deprecated (always 'Unknown').","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"The canonical description of the drive, e.g. 'Logical Fixed Disk', 'CD-ROM Disk'.","type":"text","hidden":false,"required":false,"index":false},{"name":"free_space","description":"The amount of free space, in bytes, of the drive (-1 on failure).","type":"bigint","hidden":false,"required":false,"index":false},{"name":"size","description":"The total amount of space, in bytes, of the drive (-1 on failure).","type":"bigint","hidden":false,"required":false,"index":false},{"name":"file_system","description":"The file system of the drive.","type":"text","hidden":false,"required":false,"index":false},{"name":"boot_partition","description":"True if Windows booted from this drive.","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"logon_sessions","description":"Windows Logon Session.","platforms":["windows"],"columns":[{"name":"logon_id","description":"A locally unique identifier (LUID) that identifies a logon session.","type":"integer","hidden":false,"required":false,"index":false},{"name":"user","description":"The account name of the security principal that owns the logon session.","type":"text","hidden":false,"required":false,"index":false},{"name":"logon_domain","description":"The name of the domain used to authenticate the owner of the logon session.","type":"text","hidden":false,"required":false,"index":false},{"name":"authentication_package","description":"The authentication package used to authenticate the owner of the logon session.","type":"text","hidden":false,"required":false,"index":false},{"name":"logon_type","description":"The logon method.","type":"text","hidden":false,"required":false,"index":false},{"name":"session_id","description":"The Terminal Services session identifier.","type":"integer","hidden":false,"required":false,"index":false},{"name":"logon_sid","description":"The user's security identifier (SID).","type":"text","hidden":false,"required":false,"index":false},{"name":"logon_time","description":"The time the session owner logged on.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"logon_server","description":"The name of the server used to authenticate the owner of the logon session.","type":"text","hidden":false,"required":false,"index":false},{"name":"dns_domain_name","description":"The DNS name for the owner of the logon session.","type":"text","hidden":false,"required":false,"index":false},{"name":"upn","description":"The user principal name (UPN) for the owner of the logon session.","type":"text","hidden":false,"required":false,"index":false},{"name":"logon_script","description":"The script used for logging on.","type":"text","hidden":false,"required":false,"index":false},{"name":"profile_path","description":"The home directory for the logon session.","type":"text","hidden":false,"required":false,"index":false},{"name":"home_directory","description":"The home directory for the logon session.","type":"text","hidden":false,"required":false,"index":false},{"name":"home_directory_drive","description":"The drive location of the home directory of the logon session.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"lxd_certificates","description":"LXD certificates information.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Name of the certificate","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of the certificate","type":"text","hidden":false,"required":false,"index":false},{"name":"fingerprint","description":"SHA256 hash of the certificate","type":"text","hidden":false,"required":false,"index":false},{"name":"certificate","description":"Certificate content","type":"text","hidden":false,"required":false,"index":false}]},{"name":"lxd_cluster","description":"LXD cluster information.","platforms":["darwin","linux"],"columns":[{"name":"server_name","description":"Name of the LXD server node","type":"text","hidden":false,"required":false,"index":false},{"name":"enabled","description":"Whether clustering enabled (1) or not (0) on this node","type":"integer","hidden":false,"required":false,"index":false},{"name":"member_config_entity","description":"Type of configuration parameter for this node","type":"text","hidden":false,"required":false,"index":false},{"name":"member_config_name","description":"Name of configuration parameter","type":"text","hidden":false,"required":false,"index":false},{"name":"member_config_key","description":"Config key","type":"text","hidden":false,"required":false,"index":false},{"name":"member_config_value","description":"Config value","type":"text","hidden":false,"required":false,"index":false},{"name":"member_config_description","description":"Config description","type":"text","hidden":false,"required":false,"index":false}]},{"name":"lxd_cluster_members","description":"LXD cluster members information.","platforms":["darwin","linux"],"columns":[{"name":"server_name","description":"Name of the LXD server node","type":"text","hidden":false,"required":false,"index":false},{"name":"url","description":"URL of the node","type":"text","hidden":false,"required":false,"index":false},{"name":"database","description":"Whether the server is a database node (1) or not (0)","type":"integer","hidden":false,"required":false,"index":false},{"name":"status","description":"Status of the node (Online/Offline)","type":"text","hidden":false,"required":false,"index":false},{"name":"message","description":"Message from the node (Online/Offline)","type":"text","hidden":false,"required":false,"index":false}]},{"name":"lxd_images","description":"LXD images information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Image ID","type":"text","hidden":false,"required":false,"index":false},{"name":"architecture","description":"Target architecture for the image","type":"text","hidden":false,"required":false,"index":false},{"name":"os","description":"OS on which image is based","type":"text","hidden":false,"required":false,"index":false},{"name":"release","description":"OS release version on which the image is based","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"Image description","type":"text","hidden":false,"required":false,"index":false},{"name":"aliases","description":"Comma-separated list of image aliases","type":"text","hidden":false,"required":false,"index":false},{"name":"filename","description":"Filename of the image file","type":"text","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of image in bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"auto_update","description":"Whether the image auto-updates (1) or not (0)","type":"integer","hidden":false,"required":false,"index":false},{"name":"cached","description":"Whether image is cached (1) or not (0)","type":"integer","hidden":false,"required":false,"index":false},{"name":"public","description":"Whether image is public (1) or not (0)","type":"integer","hidden":false,"required":false,"index":false},{"name":"created_at","description":"ISO time of image creation","type":"text","hidden":false,"required":false,"index":false},{"name":"expires_at","description":"ISO time of image expiration","type":"text","hidden":false,"required":false,"index":false},{"name":"uploaded_at","description":"ISO time of image upload","type":"text","hidden":false,"required":false,"index":false},{"name":"last_used_at","description":"ISO time for the most recent use of this image in terms of container spawn","type":"text","hidden":false,"required":false,"index":false},{"name":"update_source_server","description":"Server for image update","type":"text","hidden":false,"required":false,"index":false},{"name":"update_source_protocol","description":"Protocol used for image information update and image import from source server","type":"text","hidden":false,"required":false,"index":false},{"name":"update_source_certificate","description":"Certificate for update source server","type":"text","hidden":false,"required":false,"index":false},{"name":"update_source_alias","description":"Alias of image at update source server","type":"text","hidden":false,"required":false,"index":false}]},{"name":"lxd_instance_config","description":"LXD instance configuration information.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Instance name","type":"text","hidden":false,"required":true,"index":false},{"name":"key","description":"Configuration parameter name","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"Configuration parameter value","type":"text","hidden":false,"required":false,"index":false}]},{"name":"lxd_instance_devices","description":"LXD instance devices information.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Instance name","type":"text","hidden":false,"required":true,"index":false},{"name":"device","description":"Name of the device","type":"text","hidden":false,"required":false,"index":false},{"name":"device_type","description":"Device type","type":"text","hidden":false,"required":false,"index":false},{"name":"key","description":"Device info param name","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"Device info param value","type":"text","hidden":false,"required":false,"index":false}]},{"name":"lxd_instances","description":"LXD instances information.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Instance name","type":"text","hidden":false,"required":false,"index":false},{"name":"status","description":"Instance state (running, stopped, etc.)","type":"text","hidden":false,"required":false,"index":false},{"name":"stateful","description":"Whether the instance is stateful(1) or not(0)","type":"integer","hidden":false,"required":false,"index":false},{"name":"ephemeral","description":"Whether the instance is ephemeral(1) or not(0)","type":"integer","hidden":false,"required":false,"index":false},{"name":"created_at","description":"ISO time of creation","type":"text","hidden":false,"required":false,"index":false},{"name":"base_image","description":"ID of image used to launch this instance","type":"text","hidden":false,"required":false,"index":false},{"name":"architecture","description":"Instance architecture","type":"text","hidden":false,"required":false,"index":false},{"name":"os","description":"The OS of this instance","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"Instance description","type":"text","hidden":false,"required":false,"index":false},{"name":"pid","description":"Instance's process ID","type":"integer","hidden":false,"required":false,"index":false},{"name":"processes","description":"Number of processes running inside this instance","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"lxd_networks","description":"LXD network information.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Name of the network","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of network","type":"text","hidden":false,"required":false,"index":false},{"name":"managed","description":"1 if network created by LXD, 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"ipv4_address","description":"IPv4 address","type":"text","hidden":false,"required":false,"index":false},{"name":"ipv6_address","description":"IPv6 address","type":"text","hidden":false,"required":false,"index":false},{"name":"used_by","description":"URLs for containers using this network","type":"text","hidden":false,"required":false,"index":false},{"name":"bytes_received","description":"Number of bytes received on this network","type":"bigint","hidden":false,"required":false,"index":false},{"name":"bytes_sent","description":"Number of bytes sent on this network","type":"bigint","hidden":false,"required":false,"index":false},{"name":"packets_received","description":"Number of packets received on this network","type":"bigint","hidden":false,"required":false,"index":false},{"name":"packets_sent","description":"Number of packets sent on this network","type":"bigint","hidden":false,"required":false,"index":false},{"name":"hwaddr","description":"Hardware address for this network","type":"text","hidden":false,"required":false,"index":false},{"name":"state","description":"Network status","type":"text","hidden":false,"required":false,"index":false},{"name":"mtu","description":"MTU size","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"lxd_storage_pools","description":"LXD storage pool information.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Name of the storage pool","type":"text","hidden":false,"required":false,"index":false},{"name":"driver","description":"Storage driver","type":"text","hidden":false,"required":false,"index":false},{"name":"source","description":"Storage pool source","type":"text","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of the storage pool","type":"text","hidden":false,"required":false,"index":false},{"name":"space_used","description":"Storage space used in bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"space_total","description":"Total available storage space in bytes for this storage pool","type":"bigint","hidden":false,"required":false,"index":false},{"name":"inodes_used","description":"Number of inodes used","type":"bigint","hidden":false,"required":false,"index":false},{"name":"inodes_total","description":"Total number of inodes available in this storage pool","type":"bigint","hidden":false,"required":false,"index":false}]},{"name":"magic","description":"Magic number recognition library table.","platforms":["darwin","linux"],"columns":[{"name":"path","description":"Absolute path to target file","type":"text","hidden":false,"required":true,"index":false},{"name":"magic_db_files","description":"Colon(:) separated list of files where the magic db file can be found. By default one of the following is used: /usr/share/file/magic/magic, /usr/share/misc/magic or /usr/share/misc/magic.mgc","type":"text","hidden":false,"required":false,"index":false},{"name":"data","description":"Magic number data from libmagic","type":"text","hidden":false,"required":false,"index":false},{"name":"mime_type","description":"MIME type data from libmagic","type":"text","hidden":false,"required":false,"index":false},{"name":"mime_encoding","description":"MIME encoding data from libmagic","type":"text","hidden":false,"required":false,"index":false}]},{"name":"managed_policies","description":"The managed configuration policies from AD, MDM, MCX, etc.","platforms":["darwin"],"columns":[{"name":"domain","description":"System or manager-chosen domain key","type":"text","hidden":false,"required":false,"index":false},{"name":"uuid","description":"Optional UUID assigned to policy set","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"Policy key name","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"Policy value","type":"text","hidden":false,"required":false,"index":false},{"name":"username","description":"Policy applies only this user","type":"text","hidden":false,"required":false,"index":false},{"name":"manual","description":"1 if policy was loaded manually, otherwise 0","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"md_devices","description":"Software RAID array settings.","platforms":["linux"],"columns":[{"name":"device_name","description":"md device name","type":"text","hidden":false,"required":false,"index":false},{"name":"status","description":"Current state of the array","type":"text","hidden":false,"required":false,"index":false},{"name":"raid_level","description":"Current raid level of the array","type":"integer","hidden":false,"required":false,"index":false},{"name":"size","description":"size of the array in blocks","type":"bigint","hidden":false,"required":false,"index":false},{"name":"chunk_size","description":"chunk size in bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"raid_disks","description":"Number of configured RAID disks in array","type":"integer","hidden":false,"required":false,"index":false},{"name":"nr_raid_disks","description":"Number of partitions or disk devices to comprise the array","type":"integer","hidden":false,"required":false,"index":false},{"name":"working_disks","description":"Number of working disks in array","type":"integer","hidden":false,"required":false,"index":false},{"name":"active_disks","description":"Number of active disks in array","type":"integer","hidden":false,"required":false,"index":false},{"name":"failed_disks","description":"Number of failed disks in array","type":"integer","hidden":false,"required":false,"index":false},{"name":"spare_disks","description":"Number of idle disks in array","type":"integer","hidden":false,"required":false,"index":false},{"name":"superblock_state","description":"State of the superblock","type":"text","hidden":false,"required":false,"index":false},{"name":"superblock_version","description":"Version of the superblock","type":"text","hidden":false,"required":false,"index":false},{"name":"superblock_update_time","description":"Unix timestamp of last update","type":"bigint","hidden":false,"required":false,"index":false},{"name":"bitmap_on_mem","description":"Pages allocated in in-memory bitmap, if enabled","type":"text","hidden":false,"required":false,"index":false},{"name":"bitmap_chunk_size","description":"Bitmap chunk size","type":"text","hidden":false,"required":false,"index":false},{"name":"bitmap_external_file","description":"External referenced bitmap file","type":"text","hidden":false,"required":false,"index":false},{"name":"recovery_progress","description":"Progress of the recovery activity","type":"text","hidden":false,"required":false,"index":false},{"name":"recovery_finish","description":"Estimated duration of recovery activity","type":"text","hidden":false,"required":false,"index":false},{"name":"recovery_speed","description":"Speed of recovery activity","type":"text","hidden":false,"required":false,"index":false},{"name":"resync_progress","description":"Progress of the resync activity","type":"text","hidden":false,"required":false,"index":false},{"name":"resync_finish","description":"Estimated duration of resync activity","type":"text","hidden":false,"required":false,"index":false},{"name":"resync_speed","description":"Speed of resync activity","type":"text","hidden":false,"required":false,"index":false},{"name":"reshape_progress","description":"Progress of the reshape activity","type":"text","hidden":false,"required":false,"index":false},{"name":"reshape_finish","description":"Estimated duration of reshape activity","type":"text","hidden":false,"required":false,"index":false},{"name":"reshape_speed","description":"Speed of reshape activity","type":"text","hidden":false,"required":false,"index":false},{"name":"check_array_progress","description":"Progress of the check array activity","type":"text","hidden":false,"required":false,"index":false},{"name":"check_array_finish","description":"Estimated duration of the check array activity","type":"text","hidden":false,"required":false,"index":false},{"name":"check_array_speed","description":"Speed of the check array activity","type":"text","hidden":false,"required":false,"index":false},{"name":"unused_devices","description":"Unused devices","type":"text","hidden":false,"required":false,"index":false},{"name":"other","description":"Other information associated with array from /proc/mdstat","type":"text","hidden":false,"required":false,"index":false}]},{"name":"md_drives","description":"Drive devices used for Software RAID.","platforms":["linux"],"columns":[{"name":"md_device_name","description":"md device name","type":"text","hidden":false,"required":false,"index":false},{"name":"drive_name","description":"Drive device name","type":"text","hidden":false,"required":false,"index":false},{"name":"slot","description":"Slot position of disk","type":"integer","hidden":false,"required":false,"index":false},{"name":"state","description":"State of the drive","type":"text","hidden":false,"required":false,"index":false}]},{"name":"md_personalities","description":"Software RAID setting supported by the kernel.","platforms":["linux"],"columns":[{"name":"name","description":"Name of personality supported by kernel","type":"text","hidden":false,"required":false,"index":false}]},{"name":"mdfind","description":"Run searches against the spotlight database.","platforms":["darwin"],"columns":[{"name":"path","description":"Path of the file returned from spotlight","type":"text","hidden":false,"required":false,"index":false},{"name":"query","description":"The query that was run to find the file","type":"text","hidden":false,"required":true,"index":false}]},{"name":"mdls","description":"Query file metadata in the Spotlight database.","platforms":["darwin"],"columns":[{"name":"path","description":"Path of the file","type":"text","hidden":false,"required":true,"index":false},{"name":"key","description":"Name of the metadata key","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"Value stored in the metadata key","type":"text","hidden":false,"required":false,"index":false},{"name":"valuetype","description":"CoreFoundation type of data stored in value","type":"text","hidden":true,"required":false,"index":false}]},{"name":"memory_array_mapped_addresses","description":"Data associated for address mapping of physical memory arrays.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the structure","type":"text","hidden":false,"required":false,"index":false},{"name":"memory_array_handle","description":"Handle of the memory array associated with this structure","type":"text","hidden":false,"required":false,"index":false},{"name":"starting_address","description":"Physical stating address, in kilobytes, of a range of memory mapped to physical memory array","type":"text","hidden":false,"required":false,"index":false},{"name":"ending_address","description":"Physical ending address of last kilobyte of a range of memory mapped to physical memory array","type":"text","hidden":false,"required":false,"index":false},{"name":"partition_width","description":"Number of memory devices that form a single row of memory for the address partition of this structure","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"memory_arrays","description":"Data associated with collection of memory devices that operate to form a memory address.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the array","type":"text","hidden":false,"required":false,"index":false},{"name":"location","description":"Physical location of the memory array","type":"text","hidden":false,"required":false,"index":false},{"name":"use","description":"Function for which the array is used","type":"text","hidden":false,"required":false,"index":false},{"name":"memory_error_correction","description":"Primary hardware error correction or detection method supported","type":"text","hidden":false,"required":false,"index":false},{"name":"max_capacity","description":"Maximum capacity of array in gigabytes","type":"integer","hidden":false,"required":false,"index":false},{"name":"memory_error_info_handle","description":"Handle, or instance number, associated with any error that was detected for the array","type":"text","hidden":false,"required":false,"index":false},{"name":"number_memory_devices","description":"Number of memory devices on array","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"memory_device_mapped_addresses","description":"Data associated for address mapping of physical memory devices.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the structure","type":"text","hidden":false,"required":false,"index":false},{"name":"memory_device_handle","description":"Handle of the memory device structure associated with this structure","type":"text","hidden":false,"required":false,"index":false},{"name":"memory_array_mapped_address_handle","description":"Handle of the memory array mapped address to which this device range is mapped to","type":"text","hidden":false,"required":false,"index":false},{"name":"starting_address","description":"Physical stating address, in kilobytes, of a range of memory mapped to physical memory array","type":"text","hidden":false,"required":false,"index":false},{"name":"ending_address","description":"Physical ending address of last kilobyte of a range of memory mapped to physical memory array","type":"text","hidden":false,"required":false,"index":false},{"name":"partition_row_position","description":"Identifies the position of the referenced memory device in a row of the address partition","type":"integer","hidden":false,"required":false,"index":false},{"name":"interleave_position","description":"The position of the device in a interleave, i.e. 0 indicates non-interleave, 1 indicates 1st interleave, 2 indicates 2nd interleave, etc.","type":"integer","hidden":false,"required":false,"index":false},{"name":"interleave_data_depth","description":"The max number of consecutive rows from memory device that are accessed in a single interleave transfer; 0 indicates device is non-interleave","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"memory_devices","description":"Physical memory device (type 17) information retrieved from SMBIOS.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the structure in SMBIOS","type":"text","hidden":false,"required":false,"index":false},{"name":"array_handle","description":"The memory array that the device is attached to","type":"text","hidden":false,"required":false,"index":false},{"name":"form_factor","description":"Implementation form factor for this memory device","type":"text","hidden":false,"required":false,"index":false},{"name":"total_width","description":"Total width, in bits, of this memory device, including any check or error-correction bits","type":"integer","hidden":false,"required":false,"index":false},{"name":"data_width","description":"Data width, in bits, of this memory device","type":"integer","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of memory device in Megabyte","type":"integer","hidden":false,"required":false,"index":false},{"name":"set","description":"Identifies if memory device is one of a set of devices. A value of 0 indicates no set affiliation.","type":"integer","hidden":false,"required":false,"index":false},{"name":"device_locator","description":"String number of the string that identifies the physically-labeled socket or board position where the memory device is located","type":"text","hidden":false,"required":false,"index":false},{"name":"bank_locator","description":"String number of the string that identifies the physically-labeled bank where the memory device is located","type":"text","hidden":false,"required":false,"index":false},{"name":"memory_type","description":"Type of memory used","type":"text","hidden":false,"required":false,"index":false},{"name":"memory_type_details","description":"Additional details for memory device","type":"text","hidden":false,"required":false,"index":false},{"name":"max_speed","description":"Max speed of memory device in megatransfers per second (MT/s)","type":"integer","hidden":false,"required":false,"index":false},{"name":"configured_clock_speed","description":"Configured speed of memory device in megatransfers per second (MT/s)","type":"integer","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"Manufacturer ID string","type":"text","hidden":false,"required":false,"index":false},{"name":"serial_number","description":"Serial number of memory device","type":"text","hidden":false,"required":false,"index":false},{"name":"asset_tag","description":"Manufacturer specific asset tag of memory device","type":"text","hidden":false,"required":false,"index":false},{"name":"part_number","description":"Manufacturer specific serial number of memory device","type":"text","hidden":false,"required":false,"index":false},{"name":"min_voltage","description":"Minimum operating voltage of device in millivolts","type":"integer","hidden":false,"required":false,"index":false},{"name":"max_voltage","description":"Maximum operating voltage of device in millivolts","type":"integer","hidden":false,"required":false,"index":false},{"name":"configured_voltage","description":"Configured operating voltage of device in millivolts","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"memory_error_info","description":"Data associated with errors of a physical memory array.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the structure","type":"text","hidden":false,"required":false,"index":false},{"name":"error_type","description":"type of error associated with current error status for array or device","type":"text","hidden":false,"required":false,"index":false},{"name":"error_granularity","description":"Granularity to which the error can be resolved","type":"text","hidden":false,"required":false,"index":false},{"name":"error_operation","description":"Memory access operation that caused the error","type":"text","hidden":false,"required":false,"index":false},{"name":"vendor_syndrome","description":"Vendor specific ECC syndrome or CRC data associated with the erroneous access","type":"text","hidden":false,"required":false,"index":false},{"name":"memory_array_error_address","description":"32 bit physical address of the error based on the addressing of the bus to which the memory array is connected","type":"text","hidden":false,"required":false,"index":false},{"name":"device_error_address","description":"32 bit physical address of the error relative to the start of the failing memory address, in bytes","type":"text","hidden":false,"required":false,"index":false},{"name":"error_resolution","description":"Range, in bytes, within which this error can be determined, when an error address is given","type":"text","hidden":false,"required":false,"index":false}]},{"name":"memory_info","description":"Main memory information in bytes.","platforms":["linux"],"columns":[{"name":"memory_total","description":"Total amount of physical RAM, in bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"memory_free","description":"The amount of physical RAM, in bytes, left unused by the system","type":"bigint","hidden":false,"required":false,"index":false},{"name":"buffers","description":"The amount of physical RAM, in bytes, used for file buffers","type":"bigint","hidden":false,"required":false,"index":false},{"name":"cached","description":"The amount of physical RAM, in bytes, used as cache memory","type":"bigint","hidden":false,"required":false,"index":false},{"name":"swap_cached","description":"The amount of swap, in bytes, used as cache memory","type":"bigint","hidden":false,"required":false,"index":false},{"name":"active","description":"The total amount of buffer or page cache memory, in bytes, that is in active use","type":"bigint","hidden":false,"required":false,"index":false},{"name":"inactive","description":"The total amount of buffer or page cache memory, in bytes, that are free and available","type":"bigint","hidden":false,"required":false,"index":false},{"name":"swap_total","description":"The total amount of swap available, in bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"swap_free","description":"The total amount of swap free, in bytes","type":"bigint","hidden":false,"required":false,"index":false}]},{"name":"memory_map","description":"OS memory region map.","platforms":["linux"],"columns":[{"name":"name","description":"Region name","type":"text","hidden":false,"required":false,"index":false},{"name":"start","description":"Start address of memory region","type":"text","hidden":false,"required":false,"index":false},{"name":"end","description":"End address of memory region","type":"text","hidden":false,"required":false,"index":false}]},{"name":"mounts","description":"System mounted devices and filesystems (not process specific).","platforms":["darwin","linux"],"columns":[{"name":"device","description":"Mounted device","type":"text","hidden":false,"required":false,"index":false},{"name":"device_alias","description":"Mounted device alias","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Mounted device path","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Mounted device type","type":"text","hidden":false,"required":false,"index":false},{"name":"blocks_size","description":"Block size in bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"blocks","description":"Mounted device used blocks","type":"bigint","hidden":false,"required":false,"index":false},{"name":"blocks_free","description":"Mounted device free blocks","type":"bigint","hidden":false,"required":false,"index":false},{"name":"blocks_available","description":"Mounted device available blocks","type":"bigint","hidden":false,"required":false,"index":false},{"name":"inodes","description":"Mounted device used inodes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"inodes_free","description":"Mounted device free inodes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"flags","description":"Mounted device flags","type":"text","hidden":false,"required":false,"index":false}]},{"name":"msr","description":"Various pieces of data stored in the model specific register per processor. NOTE: the msr kernel module must be enabled, and osquery must be run as root.","platforms":["linux"],"columns":[{"name":"processor_number","description":"The processor number as reported in /proc/cpuinfo","type":"bigint","hidden":false,"required":false,"index":false},{"name":"turbo_disabled","description":"Whether the turbo feature is disabled.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"turbo_ratio_limit","description":"The turbo feature ratio limit.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"platform_info","description":"Platform information.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"perf_ctl","description":"Performance setting for the processor.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"perf_status","description":"Performance status for the processor.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"feature_control","description":"Bitfield controlling enabled features.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"rapl_power_limit","description":"Run Time Average Power Limiting power limit.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"rapl_energy_status","description":"Run Time Average Power Limiting energy status.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"rapl_power_units","description":"Run Time Average Power Limiting power units.","type":"bigint","hidden":false,"required":false,"index":false}]},{"name":"nfs_shares","description":"NFS shares exported by the host.","platforms":["darwin"],"columns":[{"name":"share","description":"Filesystem path to the share","type":"text","hidden":false,"required":false,"index":false},{"name":"options","description":"Options string set on the export share","type":"text","hidden":false,"required":false,"index":false},{"name":"readonly","description":"1 if the share is exported readonly else 0","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"npm_packages","description":"Lists all npm packages in a directory or globally installed in a system.","platforms":["linux"],"columns":[{"name":"name","description":"Package display name","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Package supplied version","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"Package supplied description","type":"text","hidden":false,"required":false,"index":false},{"name":"author","description":"Package author name","type":"text","hidden":false,"required":false,"index":false},{"name":"license","description":"License for package","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Module's package.json path","type":"text","hidden":false,"required":false,"index":false},{"name":"directory","description":"Node module's directory where this package is located","type":"text","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","hidden":true,"required":false,"index":false},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","hidden":true,"required":false,"index":false}]},{"name":"ntdomains","description":"Display basic NT domain information of a Windows machine.","platforms":["windows"],"columns":[{"name":"name","description":"The label by which the object is known.","type":"text","hidden":false,"required":false,"index":false},{"name":"client_site_name","description":"The name of the site where the domain controller is configured.","type":"text","hidden":false,"required":false,"index":false},{"name":"dc_site_name","description":"The name of the site where the domain controller is located.","type":"text","hidden":false,"required":false,"index":false},{"name":"dns_forest_name","description":"The name of the root of the DNS tree.","type":"text","hidden":false,"required":false,"index":false},{"name":"domain_controller_address","description":"The IP Address of the discovered domain controller..","type":"text","hidden":false,"required":false,"index":false},{"name":"domain_controller_name","description":"The name of the discovered domain controller.","type":"text","hidden":false,"required":false,"index":false},{"name":"domain_name","description":"The name of the domain.","type":"text","hidden":false,"required":false,"index":false},{"name":"status","description":"The current status of the domain object.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"ntfs_acl_permissions","description":"Retrieve NTFS ACL permission information for files and directories.","platforms":["windows"],"columns":[{"name":"path","description":"Path to the file or directory.","type":"text","hidden":false,"required":true,"index":false},{"name":"type","description":"Type of access mode for the access control entry.","type":"text","hidden":false,"required":false,"index":false},{"name":"principal","description":"User or group to which the ACE applies.","type":"text","hidden":false,"required":false,"index":false},{"name":"access","description":"Specific permissions that indicate the rights described by the ACE.","type":"text","hidden":false,"required":false,"index":false},{"name":"inherited_from","description":"The inheritance policy of the ACE.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"ntfs_journal_events","description":"Track time/action changes to files specified in configuration data.","platforms":["windows"],"columns":[{"name":"action","description":"Change action (Write, Delete, etc)","type":"text","hidden":false,"required":false,"index":false},{"name":"category","description":"The category that the event originated from","type":"text","hidden":false,"required":false,"index":false},{"name":"old_path","description":"Old path (renames only)","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Path","type":"text","hidden":false,"required":false,"index":false},{"name":"record_timestamp","description":"Journal record timestamp","type":"text","hidden":false,"required":false,"index":false},{"name":"record_usn","description":"The update sequence number that identifies the journal record","type":"text","hidden":false,"required":false,"index":false},{"name":"node_ref_number","description":"The ordinal that associates a journal record with a filename","type":"text","hidden":false,"required":false,"index":false},{"name":"parent_ref_number","description":"The ordinal that associates a journal record with a filename's parent directory","type":"text","hidden":false,"required":false,"index":false},{"name":"drive_letter","description":"The drive letter identifying the source journal","type":"text","hidden":false,"required":false,"index":false},{"name":"file_attributes","description":"File attributes","type":"text","hidden":false,"required":false,"index":false},{"name":"partial","description":"Set to 1 if either path or old_path only contains the file or folder name","type":"bigint","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of file event","type":"bigint","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","hidden":true,"required":false,"index":false}]},{"name":"nvram","description":"Apple NVRAM variable listing.","platforms":["darwin"],"columns":[{"name":"name","description":"Variable name","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Data type (CFData, CFString, etc)","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"Raw variable data","type":"text","hidden":false,"required":false,"index":false}]},{"name":"oem_strings","description":"OEM defined strings retrieved from SMBIOS.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the Type 11 structure","type":"text","hidden":false,"required":false,"index":false},{"name":"number","description":"The string index of the structure","type":"integer","hidden":false,"required":false,"index":false},{"name":"value","description":"The value of the OEM string","type":"text","hidden":false,"required":false,"index":false}]},{"name":"office_mru","description":"View recently opened Office documents.","platforms":["windows"],"columns":[{"name":"application","description":"Associated Office application","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Office application version number","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"File path","type":"text","hidden":false,"required":false,"index":false},{"name":"last_opened_time","description":"Most recent opened time file was opened","type":"bigint","hidden":false,"required":false,"index":false},{"name":"sid","description":"User SID","type":"text","hidden":false,"required":false,"index":false}]},{"name":"os_version","description":"A single row containing the operating system name and version.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"name","description":"Distribution or product name","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Pretty, suitable for presentation, OS version","type":"text","hidden":false,"required":false,"index":false},{"name":"major","description":"Major release version","type":"integer","hidden":false,"required":false,"index":false},{"name":"minor","description":"Minor release version","type":"integer","hidden":false,"required":false,"index":false},{"name":"patch","description":"Optional patch release","type":"integer","hidden":false,"required":false,"index":false},{"name":"build","description":"Optional build-specific or variant string","type":"text","hidden":false,"required":false,"index":false},{"name":"platform","description":"OS Platform or ID","type":"text","hidden":false,"required":false,"index":false},{"name":"platform_like","description":"Closely related platforms","type":"text","hidden":false,"required":false,"index":false},{"name":"codename","description":"OS version codename","type":"text","hidden":false,"required":false,"index":false},{"name":"arch","description":"OS Architecture","type":"text","hidden":false,"required":false,"index":false},{"name":"install_date","description":"The install date of the OS.","type":"bigint","hidden":true,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","hidden":true,"required":false,"index":false},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","hidden":true,"required":false,"index":false}]},{"name":"osquery_events","description":"Information about the event publishers and subscribers.","platforms":["darwin","linux","freebsd","windows"],"columns":[{"name":"name","description":"Event publisher or subscriber name","type":"text","hidden":false,"required":false,"index":false},{"name":"publisher","description":"Name of the associated publisher","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Either publisher or subscriber","type":"text","hidden":false,"required":false,"index":false},{"name":"subscriptions","description":"Number of subscriptions the publisher received or subscriber used","type":"integer","hidden":false,"required":false,"index":false},{"name":"events","description":"Number of events emitted or received since osquery started","type":"integer","hidden":false,"required":false,"index":false},{"name":"refreshes","description":"Publisher only: number of runloop restarts","type":"integer","hidden":false,"required":false,"index":false},{"name":"active","description":"1 if the publisher or subscriber is active else 0","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"osquery_extensions","description":"List of active osquery extensions.","platforms":["darwin","linux","freebsd","windows"],"columns":[{"name":"uuid","description":"The transient ID assigned for communication","type":"bigint","hidden":false,"required":false,"index":false},{"name":"name","description":"Extension's name","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension's version","type":"text","hidden":false,"required":false,"index":false},{"name":"sdk_version","description":"osquery SDK version used to build the extension","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of the extension's Thrift connection or library path","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"SDK extension type: extension or module","type":"text","hidden":false,"required":false,"index":false}]},{"name":"osquery_flags","description":"Configurable flags that modify osquery's behavior.","platforms":["darwin","linux","freebsd","windows"],"columns":[{"name":"name","description":"Flag name","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Flag type","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"Flag description","type":"text","hidden":false,"required":false,"index":false},{"name":"default_value","description":"Flag default value","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"Flag value","type":"text","hidden":false,"required":false,"index":false},{"name":"shell_only","description":"Is the flag shell only?","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"osquery_info","description":"Top level information about the running version of osquery.","platforms":["darwin","linux","freebsd","windows"],"columns":[{"name":"pid","description":"Process (or thread/handle) ID","type":"integer","hidden":false,"required":false,"index":false},{"name":"uuid","description":"Unique ID provided by the system","type":"text","hidden":false,"required":false,"index":false},{"name":"instance_id","description":"Unique, long-lived ID per instance of osquery","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"osquery toolkit version","type":"text","hidden":false,"required":false,"index":false},{"name":"config_hash","description":"Hash of the working configuration state","type":"text","hidden":false,"required":false,"index":false},{"name":"config_valid","description":"1 if the config was loaded and considered valid, else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"extensions","description":"osquery extensions status","type":"text","hidden":false,"required":false,"index":false},{"name":"build_platform","description":"osquery toolkit build platform","type":"text","hidden":false,"required":false,"index":false},{"name":"build_distro","description":"osquery toolkit platform distribution name (os version)","type":"text","hidden":false,"required":false,"index":false},{"name":"start_time","description":"UNIX time in seconds when the process started","type":"integer","hidden":false,"required":false,"index":false},{"name":"watcher","description":"Process (or thread/handle) ID of optional watcher process","type":"integer","hidden":false,"required":false,"index":false},{"name":"platform_mask","description":"The osquery platform bitmask","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"osquery_packs","description":"Information about the current query packs that are loaded in osquery.","platforms":["darwin","linux","freebsd","windows"],"columns":[{"name":"name","description":"The given name for this query pack","type":"text","hidden":false,"required":false,"index":false},{"name":"platform","description":"Platforms this query is supported on","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Minimum osquery version that this query will run on","type":"text","hidden":false,"required":false,"index":false},{"name":"shard","description":"Shard restriction limit, 1-100, 0 meaning no restriction","type":"integer","hidden":false,"required":false,"index":false},{"name":"discovery_cache_hits","description":"The number of times that the discovery query used cached values since the last time the config was reloaded","type":"integer","hidden":false,"required":false,"index":false},{"name":"discovery_executions","description":"The number of times that the discovery queries have been executed since the last time the config was reloaded","type":"integer","hidden":false,"required":false,"index":false},{"name":"active","description":"Whether this pack is active (the version, platform and discovery queries match) yes=1, no=0.","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"osquery_registry","description":"List the osquery registry plugins.","platforms":["darwin","linux","freebsd","windows"],"columns":[{"name":"registry","description":"Name of the osquery registry","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of the plugin item","type":"text","hidden":false,"required":false,"index":false},{"name":"owner_uuid","description":"Extension route UUID (0 for core)","type":"integer","hidden":false,"required":false,"index":false},{"name":"internal","description":"1 If the plugin is internal else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"active","description":"1 If this plugin is active else 0","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"osquery_schedule","description":"Information about the current queries that are scheduled in osquery.","platforms":["darwin","linux","freebsd","windows"],"columns":[{"name":"name","description":"The given name for this query","type":"text","hidden":false,"required":false,"index":false},{"name":"query","description":"The exact query to run","type":"text","hidden":false,"required":false,"index":false},{"name":"interval","description":"The interval in seconds to run this query, not an exact interval","type":"integer","hidden":false,"required":false,"index":false},{"name":"executions","description":"Number of times the query was executed","type":"bigint","hidden":false,"required":false,"index":false},{"name":"last_executed","description":"UNIX time stamp in seconds of the last completed execution","type":"bigint","hidden":false,"required":false,"index":false},{"name":"denylisted","description":"1 if the query is denylisted else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"output_size","description":"Total number of bytes generated by the query","type":"bigint","hidden":false,"required":false,"index":false},{"name":"wall_time","description":"Total wall time spent executing","type":"bigint","hidden":false,"required":false,"index":false},{"name":"user_time","description":"Total user time spent executing","type":"bigint","hidden":false,"required":false,"index":false},{"name":"system_time","description":"Total system time spent executing","type":"bigint","hidden":false,"required":false,"index":false},{"name":"average_memory","description":"Average private memory left after executing","type":"bigint","hidden":false,"required":false,"index":false}]},{"name":"package_bom","description":"OS X package bill of materials (BOM) file list.","platforms":["darwin"],"columns":[{"name":"filepath","description":"Package file or directory","type":"text","hidden":false,"required":false,"index":false},{"name":"uid","description":"Expected user of file or directory","type":"integer","hidden":false,"required":false,"index":false},{"name":"gid","description":"Expected group of file or directory","type":"integer","hidden":false,"required":false,"index":false},{"name":"mode","description":"Expected permissions","type":"integer","hidden":false,"required":false,"index":false},{"name":"size","description":"Expected file size","type":"bigint","hidden":false,"required":false,"index":false},{"name":"modified_time","description":"Timestamp the file was installed","type":"integer","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of package bom","type":"text","hidden":false,"required":true,"index":false}]},{"name":"package_install_history","description":"OS X package install history.","platforms":["darwin"],"columns":[{"name":"package_id","description":"Label packageIdentifiers","type":"text","hidden":false,"required":false,"index":false},{"name":"time","description":"Label date as UNIX timestamp","type":"integer","hidden":false,"required":false,"index":false},{"name":"name","description":"Package display name","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Package display version","type":"text","hidden":false,"required":false,"index":false},{"name":"source","description":"Install source: usually the installer process name","type":"text","hidden":false,"required":false,"index":false},{"name":"content_type","description":"Package content_type (optional)","type":"text","hidden":false,"required":false,"index":false}]},{"name":"package_receipts","description":"OS X package receipt details.","platforms":["darwin"],"columns":[{"name":"package_id","description":"Package domain identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"package_filename","description":"Filename of original .pkg file","type":"text","hidden":true,"required":false,"index":false},{"name":"version","description":"Installed package version","type":"text","hidden":false,"required":false,"index":false},{"name":"location","description":"Optional relative install path on volume","type":"text","hidden":false,"required":false,"index":false},{"name":"install_time","description":"Timestamp of install time","type":"double","hidden":false,"required":false,"index":false},{"name":"installer_name","description":"Name of installer process","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of receipt plist","type":"text","hidden":false,"required":false,"index":false}]},{"name":"patches","description":"Lists all the patches applied. Note: This does not include patches applied via MSI or downloaded from Windows Update (e.g. Service Packs).","platforms":["windows"],"columns":[{"name":"csname","description":"The name of the host the patch is installed on.","type":"text","hidden":false,"required":false,"index":false},{"name":"hotfix_id","description":"The KB ID of the patch.","type":"text","hidden":false,"required":false,"index":false},{"name":"caption","description":"Short description of the patch.","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"Fuller description of the patch.","type":"text","hidden":false,"required":false,"index":false},{"name":"fix_comments","description":"Additional comments about the patch.","type":"text","hidden":false,"required":false,"index":false},{"name":"installed_by","description":"The system context in which the patch as installed.","type":"text","hidden":false,"required":false,"index":false},{"name":"install_date","description":"Indicates when the patch was installed. Lack of a value does not indicate that the patch was not installed.","type":"text","hidden":false,"required":false,"index":false},{"name":"installed_on","description":"The date when the patch was installed.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"pci_devices","description":"PCI devices active on the host system.","platforms":["darwin","linux"],"columns":[{"name":"pci_slot","description":"PCI Device used slot","type":"text","hidden":false,"required":false,"index":false},{"name":"pci_class","description":"PCI Device class","type":"text","hidden":false,"required":false,"index":false},{"name":"driver","description":"PCI Device used driver","type":"text","hidden":false,"required":false,"index":false},{"name":"vendor","description":"PCI Device vendor","type":"text","hidden":false,"required":false,"index":false},{"name":"vendor_id","description":"Hex encoded PCI Device vendor identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"model","description":"PCI Device model","type":"text","hidden":false,"required":false,"index":false},{"name":"model_id","description":"Hex encoded PCI Device model identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"pci_class_id","description":"PCI Device class ID in hex format","type":"text","hidden":true,"required":false,"index":false},{"name":"pci_subclass_id","description":"PCI Device subclass in hex format","type":"text","hidden":true,"required":false,"index":false},{"name":"pci_subclass","description":"PCI Device subclass","type":"text","hidden":true,"required":false,"index":false},{"name":"subsystem_vendor_id","description":"Vendor ID of PCI device subsystem","type":"text","hidden":true,"required":false,"index":false},{"name":"subsystem_vendor","description":"Vendor of PCI device subsystem","type":"text","hidden":true,"required":false,"index":false},{"name":"subsystem_model_id","description":"Model ID of PCI device subsystem","type":"text","hidden":true,"required":false,"index":false},{"name":"subsystem_model","description":"Device description of PCI device subsystem","type":"text","hidden":true,"required":false,"index":false}]},{"name":"physical_disk_performance","description":"Provides provides raw data from performance counters that monitor hard or fixed disk drives on the system.","platforms":["windows"],"columns":[{"name":"name","description":"Name of the physical disk","type":"text","hidden":false,"required":false,"index":false},{"name":"avg_disk_bytes_per_read","description":"Average number of bytes transferred from the disk during read operations","type":"bigint","hidden":false,"required":false,"index":false},{"name":"avg_disk_bytes_per_write","description":"Average number of bytes transferred to the disk during write operations","type":"bigint","hidden":false,"required":false,"index":false},{"name":"avg_disk_read_queue_length","description":"Average number of read requests that were queued for the selected disk during the sample interval","type":"bigint","hidden":false,"required":false,"index":false},{"name":"avg_disk_write_queue_length","description":"Average number of write requests that were queued for the selected disk during the sample interval","type":"bigint","hidden":false,"required":false,"index":false},{"name":"avg_disk_sec_per_read","description":"Average time, in seconds, of a read operation of data from the disk","type":"integer","hidden":false,"required":false,"index":false},{"name":"avg_disk_sec_per_write","description":"Average time, in seconds, of a write operation of data to the disk","type":"integer","hidden":false,"required":false,"index":false},{"name":"current_disk_queue_length","description":"Number of requests outstanding on the disk at the time the performance data is collected","type":"integer","hidden":false,"required":false,"index":false},{"name":"percent_disk_read_time","description":"Percentage of elapsed time that the selected disk drive is busy servicing read requests","type":"bigint","hidden":false,"required":false,"index":false},{"name":"percent_disk_write_time","description":"Percentage of elapsed time that the selected disk drive is busy servicing write requests","type":"bigint","hidden":false,"required":false,"index":false},{"name":"percent_disk_time","description":"Percentage of elapsed time that the selected disk drive is busy servicing read or write requests","type":"bigint","hidden":false,"required":false,"index":false},{"name":"percent_idle_time","description":"Percentage of time during the sample interval that the disk was idle","type":"bigint","hidden":false,"required":false,"index":false}]},{"name":"pipes","description":"Named and Anonymous pipes.","platforms":["windows"],"columns":[{"name":"pid","description":"Process ID of the process to which the pipe belongs","type":"bigint","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of the pipe","type":"text","hidden":false,"required":false,"index":false},{"name":"instances","description":"Number of instances of the named pipe","type":"integer","hidden":false,"required":false,"index":false},{"name":"max_instances","description":"The maximum number of instances creatable for this pipe","type":"integer","hidden":false,"required":false,"index":false},{"name":"flags","description":"The flags indicating whether this pipe connection is a server or client end, and if the pipe for sending messages or bytes","type":"text","hidden":false,"required":false,"index":false}]},{"name":"pkg_packages","description":"pkgng packages that are currently installed on the host system.","platforms":["freebsd"],"columns":[{"name":"name","description":"Package name","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Package version","type":"text","hidden":false,"required":false,"index":false},{"name":"flatsize","description":"Package size in bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"arch","description":"Architecture(s) supported","type":"text","hidden":false,"required":false,"index":false}]},{"name":"platform_info","description":"Information about EFI/UEFI/ROM and platform/boot.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"vendor","description":"Platform code vendor","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Platform code version","type":"text","hidden":false,"required":false,"index":false},{"name":"date","description":"Self-reported platform code update date","type":"text","hidden":false,"required":false,"index":false},{"name":"revision","description":"BIOS major and minor revision","type":"text","hidden":false,"required":false,"index":false},{"name":"address","description":"Relative address of firmware mapping","type":"text","hidden":false,"required":false,"index":false},{"name":"size","description":"Size in bytes of firmware","type":"text","hidden":false,"required":false,"index":false},{"name":"volume_size","description":"(Optional) size of firmware volume","type":"integer","hidden":false,"required":false,"index":false},{"name":"extra","description":"Platform-specific additional information","type":"text","hidden":false,"required":false,"index":false}]},{"name":"plist","description":"Read and parse a plist file.","platforms":["darwin"],"columns":[{"name":"key","description":"Preference top-level key","type":"text","hidden":false,"required":false,"index":false},{"name":"subkey","description":"Intermediate key path, includes lists/dicts","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"String value of most CF types","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"(required) read preferences from a plist","type":"text","hidden":false,"required":true,"index":false}]},{"name":"portage_keywords","description":"A summary about portage configurations like keywords, mask and unmask.","platforms":["linux"],"columns":[{"name":"package","description":"Package name","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"The version which are affected by the use flags, empty means all","type":"text","hidden":false,"required":false,"index":false},{"name":"keyword","description":"The keyword applied to the package","type":"text","hidden":false,"required":false,"index":false},{"name":"mask","description":"If the package is masked","type":"integer","hidden":false,"required":false,"index":false},{"name":"unmask","description":"If the package is unmasked","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"portage_packages","description":"List of currently installed packages.","platforms":["linux"],"columns":[{"name":"package","description":"Package name","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"The version which are affected by the use flags, empty means all","type":"text","hidden":false,"required":false,"index":false},{"name":"slot","description":"The slot used by package","type":"text","hidden":false,"required":false,"index":false},{"name":"build_time","description":"Unix time when package was built","type":"bigint","hidden":false,"required":false,"index":false},{"name":"repository","description":"From which repository the ebuild was used","type":"text","hidden":false,"required":false,"index":false},{"name":"eapi","description":"The eapi for the ebuild","type":"bigint","hidden":false,"required":false,"index":false},{"name":"size","description":"The size of the package","type":"bigint","hidden":false,"required":false,"index":false},{"name":"world","description":"If package is in the world file","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"portage_use","description":"List of enabled portage USE values for specific package.","platforms":["linux"],"columns":[{"name":"package","description":"Package name","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"The version of the installed package","type":"text","hidden":false,"required":false,"index":false},{"name":"use","description":"USE flag which has been enabled for package","type":"text","hidden":false,"required":false,"index":false}]},{"name":"power_sensors","description":"Machine power (currents, voltages, wattages, etc) sensors.","platforms":["darwin"],"columns":[{"name":"key","description":"The SMC key on OS X","type":"text","hidden":false,"required":false,"index":false},{"name":"category","description":"The sensor category: currents, voltage, wattage","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of power source","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"Power in Watts","type":"text","hidden":false,"required":false,"index":false}]},{"name":"powershell_events","description":"Powershell script blocks reconstructed to their full script content, this table requires script block logging to be enabled.","platforms":["windows"],"columns":[{"name":"time","description":"Timestamp the event was received by the osquery event publisher","type":"bigint","hidden":false,"required":false,"index":false},{"name":"datetime","description":"System time at which the Powershell script event occurred","type":"text","hidden":false,"required":false,"index":false},{"name":"script_block_id","description":"The unique GUID of the powershell script to which this block belongs","type":"text","hidden":false,"required":false,"index":false},{"name":"script_block_count","description":"The total number of script blocks for this script","type":"integer","hidden":false,"required":false,"index":false},{"name":"script_text","description":"The text content of the Powershell script","type":"text","hidden":false,"required":false,"index":false},{"name":"script_name","description":"The name of the Powershell script","type":"text","hidden":false,"required":false,"index":false},{"name":"script_path","description":"The path for the Powershell script","type":"text","hidden":false,"required":false,"index":false},{"name":"cosine_similarity","description":"How similar the Powershell script is to a provided 'normal' character frequency","type":"double","hidden":false,"required":false,"index":false}]},{"name":"preferences","description":"OS X defaults and managed preferences.","platforms":["darwin"],"columns":[{"name":"domain","description":"Application ID usually in com.name.product format","type":"text","hidden":false,"required":false,"index":false},{"name":"key","description":"Preference top-level key","type":"text","hidden":false,"required":false,"index":false},{"name":"subkey","description":"Intemediate key path, includes lists/dicts","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"String value of most CF types","type":"text","hidden":false,"required":false,"index":false},{"name":"forced","description":"1 if the value is forced/managed, else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"username","description":"(optional) read preferences for a specific user","type":"text","hidden":false,"required":false,"index":false},{"name":"host","description":"'current' or 'any' host, where 'current' takes precedence","type":"text","hidden":false,"required":false,"index":false}]},{"name":"prefetch","description":"Prefetch files show metadata related to file execution.","platforms":["windows"],"columns":[{"name":"path","description":"Prefetch file path.","type":"text","hidden":false,"required":false,"index":false},{"name":"filename","description":"Executable filename.","type":"text","hidden":false,"required":false,"index":false},{"name":"hash","description":"Prefetch CRC hash.","type":"text","hidden":false,"required":false,"index":false},{"name":"last_run_time","description":"Most recent time application was run.","type":"integer","hidden":false,"required":false,"index":false},{"name":"other_run_times","description":"Other execution times in prefetch file.","type":"text","hidden":false,"required":false,"index":false},{"name":"run_count","description":"Number of times the application has been run.","type":"integer","hidden":false,"required":false,"index":false},{"name":"size","description":"Application file size.","type":"integer","hidden":false,"required":false,"index":false},{"name":"volume_serial","description":"Volume serial number.","type":"text","hidden":false,"required":false,"index":false},{"name":"volume_creation","description":"Volume creation time.","type":"text","hidden":false,"required":false,"index":false},{"name":"accessed_files_count","description":"Number of files accessed.","type":"integer","hidden":false,"required":false,"index":false},{"name":"accessed_directories_count","description":"Number of directories accessed.","type":"integer","hidden":false,"required":false,"index":false},{"name":"accessed_files","description":"Files accessed by application within ten seconds of launch.","type":"text","hidden":false,"required":false,"index":false},{"name":"accessed_directories","description":"Directories accessed by application within ten seconds of launch.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"process_envs","description":"A key/value table of environment variables for each process.","platforms":["darwin","linux"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"integer","hidden":false,"required":false,"index":false},{"name":"key","description":"Environment variable name","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"Environment variable value","type":"text","hidden":false,"required":false,"index":false}]},{"name":"process_events","description":"Track time/action process executions.","platforms":["darwin","linux"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed file","type":"text","hidden":false,"required":false,"index":false},{"name":"mode","description":"File mode permissions","type":"text","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Command line arguments (argv)","type":"text","hidden":false,"required":false,"index":false},{"name":"cmdline_size","description":"Actual size (bytes) of command line arguments","type":"bigint","hidden":true,"required":false,"index":false},{"name":"env","description":"Environment variables delimited by spaces","type":"text","hidden":true,"required":false,"index":false},{"name":"env_count","description":"Number of environment variables","type":"bigint","hidden":true,"required":false,"index":false},{"name":"env_size","description":"Actual size (bytes) of environment list","type":"bigint","hidden":true,"required":false,"index":false},{"name":"cwd","description":"The process current working directory","type":"text","hidden":false,"required":false,"index":false},{"name":"auid","description":"Audit User ID at process start","type":"bigint","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID at process start","type":"bigint","hidden":false,"required":false,"index":false},{"name":"euid","description":"Effective user ID at process start","type":"bigint","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID at process start","type":"bigint","hidden":false,"required":false,"index":false},{"name":"egid","description":"Effective group ID at process start","type":"bigint","hidden":false,"required":false,"index":false},{"name":"owner_uid","description":"File owner user ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"owner_gid","description":"File owner group ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"atime","description":"File last access in UNIX time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"mtime","description":"File modification in UNIX time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"ctime","description":"File last metadata change in UNIX time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"btime","description":"File creation in UNIX time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"overflows","description":"List of structures that overflowed","type":"text","hidden":true,"required":false,"index":false},{"name":"parent","description":"Process parent's PID, or -1 if cannot be determined.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","hidden":true,"required":false,"index":false},{"name":"status","description":"OpenBSM Attribute: Status of the process","type":"bigint","hidden":false,"required":false,"index":false},{"name":"fsuid","description":"Filesystem user ID at process start","type":"bigint","hidden":true,"required":false,"index":false},{"name":"suid","description":"Saved user ID at process start","type":"bigint","hidden":true,"required":false,"index":false},{"name":"fsgid","description":"Filesystem group ID at process start","type":"bigint","hidden":true,"required":false,"index":false},{"name":"sgid","description":"Saved group ID at process start","type":"bigint","hidden":true,"required":false,"index":false},{"name":"syscall","description":"Syscall name: fork, vfork, clone, execve, execveat","type":"text","hidden":true,"required":false,"index":false}]},{"name":"process_file_events","description":"A File Integrity Monitor implementation using the audit service.","platforms":["linux"],"columns":[{"name":"operation","description":"Operation type","type":"text","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"ppid","description":"Parent process ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"executable","description":"The executable path","type":"text","hidden":false,"required":false,"index":false},{"name":"partial","description":"True if this is a partial event (i.e.: this process existed before we started osquery)","type":"text","hidden":false,"required":false,"index":false},{"name":"cwd","description":"The current working directory of the process","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"The path associated with the event","type":"text","hidden":false,"required":false,"index":false},{"name":"dest_path","description":"The canonical path associated with the event","type":"text","hidden":false,"required":false,"index":false},{"name":"uid","description":"The uid of the process performing the action","type":"text","hidden":false,"required":false,"index":false},{"name":"gid","description":"The gid of the process performing the action","type":"text","hidden":false,"required":false,"index":false},{"name":"auid","description":"Audit user ID of the process using the file","type":"text","hidden":false,"required":false,"index":false},{"name":"euid","description":"Effective user ID of the process using the file","type":"text","hidden":false,"required":false,"index":false},{"name":"egid","description":"Effective group ID of the process using the file","type":"text","hidden":false,"required":false,"index":false},{"name":"fsuid","description":"Filesystem user ID of the process using the file","type":"text","hidden":false,"required":false,"index":false},{"name":"fsgid","description":"Filesystem group ID of the process using the file","type":"text","hidden":false,"required":false,"index":false},{"name":"suid","description":"Saved user ID of the process using the file","type":"text","hidden":false,"required":false,"index":false},{"name":"sgid","description":"Saved group ID of the process using the file","type":"text","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","hidden":true,"required":false,"index":false}]},{"name":"process_memory_map","description":"Process memory mapped files and pseudo device/regions.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"integer","hidden":false,"required":false,"index":false},{"name":"start","description":"Virtual start address (hex)","type":"text","hidden":false,"required":false,"index":false},{"name":"end","description":"Virtual end address (hex)","type":"text","hidden":false,"required":false,"index":false},{"name":"permissions","description":"r=read, w=write, x=execute, p=private (cow)","type":"text","hidden":false,"required":false,"index":false},{"name":"offset","description":"Offset into mapped path","type":"bigint","hidden":false,"required":false,"index":false},{"name":"device","description":"MA:MI Major/minor device ID","type":"text","hidden":false,"required":false,"index":false},{"name":"inode","description":"Mapped path inode, 0 means uninitialized (BSS)","type":"integer","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to mapped file or mapped type","type":"text","hidden":false,"required":false,"index":false},{"name":"pseudo","description":"1 If path is a pseudo path, else 0","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"process_namespaces","description":"Linux namespaces for processes running on the host system.","platforms":["linux"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"integer","hidden":false,"required":false,"index":false},{"name":"cgroup_namespace","description":"cgroup namespace inode","type":"text","hidden":false,"required":false,"index":false},{"name":"ipc_namespace","description":"ipc namespace inode","type":"text","hidden":false,"required":false,"index":false},{"name":"mnt_namespace","description":"mnt namespace inode","type":"text","hidden":false,"required":false,"index":false},{"name":"net_namespace","description":"net namespace inode","type":"text","hidden":false,"required":false,"index":false},{"name":"pid_namespace","description":"pid namespace inode","type":"text","hidden":false,"required":false,"index":false},{"name":"user_namespace","description":"user namespace inode","type":"text","hidden":false,"required":false,"index":false},{"name":"uts_namespace","description":"uts namespace inode","type":"text","hidden":false,"required":false,"index":false}]},{"name":"process_open_files","description":"File descriptors for each process.","platforms":["darwin","linux"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"fd","description":"Process-specific file descriptor number","type":"bigint","hidden":false,"required":false,"index":false},{"name":"path","description":"Filesystem path of descriptor","type":"text","hidden":false,"required":false,"index":false}]},{"name":"process_open_pipes","description":"Pipes and partner processes for each process.","platforms":["darwin","linux"],"columns":[{"name":"pid","description":"Process ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"fd","description":"File descriptor","type":"bigint","hidden":false,"required":false,"index":false},{"name":"mode","description":"Pipe open mode (r/w)","type":"text","hidden":false,"required":false,"index":false},{"name":"inode","description":"Pipe inode number","type":"bigint","hidden":false,"required":false,"index":false},{"name":"type","description":"Pipe Type: named vs unnamed/anonymous","type":"text","hidden":false,"required":false,"index":false},{"name":"partner_pid","description":"Process ID of partner process sharing a particular pipe","type":"bigint","hidden":false,"required":false,"index":false},{"name":"partner_fd","description":"File descriptor of shared pipe at partner's end","type":"bigint","hidden":false,"required":false,"index":false},{"name":"partner_mode","description":"Mode of shared pipe at partner's end","type":"text","hidden":false,"required":false,"index":false}]},{"name":"process_open_sockets","description":"Processes which have open network sockets on the system.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"integer","hidden":false,"required":false,"index":false},{"name":"fd","description":"Socket file descriptor number","type":"bigint","hidden":false,"required":false,"index":false},{"name":"socket","description":"Socket handle or inode number","type":"bigint","hidden":false,"required":false,"index":false},{"name":"family","description":"Network protocol (IPv4, IPv6)","type":"integer","hidden":false,"required":false,"index":false},{"name":"protocol","description":"Transport protocol (TCP/UDP)","type":"integer","hidden":false,"required":false,"index":false},{"name":"local_address","description":"Socket local address","type":"text","hidden":false,"required":false,"index":false},{"name":"remote_address","description":"Socket remote address","type":"text","hidden":false,"required":false,"index":false},{"name":"local_port","description":"Socket local port","type":"integer","hidden":false,"required":false,"index":false},{"name":"remote_port","description":"Socket remote port","type":"integer","hidden":false,"required":false,"index":false},{"name":"path","description":"For UNIX sockets (family=AF_UNIX), the domain path","type":"text","hidden":false,"required":false,"index":false},{"name":"state","description":"TCP socket state","type":"text","hidden":false,"required":false,"index":false},{"name":"net_namespace","description":"The inode number of the network namespace","type":"text","hidden":true,"required":false,"index":false}]},{"name":"processes","description":"All running processes on the host system.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"name","description":"The process path or shorthand argv[0]","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to executed binary","type":"text","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Complete argv","type":"text","hidden":false,"required":false,"index":false},{"name":"state","description":"Process state","type":"text","hidden":false,"required":false,"index":false},{"name":"cwd","description":"Process current working directory","type":"text","hidden":false,"required":false,"index":false},{"name":"root","description":"Process virtual root directory","type":"text","hidden":false,"required":false,"index":false},{"name":"uid","description":"Unsigned user ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"gid","description":"Unsigned group ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"euid","description":"Unsigned effective user ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"egid","description":"Unsigned effective group ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"suid","description":"Unsigned saved user ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"sgid","description":"Unsigned saved group ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"on_disk","description":"The process path exists yes=1, no=0, unknown=-1","type":"integer","hidden":false,"required":false,"index":false},{"name":"wired_size","description":"Bytes of unpageable memory used by process","type":"bigint","hidden":false,"required":false,"index":false},{"name":"resident_size","description":"Bytes of private memory used by process","type":"bigint","hidden":false,"required":false,"index":false},{"name":"total_size","description":"Total virtual memory size","type":"bigint","hidden":false,"required":false,"index":false},{"name":"user_time","description":"CPU time in milliseconds spent in user space","type":"bigint","hidden":false,"required":false,"index":false},{"name":"system_time","description":"CPU time in milliseconds spent in kernel space","type":"bigint","hidden":false,"required":false,"index":false},{"name":"disk_bytes_read","description":"Bytes read from disk","type":"bigint","hidden":false,"required":false,"index":false},{"name":"disk_bytes_written","description":"Bytes written to disk","type":"bigint","hidden":false,"required":false,"index":false},{"name":"start_time","description":"Process start time in seconds since Epoch, in case of error -1","type":"bigint","hidden":false,"required":false,"index":false},{"name":"parent","description":"Process parent's PID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"pgroup","description":"Process group","type":"bigint","hidden":false,"required":false,"index":false},{"name":"threads","description":"Number of threads used by process","type":"integer","hidden":false,"required":false,"index":false},{"name":"nice","description":"Process nice level (-20 to 20, default 0)","type":"integer","hidden":false,"required":false,"index":false},{"name":"elevated_token","description":"Process uses elevated token yes=1, no=0","type":"integer","hidden":true,"required":false,"index":false},{"name":"secure_process","description":"Process is secure (IUM) yes=1, no=0","type":"integer","hidden":true,"required":false,"index":false},{"name":"protection_type","description":"The protection type of the process","type":"text","hidden":true,"required":false,"index":false},{"name":"virtual_process","description":"Process is virtual (e.g. System, Registry, vmmem) yes=1, no=0","type":"integer","hidden":true,"required":false,"index":false},{"name":"elapsed_time","description":"Elapsed time in seconds this process has been running.","type":"bigint","hidden":true,"required":false,"index":false},{"name":"handle_count","description":"Total number of handles that the process has open. This number is the sum of the handles currently opened by each thread in the process.","type":"bigint","hidden":true,"required":false,"index":false},{"name":"percent_processor_time","description":"Returns elapsed time that all of the threads of this process used the processor to execute instructions in 100 nanoseconds ticks.","type":"bigint","hidden":true,"required":false,"index":false},{"name":"upid","description":"A 64bit pid that is never reused. Returns -1 if we couldn't gather them from the system.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"uppid","description":"The 64bit parent pid that is never reused. Returns -1 if we couldn't gather them from the system.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"cpu_type","description":"Indicates the specific processor designed for installation.","type":"integer","hidden":false,"required":false,"index":false},{"name":"cpu_subtype","description":"Indicates the specific processor on which an entry may be used.","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"programs","description":"Represents products as they are installed by Windows Installer. A product generally correlates to one installation package on Windows. Some fields may be blank as Windows installation details are left to the discretion of the product author.","platforms":["windows"],"columns":[{"name":"name","description":"Commonly used product name.","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Product version information.","type":"text","hidden":false,"required":false,"index":false},{"name":"install_location","description":"The installation location directory of the product.","type":"text","hidden":false,"required":false,"index":false},{"name":"install_source","description":"The installation source of the product.","type":"text","hidden":false,"required":false,"index":false},{"name":"language","description":"The language of the product.","type":"text","hidden":false,"required":false,"index":false},{"name":"publisher","description":"Name of the product supplier.","type":"text","hidden":false,"required":false,"index":false},{"name":"uninstall_string","description":"Path and filename of the uninstaller.","type":"text","hidden":false,"required":false,"index":false},{"name":"install_date","description":"Date that this product was installed on the system. ","type":"text","hidden":false,"required":false,"index":false},{"name":"identifying_number","description":"Product identification such as a serial number on software, or a die number on a hardware chip.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"prometheus_metrics","description":"Retrieve metrics from a Prometheus server.","platforms":["darwin","linux"],"columns":[{"name":"target_name","description":"Address of prometheus target","type":"text","hidden":false,"required":false,"index":false},{"name":"metric_name","description":"Name of collected Prometheus metric","type":"text","hidden":false,"required":false,"index":false},{"name":"metric_value","description":"Value of collected Prometheus metric","type":"double","hidden":false,"required":false,"index":false},{"name":"timestamp_ms","description":"Unix timestamp of collected data in MS","type":"bigint","hidden":false,"required":false,"index":false}]},{"name":"python_packages","description":"Python packages installed in a system.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"name","description":"Package display name","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Package-supplied version","type":"text","hidden":false,"required":false,"index":false},{"name":"summary","description":"Package-supplied summary","type":"text","hidden":false,"required":false,"index":false},{"name":"author","description":"Optional package author","type":"text","hidden":false,"required":false,"index":false},{"name":"license","description":"License under which package is launched","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Path at which this module resides","type":"text","hidden":false,"required":false,"index":false},{"name":"directory","description":"Directory where Python modules are located","type":"text","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","hidden":true,"required":false,"index":false}]},{"name":"quicklook_cache","description":"Files and thumbnails within OS X's Quicklook Cache.","platforms":["darwin"],"columns":[{"name":"path","description":"Path of file","type":"text","hidden":false,"required":false,"index":false},{"name":"rowid","description":"Quicklook file rowid key","type":"integer","hidden":false,"required":false,"index":false},{"name":"fs_id","description":"Quicklook file fs_id key","type":"text","hidden":false,"required":false,"index":false},{"name":"volume_id","description":"Parsed volume ID from fs_id","type":"integer","hidden":false,"required":false,"index":false},{"name":"inode","description":"Parsed file ID (inode) from fs_id","type":"integer","hidden":false,"required":false,"index":false},{"name":"mtime","description":"Parsed version date field","type":"integer","hidden":false,"required":false,"index":false},{"name":"size","description":"Parsed version size field","type":"bigint","hidden":false,"required":false,"index":false},{"name":"label","description":"Parsed version 'gen' field","type":"text","hidden":false,"required":false,"index":false},{"name":"last_hit_date","description":"Apple date format for last thumbnail cache hit","type":"integer","hidden":false,"required":false,"index":false},{"name":"hit_count","description":"Number of cache hits on thumbnail","type":"text","hidden":false,"required":false,"index":false},{"name":"icon_mode","description":"Thumbnail icon mode","type":"bigint","hidden":false,"required":false,"index":false},{"name":"cache_path","description":"Path to cache data","type":"text","hidden":false,"required":false,"index":false}]},{"name":"registry","description":"All of the Windows registry hives.","platforms":["windows"],"columns":[{"name":"key","description":"Name of the key to search for","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Full path to the value","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of the registry value entry","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of the registry value, or 'subkey' if item is a subkey","type":"text","hidden":false,"required":false,"index":false},{"name":"data","description":"Data content of registry value","type":"text","hidden":false,"required":false,"index":false},{"name":"mtime","description":"timestamp of the most recent registry write","type":"bigint","hidden":false,"required":false,"index":false}]},{"name":"routes","description":"The active route table for the host system.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"destination","description":"Destination IP address","type":"text","hidden":false,"required":false,"index":false},{"name":"netmask","description":"Netmask length","type":"integer","hidden":false,"required":false,"index":false},{"name":"gateway","description":"Route gateway","type":"text","hidden":false,"required":false,"index":false},{"name":"source","description":"Route source","type":"text","hidden":false,"required":false,"index":false},{"name":"flags","description":"Flags to describe route","type":"integer","hidden":false,"required":false,"index":false},{"name":"interface","description":"Route local interface","type":"text","hidden":false,"required":false,"index":false},{"name":"mtu","description":"Maximum Transmission Unit for the route","type":"integer","hidden":false,"required":false,"index":false},{"name":"metric","description":"Cost of route. Lowest is preferred","type":"integer","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of route","type":"text","hidden":false,"required":false,"index":false},{"name":"hopcount","description":"Max hops expected","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"rpm_package_files","description":"RPM packages that are currently installed on the host system.","platforms":["linux"],"columns":[{"name":"package","description":"RPM package name","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"File path within the package","type":"text","hidden":false,"required":false,"index":false},{"name":"username","description":"File default username from info DB","type":"text","hidden":false,"required":false,"index":false},{"name":"groupname","description":"File default groupname from info DB","type":"text","hidden":false,"required":false,"index":false},{"name":"mode","description":"File permissions mode from info DB","type":"text","hidden":false,"required":false,"index":false},{"name":"size","description":"Expected file size in bytes from RPM info DB","type":"bigint","hidden":false,"required":false,"index":false},{"name":"sha256","description":"SHA256 file digest from RPM info DB","type":"text","hidden":false,"required":false,"index":false}]},{"name":"rpm_packages","description":"RPM packages that are currently installed on the host system.","platforms":["linux"],"columns":[{"name":"name","description":"RPM package name","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Package version","type":"text","hidden":false,"required":false,"index":false},{"name":"release","description":"Package release","type":"text","hidden":false,"required":false,"index":false},{"name":"source","description":"Source RPM package name (optional)","type":"text","hidden":false,"required":false,"index":false},{"name":"size","description":"Package size in bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"sha1","description":"SHA1 hash of the package contents","type":"text","hidden":false,"required":false,"index":false},{"name":"arch","description":"Architecture(s) supported","type":"text","hidden":false,"required":false,"index":false},{"name":"epoch","description":"Package epoch value","type":"integer","hidden":false,"required":false,"index":false},{"name":"install_time","description":"When the package was installed","type":"integer","hidden":false,"required":false,"index":false},{"name":"vendor","description":"Package vendor","type":"text","hidden":false,"required":false,"index":false},{"name":"package_group","description":"Package group","type":"text","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","hidden":true,"required":false,"index":false},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","hidden":true,"required":false,"index":false}]},{"name":"running_apps","description":"macOS applications currently running on the host system.","platforms":["darwin"],"columns":[{"name":"pid","description":"The pid of the application","type":"integer","hidden":false,"required":false,"index":false},{"name":"bundle_identifier","description":"The bundle identifier of the application","type":"text","hidden":false,"required":false,"index":false},{"name":"is_active","description":"1 if the application is in focus, 0 otherwise","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"safari_extensions","description":"Safari browser extension details for all users.","platforms":["darwin"],"columns":[{"name":"uid","description":"The local user that owns the extension","type":"bigint","hidden":false,"required":false,"index":false},{"name":"name","description":"Extension display name","type":"text","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Extension identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension long version","type":"text","hidden":false,"required":false,"index":false},{"name":"sdk","description":"Bundle SDK used to compile extension","type":"text","hidden":false,"required":false,"index":false},{"name":"update_url","description":"Extension-supplied update URI","type":"text","hidden":false,"required":false,"index":false},{"name":"author","description":"Optional extension author","type":"text","hidden":false,"required":false,"index":false},{"name":"developer_id","description":"Optional developer identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"Optional extension description text","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to extension XAR bundle","type":"text","hidden":false,"required":false,"index":false}]},{"name":"sandboxes","description":"OS X application sandboxes container details.","platforms":["darwin"],"columns":[{"name":"label","description":"UTI-format bundle or label ID","type":"text","hidden":false,"required":false,"index":false},{"name":"user","description":"Sandbox owner","type":"text","hidden":false,"required":false,"index":false},{"name":"enabled","description":"Application sandboxings enabled on container","type":"integer","hidden":false,"required":false,"index":false},{"name":"build_id","description":"Sandbox-specific identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"bundle_path","description":"Application bundle used by the sandbox","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to sandbox container directory","type":"text","hidden":false,"required":false,"index":false}]},{"name":"scheduled_tasks","description":"Lists all of the tasks in the Windows task scheduler.","platforms":["windows"],"columns":[{"name":"name","description":"Name of the scheduled task","type":"text","hidden":false,"required":false,"index":false},{"name":"action","description":"Actions executed by the scheduled task","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to the executable to be run","type":"text","hidden":false,"required":false,"index":false},{"name":"enabled","description":"Whether or not the scheduled task is enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"state","description":"State of the scheduled task","type":"text","hidden":false,"required":false,"index":false},{"name":"hidden","description":"Whether or not the task is visible in the UI","type":"integer","hidden":false,"required":false,"index":false},{"name":"last_run_time","description":"Timestamp the task last ran","type":"bigint","hidden":false,"required":false,"index":false},{"name":"next_run_time","description":"Timestamp the task is scheduled to run next","type":"bigint","hidden":false,"required":false,"index":false},{"name":"last_run_message","description":"Exit status message of the last task run","type":"text","hidden":false,"required":false,"index":false},{"name":"last_run_code","description":"Exit status code of the last task run","type":"text","hidden":false,"required":false,"index":false}]},{"name":"screenlock","description":"macOS screenlock status for the current logged in user context.","platforms":["darwin"],"columns":[{"name":"enabled","description":"1 If a password is required after sleep or the screensaver begins; else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"grace_period","description":"The amount of time in seconds the screen must be asleep or the screensaver on before a password is required on-wake. 0 = immediately; -1 = no password is required on-wake","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"seccomp_events","description":"A virtual table that tracks seccomp events.","platforms":["linux"],"columns":[{"name":"time","description":"Time of execution in UNIX time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","hidden":false,"required":false,"index":false},{"name":"auid","description":"Audit user ID (loginuid) of the user who started the analyzed process","type":"unsigned_bigint","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID of the user who started the analyzed process","type":"unsigned_bigint","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID of the user who started the analyzed process","type":"unsigned_bigint","hidden":false,"required":false,"index":false},{"name":"ses","description":"Session ID of the session from which the analyzed process was invoked","type":"unsigned_bigint","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"unsigned_bigint","hidden":false,"required":false,"index":false},{"name":"comm","description":"Command-line name of the command that was used to invoke the analyzed process","type":"text","hidden":false,"required":false,"index":false},{"name":"exe","description":"The path to the executable that was used to invoke the analyzed process","type":"text","hidden":false,"required":false,"index":false},{"name":"sig","description":"Signal value sent to process by seccomp","type":"bigint","hidden":false,"required":false,"index":false},{"name":"arch","description":"Information about the CPU architecture","type":"text","hidden":false,"required":false,"index":false},{"name":"syscall","description":"Type of the system call","type":"text","hidden":false,"required":false,"index":false},{"name":"compat","description":"Is system call in compatibility mode","type":"bigint","hidden":false,"required":false,"index":false},{"name":"ip","description":"Instruction pointer value","type":"text","hidden":false,"required":false,"index":false},{"name":"code","description":"The seccomp action","type":"text","hidden":false,"required":false,"index":false}]},{"name":"secureboot","description":"Secure Boot UEFI Settings.","platforms":["darwin","linux","freebsd","windows"],"columns":[{"name":"secure_boot","description":"Whether secure boot is enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"setup_mode","description":"Whether setup mode is enabled","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"selinux_events","description":"Track SELinux events.","platforms":["linux"],"columns":[{"name":"type","description":"Event type","type":"text","hidden":false,"required":false,"index":false},{"name":"message","description":"Message","type":"text","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","hidden":true,"required":false,"index":false}]},{"name":"selinux_settings","description":"Track active SELinux settings.","platforms":["linux"],"columns":[{"name":"scope","description":"Where the key is located inside the SELinuxFS mount point.","type":"text","hidden":false,"required":false,"index":false},{"name":"key","description":"Key or class name.","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"Active value.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"services","description":"Lists all installed Windows services and their relevant data.","platforms":["windows"],"columns":[{"name":"name","description":"Service name","type":"text","hidden":false,"required":false,"index":false},{"name":"service_type","description":"Service Type: OWN_PROCESS, SHARE_PROCESS and maybe Interactive (can interact with the desktop)","type":"text","hidden":false,"required":false,"index":false},{"name":"display_name","description":"Service Display name","type":"text","hidden":false,"required":false,"index":false},{"name":"status","description":"Service Current status: STOPPED, START_PENDING, STOP_PENDING, RUNNING, CONTINUE_PENDING, PAUSE_PENDING, PAUSED","type":"text","hidden":false,"required":false,"index":false},{"name":"pid","description":"the Process ID of the service","type":"integer","hidden":false,"required":false,"index":false},{"name":"start_type","description":"Service start type: BOOT_START, SYSTEM_START, AUTO_START, DEMAND_START, DISABLED","type":"text","hidden":false,"required":false,"index":false},{"name":"win32_exit_code","description":"The error code that the service uses to report an error that occurs when it is starting or stopping","type":"integer","hidden":false,"required":false,"index":false},{"name":"service_exit_code","description":"The service-specific error code that the service returns when an error occurs while the service is starting or stopping","type":"integer","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to Service Executable","type":"text","hidden":false,"required":false,"index":false},{"name":"module_path","description":"Path to ServiceDll","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"Service Description","type":"text","hidden":false,"required":false,"index":false},{"name":"user_account","description":"The name of the account that the service process will be logged on as when it runs. This name can be of the form Domain\\UserName. If the account belongs to the built-in domain, the name can be of the form .\\UserName.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"shadow","description":"Local system users encrypted passwords and related information. Please note, that you usually need superuser rights to access `/etc/shadow`.","platforms":["linux"],"columns":[{"name":"password_status","description":"Password status","type":"text","hidden":false,"required":false,"index":false},{"name":"hash_alg","description":"Password hashing algorithm","type":"text","hidden":false,"required":false,"index":false},{"name":"last_change","description":"Date of last password change (starting from UNIX epoch date)","type":"bigint","hidden":false,"required":false,"index":false},{"name":"min","description":"Minimal number of days between password changes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"max","description":"Maximum number of days between password changes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"warning","description":"Number of days before password expires to warn user about it","type":"bigint","hidden":false,"required":false,"index":false},{"name":"inactive","description":"Number of days after password expires until account is blocked","type":"bigint","hidden":false,"required":false,"index":false},{"name":"expire","description":"Number of days since UNIX epoch date until account is disabled","type":"bigint","hidden":false,"required":false,"index":false},{"name":"flag","description":"Reserved","type":"bigint","hidden":false,"required":false,"index":false},{"name":"username","description":"Username","type":"text","hidden":false,"required":false,"index":false}]},{"name":"shared_folders","description":"Folders available to others via SMB or AFP.","platforms":["darwin"],"columns":[{"name":"name","description":"The shared name of the folder as it appears to other users","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Absolute path of shared folder on the local system","type":"text","hidden":false,"required":false,"index":false}]},{"name":"shared_memory","description":"OS shared memory regions.","platforms":["linux"],"columns":[{"name":"shmid","description":"Shared memory segment ID","type":"integer","hidden":false,"required":false,"index":false},{"name":"owner_uid","description":"User ID of owning process","type":"bigint","hidden":false,"required":false,"index":false},{"name":"creator_uid","description":"User ID of creator process","type":"bigint","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID to last use the segment","type":"bigint","hidden":false,"required":false,"index":false},{"name":"creator_pid","description":"Process ID that created the segment","type":"bigint","hidden":false,"required":false,"index":false},{"name":"atime","description":"Attached time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"dtime","description":"Detached time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"ctime","description":"Changed time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"permissions","description":"Memory segment permissions","type":"text","hidden":false,"required":false,"index":false},{"name":"size","description":"Size in bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"attached","description":"Number of attached processes","type":"integer","hidden":false,"required":false,"index":false},{"name":"status","description":"Destination/attach status","type":"text","hidden":false,"required":false,"index":false},{"name":"locked","description":"1 if segment is locked else 0","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"shared_resources","description":"Displays shared resources on a computer system running Windows. This may be a disk drive, printer, interprocess communication, or other sharable device.","platforms":["windows"],"columns":[{"name":"description","description":"A textual description of the object","type":"text","hidden":false,"required":false,"index":false},{"name":"install_date","description":"Indicates when the object was installed. Lack of a value does not indicate that the object is not installed.","type":"text","hidden":false,"required":false,"index":false},{"name":"status","description":"String that indicates the current status of the object.","type":"text","hidden":false,"required":false,"index":false},{"name":"allow_maximum","description":"Number of concurrent users for this resource has been limited. If True, the value in the MaximumAllowed property is ignored.","type":"integer","hidden":false,"required":false,"index":false},{"name":"maximum_allowed","description":"Limit on the maximum number of users allowed to use this resource concurrently. The value is only valid if the AllowMaximum property is set to FALSE.","type":"integer","hidden":false,"required":false,"index":false},{"name":"name","description":"Alias given to a path set up as a share on a computer system running Windows.","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Local path of the Windows share.","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of resource being shared. Types include: disk drives, print queues, interprocess communications (IPC), and general devices.","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"sharing_preferences","description":"OS X Sharing preferences.","platforms":["darwin"],"columns":[{"name":"screen_sharing","description":"1 If screen sharing is enabled else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"file_sharing","description":"1 If file sharing is enabled else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"printer_sharing","description":"1 If printer sharing is enabled else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"remote_login","description":"1 If remote login is enabled else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"remote_management","description":"1 If remote management is enabled else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"remote_apple_events","description":"1 If remote apple events are enabled else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"internet_sharing","description":"1 If internet sharing is enabled else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"bluetooth_sharing","description":"1 If bluetooth sharing is enabled for any user else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"disc_sharing","description":"1 If CD or DVD sharing is enabled else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"content_caching","description":"1 If content caching is enabled else 0","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"shell_history","description":"A line-delimited (command) table of per-user .*_history data.","platforms":["darwin","linux"],"columns":[{"name":"uid","description":"Shell history owner","type":"bigint","hidden":false,"required":false,"index":false},{"name":"time","description":"Entry timestamp. It could be absent, default value is 0.","type":"integer","hidden":false,"required":false,"index":false},{"name":"command","description":"Unparsed date/line/command history line","type":"text","hidden":false,"required":false,"index":false},{"name":"history_file","description":"Path to the .*_history for this user","type":"text","hidden":false,"required":false,"index":false}]},{"name":"shellbags","description":"Shows directories accessed via Windows Explorer.","platforms":["windows"],"columns":[{"name":"sid","description":"User SID","type":"text","hidden":false,"required":false,"index":false},{"name":"source","description":"Shellbags source Registry file","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Directory name.","type":"text","hidden":false,"required":false,"index":false},{"name":"modified_time","description":"Directory Modified time.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"created_time","description":"Directory Created time.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"accessed_time","description":"Directory Accessed time.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"mft_entry","description":"Directory master file table entry.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"mft_sequence","description":"Directory master file table sequence.","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"shimcache","description":"Application Compatibility Cache, contains artifacts of execution.","platforms":["windows"],"columns":[{"name":"entry","description":"Execution order.","type":"integer","hidden":false,"required":false,"index":false},{"name":"path","description":"This is the path to the executed file.","type":"text","hidden":false,"required":false,"index":false},{"name":"modified_time","description":"File Modified time.","type":"integer","hidden":false,"required":false,"index":false},{"name":"execution_flag","description":"Boolean Execution flag, 1 for execution, 0 for no execution, -1 for missing (this flag does not exist on Windows 10 and higher).","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"shortcut_files","description":"View data about Windows Shortcut files.","platforms":["windows"],"columns":[{"name":"path","description":"Directory name.","type":"text","hidden":false,"required":true,"index":false},{"name":"target_path","description":"Target file path","type":"text","hidden":false,"required":false,"index":false},{"name":"target_modified","description":"Target Modified time.","type":"integer","hidden":false,"required":false,"index":false},{"name":"target_created","description":"Target Created time.","type":"integer","hidden":false,"required":false,"index":false},{"name":"target_accessed","description":"Target Accessed time.","type":"integer","hidden":false,"required":false,"index":false},{"name":"target_size","description":"Size of target file.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"relative_path","description":"Relative path to target file from lnk file.","type":"text","hidden":false,"required":false,"index":false},{"name":"local_path","description":"Local system path to target file.","type":"text","hidden":false,"required":false,"index":false},{"name":"working_path","description":"Target file directory.","type":"text","hidden":false,"required":false,"index":false},{"name":"icon_path","description":"Lnk file icon location.","type":"text","hidden":false,"required":false,"index":false},{"name":"common_path","description":"Common system path to target file.","type":"text","hidden":false,"required":false,"index":false},{"name":"command_args","description":"Command args passed to lnk file.","type":"text","hidden":false,"required":false,"index":false},{"name":"hostname","description":"Optional hostname of the target file.","type":"text","hidden":false,"required":false,"index":false},{"name":"share_name","description":"Share name of the target file.","type":"text","hidden":false,"required":false,"index":false},{"name":"device_type","description":"Device containing the target file.","type":"text","hidden":false,"required":false,"index":false},{"name":"volume_serial","description":"Volume serial number.","type":"text","hidden":false,"required":false,"index":false},{"name":"mft_entry","description":"Target mft entry.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"mft_sequence","description":"Target mft sequence.","type":"integer","hidden":false,"required":false,"index":false},{"name":"description","description":"Lnk file description.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"signature","description":"File (executable, bundle, installer, disk) code signing status.","platforms":["darwin"],"columns":[{"name":"path","description":"Must provide a path or directory","type":"text","hidden":false,"required":true,"index":false},{"name":"hash_resources","description":"Set to 1 to also hash resources, or 0 otherwise. Default is 1","type":"integer","hidden":false,"required":false,"index":false},{"name":"arch","description":"If applicable, the arch of the signed code","type":"text","hidden":false,"required":false,"index":false},{"name":"signed","description":"1 If the file is signed else 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"identifier","description":"The signing identifier sealed into the signature","type":"text","hidden":false,"required":false,"index":false},{"name":"cdhash","description":"Hash of the application Code Directory","type":"text","hidden":false,"required":false,"index":false},{"name":"team_identifier","description":"The team signing identifier sealed into the signature","type":"text","hidden":false,"required":false,"index":false},{"name":"authority","description":"Certificate Common Name","type":"text","hidden":false,"required":false,"index":false}]},{"name":"sip_config","description":"Apple's System Integrity Protection (rootless) status.","platforms":["darwin"],"columns":[{"name":"config_flag","description":"The System Integrity Protection config flag","type":"text","hidden":false,"required":false,"index":false},{"name":"enabled","description":"1 if this configuration is enabled, otherwise 0","type":"integer","hidden":false,"required":false,"index":false},{"name":"enabled_nvram","description":"1 if this configuration is enabled, otherwise 0","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"smart_drive_info","description":"Drive information read by SMART controller utilizing autodetect.","platforms":["darwin","linux"],"columns":[{"name":"device_name","description":"Name of block device","type":"text","hidden":false,"required":false,"index":false},{"name":"disk_id","description":"Physical slot number of device, only exists when hardware storage controller exists","type":"integer","hidden":false,"required":false,"index":false},{"name":"driver_type","description":"The explicit device type used to retrieve the SMART information","type":"text","hidden":false,"required":false,"index":false},{"name":"model_family","description":"Drive model family","type":"text","hidden":false,"required":false,"index":false},{"name":"device_model","description":"Device Model","type":"text","hidden":false,"required":false,"index":false},{"name":"serial_number","description":"Device serial number","type":"text","hidden":false,"required":false,"index":false},{"name":"lu_wwn_device_id","description":"Device Identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"additional_product_id","description":"An additional drive identifier if any","type":"text","hidden":false,"required":false,"index":false},{"name":"firmware_version","description":"Drive firmware version","type":"text","hidden":false,"required":false,"index":false},{"name":"user_capacity","description":"Bytes of drive capacity","type":"text","hidden":false,"required":false,"index":false},{"name":"sector_sizes","description":"Bytes of drive sector sizes","type":"text","hidden":false,"required":false,"index":false},{"name":"rotation_rate","description":"Drive RPM","type":"text","hidden":false,"required":false,"index":false},{"name":"form_factor","description":"Form factor if reported","type":"text","hidden":false,"required":false,"index":false},{"name":"in_smartctl_db","description":"Boolean value for if drive is recognized","type":"integer","hidden":false,"required":false,"index":false},{"name":"ata_version","description":"ATA version of drive","type":"text","hidden":false,"required":false,"index":false},{"name":"transport_type","description":"Drive transport type","type":"text","hidden":false,"required":false,"index":false},{"name":"sata_version","description":"SATA version, if any","type":"text","hidden":false,"required":false,"index":false},{"name":"read_device_identity_failure","description":"Error string for device id read, if any","type":"text","hidden":false,"required":false,"index":false},{"name":"smart_supported","description":"SMART support status","type":"text","hidden":false,"required":false,"index":false},{"name":"smart_enabled","description":"SMART enabled status","type":"text","hidden":false,"required":false,"index":false},{"name":"packet_device_type","description":"Packet device type","type":"text","hidden":false,"required":false,"index":false},{"name":"power_mode","description":"Device power mode","type":"text","hidden":false,"required":false,"index":false},{"name":"warnings","description":"Warning messages from SMART controller","type":"text","hidden":false,"required":false,"index":false}]},{"name":"smbios_tables","description":"BIOS (DMI) structure common details and content.","platforms":["darwin","linux"],"columns":[{"name":"number","description":"Table entry number","type":"integer","hidden":false,"required":false,"index":false},{"name":"type","description":"Table entry type","type":"integer","hidden":false,"required":false,"index":false},{"name":"description","description":"Table entry description","type":"text","hidden":false,"required":false,"index":false},{"name":"handle","description":"Table entry handle","type":"integer","hidden":false,"required":false,"index":false},{"name":"header_size","description":"Header size in bytes","type":"integer","hidden":false,"required":false,"index":false},{"name":"size","description":"Table entry size in bytes","type":"integer","hidden":false,"required":false,"index":false},{"name":"md5","description":"MD5 hash of table entry","type":"text","hidden":false,"required":false,"index":false}]},{"name":"smc_keys","description":"Apple's system management controller keys.","platforms":["darwin"],"columns":[{"name":"key","description":"4-character key","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"SMC-reported type literal type","type":"text","hidden":false,"required":false,"index":false},{"name":"size","description":"Reported size of data in bytes","type":"integer","hidden":false,"required":false,"index":false},{"name":"value","description":"A type-encoded representation of the key value","type":"text","hidden":false,"required":false,"index":false},{"name":"hidden","description":"1 if this key is normally hidden, otherwise 0","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"socket_events","description":"Track network socket opens and closes.","platforms":["darwin","linux"],"columns":[{"name":"action","description":"The socket action (bind, listen, close)","type":"text","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed file","type":"text","hidden":false,"required":false,"index":false},{"name":"fd","description":"The file description for the process socket","type":"text","hidden":false,"required":false,"index":false},{"name":"auid","description":"Audit User ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"status","description":"Either 'succeeded', 'failed', 'in_progress' (connect() on non-blocking socket) or 'no_client' (null accept() on non-blocking socket)","type":"text","hidden":false,"required":false,"index":false},{"name":"family","description":"The Internet protocol family ID","type":"integer","hidden":false,"required":false,"index":false},{"name":"protocol","description":"The network protocol ID","type":"integer","hidden":true,"required":false,"index":false},{"name":"local_address","description":"Local address associated with socket","type":"text","hidden":false,"required":false,"index":false},{"name":"remote_address","description":"Remote address associated with socket","type":"text","hidden":false,"required":false,"index":false},{"name":"local_port","description":"Local network protocol port number","type":"integer","hidden":false,"required":false,"index":false},{"name":"remote_port","description":"Remote network protocol port number","type":"integer","hidden":false,"required":false,"index":false},{"name":"socket","description":"The local path (UNIX domain socket only)","type":"text","hidden":true,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","hidden":true,"required":false,"index":false},{"name":"success","description":"Deprecated. Use the 'status' column instead","type":"integer","hidden":true,"required":false,"index":false}]},{"name":"ssh_configs","description":"A table of parsed ssh_configs.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"uid","description":"The local owner of the ssh_config file","type":"bigint","hidden":false,"required":false,"index":false},{"name":"block","description":"The host or match block","type":"text","hidden":false,"required":false,"index":false},{"name":"option","description":"The option and value","type":"text","hidden":false,"required":false,"index":false},{"name":"ssh_config_file","description":"Path to the ssh_config file","type":"text","hidden":false,"required":false,"index":false}]},{"name":"startup_items","description":"Applications and binaries set as user/login startup items.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"name","description":"Name of startup item","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of startup item","type":"text","hidden":false,"required":false,"index":false},{"name":"args","description":"Arguments provided to startup executable","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Startup Item or Login Item","type":"text","hidden":false,"required":false,"index":false},{"name":"source","description":"Directory or plist containing startup item","type":"text","hidden":false,"required":false,"index":false},{"name":"status","description":"Startup status; either enabled or disabled","type":"text","hidden":false,"required":false,"index":false},{"name":"username","description":"The user associated with the startup item","type":"text","hidden":false,"required":false,"index":false}]},{"name":"sudoers","description":"Rules for running commands as other users via sudo.","platforms":["darwin","linux"],"columns":[{"name":"source","description":"Source file containing the given rule","type":"text","hidden":false,"required":false,"index":false},{"name":"header","description":"Symbol for given rule","type":"text","hidden":false,"required":false,"index":false},{"name":"rule_details","description":"Rule definition","type":"text","hidden":false,"required":false,"index":false}]},{"name":"suid_bin","description":"suid binaries in common locations.","platforms":["darwin","linux"],"columns":[{"name":"path","description":"Binary path","type":"text","hidden":false,"required":false,"index":false},{"name":"username","description":"Binary owner username","type":"text","hidden":false,"required":false,"index":false},{"name":"groupname","description":"Binary owner group","type":"text","hidden":false,"required":false,"index":false},{"name":"permissions","description":"Binary permissions","type":"text","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","hidden":true,"required":false,"index":false}]},{"name":"syslog_events","description":"","platforms":["linux"],"columns":[{"name":"time","description":"Current unix epoch time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"datetime","description":"Time known to syslog","type":"text","hidden":false,"required":false,"index":false},{"name":"host","description":"Hostname configured for syslog","type":"text","hidden":false,"required":false,"index":false},{"name":"severity","description":"Syslog severity","type":"integer","hidden":false,"required":false,"index":false},{"name":"facility","description":"Syslog facility","type":"text","hidden":false,"required":false,"index":false},{"name":"tag","description":"The syslog tag","type":"text","hidden":false,"required":false,"index":false},{"name":"message","description":"The syslog message","type":"text","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","hidden":true,"required":false,"index":false}]},{"name":"system_controls","description":"sysctl names, values, and settings information.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Full sysctl MIB name","type":"text","hidden":false,"required":false,"index":false},{"name":"oid","description":"Control MIB","type":"text","hidden":false,"required":false,"index":false},{"name":"subsystem","description":"Subsystem ID, control type","type":"text","hidden":false,"required":false,"index":false},{"name":"current_value","description":"Value of setting","type":"text","hidden":false,"required":false,"index":false},{"name":"config_value","description":"The MIB value set in /etc/sysctl.conf","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Data type","type":"text","hidden":false,"required":false,"index":false},{"name":"field_name","description":"Specific attribute of opaque type","type":"text","hidden":false,"required":false,"index":false}]},{"name":"system_extensions","description":"macOS (>= 10.15) system extension table.","platforms":["darwin"],"columns":[{"name":"path","description":"Original path of system extension","type":"text","hidden":false,"required":false,"index":false},{"name":"UUID","description":"Extension unique id","type":"text","hidden":false,"required":false,"index":false},{"name":"state","description":"System extension state","type":"text","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Identifier name","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"System extension version","type":"text","hidden":false,"required":false,"index":false},{"name":"category","description":"System extension category","type":"text","hidden":false,"required":false,"index":false},{"name":"bundle_path","description":"System extension bundle path","type":"text","hidden":false,"required":false,"index":false},{"name":"team","description":"Signing team ID","type":"text","hidden":false,"required":false,"index":false},{"name":"mdm_managed","description":"1 if managed by MDM system extension payload configuration, 0 otherwise","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"system_info","description":"System information for identification.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"hostname","description":"Network hostname including domain","type":"text","hidden":false,"required":false,"index":false},{"name":"uuid","description":"Unique ID provided by the system","type":"text","hidden":false,"required":false,"index":false},{"name":"cpu_type","description":"CPU type","type":"text","hidden":false,"required":false,"index":false},{"name":"cpu_subtype","description":"CPU subtype","type":"text","hidden":false,"required":false,"index":false},{"name":"cpu_brand","description":"CPU brand string, contains vendor and model","type":"text","hidden":false,"required":false,"index":false},{"name":"cpu_physical_cores","description":"Number of physical CPU cores in to the system","type":"integer","hidden":false,"required":false,"index":false},{"name":"cpu_logical_cores","description":"Number of logical CPU cores available to the system","type":"integer","hidden":false,"required":false,"index":false},{"name":"cpu_microcode","description":"Microcode version","type":"text","hidden":false,"required":false,"index":false},{"name":"physical_memory","description":"Total physical memory in bytes","type":"bigint","hidden":false,"required":false,"index":false},{"name":"hardware_vendor","description":"Hardware vendor","type":"text","hidden":false,"required":false,"index":false},{"name":"hardware_model","description":"Hardware model","type":"text","hidden":false,"required":false,"index":false},{"name":"hardware_version","description":"Hardware version","type":"text","hidden":false,"required":false,"index":false},{"name":"hardware_serial","description":"Device serial number","type":"text","hidden":false,"required":false,"index":false},{"name":"board_vendor","description":"Board vendor","type":"text","hidden":false,"required":false,"index":false},{"name":"board_model","description":"Board model","type":"text","hidden":false,"required":false,"index":false},{"name":"board_version","description":"Board version","type":"text","hidden":false,"required":false,"index":false},{"name":"board_serial","description":"Board serial number","type":"text","hidden":false,"required":false,"index":false},{"name":"computer_name","description":"Friendly computer name (optional)","type":"text","hidden":false,"required":false,"index":false},{"name":"local_hostname","description":"Local hostname (optional)","type":"text","hidden":false,"required":false,"index":false}]},{"name":"systemd_units","description":"Track systemd units.","platforms":["linux"],"columns":[{"name":"id","description":"Unique unit identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"Unit description","type":"text","hidden":false,"required":false,"index":false},{"name":"load_state","description":"Reflects whether the unit definition was properly loaded","type":"text","hidden":false,"required":false,"index":false},{"name":"active_state","description":"The high-level unit activation state, i.e. generalization of SUB","type":"text","hidden":false,"required":false,"index":false},{"name":"sub_state","description":"The low-level unit activation state, values depend on unit type","type":"text","hidden":false,"required":false,"index":false},{"name":"following","description":"The name of another unit that this unit follows in state","type":"text","hidden":false,"required":false,"index":false},{"name":"object_path","description":"The object path for this unit","type":"text","hidden":false,"required":false,"index":false},{"name":"job_id","description":"Next queued job id","type":"bigint","hidden":false,"required":false,"index":false},{"name":"job_type","description":"Job type","type":"text","hidden":false,"required":false,"index":false},{"name":"job_path","description":"The object path for the job","type":"text","hidden":false,"required":false,"index":false},{"name":"fragment_path","description":"The unit file path this unit was read from, if there is any","type":"text","hidden":false,"required":false,"index":false},{"name":"user","description":"The configured user, if any","type":"text","hidden":false,"required":false,"index":false},{"name":"source_path","description":"Path to the (possibly generated) unit configuration file","type":"text","hidden":false,"required":false,"index":false}]},{"name":"temperature_sensors","description":"Machine's temperature sensors.","platforms":["darwin"],"columns":[{"name":"key","description":"The SMC key on OS X","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of temperature source","type":"text","hidden":false,"required":false,"index":false},{"name":"celsius","description":"Temperature in Celsius","type":"double","hidden":false,"required":false,"index":false},{"name":"fahrenheit","description":"Temperature in Fahrenheit","type":"double","hidden":false,"required":false,"index":false}]},{"name":"time","description":"Track current date and time in UTC.","platforms":["darwin","linux","freebsd","windows"],"columns":[{"name":"weekday","description":"Current weekday in UTC","type":"text","hidden":false,"required":false,"index":false},{"name":"year","description":"Current year in UTC","type":"integer","hidden":false,"required":false,"index":false},{"name":"month","description":"Current month in UTC","type":"integer","hidden":false,"required":false,"index":false},{"name":"day","description":"Current day in UTC","type":"integer","hidden":false,"required":false,"index":false},{"name":"hour","description":"Current hour in UTC","type":"integer","hidden":false,"required":false,"index":false},{"name":"minutes","description":"Current minutes in UTC","type":"integer","hidden":false,"required":false,"index":false},{"name":"seconds","description":"Current seconds in UTC","type":"integer","hidden":false,"required":false,"index":false},{"name":"timezone","description":"Timezone for reported time (hardcoded to UTC)","type":"text","hidden":false,"required":false,"index":false},{"name":"local_timezone","description":"Current local timezone in of the system","type":"text","hidden":false,"required":false,"index":false},{"name":"unix_time","description":"Current UNIX time in UTC","type":"integer","hidden":false,"required":false,"index":false},{"name":"timestamp","description":"Current timestamp (log format) in UTC","type":"text","hidden":false,"required":false,"index":false},{"name":"datetime","description":"Current date and time (ISO format) in UTC","type":"text","hidden":false,"required":false,"index":false},{"name":"iso_8601","description":"Current time (ISO format) in UTC","type":"text","hidden":false,"required":false,"index":false},{"name":"win_timestamp","description":"Timestamp value in 100 nanosecond units","type":"bigint","hidden":true,"required":false,"index":false}]},{"name":"time_machine_backups","description":"Backups to drives using TimeMachine.","platforms":["darwin"],"columns":[{"name":"destination_id","description":"Time Machine destination ID","type":"text","hidden":false,"required":false,"index":false},{"name":"backup_date","description":"Backup Date","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"time_machine_destinations","description":"Locations backed up to using Time Machine.","platforms":["darwin"],"columns":[{"name":"alias","description":"Human readable name of drive","type":"text","hidden":false,"required":false,"index":false},{"name":"destination_id","description":"Time Machine destination ID","type":"text","hidden":false,"required":false,"index":false},{"name":"consistency_scan_date","description":"Consistency scan date","type":"integer","hidden":false,"required":false,"index":false},{"name":"root_volume_uuid","description":"Root UUID of backup volume","type":"text","hidden":false,"required":false,"index":false},{"name":"bytes_available","description":"Bytes available on volume","type":"integer","hidden":false,"required":false,"index":false},{"name":"bytes_used","description":"Bytes used on volume","type":"integer","hidden":false,"required":false,"index":false},{"name":"encryption","description":"Last known encrypted state","type":"text","hidden":false,"required":false,"index":false}]},{"name":"tpm_info","description":"A table that lists the TPM related information.","platforms":["windows"],"columns":[{"name":"activated","description":"TPM is activated","type":"integer","hidden":false,"required":false,"index":false},{"name":"enabled","description":"TPM is enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"owned","description":"TPM is ownned","type":"integer","hidden":false,"required":false,"index":false},{"name":"manufacturer_version","description":"TPM version","type":"text","hidden":false,"required":false,"index":false},{"name":"manufacturer_id","description":"TPM manufacturers ID","type":"integer","hidden":false,"required":false,"index":false},{"name":"manufacturer_name","description":"TPM manufacturers name","type":"text","hidden":false,"required":false,"index":false},{"name":"product_name","description":"Product name of the TPM","type":"text","hidden":false,"required":false,"index":false},{"name":"physical_presence_version","description":"Version of the Physical Presence Interface","type":"text","hidden":false,"required":false,"index":false},{"name":"spec_version","description":"Trusted Computing Group specification that the TPM supports","type":"text","hidden":false,"required":false,"index":false}]},{"name":"ulimit_info","description":"System resource usage limits.","platforms":["darwin","linux"],"columns":[{"name":"type","description":"System resource to be limited","type":"text","hidden":false,"required":false,"index":false},{"name":"soft_limit","description":"Current limit value","type":"text","hidden":false,"required":false,"index":false},{"name":"hard_limit","description":"Maximum limit value","type":"text","hidden":false,"required":false,"index":false}]},{"name":"uptime","description":"Track time passed since last boot. Some systems track this as calendar time, some as runtime.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"days","description":"Days of uptime","type":"integer","hidden":false,"required":false,"index":false},{"name":"hours","description":"Hours of uptime","type":"integer","hidden":false,"required":false,"index":false},{"name":"minutes","description":"Minutes of uptime","type":"integer","hidden":false,"required":false,"index":false},{"name":"seconds","description":"Seconds of uptime","type":"integer","hidden":false,"required":false,"index":false},{"name":"total_seconds","description":"Total uptime seconds","type":"bigint","hidden":false,"required":false,"index":false}]},{"name":"usb_devices","description":"USB devices that are actively plugged into the host system.","platforms":["darwin","linux"],"columns":[{"name":"usb_address","description":"USB Device used address","type":"integer","hidden":false,"required":false,"index":false},{"name":"usb_port","description":"USB Device used port","type":"integer","hidden":false,"required":false,"index":false},{"name":"vendor","description":"USB Device vendor string","type":"text","hidden":false,"required":false,"index":false},{"name":"vendor_id","description":"Hex encoded USB Device vendor identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"version","description":"USB Device version number","type":"text","hidden":false,"required":false,"index":false},{"name":"model","description":"USB Device model string","type":"text","hidden":false,"required":false,"index":false},{"name":"model_id","description":"Hex encoded USB Device model identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"serial","description":"USB Device serial connection","type":"text","hidden":false,"required":false,"index":false},{"name":"class","description":"USB Device class","type":"text","hidden":false,"required":false,"index":false},{"name":"subclass","description":"USB Device subclass","type":"text","hidden":false,"required":false,"index":false},{"name":"protocol","description":"USB Device protocol","type":"text","hidden":false,"required":false,"index":false},{"name":"removable","description":"1 If USB device is removable else 0","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"user_events","description":"Track user events from the audit framework.","platforms":["darwin","linux"],"columns":[{"name":"uid","description":"User ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"auid","description":"Audit User ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"message","description":"Message from the event","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"The file description for the process socket","type":"integer","hidden":false,"required":false,"index":false},{"name":"path","description":"Supplied path from event","type":"text","hidden":false,"required":false,"index":false},{"name":"address","description":"The Internet protocol address or family ID","type":"text","hidden":false,"required":false,"index":false},{"name":"terminal","description":"The network protocol ID","type":"text","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","hidden":true,"required":false,"index":false}]},{"name":"user_groups","description":"Local system user group relationships.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"uid","description":"User ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID","type":"bigint","hidden":false,"required":false,"index":false}]},{"name":"user_interaction_events","description":"Track user interaction events from macOS' event tapping framework.","platforms":["darwin"],"columns":[{"name":"time","description":"Time","type":"bigint","hidden":false,"required":false,"index":false}]},{"name":"user_ssh_keys","description":"Returns the private keys in the users ~/.ssh directory and whether or not they are encrypted.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"uid","description":"The local user that owns the key file","type":"bigint","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to key file","type":"text","hidden":false,"required":false,"index":false},{"name":"encrypted","description":"1 if key is encrypted, 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"key_type","description":"The type of the private key. One of [rsa, dsa, dh, ec, hmac, cmac], or the empty string.","type":"text","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","hidden":true,"required":false,"index":false}]},{"name":"userassist","description":"UserAssist Registry Key tracks when a user executes an application from Windows Explorer.","platforms":["windows"],"columns":[{"name":"path","description":"Application file path.","type":"text","hidden":false,"required":false,"index":false},{"name":"last_execution_time","description":"Most recent time application was executed.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"count","description":"Number of times the application has been executed.","type":"integer","hidden":false,"required":false,"index":false},{"name":"sid","description":"User SID.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"users","description":"Local user accounts (including domain accounts that have logged on locally (Windows)).","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"uid","description":"User ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID (unsigned)","type":"bigint","hidden":false,"required":false,"index":false},{"name":"uid_signed","description":"User ID as int64 signed (Apple)","type":"bigint","hidden":false,"required":false,"index":false},{"name":"gid_signed","description":"Default group ID as int64 signed (Apple)","type":"bigint","hidden":false,"required":false,"index":false},{"name":"username","description":"Username","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"Optional user description","type":"text","hidden":false,"required":false,"index":false},{"name":"directory","description":"User's home directory","type":"text","hidden":false,"required":false,"index":false},{"name":"shell","description":"User's configured default shell","type":"text","hidden":false,"required":false,"index":false},{"name":"uuid","description":"User's UUID (Apple) or SID (Windows)","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Whether the account is roaming (domain), local, or a system profile","type":"text","hidden":true,"required":false,"index":false},{"name":"is_hidden","description":"IsHidden attribute set in OpenDirectory","type":"integer","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","hidden":true,"required":false,"index":false}]},{"name":"video_info","description":"Retrieve video card information of the machine.","platforms":["windows"],"columns":[{"name":"color_depth","description":"The amount of bits per pixel to represent color.","type":"integer","hidden":false,"required":false,"index":false},{"name":"driver","description":"The driver of the device.","type":"text","hidden":false,"required":false,"index":false},{"name":"driver_date","description":"The date listed on the installed driver.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"driver_version","description":"The version of the installed driver.","type":"text","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"The manufacturer of the gpu.","type":"text","hidden":false,"required":false,"index":false},{"name":"model","description":"The model of the gpu.","type":"text","hidden":false,"required":false,"index":false},{"name":"series","description":"The series of the gpu.","type":"text","hidden":false,"required":false,"index":false},{"name":"video_mode","description":"The current resolution of the display.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"virtual_memory_info","description":"Darwin Virtual Memory statistics.","platforms":["darwin"],"columns":[{"name":"free","description":"Total number of free pages.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"active","description":"Total number of active pages.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"inactive","description":"Total number of inactive pages.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"speculative","description":"Total number of speculative pages.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"throttled","description":"Total number of throttled pages.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"wired","description":"Total number of wired down pages.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"purgeable","description":"Total number of purgeable pages.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"faults","description":"Total number of calls to vm_faults.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"copy","description":"Total number of copy-on-write pages.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"zero_fill","description":"Total number of zero filled pages.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"reactivated","description":"Total number of reactivated pages.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"purged","description":"Total number of purged pages.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"file_backed","description":"Total number of file backed pages.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"anonymous","description":"Total number of anonymous pages.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"uncompressed","description":"Total number of uncompressed pages.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"compressor","description":"The number of pages used to store compressed VM pages.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"decompressed","description":"The total number of pages that have been decompressed by the VM compressor.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"compressed","description":"The total number of pages that have been compressed by the VM compressor.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"page_ins","description":"The total number of requests for pages from a pager.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"page_outs","description":"Total number of pages paged out.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"swap_ins","description":"The total number of compressed pages that have been swapped out to disk.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"swap_outs","description":"The total number of compressed pages that have been swapped back in from disk.","type":"bigint","hidden":false,"required":false,"index":false}]},{"name":"wifi_networks","description":"OS X known/remembered Wi-Fi networks list.","platforms":["darwin"],"columns":[{"name":"ssid","description":"SSID octets of the network","type":"text","hidden":false,"required":false,"index":false},{"name":"network_name","description":"Name of the network","type":"text","hidden":false,"required":false,"index":false},{"name":"security_type","description":"Type of security on this network","type":"text","hidden":false,"required":false,"index":false},{"name":"last_connected","description":"Last time this netword was connected to as a unix_time","type":"integer","hidden":false,"required":false,"index":false},{"name":"passpoint","description":"1 if Passpoint is supported, 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"possibly_hidden","description":"1 if network is possibly a hidden network, 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"roaming","description":"1 if roaming is supported, 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"roaming_profile","description":"Describe the roaming profile, usually one of Single, Dual or Multi","type":"text","hidden":false,"required":false,"index":false},{"name":"captive_portal","description":"1 if this network has a captive portal, 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"auto_login","description":"1 if auto login is enabled, 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"temporarily_disabled","description":"1 if this network is temporarily disabled, 0 otherwise","type":"integer","hidden":false,"required":false,"index":false},{"name":"disabled","description":"1 if this network is disabled, 0 otherwise","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"wifi_status","description":"OS X current WiFi status.","platforms":["darwin"],"columns":[{"name":"interface","description":"Name of the interface","type":"text","hidden":false,"required":false,"index":false},{"name":"ssid","description":"SSID octets of the network","type":"text","hidden":false,"required":false,"index":false},{"name":"bssid","description":"The current basic service set identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"network_name","description":"Name of the network","type":"text","hidden":false,"required":false,"index":false},{"name":"country_code","description":"The country code (ISO/IEC 3166-1:1997) for the network","type":"text","hidden":false,"required":false,"index":false},{"name":"security_type","description":"Type of security on this network","type":"text","hidden":false,"required":false,"index":false},{"name":"rssi","description":"The current received signal strength indication (dbm)","type":"integer","hidden":false,"required":false,"index":false},{"name":"noise","description":"The current noise measurement (dBm)","type":"integer","hidden":false,"required":false,"index":false},{"name":"channel","description":"Channel number","type":"integer","hidden":false,"required":false,"index":false},{"name":"channel_width","description":"Channel width","type":"integer","hidden":false,"required":false,"index":false},{"name":"channel_band","description":"Channel band","type":"integer","hidden":false,"required":false,"index":false},{"name":"transmit_rate","description":"The current transmit rate","type":"text","hidden":false,"required":false,"index":false},{"name":"mode","description":"The current operating mode for the Wi-Fi interface","type":"text","hidden":false,"required":false,"index":false}]},{"name":"wifi_survey","description":"Scan for nearby WiFi networks.","platforms":["darwin"],"columns":[{"name":"interface","description":"Name of the interface","type":"text","hidden":false,"required":false,"index":false},{"name":"ssid","description":"SSID octets of the network","type":"text","hidden":false,"required":false,"index":false},{"name":"bssid","description":"The current basic service set identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"network_name","description":"Name of the network","type":"text","hidden":false,"required":false,"index":false},{"name":"country_code","description":"The country code (ISO/IEC 3166-1:1997) for the network","type":"text","hidden":false,"required":false,"index":false},{"name":"rssi","description":"The current received signal strength indication (dbm)","type":"integer","hidden":false,"required":false,"index":false},{"name":"noise","description":"The current noise measurement (dBm)","type":"integer","hidden":false,"required":false,"index":false},{"name":"channel","description":"Channel number","type":"integer","hidden":false,"required":false,"index":false},{"name":"channel_width","description":"Channel width","type":"integer","hidden":false,"required":false,"index":false},{"name":"channel_band","description":"Channel band","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"winbaseobj","description":"Lists named Windows objects in the default object directories, across all terminal services sessions. Example Windows ojbect types include Mutexes, Events, Jobs and Semaphors.","platforms":["windows"],"columns":[{"name":"session_id","description":"Terminal Services Session Id","type":"integer","hidden":false,"required":false,"index":false},{"name":"object_name","description":"Object Name","type":"text","hidden":false,"required":false,"index":false},{"name":"object_type","description":"Object Type","type":"text","hidden":false,"required":false,"index":false}]},{"name":"windows_crashes","description":"Extracted information from Windows crash logs (Minidumps).","platforms":["windows"],"columns":[{"name":"datetime","description":"Timestamp (log format) of the crash","type":"text","hidden":false,"required":false,"index":false},{"name":"module","description":"Path of the crashed module within the process","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of the executable file for the crashed process","type":"text","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID of the crashed process","type":"bigint","hidden":false,"required":false,"index":false},{"name":"tid","description":"Thread ID of the crashed thread","type":"bigint","hidden":false,"required":false,"index":false},{"name":"version","description":"File version info of the crashed process","type":"text","hidden":false,"required":false,"index":false},{"name":"process_uptime","description":"Uptime of the process in seconds","type":"bigint","hidden":false,"required":false,"index":false},{"name":"stack_trace","description":"Multiple stack frames from the stack trace","type":"text","hidden":false,"required":false,"index":false},{"name":"exception_code","description":"The Windows exception code","type":"text","hidden":false,"required":false,"index":false},{"name":"exception_message","description":"The NTSTATUS error message associated with the exception code","type":"text","hidden":false,"required":false,"index":false},{"name":"exception_address","description":"Address (in hex) where the exception occurred","type":"text","hidden":false,"required":false,"index":false},{"name":"registers","description":"The values of the system registers","type":"text","hidden":false,"required":false,"index":false},{"name":"command_line","description":"Command-line string passed to the crashed process","type":"text","hidden":false,"required":false,"index":false},{"name":"current_directory","description":"Current working directory of the crashed process","type":"text","hidden":false,"required":false,"index":false},{"name":"username","description":"Username of the user who ran the crashed process","type":"text","hidden":false,"required":false,"index":false},{"name":"machine_name","description":"Name of the machine where the crash happened","type":"text","hidden":false,"required":false,"index":false},{"name":"major_version","description":"Windows major version of the machine","type":"integer","hidden":false,"required":false,"index":false},{"name":"minor_version","description":"Windows minor version of the machine","type":"integer","hidden":false,"required":false,"index":false},{"name":"build_number","description":"Windows build number of the crashing machine","type":"integer","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of crash log","type":"text","hidden":false,"required":false,"index":false},{"name":"crash_path","description":"Path of the log file","type":"text","hidden":false,"required":false,"index":false}]},{"name":"windows_eventlog","description":"Table for querying all recorded Windows event logs.","platforms":["windows"],"columns":[{"name":"channel","description":"Source or channel of the event","type":"text","hidden":false,"required":true,"index":false},{"name":"datetime","description":"System time at which the event occurred","type":"text","hidden":false,"required":false,"index":false},{"name":"task","description":"Task value associated with the event","type":"integer","hidden":false,"required":false,"index":false},{"name":"level","description":"Severity level associated with the event","type":"integer","hidden":false,"required":false,"index":false},{"name":"provider_name","description":"Provider name of the event","type":"text","hidden":false,"required":false,"index":false},{"name":"provider_guid","description":"Provider guid of the event","type":"text","hidden":false,"required":false,"index":false},{"name":"computer_name","description":"Hostname of system where event was generated","type":"text","hidden":false,"required":false,"index":false},{"name":"eventid","description":"Event ID of the event","type":"integer","hidden":false,"required":false,"index":false},{"name":"keywords","description":"A bitmask of the keywords defined in the event","type":"text","hidden":false,"required":false,"index":false},{"name":"data","description":"Data associated with the event","type":"text","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID which emitted the event record","type":"integer","hidden":false,"required":false,"index":false},{"name":"tid","description":"Thread ID which emitted the event record","type":"integer","hidden":false,"required":false,"index":false},{"name":"time_range","description":"System time to selectively filter the events","type":"text","hidden":true,"required":false,"index":false},{"name":"timestamp","description":"Timestamp to selectively filter the events","type":"text","hidden":true,"required":false,"index":false},{"name":"xpath","description":"The custom query to filter events","type":"text","hidden":true,"required":true,"index":false}]},{"name":"windows_events","description":"Windows Event logs.","platforms":["windows"],"columns":[{"name":"time","description":"Timestamp the event was received","type":"bigint","hidden":false,"required":false,"index":false},{"name":"datetime","description":"System time at which the event occurred","type":"text","hidden":false,"required":false,"index":false},{"name":"source","description":"Source or channel of the event","type":"text","hidden":false,"required":false,"index":false},{"name":"provider_name","description":"Provider name of the event","type":"text","hidden":false,"required":false,"index":false},{"name":"provider_guid","description":"Provider guid of the event","type":"text","hidden":false,"required":false,"index":false},{"name":"computer_name","description":"Hostname of system where event was generated","type":"text","hidden":false,"required":false,"index":false},{"name":"eventid","description":"Event ID of the event","type":"integer","hidden":false,"required":false,"index":false},{"name":"task","description":"Task value associated with the event","type":"integer","hidden":false,"required":false,"index":false},{"name":"level","description":"The severity level associated with the event","type":"integer","hidden":false,"required":false,"index":false},{"name":"keywords","description":"A bitmask of the keywords defined in the event","type":"text","hidden":false,"required":false,"index":false},{"name":"data","description":"Data associated with the event","type":"text","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","hidden":true,"required":false,"index":false}]},{"name":"windows_firewall_rules","description":"Provides the list of Windows firewall rules.","platforms":["windows"],"columns":[{"name":"name","description":"Friendly name of the rule","type":"text","hidden":false,"required":false,"index":false},{"name":"app_name","description":"Friendly name of the application to which the rule applies","type":"text","hidden":false,"required":false,"index":false},{"name":"action","description":"Action for the rule or default setting","type":"text","hidden":false,"required":false,"index":false},{"name":"enabled","description":"1 if the rule is enabled","type":"integer","hidden":false,"required":false,"index":false},{"name":"grouping","description":"Group to which an individual rule belongs","type":"text","hidden":false,"required":false,"index":false},{"name":"direction","description":"Direction of traffic for which the rule applies","type":"text","hidden":false,"required":false,"index":false},{"name":"protocol","description":"IP protocol of the rule","type":"text","hidden":false,"required":false,"index":false},{"name":"local_addresses","description":"Local addresses for the rule","type":"text","hidden":false,"required":false,"index":false},{"name":"remote_addresses","description":"Remote addresses for the rule","type":"text","hidden":false,"required":false,"index":false},{"name":"local_ports","description":"Local ports for the rule","type":"text","hidden":false,"required":false,"index":false},{"name":"remote_ports","description":"Remote ports for the rule","type":"text","hidden":false,"required":false,"index":false},{"name":"icmp_types_codes","description":"ICMP types and codes for the rule","type":"text","hidden":false,"required":false,"index":false},{"name":"profile_domain","description":"1 if the rule profile type is domain","type":"integer","hidden":false,"required":false,"index":false},{"name":"profile_private","description":"1 if the rule profile type is private","type":"integer","hidden":false,"required":false,"index":false},{"name":"profile_public","description":"1 if the rule profile type is public","type":"integer","hidden":false,"required":false,"index":false},{"name":"service_name","description":"Service name property of the application","type":"text","hidden":false,"required":false,"index":false}]},{"name":"windows_optional_features","description":"Lists names and installation states of windows features. Maps to Win32_OptionalFeature WMI class.","platforms":["windows"],"columns":[{"name":"name","description":"Name of the feature","type":"text","hidden":false,"required":false,"index":false},{"name":"caption","description":"Caption of feature in settings UI","type":"text","hidden":false,"required":false,"index":false},{"name":"state","description":"Installation state value. 1 == Enabled, 2 == Disabled, 3 == Absent","type":"integer","hidden":false,"required":false,"index":false},{"name":"statename","description":"Installation state name. 'Enabled','Disabled','Absent'","type":"text","hidden":false,"required":false,"index":false}]},{"name":"windows_security_center","description":"The health status of Window Security features. Health values can be \"Good\", \"Poor\". \"Snoozed\", \"Not Monitored\", and \"Error\".","platforms":["windows"],"columns":[{"name":"firewall","description":"The health of the monitored Firewall (see windows_security_products)","type":"text","hidden":false,"required":false,"index":false},{"name":"autoupdate","description":"The health of the Windows Autoupdate feature","type":"text","hidden":false,"required":false,"index":false},{"name":"antivirus","description":"The health of the monitored Antivirus solution (see windows_security_products)","type":"text","hidden":false,"required":false,"index":false},{"name":"antispyware","description":"Deprecated (always 'Good').","type":"text","hidden":true,"required":false,"index":false},{"name":"internet_settings","description":"The health of the Internet Settings","type":"text","hidden":false,"required":false,"index":false},{"name":"windows_security_center_service","description":"The health of the Windows Security Center Service","type":"text","hidden":false,"required":false,"index":false},{"name":"user_account_control","description":"The health of the User Account Control (UAC) capability in Windows","type":"text","hidden":false,"required":false,"index":false}]},{"name":"windows_security_products","description":"Enumeration of registered Windows security products.","platforms":["windows"],"columns":[{"name":"type","description":"Type of security product","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of product","type":"text","hidden":false,"required":false,"index":false},{"name":"state","description":"State of protection","type":"text","hidden":false,"required":false,"index":false},{"name":"state_timestamp","description":"Timestamp for the product state","type":"text","hidden":false,"required":false,"index":false},{"name":"remediation_path","description":"Remediation path","type":"text","hidden":false,"required":false,"index":false},{"name":"signatures_up_to_date","description":"1 if product signatures are up to date, else 0","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"wmi_bios_info","description":"Lists important information from the system bios.","platforms":["windows"],"columns":[{"name":"name","description":"Name of the Bios setting","type":"text","hidden":false,"required":false,"index":false},{"name":"value","description":"Value of the Bios setting","type":"text","hidden":false,"required":false,"index":false}]},{"name":"wmi_cli_event_consumers","description":"WMI CommandLineEventConsumer, which can be used for persistence on Windows. See https://www.blackhat.com/docs/us-15/materials/us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent%20Asynchronous-And-Fileless-Backdoor-wp.pdf for more details.","platforms":["windows"],"columns":[{"name":"name","description":"Unique name of a consumer.","type":"text","hidden":false,"required":false,"index":false},{"name":"command_line_template","description":"Standard string template that specifies the process to be started. This property can be NULL, and the ExecutablePath property is used as the command line.","type":"text","hidden":false,"required":false,"index":false},{"name":"executable_path","description":"Module to execute. The string can specify the full path and file name of the module to execute, or it can specify a partial name. If a partial name is specified, the current drive and current directory are assumed.","type":"text","hidden":false,"required":false,"index":false},{"name":"class","description":"The name of the class.","type":"text","hidden":false,"required":false,"index":false},{"name":"relative_path","description":"Relative path to the class or instance.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"wmi_event_filters","description":"Lists WMI event filters.","platforms":["windows"],"columns":[{"name":"name","description":"Unique identifier of an event filter.","type":"text","hidden":false,"required":false,"index":false},{"name":"query","description":"Windows Management Instrumentation Query Language (WQL) event query that specifies the set of events for consumer notification, and the specific conditions for notification.","type":"text","hidden":false,"required":false,"index":false},{"name":"query_language","description":"Query language that the query is written in.","type":"text","hidden":false,"required":false,"index":false},{"name":"class","description":"The name of the class.","type":"text","hidden":false,"required":false,"index":false},{"name":"relative_path","description":"Relative path to the class or instance.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"wmi_filter_consumer_binding","description":"Lists the relationship between event consumers and filters.","platforms":["windows"],"columns":[{"name":"consumer","description":"Reference to an instance of __EventConsumer that represents the object path to a logical consumer, the recipient of an event.","type":"text","hidden":false,"required":false,"index":false},{"name":"filter","description":"Reference to an instance of __EventFilter that represents the object path to an event filter which is a query that specifies the type of event to be received.","type":"text","hidden":false,"required":false,"index":false},{"name":"class","description":"The name of the class.","type":"text","hidden":false,"required":false,"index":false},{"name":"relative_path","description":"Relative path to the class or instance.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"wmi_script_event_consumers","description":"WMI ActiveScriptEventConsumer, which can be used for persistence on Windows. See https://www.blackhat.com/docs/us-15/materials/us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent%20Asynchronous-And-Fileless-Backdoor-wp.pdf for more details.","platforms":["windows"],"columns":[{"name":"name","description":"Unique identifier for the event consumer. ","type":"text","hidden":false,"required":false,"index":false},{"name":"scripting_engine","description":"Name of the scripting engine to use, for example, 'VBScript'. This property cannot be NULL.","type":"text","hidden":false,"required":false,"index":false},{"name":"script_file_name","description":"Name of the file from which the script text is read, intended as an alternative to specifying the text of the script in the ScriptText property.","type":"text","hidden":false,"required":false,"index":false},{"name":"script_text","description":"Text of the script that is expressed in a language known to the scripting engine. This property must be NULL if the ScriptFileName property is not NULL.","type":"text","hidden":false,"required":false,"index":false},{"name":"class","description":"The name of the class.","type":"text","hidden":false,"required":false,"index":false},{"name":"relative_path","description":"Relative path to the class or instance.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"xprotect_entries","description":"Database of the machine's XProtect signatures.","platforms":["darwin"],"columns":[{"name":"name","description":"Description of XProtected malware","type":"text","hidden":false,"required":false,"index":false},{"name":"launch_type","description":"Launch services content type","type":"text","hidden":false,"required":false,"index":false},{"name":"identity","description":"XProtect identity (SHA1) of content","type":"text","hidden":false,"required":false,"index":false},{"name":"filename","description":"Use this file name to match","type":"text","hidden":false,"required":false,"index":false},{"name":"filetype","description":"Use this file type to match","type":"text","hidden":false,"required":false,"index":false},{"name":"optional","description":"Match any of the identities/patterns for this XProtect name","type":"integer","hidden":false,"required":false,"index":false},{"name":"uses_pattern","description":"Uses a match pattern instead of identity","type":"integer","hidden":false,"required":false,"index":false}]},{"name":"xprotect_meta","description":"Database of the machine's XProtect browser-related signatures.","platforms":["darwin"],"columns":[{"name":"identifier","description":"Browser plugin or extension identifier","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Either plugin or extension","type":"text","hidden":false,"required":false,"index":false},{"name":"developer_id","description":"Developer identity (SHA1) of extension","type":"text","hidden":false,"required":false,"index":false},{"name":"min_version","description":"The minimum allowed plugin version.","type":"text","hidden":false,"required":false,"index":false}]},{"name":"xprotect_reports","description":"Database of XProtect matches (if user generated/sent an XProtect report).","platforms":["darwin"],"columns":[{"name":"name","description":"Description of XProtected malware","type":"text","hidden":false,"required":false,"index":false},{"name":"user_action","description":"Action taken by user after prompted","type":"text","hidden":false,"required":false,"index":false},{"name":"time","description":"Quarantine alert time","type":"text","hidden":false,"required":false,"index":false}]},{"name":"yara","description":"Track YARA matches for files or PIDs.","platforms":["darwin","linux","windows"],"columns":[{"name":"path","description":"The path scanned","type":"text","hidden":false,"required":true,"index":false},{"name":"matches","description":"List of YARA matches","type":"text","hidden":false,"required":false,"index":false},{"name":"count","description":"Number of YARA matches","type":"integer","hidden":false,"required":false,"index":false},{"name":"sig_group","description":"Signature group used","type":"text","hidden":false,"required":false,"index":false},{"name":"sigfile","description":"Signature file used","type":"text","hidden":false,"required":false,"index":false},{"name":"sigrule","description":"Signature strings used","type":"text","hidden":true,"required":false,"index":false},{"name":"strings","description":"Matching strings","type":"text","hidden":false,"required":false,"index":false},{"name":"tags","description":"Matching tags","type":"text","hidden":false,"required":false,"index":false},{"name":"sigurl","description":"Signature url","type":"text","hidden":true,"required":false,"index":false}]},{"name":"yara_events","description":"Track YARA matches for files specified in configuration data.","platforms":["darwin","linux","windows"],"columns":[{"name":"target_path","description":"The path scanned","type":"text","hidden":false,"required":false,"index":false},{"name":"category","description":"The category of the file","type":"text","hidden":false,"required":false,"index":false},{"name":"action","description":"Change action (UPDATE, REMOVE, etc)","type":"text","hidden":false,"required":false,"index":false},{"name":"transaction_id","description":"ID used during bulk update","type":"bigint","hidden":false,"required":false,"index":false},{"name":"matches","description":"List of YARA matches","type":"text","hidden":false,"required":false,"index":false},{"name":"count","description":"Number of YARA matches","type":"integer","hidden":false,"required":false,"index":false},{"name":"strings","description":"Matching strings","type":"text","hidden":false,"required":false,"index":false},{"name":"tags","description":"Matching tags","type":"text","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of the scan","type":"bigint","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","hidden":true,"required":false,"index":false}]},{"name":"ycloud_instance_metadata","description":"Yandex.Cloud instance metadata.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"instance_id","description":"Unique identifier for the VM","type":"text","hidden":false,"required":false,"index":false},{"name":"folder_id","description":"Folder identifier for the VM","type":"text","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of the VM","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"Description of the VM","type":"text","hidden":false,"required":false,"index":false},{"name":"hostname","description":"Hostname of the VM","type":"text","hidden":false,"required":false,"index":false},{"name":"zone","description":"Availability zone of the VM","type":"text","hidden":false,"required":false,"index":false},{"name":"ssh_public_key","description":"SSH public key. Only available if supplied at instance launch time","type":"text","hidden":false,"required":false,"index":false},{"name":"serial_port_enabled","description":"Indicates if serial port is enabled for the VM","type":"text","hidden":false,"required":false,"index":false},{"name":"metadata_endpoint","description":"Endpoint used to fetch VM metadata","type":"text","hidden":false,"required":false,"index":false}]},{"name":"yum_sources","description":"Current list of Yum repositories or software channels.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Repository name","type":"text","hidden":false,"required":false,"index":false},{"name":"baseurl","description":"Repository base URL","type":"text","hidden":false,"required":false,"index":false},{"name":"enabled","description":"Whether the repository is used","type":"text","hidden":false,"required":false,"index":false},{"name":"gpgcheck","description":"Whether packages are GPG checked","type":"text","hidden":false,"required":false,"index":false},{"name":"gpgkey","description":"URL to GPG key","type":"text","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","hidden":true,"required":false,"index":false}]},{"name":"host_users","description":"Local user accounts (including domain accounts that have logged on locally (Windows)).","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"uid","description":"User ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID (unsigned)","type":"bigint","hidden":false,"required":false,"index":false},{"name":"uid_signed","description":"User ID as int64 signed (Apple)","type":"bigint","hidden":false,"required":false,"index":false},{"name":"gid_signed","description":"Default group ID as int64 signed (Apple)","type":"bigint","hidden":false,"required":false,"index":false},{"name":"username","description":"Username","type":"text","hidden":false,"required":false,"index":false},{"name":"description","description":"Optional user description","type":"text","hidden":false,"required":false,"index":false},{"name":"directory","description":"User's home directory","type":"text","hidden":false,"required":false,"index":false},{"name":"shell","description":"User's configured default shell","type":"text","hidden":false,"required":false,"index":false},{"name":"uuid","description":"User's UUID (Apple) or SID (Windows)","type":"text","hidden":false,"required":false,"index":false},{"name":"type","description":"Whether the account is roaming (domain), local, or a system profile","type":"text","hidden":true,"required":false,"index":false},{"name":"is_hidden","description":"IsHidden attribute set in OpenDirectory","type":"integer","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","hidden":true,"required":false,"index":false}]},{"name":"host_groups","description":"Local system groups.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"gid","description":"Unsigned int64 group ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"gid_signed","description":"A signed int64 version of gid","type":"bigint","hidden":false,"required":false,"index":false},{"name":"groupname","description":"Canonical local group name","type":"text","hidden":false,"required":false,"index":false},{"name":"group_sid","description":"Unique group ID","type":"text","hidden":true,"required":false,"index":false},{"name":"comment","description":"Remarks or comments associated with the group","type":"text","hidden":true,"required":false,"index":false},{"name":"is_hidden","description":"IsHidden attribute set in OpenDirectory","type":"integer","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","hidden":true,"required":false,"index":false}]},{"name":"host_processes","description":"All running processes on the host system.","platforms":["darwin","linux","windows","freebsd"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"name","description":"The process path or shorthand argv[0]","type":"text","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to executed binary","type":"text","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Complete argv","type":"text","hidden":false,"required":false,"index":false},{"name":"state","description":"Process state","type":"text","hidden":false,"required":false,"index":false},{"name":"cwd","description":"Process current working directory","type":"text","hidden":false,"required":false,"index":false},{"name":"root","description":"Process virtual root directory","type":"text","hidden":false,"required":false,"index":false},{"name":"uid","description":"Unsigned user ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"gid","description":"Unsigned group ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"euid","description":"Unsigned effective user ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"egid","description":"Unsigned effective group ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"suid","description":"Unsigned saved user ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"sgid","description":"Unsigned saved group ID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"on_disk","description":"The process path exists yes=1, no=0, unknown=-1","type":"integer","hidden":false,"required":false,"index":false},{"name":"wired_size","description":"Bytes of unpageable memory used by process","type":"bigint","hidden":false,"required":false,"index":false},{"name":"resident_size","description":"Bytes of private memory used by process","type":"bigint","hidden":false,"required":false,"index":false},{"name":"total_size","description":"Total virtual memory size","type":"bigint","hidden":false,"required":false,"index":false},{"name":"user_time","description":"CPU time in milliseconds spent in user space","type":"bigint","hidden":false,"required":false,"index":false},{"name":"system_time","description":"CPU time in milliseconds spent in kernel space","type":"bigint","hidden":false,"required":false,"index":false},{"name":"disk_bytes_read","description":"Bytes read from disk","type":"bigint","hidden":false,"required":false,"index":false},{"name":"disk_bytes_written","description":"Bytes written to disk","type":"bigint","hidden":false,"required":false,"index":false},{"name":"start_time","description":"Process start time in seconds since Epoch, in case of error -1","type":"bigint","hidden":false,"required":false,"index":false},{"name":"parent","description":"Process parent's PID","type":"bigint","hidden":false,"required":false,"index":false},{"name":"pgroup","description":"Process group","type":"bigint","hidden":false,"required":false,"index":false},{"name":"threads","description":"Number of threads used by process","type":"integer","hidden":false,"required":false,"index":false},{"name":"nice","description":"Process nice level (-20 to 20, default 0)","type":"integer","hidden":false,"required":false,"index":false},{"name":"elevated_token","description":"Process uses elevated token yes=1, no=0","type":"integer","hidden":true,"required":false,"index":false},{"name":"secure_process","description":"Process is secure (IUM) yes=1, no=0","type":"integer","hidden":true,"required":false,"index":false},{"name":"protection_type","description":"The protection type of the process","type":"text","hidden":true,"required":false,"index":false},{"name":"virtual_process","description":"Process is virtual (e.g. System, Registry, vmmem) yes=1, no=0","type":"integer","hidden":true,"required":false,"index":false},{"name":"elapsed_time","description":"Elapsed time in seconds this process has been running.","type":"bigint","hidden":true,"required":false,"index":false},{"name":"handle_count","description":"Total number of handles that the process has open. This number is the sum of the handles currently opened by each thread in the process.","type":"bigint","hidden":true,"required":false,"index":false},{"name":"percent_processor_time","description":"Returns elapsed time that all of the threads of this process used the processor to execute instructions in 100 nanoseconds ticks.","type":"bigint","hidden":true,"required":false,"index":false},{"name":"upid","description":"A 64bit pid that is never reused. Returns -1 if we couldn't gather them from the system.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"uppid","description":"The 64bit parent pid that is never reused. Returns -1 if we couldn't gather them from the system.","type":"bigint","hidden":false,"required":false,"index":false},{"name":"cpu_type","description":"Indicates the specific processor designed for installation.","type":"integer","hidden":false,"required":false,"index":false},{"name":"cpu_subtype","description":"Indicates the specific processor on which an entry may be used.","type":"integer","hidden":false,"required":false,"index":false}]}] \ No newline at end of file diff --git a/x-pack/plugins/osquery/public/editor/osquery_tables.ts b/x-pack/plugins/osquery/public/editor/osquery_tables.ts index 1320407984618..7437ffbb72595 100644 --- a/x-pack/plugins/osquery/public/editor/osquery_tables.ts +++ b/x-pack/plugins/osquery/public/editor/osquery_tables.ts @@ -16,7 +16,7 @@ let osqueryTables: TablesJSON | null = null; export const getOsqueryTables = () => { if (!osqueryTables) { // eslint-disable-next-line @typescript-eslint/no-var-requires - osqueryTables = normalizeTables(require('../common/schemas/osquery/v5.0.1.json')); + osqueryTables = normalizeTables(require('../common/schemas/osquery/v5.2.2.json')); } return osqueryTables; }; diff --git a/x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx b/x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx index c0f3a33e8d42d..df8e083737559 100644 --- a/x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx +++ b/x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx @@ -50,8 +50,8 @@ import styled from 'styled-components'; import deepEqual from 'fast-deep-equal'; import deepmerge from 'deepmerge'; -import ECSSchema from '../../common/schemas/ecs/v1.12.1.json'; -import osquerySchema from '../../common/schemas/osquery/v5.0.1.json'; +import ECSSchema from '../../common/schemas/ecs/v8.2.0.json'; +import osquerySchema from '../../common/schemas/osquery/v5.2.2.json'; import { FieldIcon } from '../../common/lib/kibana'; import { diff --git a/x-pack/plugins/osquery/scripts/readme.md b/x-pack/plugins/osquery/scripts/readme.md index d52876f5f6334..416317ec7dbf2 100644 --- a/x-pack/plugins/osquery/scripts/readme.md +++ b/x-pack/plugins/osquery/scripts/readme.md @@ -6,5 +6,8 @@ currently manually curated). This assumes the targeted schema files will be in `public/editor/osquery_schema`. ``` -node scripts/schema_formatter --schema_version=v4.6.0 +node ecs.js --schema_version=4.6.0 // (filename without .json extension) +Possibly it's going to be necessary to transform fields' names into lower case, because CSV exports Fields with Capital Letters. + +node osquery.js --schema_version=4.6.0 // (filename without .json extension) ``` diff --git a/x-pack/plugins/osquery/scripts/schema_formatter/ecs_formatter.ts b/x-pack/plugins/osquery/scripts/schema_formatter/ecs_formatter.ts index 07f02a892999c..2c4bb6ac05452 100644 --- a/x-pack/plugins/osquery/scripts/schema_formatter/ecs_formatter.ts +++ b/x-pack/plugins/osquery/scripts/schema_formatter/ecs_formatter.ts @@ -40,7 +40,7 @@ const RESTRICTED_FIELDS = [ run( async ({ flags }) => { - const schemaPath = path.resolve(`public/common/schemas/ecs/`); + const schemaPath = path.resolve(`../../public/common/schemas/ecs/`); const schemaFile = path.join(schemaPath, flags.schema_version as string); const schemaData = await require(schemaFile); diff --git a/x-pack/plugins/osquery/scripts/schema_formatter/osquery_formatter.ts b/x-pack/plugins/osquery/scripts/schema_formatter/osquery_formatter.ts index 157f4ab0a5936..338c1f5a4705b 100644 --- a/x-pack/plugins/osquery/scripts/schema_formatter/osquery_formatter.ts +++ b/x-pack/plugins/osquery/scripts/schema_formatter/osquery_formatter.ts @@ -16,7 +16,7 @@ const ELASTIC_OSQUERY_HOSTFS_TABLES = ['users', 'groups', 'processes']; run( async ({ flags }) => { - const schemaPath = path.resolve(`../public/common/schemas/osquery/`); + const schemaPath = path.resolve(`../../public/common/schemas/osquery/`); const schemaFile = path.join(schemaPath, flags.schema_version as string); const schemaData = await require(schemaFile); @@ -28,7 +28,7 @@ run( formattedSchema.push(...elasticTables); await fs.writeFile( - path.join(schemaPath, `${flags.schema_version}`), + path.join(schemaPath, `v${flags.schema_version}-formatted`), JSON.stringify(formattedSchema) ); }, diff --git a/x-pack/plugins/remote_clusters/__jest__/client_integration/helpers/setup_environment.tsx b/x-pack/plugins/remote_clusters/__jest__/client_integration/helpers/setup_environment.tsx index a150e2a92fcc9..31eec97c83ff7 100644 --- a/x-pack/plugins/remote_clusters/__jest__/client_integration/helpers/setup_environment.tsx +++ b/x-pack/plugins/remote_clusters/__jest__/client_integration/helpers/setup_environment.tsx @@ -11,6 +11,7 @@ import { notificationServiceMock, fatalErrorsServiceMock, docLinksServiceMock, + executionContextServiceMock, } from '../../../../../../src/core/public/mocks'; import { AppContextProvider } from '../../../public/application/app_context'; @@ -31,7 +32,12 @@ export const WithAppDependencies = return ( diff --git a/x-pack/plugins/remote_clusters/common/constants.ts b/x-pack/plugins/remote_clusters/common/constants.ts index 86910640191e3..fca751da37b90 100644 --- a/x-pack/plugins/remote_clusters/common/constants.ts +++ b/x-pack/plugins/remote_clusters/common/constants.ts @@ -20,7 +20,7 @@ export const PLUGIN = { }, }; -export const MAJOR_VERSION = '8.2.0'; +export const MAJOR_VERSION = '8.3.0'; export const API_BASE_PATH = '/api/remote_clusters'; diff --git a/x-pack/plugins/remote_clusters/public/application/app_context.tsx b/x-pack/plugins/remote_clusters/public/application/app_context.tsx index 528ec322f49e1..5f3bae6133dfd 100644 --- a/x-pack/plugins/remote_clusters/public/application/app_context.tsx +++ b/x-pack/plugins/remote_clusters/public/application/app_context.tsx @@ -6,10 +6,12 @@ */ import React, { createContext, useContext } from 'react'; +import { ExecutionContextStart } from 'kibana/public'; export interface Context { isCloudEnabled: boolean; cloudBaseUrl: string; + executionContext: ExecutionContextStart; } export const AppContext = createContext({} as any); diff --git a/x-pack/plugins/remote_clusters/public/application/index.d.ts b/x-pack/plugins/remote_clusters/public/application/index.d.ts index 588d18263df48..9f8f80d46a507 100644 --- a/x-pack/plugins/remote_clusters/public/application/index.d.ts +++ b/x-pack/plugins/remote_clusters/public/application/index.d.ts @@ -6,7 +6,7 @@ */ import { Observable } from 'rxjs'; -import { ScopedHistory, CoreTheme } from 'kibana/public'; +import { ScopedHistory, CoreTheme, ExecutionContextStart } from 'kibana/public'; import { RegisterManagementAppArgs, I18nStart } from '../types'; export declare const renderApp: ( @@ -15,6 +15,7 @@ export declare const renderApp: ( appDependencies: { isCloudEnabled: boolean; cloudBaseUrl: string; + executionContext: ExecutionContextStart; }, history: ScopedHistory, theme$: Observable diff --git a/x-pack/plugins/remote_clusters/public/application/index.js b/x-pack/plugins/remote_clusters/public/application/index.js index 01a6e20222210..39313b616acde 100644 --- a/x-pack/plugins/remote_clusters/public/application/index.js +++ b/x-pack/plugins/remote_clusters/public/application/index.js @@ -9,20 +9,32 @@ import React from 'react'; import { render, unmountComponentAtNode } from 'react-dom'; import { Provider } from 'react-redux'; -import { KibanaThemeProvider } from '../shared_imports'; +import { KibanaThemeProvider, useExecutionContext } from '../shared_imports'; import { App } from './app'; import { remoteClustersStore } from './store'; import { AppContextProvider } from './app_context'; import './_hacks.scss'; +const AppWithExecutionContext = ({ history, executionContext }) => { + useExecutionContext(executionContext, { + type: 'application', + page: 'remoteClusters', + }); + + return ; +}; + export const renderApp = (elem, I18nContext, appDependencies, history, theme$) => { render( - + diff --git a/x-pack/plugins/remote_clusters/public/plugin.ts b/x-pack/plugins/remote_clusters/public/plugin.ts index c6de539d1e6ed..c3d00bb0b2f48 100644 --- a/x-pack/plugins/remote_clusters/public/plugin.ts +++ b/x-pack/plugins/remote_clusters/public/plugin.ts @@ -51,6 +51,7 @@ export class RemoteClustersUIPlugin i18n: { Context: i18nContext }, docLinks, fatalErrors, + executionContext, } = core; docTitle.change(PLUGIN.getI18nName()); @@ -69,7 +70,7 @@ export class RemoteClustersUIPlugin const unmountAppCallback = await renderApp( element, i18nContext, - { isCloudEnabled, cloudBaseUrl }, + { isCloudEnabled, cloudBaseUrl, executionContext }, history, theme$ ); diff --git a/x-pack/plugins/remote_clusters/public/shared_imports.ts b/x-pack/plugins/remote_clusters/public/shared_imports.ts index 55d963e2a29b7..2cf69938d5464 100644 --- a/x-pack/plugins/remote_clusters/public/shared_imports.ts +++ b/x-pack/plugins/remote_clusters/public/shared_imports.ts @@ -11,4 +11,7 @@ export { SectionLoading, } from '../../../../src/plugins/es_ui_shared/public'; -export { KibanaThemeProvider } from '../../../../src/plugins/kibana_react/public'; +export { + KibanaThemeProvider, + useExecutionContext, +} from '../../../../src/plugins/kibana_react/public'; diff --git a/x-pack/plugins/reporting/server/lib/event_logger/logger.test.ts b/x-pack/plugins/reporting/server/lib/event_logger/logger.test.ts index c58777747c3fd..b389dd715f616 100644 --- a/x-pack/plugins/reporting/server/lib/event_logger/logger.test.ts +++ b/x-pack/plugins/reporting/server/lib/event_logger/logger.test.ts @@ -171,10 +171,11 @@ describe('Event Logger', () => { it(`logClaimTask`, () => { const logger = new factory(mockReport); - const result = logger.logClaimTask(); + const result = logger.logClaimTask({ queueDurationMs: 5500 }); expect([result.event, result.kibana.reporting, result.message]).toMatchInlineSnapshot(` Array [ Object { + "duration": 5500, "timezone": "UTC", }, Object { diff --git a/x-pack/plugins/reporting/server/lib/event_logger/logger.ts b/x-pack/plugins/reporting/server/lib/event_logger/logger.ts index 965a55e24229a..82a089192b2fb 100644 --- a/x-pack/plugins/reporting/server/lib/event_logger/logger.ts +++ b/x-pack/plugins/reporting/server/lib/event_logger/logger.ts @@ -24,7 +24,10 @@ import { StartedExecution, } from './types'; -/** @internal */ +export interface ExecutionClaimMetrics extends TaskRunMetrics { + queueDurationMs: number; +} + export interface ExecutionCompleteMetrics extends TaskRunMetrics { byteSize: number; } @@ -44,7 +47,6 @@ export interface BaseEvent { user?: { name: string }; } -/** @internal */ export function reportingEventLoggerFactory(logger: Logger) { const genericLogger = new EcsLogAdapter(logger, { event: { provider: PLUGIN_ID } }); @@ -145,12 +147,13 @@ export function reportingEventLoggerFactory(logger: Logger) { return event; } - logClaimTask(): ClaimedTask { + logClaimTask({ queueDurationMs }: ExecutionClaimMetrics): ClaimedTask { const message = `claimed report ${this.report._id}`; const event = deepMerge( { message, kibana: { reporting: { actionType: ActionType.CLAIM_TASK } }, + event: { duration: queueDurationMs }, } as Partial, this.eventObj ); diff --git a/x-pack/plugins/reporting/server/lib/event_logger/types.ts b/x-pack/plugins/reporting/server/lib/event_logger/types.ts index 3094919da278d..950c3d89a184b 100644 --- a/x-pack/plugins/reporting/server/lib/event_logger/types.ts +++ b/x-pack/plugins/reporting/server/lib/event_logger/types.ts @@ -12,6 +12,9 @@ import { ActionType } from './'; export interface ReportingAction extends LogMeta { event: { timezone: string; + // Within ReportingEventLogger, duration is auto-calculated for "completion" event, manually calculated for + // "claimed" event. + duration?: number; }; message: string; kibana: { diff --git a/x-pack/plugins/reporting/server/lib/store/store.ts b/x-pack/plugins/reporting/server/lib/store/store.ts index 7e920e718d51e..ffb4ba96bfd3c 100644 --- a/x-pack/plugins/reporting/server/lib/store/store.ts +++ b/x-pack/plugins/reporting/server/lib/store/store.ts @@ -5,6 +5,7 @@ * 2.0. */ +import moment from 'moment'; import { IndexResponse, UpdateResponse } from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; import type { ElasticsearchClient, Logger } from 'kibana/server'; import { statuses } from '../'; @@ -296,7 +297,10 @@ export class ReportingStore { throw err; } - this.reportingCore.getEventLogger(report).logClaimTask(); + // log the amount of time the report waited in "pending" status + this.reportingCore.getEventLogger(report).logClaimTask({ + queueDurationMs: moment.utc().valueOf() - moment.utc(report.created_at).valueOf(), + }); return body; } diff --git a/x-pack/plugins/reporting/server/usage/__snapshots__/reporting_usage_collector.test.ts.snap b/x-pack/plugins/reporting/server/usage/__snapshots__/reporting_usage_collector.test.ts.snap index af04dd4659433..0bfc8cb0df966 100644 --- a/x-pack/plugins/reporting/server/usage/__snapshots__/reporting_usage_collector.test.ts.snap +++ b/x-pack/plugins/reporting/server/usage/__snapshots__/reporting_usage_collector.test.ts.snap @@ -26,6 +26,29 @@ Object { "deprecated": Object { "type": "long", }, + "error_codes": Object { + "authentication_expired_error": Object { + "type": "long", + }, + "browser_could_not_launch_error": Object { + "type": "long", + }, + "browser_screenshot_error": Object { + "type": "long", + }, + "browser_unexpectedly_closed_error": Object { + "type": "long", + }, + "kibana_shutting_down_error": Object { + "type": "long", + }, + "queue_timeout_error": Object { + "type": "long", + }, + "unknown_error": Object { + "type": "long", + }, + }, "metrics": Object { "png_cpu": Object { "50.0": Object { @@ -104,6 +127,29 @@ Object { "deprecated": Object { "type": "long", }, + "error_codes": Object { + "authentication_expired_error": Object { + "type": "long", + }, + "browser_could_not_launch_error": Object { + "type": "long", + }, + "browser_screenshot_error": Object { + "type": "long", + }, + "browser_unexpectedly_closed_error": Object { + "type": "long", + }, + "kibana_shutting_down_error": Object { + "type": "long", + }, + "queue_timeout_error": Object { + "type": "long", + }, + "unknown_error": Object { + "type": "long", + }, + }, "metrics": Object { "png_cpu": Object { "50.0": Object { @@ -188,6 +234,20 @@ Object { "deprecated": Object { "type": "long", }, + "error_codes": Object { + "authentication_expired_error": Object { + "type": "long", + }, + "kibana_shutting_down_error": Object { + "type": "long", + }, + "queue_timeout_error": Object { + "type": "long", + }, + "unknown_error": Object { + "type": "long", + }, + }, "metrics": Object { "csv_rows": Object { "50.0": Object { @@ -252,6 +312,20 @@ Object { "deprecated": Object { "type": "long", }, + "error_codes": Object { + "authentication_expired_error": Object { + "type": "long", + }, + "kibana_shutting_down_error": Object { + "type": "long", + }, + "queue_timeout_error": Object { + "type": "long", + }, + "unknown_error": Object { + "type": "long", + }, + }, "metrics": Object { "csv_rows": Object { "50.0": Object { @@ -320,6 +394,29 @@ Object { "deprecated": Object { "type": "long", }, + "error_codes": Object { + "authentication_expired_error": Object { + "type": "long", + }, + "browser_could_not_launch_error": Object { + "type": "long", + }, + "browser_screenshot_error": Object { + "type": "long", + }, + "browser_unexpectedly_closed_error": Object { + "type": "long", + }, + "kibana_shutting_down_error": Object { + "type": "long", + }, + "queue_timeout_error": Object { + "type": "long", + }, + "unknown_error": Object { + "type": "long", + }, + }, "metrics": Object { "png_cpu": Object { "50.0": Object { @@ -398,6 +495,29 @@ Object { "deprecated": Object { "type": "long", }, + "error_codes": Object { + "authentication_expired_error": Object { + "type": "long", + }, + "browser_could_not_launch_error": Object { + "type": "long", + }, + "browser_screenshot_error": Object { + "type": "long", + }, + "browser_unexpectedly_closed_error": Object { + "type": "long", + }, + "kibana_shutting_down_error": Object { + "type": "long", + }, + "queue_timeout_error": Object { + "type": "long", + }, + "unknown_error": Object { + "type": "long", + }, + }, "metrics": Object { "png_cpu": Object { "50.0": Object { @@ -479,6 +599,20 @@ Object { "deprecated": Object { "type": "long", }, + "error_codes": Object { + "authentication_expired_error": Object { + "type": "long", + }, + "kibana_shutting_down_error": Object { + "type": "long", + }, + "queue_timeout_error": Object { + "type": "long", + }, + "unknown_error": Object { + "type": "long", + }, + }, "metrics": Object { "csv_rows": Object { "50.0": Object { @@ -543,6 +677,20 @@ Object { "deprecated": Object { "type": "long", }, + "error_codes": Object { + "authentication_expired_error": Object { + "type": "long", + }, + "kibana_shutting_down_error": Object { + "type": "long", + }, + "queue_timeout_error": Object { + "type": "long", + }, + "unknown_error": Object { + "type": "long", + }, + }, "metrics": Object { "csv_rows": Object { "50.0": Object { @@ -630,6 +778,32 @@ Object { "deprecated": Object { "type": "long", }, + "error_codes": Object { + "authentication_expired_error": Object { + "type": "long", + }, + "browser_could_not_launch_error": Object { + "type": "long", + }, + "browser_screenshot_error": Object { + "type": "long", + }, + "browser_unexpectedly_closed_error": Object { + "type": "long", + }, + "kibana_shutting_down_error": Object { + "type": "long", + }, + "pdf_worker_out_of_memory_error": Object { + "type": "long", + }, + "queue_timeout_error": Object { + "type": "long", + }, + "unknown_error": Object { + "type": "long", + }, + }, "layout": Object { "canvas": Object { "type": "long", @@ -733,6 +907,32 @@ Object { "deprecated": Object { "type": "long", }, + "error_codes": Object { + "authentication_expired_error": Object { + "type": "long", + }, + "browser_could_not_launch_error": Object { + "type": "long", + }, + "browser_screenshot_error": Object { + "type": "long", + }, + "browser_unexpectedly_closed_error": Object { + "type": "long", + }, + "kibana_shutting_down_error": Object { + "type": "long", + }, + "pdf_worker_out_of_memory_error": Object { + "type": "long", + }, + "queue_timeout_error": Object { + "type": "long", + }, + "unknown_error": Object { + "type": "long", + }, + }, "layout": Object { "canvas": Object { "type": "long", @@ -1309,6 +1509,32 @@ Object { "deprecated": Object { "type": "long", }, + "error_codes": Object { + "authentication_expired_error": Object { + "type": "long", + }, + "browser_could_not_launch_error": Object { + "type": "long", + }, + "browser_screenshot_error": Object { + "type": "long", + }, + "browser_unexpectedly_closed_error": Object { + "type": "long", + }, + "kibana_shutting_down_error": Object { + "type": "long", + }, + "pdf_worker_out_of_memory_error": Object { + "type": "long", + }, + "queue_timeout_error": Object { + "type": "long", + }, + "unknown_error": Object { + "type": "long", + }, + }, "layout": Object { "canvas": Object { "type": "long", @@ -1412,6 +1638,32 @@ Object { "deprecated": Object { "type": "long", }, + "error_codes": Object { + "authentication_expired_error": Object { + "type": "long", + }, + "browser_could_not_launch_error": Object { + "type": "long", + }, + "browser_screenshot_error": Object { + "type": "long", + }, + "browser_unexpectedly_closed_error": Object { + "type": "long", + }, + "kibana_shutting_down_error": Object { + "type": "long", + }, + "pdf_worker_out_of_memory_error": Object { + "type": "long", + }, + "queue_timeout_error": Object { + "type": "long", + }, + "unknown_error": Object { + "type": "long", + }, + }, "layout": Object { "canvas": Object { "type": "long", @@ -1959,6 +2211,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": undefined, "metrics": Object { "png_cpu": Object { @@ -1994,6 +2247,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": undefined, "metrics": Object { "png_cpu": Object { @@ -2031,6 +2285,7 @@ Object { }, "available": true, "deprecated": 4, + "error_codes": Object {}, "layout": undefined, "metrics": Object { "csv_rows": Object { @@ -2060,6 +2315,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": undefined, "metrics": Object { "csv_rows": Object { @@ -2091,6 +2347,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": undefined, "metrics": Object { "png_cpu": Object { @@ -2126,6 +2383,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": undefined, "metrics": Object { "png_cpu": Object { @@ -2162,6 +2420,7 @@ Object { }, "available": true, "deprecated": 4, + "error_codes": Object {}, "layout": undefined, "metrics": Object { "csv_rows": Object { @@ -2191,6 +2450,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": undefined, "metrics": Object { "csv_rows": Object { @@ -2221,6 +2481,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": Object { "canvas": 0, "preserve_layout": 0, @@ -2266,6 +2527,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": Object { "canvas": 0, "preserve_layout": 0, @@ -2324,6 +2586,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": Object { "canvas": 0, "preserve_layout": 0, @@ -2369,6 +2632,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": Object { "canvas": 0, "preserve_layout": 0, @@ -2430,6 +2694,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": undefined, "metrics": Object { "png_cpu": Object { @@ -2465,6 +2730,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": undefined, "metrics": Object { "png_cpu": Object { @@ -2502,6 +2768,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": undefined, "metrics": Object { "csv_rows": Object { @@ -2531,6 +2798,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": undefined, "metrics": Object { "csv_rows": Object { @@ -2562,6 +2830,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": undefined, "metrics": Object { "png_cpu": Object { @@ -2597,6 +2866,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": undefined, "metrics": Object { "png_cpu": Object { @@ -2633,6 +2903,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": undefined, "metrics": Object { "csv_rows": Object { @@ -2662,6 +2933,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": undefined, "metrics": Object { "csv_rows": Object { @@ -2692,6 +2964,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": Object { "canvas": 0, "preserve_layout": 0, @@ -2737,6 +3010,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": Object { "canvas": 0, "preserve_layout": 0, @@ -2789,6 +3063,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": Object { "canvas": 0, "preserve_layout": 0, @@ -2834,6 +3109,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": Object { "canvas": 0, "preserve_layout": 0, @@ -2889,6 +3165,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": undefined, "metrics": Object { "png_cpu": Object { @@ -2924,6 +3201,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": undefined, "metrics": Object { "png_cpu": Object { @@ -2961,6 +3239,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": undefined, "metrics": Object { "csv_rows": Object { @@ -2990,6 +3269,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": undefined, "metrics": Object { "csv_rows": Object { @@ -3021,6 +3301,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": undefined, "metrics": Object { "png_cpu": Object { @@ -3056,6 +3337,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": undefined, "metrics": Object { "png_cpu": Object { @@ -3092,6 +3374,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": undefined, "metrics": Object { "csv_rows": Object { @@ -3121,6 +3404,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": undefined, "metrics": Object { "csv_rows": Object { @@ -3151,6 +3435,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": Object { "canvas": 0, "preserve_layout": 0, @@ -3196,6 +3481,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": Object { "canvas": 0, "preserve_layout": 0, @@ -3248,6 +3534,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": Object { "canvas": 0, "preserve_layout": 0, @@ -3293,6 +3580,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": Object {}, "layout": Object { "canvas": 0, "preserve_layout": 0, @@ -3378,6 +3666,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": Object {}, "layout": undefined, "metrics": Object { "png_cpu": Object { @@ -3413,6 +3702,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": undefined, "metrics": Object { "png_cpu": Object { @@ -3450,6 +3740,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": Object {}, "layout": undefined, "metrics": Object { "csv_rows": Object { @@ -3479,6 +3770,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": undefined, "metrics": Object { "csv_rows": Object { @@ -3510,6 +3802,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": Object {}, "layout": undefined, "metrics": Object { "png_cpu": Object { @@ -3545,6 +3838,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": undefined, "metrics": Object { "png_cpu": Object { @@ -3581,6 +3875,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": Object {}, "layout": undefined, "metrics": Object { "csv_rows": Object { @@ -3610,6 +3905,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": undefined, "metrics": Object { "csv_rows": Object { @@ -3640,6 +3936,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": Object {}, "layout": Object { "canvas": 0, "preserve_layout": 0, @@ -3685,6 +3982,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": Object { "canvas": 0, "preserve_layout": 0, @@ -3748,6 +4046,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": Object {}, "layout": Object { "canvas": 0, "preserve_layout": 0, @@ -3793,6 +4092,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": Object { "canvas": 0, "preserve_layout": 0, @@ -3859,6 +4159,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": Object {}, "layout": undefined, "metrics": Object { "png_cpu": Object { @@ -3894,6 +4195,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": undefined, "metrics": Object { "png_cpu": Object { @@ -3931,6 +4233,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": Object {}, "layout": undefined, "metrics": Object { "csv_rows": Object { @@ -3960,6 +4263,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": undefined, "metrics": Object { "csv_rows": Object { @@ -3991,6 +4295,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": undefined, "metrics": Object { "png_cpu": Object { @@ -4026,6 +4331,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": undefined, "metrics": Object { "png_cpu": Object { @@ -4062,6 +4368,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": undefined, "metrics": Object { "csv_rows": Object { @@ -4091,6 +4398,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": undefined, "metrics": Object { "csv_rows": Object { @@ -4121,6 +4429,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": Object { "canvas": 0, "preserve_layout": 0, @@ -4166,6 +4475,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": Object { "canvas": 0, "preserve_layout": 0, @@ -4218,6 +4528,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": Object {}, "layout": Object { "canvas": 0, "preserve_layout": 0, @@ -4263,6 +4574,7 @@ Object { }, "available": true, "deprecated": 0, + "error_codes": undefined, "layout": Object { "canvas": 0, "preserve_layout": 0, diff --git a/x-pack/plugins/reporting/server/usage/get_export_stats.test.ts b/x-pack/plugins/reporting/server/usage/get_export_stats.test.ts index b553e12e06558..069d5eb42d7f8 100644 --- a/x-pack/plugins/reporting/server/usage/get_export_stats.test.ts +++ b/x-pack/plugins/reporting/server/usage/get_export_stats.test.ts @@ -8,7 +8,7 @@ import { getExportTypesRegistry } from '../lib'; import { getExportStats } from './get_export_stats'; import { getExportTypesHandler } from './get_export_type_handler'; -import { FeatureAvailabilityMap, MetricsStats } from './types'; +import { ErrorCodeStats, FeatureAvailabilityMap, MetricsStats } from './types'; let featureMap: FeatureAvailabilityMap; const sizesAggResponse = { @@ -82,6 +82,7 @@ test('Model of jobTypes', () => { output_size: sizesAggResponse, app: { dashboard: 0, visualization: 3, 'canvas workpad': 0 }, metrics: { png_cpu: {}, png_memory: {} } as MetricsStats, + error_codes: {} as ErrorCodeStats, }, printable_pdf: { available: true, @@ -90,6 +91,7 @@ test('Model of jobTypes', () => { app: { dashboard: 0, visualization: 0, 'canvas workpad': 3 }, layout: { preserve_layout: 3, print: 0, canvas: 0 }, metrics: { pdf_cpu: {}, pdf_memory: {}, pdf_pages: {} } as MetricsStats, + error_codes: {} as ErrorCodeStats, }, csv_searchsource: { available: true, @@ -97,6 +99,7 @@ test('Model of jobTypes', () => { app: { search: 3 }, output_size: sizesAggResponse, metrics: { csv_rows: {} } as MetricsStats, + error_codes: {} as ErrorCodeStats, }, }, featureMap, @@ -113,6 +116,7 @@ test('Model of jobTypes', () => { }, "available": true, "deprecated": 0, + "error_codes": Object {}, "layout": undefined, "metrics": Object { "png_cpu": Object {}, @@ -140,6 +144,7 @@ test('Model of jobTypes', () => { }, "available": true, "deprecated": 0, + "error_codes": Object {}, "layout": undefined, "metrics": Object { "csv_rows": Object {}, @@ -166,6 +171,7 @@ test('Model of jobTypes', () => { }, "available": true, "deprecated": 0, + "error_codes": Object {}, "layout": Object { "canvas": 0, "preserve_layout": 3, @@ -200,6 +206,7 @@ test('PNG counts, provided count of deprecated jobs explicitly', () => { output_size: sizesAggResponse, app: { dashboard: 0, visualization: 0, 'canvas workpad': 0 }, metrics: { png_cpu: {}, png_memory: {} } as MetricsStats, + error_codes: {} as ErrorCodeStats, }, }, featureMap, @@ -215,6 +222,7 @@ test('PNG counts, provided count of deprecated jobs explicitly', () => { }, "available": true, "deprecated": 5, + "error_codes": Object {}, "layout": undefined, "metrics": Object { "png_cpu": Object {}, @@ -246,6 +254,7 @@ test('Incorporate metric stats', () => { png_cpu: { '50.0': 0.01, '75.0': 0.01, '95.0': 0.01, '99.0': 0.01 }, png_memory: { '50.0': 3485, '75.0': 3496, '95.0': 3678, '99.0': 3782 }, }, + error_codes: {} as ErrorCodeStats, }, printable_pdf_v2: { available: true, @@ -258,93 +267,138 @@ test('Incorporate metric stats', () => { }, app: { dashboard: 3, visualization: 0, 'canvas workpad': 0 }, layout: { preserve_layout: 3, print: 0, canvas: 0 }, + error_codes: {} as ErrorCodeStats, }, }, featureMap, exportTypesHandler ); - expect(result.PNGV2).toMatchInlineSnapshot(` + + expect(result.PNGV2.metrics).toMatchInlineSnapshot(` Object { - "app": Object { - "canvas workpad": 3, - "dashboard": 0, - "search": 0, - "visualization": 0, + "png_cpu": Object { + "50.0": 0.01, + "75.0": 0.01, + "95.0": 0.01, + "99.0": 0.01, }, - "available": false, - "deprecated": 0, - "layout": undefined, - "metrics": Object { - "png_cpu": Object { - "50.0": 0.01, - "75.0": 0.01, - "95.0": 0.01, - "99.0": 0.01, - }, - "png_memory": Object { - "50.0": 3485, - "75.0": 3496, - "95.0": 3678, - "99.0": 3782, - }, + "png_memory": Object { + "50.0": 3485, + "75.0": 3496, + "95.0": 3678, + "99.0": 3782, }, - "output_size": Object { - "1.0": 5093470, - "25.0": 5093470, - "5.0": 5093470, - "50.0": 8514532, - "75.0": 11935594, - "95.0": 11935594, - "99.0": 11935594, - }, - "total": 3, } `); - expect(result.printable_pdf_v2).toMatchInlineSnapshot(` + expect(result.printable_pdf_v2.metrics).toMatchInlineSnapshot(` Object { - "app": Object { - "canvas workpad": 0, - "dashboard": 3, - "search": 0, - "visualization": 0, + "pdf_cpu": Object { + "50.0": 0.01, + "75.0": 0.01, + "95.0": 0.01, + "99.0": 0.01, }, - "available": false, - "deprecated": 0, - "layout": Object { - "canvas": 0, - "preserve_layout": 3, - "print": 0, + "pdf_memory": Object { + "50.0": 3485, + "75.0": 3496, + "95.0": 3678, + "99.0": 3782, }, - "metrics": Object { - "pdf_cpu": Object { - "50.0": 0.01, - "75.0": 0.01, - "95.0": 0.01, - "99.0": 0.01, - }, - "pdf_memory": Object { - "50.0": 3485, - "75.0": 3496, - "95.0": 3678, - "99.0": 3782, + "pdf_pages": Object { + "50.0": 4, + "75.0": 4, + "95.0": 4, + "99.0": 4, + }, + } + `); +}); + +test('Incorporate error code stats', () => { + const result = getExportStats( + { + PNGV2: { + available: true, + total: 3, + output_size: sizesAggResponse, + app: { dashboard: 0, visualization: 0, 'canvas workpad': 3 }, + metrics: { png_cpu: {}, png_memory: {} } as MetricsStats, + error_codes: { + authentication_expired_error: 5, + queue_timeout_error: 1, + unknown_error: 0, + kibana_shutting_down_error: 1, + browser_could_not_launch_error: 2, + browser_unexpectedly_closed_error: 8, + browser_screenshot_error: 27, }, - "pdf_pages": Object { - "50.0": 4, - "75.0": 4, - "95.0": 4, - "99.0": 4, + }, + printable_pdf_v2: { + available: true, + total: 3, + output_size: sizesAggResponse, + metrics: { png_cpu: {}, png_memory: {} } as MetricsStats, + app: { dashboard: 3, visualization: 0, 'canvas workpad': 0 }, + layout: { preserve_layout: 3, print: 0, canvas: 0 }, + error_codes: { + pdf_worker_out_of_memory_error: 99, + authentication_expired_error: 5, + queue_timeout_error: 1, + unknown_error: 0, + kibana_shutting_down_error: 1, + browser_could_not_launch_error: 2, + browser_unexpectedly_closed_error: 8, + browser_screenshot_error: 27, }, }, - "output_size": Object { - "1.0": 5093470, - "25.0": 5093470, - "5.0": 5093470, - "50.0": 8514532, - "75.0": 11935594, - "95.0": 11935594, - "99.0": 11935594, + csv_searchsource_immediate: { + available: true, + total: 3, + output_size: sizesAggResponse, + metrics: { png_cpu: {}, png_memory: {} } as MetricsStats, + app: { dashboard: 3, visualization: 0, 'canvas workpad': 0 }, + error_codes: { + authentication_expired_error: 5, + queue_timeout_error: 1, + unknown_error: 0, + kibana_shutting_down_error: 1, + }, }, - "total": 3, + }, + featureMap, + exportTypesHandler + ); + + expect(result.PNGV2.error_codes).toMatchInlineSnapshot(` + Object { + "authentication_expired_error": 5, + "browser_could_not_launch_error": 2, + "browser_screenshot_error": 27, + "browser_unexpectedly_closed_error": 8, + "kibana_shutting_down_error": 1, + "queue_timeout_error": 1, + "unknown_error": 0, + } + `); + expect(result.printable_pdf_v2.error_codes).toMatchInlineSnapshot(` + Object { + "authentication_expired_error": 5, + "browser_could_not_launch_error": 2, + "browser_screenshot_error": 27, + "browser_unexpectedly_closed_error": 8, + "kibana_shutting_down_error": 1, + "pdf_worker_out_of_memory_error": 99, + "queue_timeout_error": 1, + "unknown_error": 0, + } + `); + + expect(result.csv_searchsource_immediate.error_codes).toMatchInlineSnapshot(` + Object { + "authentication_expired_error": 5, + "kibana_shutting_down_error": 1, + "queue_timeout_error": 1, + "unknown_error": 0, } `); }); diff --git a/x-pack/plugins/reporting/server/usage/get_export_stats.ts b/x-pack/plugins/reporting/server/usage/get_export_stats.ts index 94c2d5ec66de0..0f82c44067da0 100644 --- a/x-pack/plugins/reporting/server/usage/get_export_stats.ts +++ b/x-pack/plugins/reporting/server/usage/get_export_stats.ts @@ -9,6 +9,7 @@ import { DEPRECATED_JOB_TYPES } from '../../common/constants'; import { ExportTypesHandler } from './get_export_type_handler'; import { AvailableTotal, + ErrorCodeStats, FeatureAvailabilityMap, JobTypes, LayoutCounts, @@ -59,8 +60,9 @@ const metricsForFeature: { [K in keyof JobTypes]: JobTypes[K]['metrics'] } = { }; type CombinedJobTypeStats = AvailableTotal & { - layout?: LayoutCounts; metrics: Partial; + error_codes?: Partial; + layout?: LayoutCounts; }; const isAvailable = (featureAvailability: FeatureAvailabilityMap, feature: string) => @@ -82,6 +84,7 @@ function getAvailableTotalForFeature( output_size: { ...defaultTotalsForFeature.output_size, ...jobType?.output_size }, metrics: { ...metricsForFeature[exportType], ...jobType?.metrics }, app: { ...defaultTotalsForFeature.app, ...jobType?.app }, + error_codes: jobType?.error_codes, layout: jobTypeIsPdf(exportType) ? { ...defaultTotalsForFeature.layout, ...jobType?.layout } : undefined, diff --git a/x-pack/plugins/reporting/server/usage/get_reporting_usage.ts b/x-pack/plugins/reporting/server/usage/get_reporting_usage.ts index a0a01ec602d82..a4d0ca9c66a0c 100644 --- a/x-pack/plugins/reporting/server/usage/get_reporting_usage.ts +++ b/x-pack/plugins/reporting/server/usage/get_reporting_usage.ts @@ -16,6 +16,7 @@ import type { AggregationBuckets, AggregationResultBuckets, AvailableTotal, + ErrorCodeStats, JobTypes, KeyCountBucket, LayoutCounts, @@ -33,6 +34,7 @@ enum keys { STATUS_BY_APP = 'statusByApp', STATUS = 'statusTypes', OUTPUT_SIZE = 'output_size', + ERROR_CODE = 'errorCodes', IS_DEPRECATED = 'meta.isDeprecated', CSV_ROWS = 'csv_rows', PDF_CPU = 'pdf_cpu', @@ -52,6 +54,7 @@ enum fields { PNG_MEMORY = 'metrics.png.memoryInMegabytes', OBJECT_TYPE = 'meta.objectType.keyword', OUTPUT_SIZE = 'output.size', + ERROR_CODE = 'output.error_code', STATUS = 'status', } @@ -88,6 +91,7 @@ const getAppStatuses = (buckets: StatusByAppBucket[]) => type JobType = Omit & { layout: LayoutCounts; metrics?: MetricsStats; + error_codes?: ErrorCodeStats; }; function getAggStats( @@ -103,6 +107,7 @@ function getAggStats( output_size: outputSizes, layoutTypes, objectTypes, + errorCodes, } = bucket; const deprecatedCount = isDeprecated?.doc_count; @@ -113,6 +118,7 @@ function getAggStats( app: getKeyCount(get(objectTypes, 'buckets', [])), metrics: (metrics && metrics[key]) || undefined, output_size: get(outputSizes, 'values', {} as SizePercentiles), + error_codes: getKeyCount(get(errorCodes, 'buckets', [])), layout: getKeyCount(get(layoutTypes, 'buckets', [])), }; return { ...accum, [key]: jobType }; @@ -214,9 +220,6 @@ export async function getReportingUsage( terms: { field: fields.JOB_TYPE, size: DEFAULT_TERMS_SIZE }, aggs: { isDeprecated: { filter: { term: { [keys.IS_DEPRECATED]: true } } }, - [keys.OUTPUT_SIZE]: { - percentiles: { field: fields.OUTPUT_SIZE, percents: SIZE_PERCENTILES }, - }, [keys.LAYOUT]: { terms: { field: fields.LAYOUT, size: DEFAULT_TERMS_SIZE } }, [keys.STATUS_BY_APP]: { terms: { field: fields.STATUS, size: DEFAULT_TERMS_SIZE }, @@ -227,10 +230,21 @@ export async function getReportingUsage( [keys.OBJECT_TYPE]: { terms: { field: fields.OBJECT_TYPE, size: DEFAULT_TERMS_SIZE }, }, + // per-job output size + [keys.OUTPUT_SIZE]: { + percentiles: { field: fields.OUTPUT_SIZE, percents: SIZE_PERCENTILES }, + }, + // per-job error codes + [keys.ERROR_CODE]: { + terms: { field: fields.ERROR_CODE, size: DEFAULT_TERMS_SIZE }, + }, }, }, [keys.STATUS]: { terms: { field: fields.STATUS, size: DEFAULT_TERMS_SIZE } }, + // overall output sizes [keys.OUTPUT_SIZE]: { percentiles: { field: fields.OUTPUT_SIZE } }, + // overall error codes + [keys.ERROR_CODE]: { terms: { field: fields.ERROR_CODE, size: DEFAULT_TERMS_SIZE } }, }, }, metrics: { diff --git a/x-pack/plugins/reporting/server/usage/schema.test.ts b/x-pack/plugins/reporting/server/usage/schema.test.ts index 9b0b866e93a23..d188d6eb373dd 100644 --- a/x-pack/plugins/reporting/server/usage/schema.test.ts +++ b/x-pack/plugins/reporting/server/usage/schema.test.ts @@ -32,6 +32,13 @@ describe('Reporting telemetry schema', () => { "PNG.app.visualization.type": "long", "PNG.available.type": "boolean", "PNG.deprecated.type": "long", + "PNG.error_codes.authentication_expired_error.type": "long", + "PNG.error_codes.browser_could_not_launch_error.type": "long", + "PNG.error_codes.browser_screenshot_error.type": "long", + "PNG.error_codes.browser_unexpectedly_closed_error.type": "long", + "PNG.error_codes.kibana_shutting_down_error.type": "long", + "PNG.error_codes.queue_timeout_error.type": "long", + "PNG.error_codes.unknown_error.type": "long", "PNG.metrics.png_cpu.50.0.type": "long", "PNG.metrics.png_cpu.75.0.type": "long", "PNG.metrics.png_cpu.95.0.type": "long", @@ -54,6 +61,13 @@ describe('Reporting telemetry schema', () => { "PNGV2.app.visualization.type": "long", "PNGV2.available.type": "boolean", "PNGV2.deprecated.type": "long", + "PNGV2.error_codes.authentication_expired_error.type": "long", + "PNGV2.error_codes.browser_could_not_launch_error.type": "long", + "PNGV2.error_codes.browser_screenshot_error.type": "long", + "PNGV2.error_codes.browser_unexpectedly_closed_error.type": "long", + "PNGV2.error_codes.kibana_shutting_down_error.type": "long", + "PNGV2.error_codes.queue_timeout_error.type": "long", + "PNGV2.error_codes.unknown_error.type": "long", "PNGV2.metrics.png_cpu.50.0.type": "long", "PNGV2.metrics.png_cpu.75.0.type": "long", "PNGV2.metrics.png_cpu.95.0.type": "long", @@ -78,6 +92,10 @@ describe('Reporting telemetry schema', () => { "csv_searchsource.app.visualization.type": "long", "csv_searchsource.available.type": "boolean", "csv_searchsource.deprecated.type": "long", + "csv_searchsource.error_codes.authentication_expired_error.type": "long", + "csv_searchsource.error_codes.kibana_shutting_down_error.type": "long", + "csv_searchsource.error_codes.queue_timeout_error.type": "long", + "csv_searchsource.error_codes.unknown_error.type": "long", "csv_searchsource.metrics.csv_rows.50.0.type": "long", "csv_searchsource.metrics.csv_rows.75.0.type": "long", "csv_searchsource.metrics.csv_rows.95.0.type": "long", @@ -96,6 +114,10 @@ describe('Reporting telemetry schema', () => { "csv_searchsource_immediate.app.visualization.type": "long", "csv_searchsource_immediate.available.type": "boolean", "csv_searchsource_immediate.deprecated.type": "long", + "csv_searchsource_immediate.error_codes.authentication_expired_error.type": "long", + "csv_searchsource_immediate.error_codes.kibana_shutting_down_error.type": "long", + "csv_searchsource_immediate.error_codes.queue_timeout_error.type": "long", + "csv_searchsource_immediate.error_codes.unknown_error.type": "long", "csv_searchsource_immediate.metrics.csv_rows.50.0.type": "long", "csv_searchsource_immediate.metrics.csv_rows.75.0.type": "long", "csv_searchsource_immediate.metrics.csv_rows.95.0.type": "long", @@ -115,6 +137,13 @@ describe('Reporting telemetry schema', () => { "last7Days.PNG.app.visualization.type": "long", "last7Days.PNG.available.type": "boolean", "last7Days.PNG.deprecated.type": "long", + "last7Days.PNG.error_codes.authentication_expired_error.type": "long", + "last7Days.PNG.error_codes.browser_could_not_launch_error.type": "long", + "last7Days.PNG.error_codes.browser_screenshot_error.type": "long", + "last7Days.PNG.error_codes.browser_unexpectedly_closed_error.type": "long", + "last7Days.PNG.error_codes.kibana_shutting_down_error.type": "long", + "last7Days.PNG.error_codes.queue_timeout_error.type": "long", + "last7Days.PNG.error_codes.unknown_error.type": "long", "last7Days.PNG.metrics.png_cpu.50.0.type": "long", "last7Days.PNG.metrics.png_cpu.75.0.type": "long", "last7Days.PNG.metrics.png_cpu.95.0.type": "long", @@ -137,6 +166,13 @@ describe('Reporting telemetry schema', () => { "last7Days.PNGV2.app.visualization.type": "long", "last7Days.PNGV2.available.type": "boolean", "last7Days.PNGV2.deprecated.type": "long", + "last7Days.PNGV2.error_codes.authentication_expired_error.type": "long", + "last7Days.PNGV2.error_codes.browser_could_not_launch_error.type": "long", + "last7Days.PNGV2.error_codes.browser_screenshot_error.type": "long", + "last7Days.PNGV2.error_codes.browser_unexpectedly_closed_error.type": "long", + "last7Days.PNGV2.error_codes.kibana_shutting_down_error.type": "long", + "last7Days.PNGV2.error_codes.queue_timeout_error.type": "long", + "last7Days.PNGV2.error_codes.unknown_error.type": "long", "last7Days.PNGV2.metrics.png_cpu.50.0.type": "long", "last7Days.PNGV2.metrics.png_cpu.75.0.type": "long", "last7Days.PNGV2.metrics.png_cpu.95.0.type": "long", @@ -160,6 +196,10 @@ describe('Reporting telemetry schema', () => { "last7Days.csv_searchsource.app.visualization.type": "long", "last7Days.csv_searchsource.available.type": "boolean", "last7Days.csv_searchsource.deprecated.type": "long", + "last7Days.csv_searchsource.error_codes.authentication_expired_error.type": "long", + "last7Days.csv_searchsource.error_codes.kibana_shutting_down_error.type": "long", + "last7Days.csv_searchsource.error_codes.queue_timeout_error.type": "long", + "last7Days.csv_searchsource.error_codes.unknown_error.type": "long", "last7Days.csv_searchsource.metrics.csv_rows.50.0.type": "long", "last7Days.csv_searchsource.metrics.csv_rows.75.0.type": "long", "last7Days.csv_searchsource.metrics.csv_rows.95.0.type": "long", @@ -178,6 +218,10 @@ describe('Reporting telemetry schema', () => { "last7Days.csv_searchsource_immediate.app.visualization.type": "long", "last7Days.csv_searchsource_immediate.available.type": "boolean", "last7Days.csv_searchsource_immediate.deprecated.type": "long", + "last7Days.csv_searchsource_immediate.error_codes.authentication_expired_error.type": "long", + "last7Days.csv_searchsource_immediate.error_codes.kibana_shutting_down_error.type": "long", + "last7Days.csv_searchsource_immediate.error_codes.queue_timeout_error.type": "long", + "last7Days.csv_searchsource_immediate.error_codes.unknown_error.type": "long", "last7Days.csv_searchsource_immediate.metrics.csv_rows.50.0.type": "long", "last7Days.csv_searchsource_immediate.metrics.csv_rows.75.0.type": "long", "last7Days.csv_searchsource_immediate.metrics.csv_rows.95.0.type": "long", @@ -203,6 +247,14 @@ describe('Reporting telemetry schema', () => { "last7Days.printable_pdf.app.visualization.type": "long", "last7Days.printable_pdf.available.type": "boolean", "last7Days.printable_pdf.deprecated.type": "long", + "last7Days.printable_pdf.error_codes.authentication_expired_error.type": "long", + "last7Days.printable_pdf.error_codes.browser_could_not_launch_error.type": "long", + "last7Days.printable_pdf.error_codes.browser_screenshot_error.type": "long", + "last7Days.printable_pdf.error_codes.browser_unexpectedly_closed_error.type": "long", + "last7Days.printable_pdf.error_codes.kibana_shutting_down_error.type": "long", + "last7Days.printable_pdf.error_codes.pdf_worker_out_of_memory_error.type": "long", + "last7Days.printable_pdf.error_codes.queue_timeout_error.type": "long", + "last7Days.printable_pdf.error_codes.unknown_error.type": "long", "last7Days.printable_pdf.layout.canvas.type": "long", "last7Days.printable_pdf.layout.preserve_layout.type": "long", "last7Days.printable_pdf.layout.print.type": "long", @@ -232,6 +284,14 @@ describe('Reporting telemetry schema', () => { "last7Days.printable_pdf_v2.app.visualization.type": "long", "last7Days.printable_pdf_v2.available.type": "boolean", "last7Days.printable_pdf_v2.deprecated.type": "long", + "last7Days.printable_pdf_v2.error_codes.authentication_expired_error.type": "long", + "last7Days.printable_pdf_v2.error_codes.browser_could_not_launch_error.type": "long", + "last7Days.printable_pdf_v2.error_codes.browser_screenshot_error.type": "long", + "last7Days.printable_pdf_v2.error_codes.browser_unexpectedly_closed_error.type": "long", + "last7Days.printable_pdf_v2.error_codes.kibana_shutting_down_error.type": "long", + "last7Days.printable_pdf_v2.error_codes.pdf_worker_out_of_memory_error.type": "long", + "last7Days.printable_pdf_v2.error_codes.queue_timeout_error.type": "long", + "last7Days.printable_pdf_v2.error_codes.unknown_error.type": "long", "last7Days.printable_pdf_v2.layout.canvas.type": "long", "last7Days.printable_pdf_v2.layout.preserve_layout.type": "long", "last7Days.printable_pdf_v2.layout.print.type": "long", @@ -393,6 +453,14 @@ describe('Reporting telemetry schema', () => { "printable_pdf.app.visualization.type": "long", "printable_pdf.available.type": "boolean", "printable_pdf.deprecated.type": "long", + "printable_pdf.error_codes.authentication_expired_error.type": "long", + "printable_pdf.error_codes.browser_could_not_launch_error.type": "long", + "printable_pdf.error_codes.browser_screenshot_error.type": "long", + "printable_pdf.error_codes.browser_unexpectedly_closed_error.type": "long", + "printable_pdf.error_codes.kibana_shutting_down_error.type": "long", + "printable_pdf.error_codes.pdf_worker_out_of_memory_error.type": "long", + "printable_pdf.error_codes.queue_timeout_error.type": "long", + "printable_pdf.error_codes.unknown_error.type": "long", "printable_pdf.layout.canvas.type": "long", "printable_pdf.layout.preserve_layout.type": "long", "printable_pdf.layout.print.type": "long", @@ -422,6 +490,14 @@ describe('Reporting telemetry schema', () => { "printable_pdf_v2.app.visualization.type": "long", "printable_pdf_v2.available.type": "boolean", "printable_pdf_v2.deprecated.type": "long", + "printable_pdf_v2.error_codes.authentication_expired_error.type": "long", + "printable_pdf_v2.error_codes.browser_could_not_launch_error.type": "long", + "printable_pdf_v2.error_codes.browser_screenshot_error.type": "long", + "printable_pdf_v2.error_codes.browser_unexpectedly_closed_error.type": "long", + "printable_pdf_v2.error_codes.kibana_shutting_down_error.type": "long", + "printable_pdf_v2.error_codes.pdf_worker_out_of_memory_error.type": "long", + "printable_pdf_v2.error_codes.queue_timeout_error.type": "long", + "printable_pdf_v2.error_codes.unknown_error.type": "long", "printable_pdf_v2.layout.canvas.type": "long", "printable_pdf_v2.layout.preserve_layout.type": "long", "printable_pdf_v2.layout.print.type": "long", diff --git a/x-pack/plugins/reporting/server/usage/schema.ts b/x-pack/plugins/reporting/server/usage/schema.ts index b26ffba23e6a6..dde4b5647fd9e 100644 --- a/x-pack/plugins/reporting/server/usage/schema.ts +++ b/x-pack/plugins/reporting/server/usage/schema.ts @@ -74,6 +74,32 @@ const metricsSchemaPdf: MakeSchemaFrom = { + authentication_expired_error: { type: 'long' }, + queue_timeout_error: { type: 'long' }, + unknown_error: { type: 'long' }, + kibana_shutting_down_error: { type: 'long' }, +}; +const errorCodesSchemaPng: MakeSchemaFrom = { + authentication_expired_error: { type: 'long' }, + queue_timeout_error: { type: 'long' }, + unknown_error: { type: 'long' }, + kibana_shutting_down_error: { type: 'long' }, + browser_could_not_launch_error: { type: 'long' }, + browser_unexpectedly_closed_error: { type: 'long' }, + browser_screenshot_error: { type: 'long' }, +}; +const errorCodesSchemaPdf: MakeSchemaFrom = { + pdf_worker_out_of_memory_error: { type: 'long' }, + authentication_expired_error: { type: 'long' }, + queue_timeout_error: { type: 'long' }, + unknown_error: { type: 'long' }, + kibana_shutting_down_error: { type: 'long' }, + browser_could_not_launch_error: { type: 'long' }, + browser_unexpectedly_closed_error: { type: 'long' }, + browser_screenshot_error: { type: 'long' }, +}; + const availableTotalSchema: MakeSchemaFrom = { available: { type: 'boolean' }, total: { type: 'long' }, @@ -83,15 +109,29 @@ const availableTotalSchema: MakeSchemaFrom = { }; const jobTypesSchema: MakeSchemaFrom = { - csv_searchsource: { ...availableTotalSchema, metrics: metricsSchemaCsv }, - csv_searchsource_immediate: { ...availableTotalSchema, metrics: metricsSchemaCsv }, - PNG: { ...availableTotalSchema, metrics: metricsSchemaPng }, - PNGV2: { ...availableTotalSchema, metrics: metricsSchemaPng }, - printable_pdf: { ...availableTotalSchema, layout: layoutCountsSchema, metrics: metricsSchemaPdf }, + csv_searchsource: { + ...availableTotalSchema, + metrics: metricsSchemaCsv, + error_codes: errorCodesSchemaCsv, + }, + csv_searchsource_immediate: { + ...availableTotalSchema, + metrics: metricsSchemaCsv, + error_codes: errorCodesSchemaCsv, + }, + PNG: { ...availableTotalSchema, metrics: metricsSchemaPng, error_codes: errorCodesSchemaPng }, + PNGV2: { ...availableTotalSchema, metrics: metricsSchemaPng, error_codes: errorCodesSchemaPng }, + printable_pdf: { + ...availableTotalSchema, + layout: layoutCountsSchema, + metrics: metricsSchemaPdf, + error_codes: errorCodesSchemaPdf, + }, printable_pdf_v2: { ...availableTotalSchema, layout: layoutCountsSchema, metrics: metricsSchemaPdf, + error_codes: errorCodesSchemaPdf, }, }; diff --git a/x-pack/plugins/reporting/server/usage/types.ts b/x-pack/plugins/reporting/server/usage/types.ts index e11de7f4765d7..cf0acee312ae4 100644 --- a/x-pack/plugins/reporting/server/usage/types.ts +++ b/x-pack/plugins/reporting/server/usage/types.ts @@ -24,11 +24,15 @@ interface SizeBuckets { } interface ObjectTypeBuckets { - objectTypes: AggregationBuckets; + objectTypes?: AggregationBuckets; } interface LayoutTypeBuckets { - layoutTypes: AggregationBuckets; + layoutTypes?: AggregationBuckets; +} + +interface ErrorCodeBuckets { + errorCodes?: AggregationBuckets; } /* @@ -47,7 +51,8 @@ export interface KeyCountBucket extends DocCount, SizeBuckets, ObjectTypeBuckets, - LayoutTypeBuckets { + LayoutTypeBuckets, + ErrorCodeBuckets { key: BaseJobTypes; isDeprecated?: DocCount; } @@ -111,12 +116,32 @@ export type AppCounts = { }; export interface JobTypes { - csv_searchsource: AvailableTotal & { metrics: MetricsStatsCsv }; - csv_searchsource_immediate: AvailableTotal & { metrics: MetricsStatsCsv }; - PNG: AvailableTotal & { metrics: MetricsStatsPng }; - PNGV2: AvailableTotal & { metrics: MetricsStatsPng }; - printable_pdf: AvailableTotal & { layout: LayoutCounts; metrics: MetricsStatsPdf }; - printable_pdf_v2: AvailableTotal & { layout: LayoutCounts; metrics: MetricsStatsPdf }; + csv_searchsource: AvailableTotal & { + metrics: MetricsStatsCsv; + error_codes: ErrorCodesStatsCsv; + }; + csv_searchsource_immediate: AvailableTotal & { + metrics: MetricsStatsCsv; + error_codes: ErrorCodesStatsCsv; + }; + PNG: AvailableTotal & { + metrics: MetricsStatsPng; + error_codes: ErrorCodesStatsPng; + }; + PNGV2: AvailableTotal & { + metrics: MetricsStatsPng; + error_codes: ErrorCodesStatsPng; + }; + printable_pdf: AvailableTotal & { + layout: LayoutCounts; + metrics: MetricsStatsPdf; + error_codes: ErrorCodesStatsPdf; + }; + printable_pdf_v2: AvailableTotal & { + layout: LayoutCounts; + metrics: MetricsStatsPdf; + error_codes: ErrorCodesStatsPdf; + }; } export type ByAppCounts = { [J in BaseJobTypes]?: AppCounts }; @@ -159,6 +184,27 @@ export interface MetricsPercentiles { '99.0': number | null; } +type ErrorCodesStatsCsv = Pick< + ErrorCodeStats, + | 'authentication_expired_error' + | 'queue_timeout_error' + | 'unknown_error' + | 'kibana_shutting_down_error' +>; +type ErrorCodesStatsPng = Omit; +type ErrorCodesStatsPdf = ErrorCodeStats; + +export interface ErrorCodeStats { + authentication_expired_error: number | null; + queue_timeout_error: number | null; + unknown_error: number | null; + pdf_worker_out_of_memory_error: number | null; + browser_could_not_launch_error: number | null; + browser_unexpectedly_closed_error: number | null; + browser_screenshot_error: number | null; + kibana_shutting_down_error: number | null; +} + export interface MetricsStats { csv_rows: MetricsPercentiles; pdf_cpu: MetricsPercentiles; diff --git a/x-pack/plugins/rollup/public/application.tsx b/x-pack/plugins/rollup/public/application.tsx index 3bebe4597a08a..6e216f87ce6dc 100644 --- a/x-pack/plugins/rollup/public/application.tsx +++ b/x-pack/plugins/rollup/public/application.tsx @@ -9,8 +9,8 @@ import React from 'react'; import { render, unmountComponentAtNode } from 'react-dom'; import { Provider } from 'react-redux'; -import { CoreSetup } from 'kibana/public'; -import { KibanaContextProvider, KibanaThemeProvider } from './shared_imports'; +import { CoreSetup, ExecutionContextStart } from 'kibana/public'; +import { KibanaContextProvider, KibanaThemeProvider, useExecutionContext } from './shared_imports'; // @ts-ignore import { rollupJobsStore } from './crud_app/store'; // @ts-ignore @@ -20,6 +20,21 @@ import './index.scss'; import { ManagementAppMountParams } from '../../../../src/plugins/management/public'; +const AppWithExecutionContext = ({ + history, + executionContext, +}: { + history: ManagementAppMountParams['history']; + executionContext: ExecutionContextStart; +}) => { + useExecutionContext(executionContext, { + type: 'application', + page: 'rollup', + }); + + return ; +}; + /** * This module will be loaded asynchronously to reduce the bundle size of your plugin's main bundle. */ @@ -40,7 +55,7 @@ export const renderApp = async ( - + diff --git a/x-pack/plugins/rollup/public/shared_imports.ts b/x-pack/plugins/rollup/public/shared_imports.ts index cb100f2df26f7..83182f2e05fe7 100644 --- a/x-pack/plugins/rollup/public/shared_imports.ts +++ b/x-pack/plugins/rollup/public/shared_imports.ts @@ -15,4 +15,5 @@ export { export { KibanaContextProvider, KibanaThemeProvider, + useExecutionContext, } from '../../../../src/plugins/kibana_react/public'; diff --git a/x-pack/plugins/screenshotting/server/formats/pdf/pdf_maker/integration_tests/pdfmaker.test.ts b/x-pack/plugins/screenshotting/server/formats/pdf/pdf_maker/integration_tests/pdfmaker.test.ts index 0e9ed014d6ea6..d3c9f2003dd4e 100644 --- a/x-pack/plugins/screenshotting/server/formats/pdf/pdf_maker/integration_tests/pdfmaker.test.ts +++ b/x-pack/plugins/screenshotting/server/formats/pdf/pdf_maker/integration_tests/pdfmaker.test.ts @@ -19,7 +19,7 @@ const imageBase64 = Buffer.from( 'base64' ); -describe.skip('PdfMaker', () => { +describe('PdfMaker', () => { let layout: ReturnType; let pdf: PdfMaker; let logger: ReturnType; @@ -41,14 +41,14 @@ describe.skip('PdfMaker', () => { }); describe('worker', () => { - /** - * Leave this test skipped! It is a proof-of-concept for demonstrating that - * we correctly handle a worker OOM error. Due to the variability of when - * Node will terminate the worker thread for exceeding resource - * limits we cannot guarantee this test will always execute in a reasonable - * amount of time. - */ it.skip('should report when the PDF worker runs out of memory instead of crashing the main thread', async () => { + /** + * Leave this test skipped! It is a proof-of-concept for demonstrating that + * we correctly handle a worker OOM error. Due to the variability of when + * Node will terminate the worker thread for exceeding resource + * limits we cannot guarantee this test will always execute in a reasonable + * amount of time. + */ const leakyMaker = new (class MemoryLeakPdfMaker extends PdfMaker { // From local testing: // OOMs after 456.486 seconds with high young generation size @@ -60,14 +60,14 @@ describe.skip('PdfMaker', () => { await expect(leakyMaker.generate()).rejects.toBeInstanceOf(errors.PdfWorkerOutOfMemoryError); }); - it.skip('restarts the PDF worker if it crashes', async () => { + it('restarts the PDF worker if it crashes', async () => { const buggyMaker = new (class BuggyPdfMaker extends PdfMaker { protected workerModulePath = path.resolve(__dirname, './buggy_worker.js'); })(layout, undefined, logger); - await expect(buggyMaker.generate()).rejects.toEqual(new Error('This is a bug')); - await expect(buggyMaker.generate()).rejects.toEqual(new Error('This is a bug')); - await expect(buggyMaker.generate()).rejects.toEqual(new Error('This is a bug')); + await expect(buggyMaker.generate()).rejects.toThrowError(new Error('This is a bug')); + await expect(buggyMaker.generate()).rejects.toThrowError(new Error('This is a bug')); + await expect(buggyMaker.generate()).rejects.toThrowError(new Error('This is a bug')); }); }); diff --git a/x-pack/plugins/screenshotting/server/formats/pdf/pdf_maker/pdfmaker.ts b/x-pack/plugins/screenshotting/server/formats/pdf/pdf_maker/pdfmaker.ts index 82f6977ba7c85..f32bec1e3ed38 100644 --- a/x-pack/plugins/screenshotting/server/formats/pdf/pdf_maker/pdfmaker.ts +++ b/x-pack/plugins/screenshotting/server/formats/pdf/pdf_maker/pdfmaker.ts @@ -202,13 +202,7 @@ export class PdfMaker { reject(workerError); } }); - this.worker.on('exit', () => {}); // do nothing on errors - - // Send the initial request - const generatePdfRequest: GeneratePdfRequest = { - data: this.getGeneratePdfRequestData(), - }; - myPort.postMessage(generatePdfRequest); + this.worker.on('exit', () => {}); // We expect one message from the worker generating the PDF buffer. myPort.on('message', ({ error, data }: GeneratePdfResponse) => { @@ -223,6 +217,12 @@ export class PdfMaker { this.pageCount = data.metrics.pages; resolve(data.buffer); }); + + // Send the request + const generatePdfRequest: GeneratePdfRequest = { + data: this.getGeneratePdfRequestData(), + }; + myPort.postMessage(generatePdfRequest); }); } finally { await this.cleanupWorker(); diff --git a/x-pack/plugins/security/kibana.json b/x-pack/plugins/security/kibana.json index 2eeac40e22f14..3d0bd9cbcbedc 100644 --- a/x-pack/plugins/security/kibana.json +++ b/x-pack/plugins/security/kibana.json @@ -8,7 +8,7 @@ "version": "8.0.0", "kibanaVersion": "kibana", "configPath": ["xpack", "security"], - "requiredPlugins": ["data", "features", "licensing", "taskManager"], + "requiredPlugins": ["dataViews", "features", "licensing", "taskManager"], "optionalPlugins": ["home", "management", "usageCollection", "spaces", "share"], "server": true, "ui": true, diff --git a/x-pack/plugins/security/public/management/roles/roles_management_app.tsx b/x-pack/plugins/security/public/management/roles/roles_management_app.tsx index 3c723bdfcc988..18a0ad37b88fc 100644 --- a/x-pack/plugins/security/public/management/roles/roles_management_app.tsx +++ b/x-pack/plugins/security/public/management/roles/roles_management_app.tsx @@ -44,7 +44,7 @@ export const rolesManagementApp = Object.freeze({ title, async mount({ element, theme$, setBreadcrumbs, history }) { const [ - [startServices, { data, features, spaces }], + [startServices, { dataViews, features, spaces }], { RolesGridPage }, { EditRolePage }, { RolesAPIClient }, @@ -108,7 +108,7 @@ export const rolesManagementApp = Object.freeze({ license={license} docLinks={docLinks} uiCapabilities={application.capabilities} - dataViews={data.dataViews} + dataViews={dataViews} history={history} spacesApiUi={spacesApiUi} /> diff --git a/x-pack/plugins/security/public/plugin.test.tsx b/x-pack/plugins/security/public/plugin.test.tsx index 2bc4932b12a0b..98d0ea0ab25a2 100644 --- a/x-pack/plugins/security/public/plugin.test.tsx +++ b/x-pack/plugins/security/public/plugin.test.tsx @@ -10,7 +10,7 @@ import { Observable } from 'rxjs'; import type { CoreSetup } from 'src/core/public'; import { coreMock } from 'src/core/public/mocks'; -import type { DataPublicPluginStart } from 'src/plugins/data/public'; +import type { DataViewsPublicPluginStart } from 'src/plugins/data_views/public'; import { managementPluginMock } from 'src/plugins/management/public/mocks'; import type { FeaturesPluginStart } from '../../features/public'; @@ -92,7 +92,7 @@ describe('Security Plugin', () => { expect( plugin.start(coreMock.createStart({ basePath: '/some-base-path' }), { - data: {} as DataPublicPluginStart, + dataViews: {} as DataViewsPublicPluginStart, features: {} as FeaturesPluginStart, }) ).toEqual({ @@ -133,7 +133,7 @@ describe('Security Plugin', () => { const coreStart = coreMock.createStart({ basePath: '/some-base-path' }); plugin.start(coreStart, { - data: {} as DataPublicPluginStart, + dataViews: {} as DataViewsPublicPluginStart, features: {} as FeaturesPluginStart, management: managementStartMock, }); @@ -162,7 +162,7 @@ describe('Security Plugin', () => { ); plugin.start(coreMock.createStart({ basePath: '/some-base-path' }), { - data: {} as DataPublicPluginStart, + dataViews: {} as DataViewsPublicPluginStart, features: {} as FeaturesPluginStart, }); diff --git a/x-pack/plugins/security/public/plugin.tsx b/x-pack/plugins/security/public/plugin.tsx index c2860ec059b8d..02618bbc7977a 100644 --- a/x-pack/plugins/security/public/plugin.tsx +++ b/x-pack/plugins/security/public/plugin.tsx @@ -7,7 +7,7 @@ import { i18n } from '@kbn/i18n'; import type { CoreSetup, CoreStart, Plugin, PluginInitializerContext } from 'src/core/public'; -import type { DataPublicPluginStart } from 'src/plugins/data/public'; +import type { DataViewsPublicPluginStart } from 'src/plugins/data_views/public'; import type { HomePublicPluginSetup } from 'src/plugins/home/public'; import type { ManagementSetup, ManagementStart } from 'src/plugins/management/public'; @@ -39,7 +39,7 @@ export interface PluginSetupDependencies { } export interface PluginStartDependencies { - data: DataPublicPluginStart; + dataViews: DataViewsPublicPluginStart; features: FeaturesPluginStart; management?: ManagementStart; spaces?: SpacesPluginStart; diff --git a/x-pack/plugins/security/tsconfig.json b/x-pack/plugins/security/tsconfig.json index 5cc25bbb44055..e4566248efc46 100644 --- a/x-pack/plugins/security/tsconfig.json +++ b/x-pack/plugins/security/tsconfig.json @@ -12,7 +12,7 @@ { "path": "../licensing/tsconfig.json" }, { "path": "../spaces/tsconfig.json" }, { "path": "../task_manager/tsconfig.json" }, - { "path": "../../../src/plugins/data/tsconfig.json" }, + { "path": "../../../src/plugins/data_views/tsconfig.json" }, { "path": "../../../src/plugins/es_ui_shared/tsconfig.json" }, { "path": "../../../src/plugins/home/tsconfig.json" }, { "path": "../../../src/plugins/kibana_react/tsconfig.json" }, diff --git a/x-pack/plugins/security_solution/common/constants.ts b/x-pack/plugins/security_solution/common/constants.ts index 591c7d68e17cb..f7bdc889f9c33 100644 --- a/x-pack/plugins/security_solution/common/constants.ts +++ b/x-pack/plugins/security_solution/common/constants.ts @@ -443,7 +443,7 @@ export const RULES_TABLE_PAGE_SIZE_OPTIONS = [5, 10, 20, 50, RULES_TABLE_MAX_PAG * we will need to update this constant with the corresponding version. */ export const RULES_MANAGEMENT_FEATURE_TOUR_STORAGE_KEY = - 'securitySolution.rulesManagementPage.newFeaturesTour.v8.1'; + 'securitySolution.rulesManagementPage.newFeaturesTour.v8.2'; export const RULE_DETAILS_EXECUTION_LOG_TABLE_SHOW_METRIC_COLUMNS_STORAGE_KEY = 'securitySolution.ruleDetails.ruleExecutionLog.showMetrics.v8.2'; diff --git a/x-pack/plugins/security_solution/public/app/home/index.tsx b/x-pack/plugins/security_solution/public/app/home/index.tsx index 3a02adc155e6e..19d4e5cc57b3b 100644 --- a/x-pack/plugins/security_solution/public/app/home/index.tsx +++ b/x-pack/plugins/security_solution/public/app/home/index.tsx @@ -22,6 +22,7 @@ import { import { useUpgradeSecurityPackages } from '../../common/hooks/use_upgrade_security_packages'; import { GlobalHeader } from './global_header'; import { SecuritySolutionTemplateWrapper } from './template_wrapper'; +import { ConsoleManager } from '../../management/components/console/components/console_manager'; interface HomePageProps { children: React.ReactNode; @@ -48,14 +49,16 @@ const HomePageComponent: React.FC = ({ return ( - - - - - {children} - - - + + + + + + {children} + + + + ); }; diff --git a/x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/api.test.ts b/x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/api.test.ts index c8d8b5bb6ffd0..3c534ca7294a5 100644 --- a/x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/api.test.ts +++ b/x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/api.test.ts @@ -143,7 +143,7 @@ describe('Detections Rules API', () => { method: 'GET', query: { filter: - '(alert.attributes.name: "hello world" OR alert.attributes.params.index: "hello world" OR alert.attributes.params.threat.tactic.id: "hello world" OR alert.attributes.params.threat.tactic.name: "hello world" OR alert.attributes.params.threat.technique.id: "hello world" OR alert.attributes.params.threat.technique.name: "hello world")', + '(alert.attributes.name: "hello world" OR alert.attributes.params.index: "hello world" OR alert.attributes.params.threat.tactic.id: "hello world" OR alert.attributes.params.threat.tactic.name: "hello world" OR alert.attributes.params.threat.technique.id: "hello world" OR alert.attributes.params.threat.technique.name: "hello world" OR alert.attributes.params.threat.technique.subtechnique.id: "hello world" OR alert.attributes.params.threat.technique.subtechnique.name: "hello world")', page: 1, per_page: 20, sort_field: 'enabled', @@ -172,7 +172,7 @@ describe('Detections Rules API', () => { method: 'GET', query: { filter: - '(alert.attributes.name: "\\" OR (foo:bar)" OR alert.attributes.params.index: "\\" OR (foo:bar)" OR alert.attributes.params.threat.tactic.id: "\\" OR (foo:bar)" OR alert.attributes.params.threat.tactic.name: "\\" OR (foo:bar)" OR alert.attributes.params.threat.technique.id: "\\" OR (foo:bar)" OR alert.attributes.params.threat.technique.name: "\\" OR (foo:bar)")', + '(alert.attributes.name: "\\" OR (foo:bar)" OR alert.attributes.params.index: "\\" OR (foo:bar)" OR alert.attributes.params.threat.tactic.id: "\\" OR (foo:bar)" OR alert.attributes.params.threat.tactic.name: "\\" OR (foo:bar)" OR alert.attributes.params.threat.technique.id: "\\" OR (foo:bar)" OR alert.attributes.params.threat.technique.name: "\\" OR (foo:bar)" OR alert.attributes.params.threat.technique.subtechnique.id: "\\" OR (foo:bar)" OR alert.attributes.params.threat.technique.subtechnique.name: "\\" OR (foo:bar)")', page: 1, per_page: 20, sort_field: 'enabled', @@ -383,7 +383,7 @@ describe('Detections Rules API', () => { method: 'GET', query: { filter: - 'alert.attributes.tags: "__internal_immutable:false" AND alert.attributes.tags: "__internal_immutable:true" AND alert.attributes.tags:("hello" AND "world") AND (alert.attributes.name: "ruleName" OR alert.attributes.params.index: "ruleName" OR alert.attributes.params.threat.tactic.id: "ruleName" OR alert.attributes.params.threat.tactic.name: "ruleName" OR alert.attributes.params.threat.technique.id: "ruleName" OR alert.attributes.params.threat.technique.name: "ruleName")', + 'alert.attributes.tags: "__internal_immutable:false" AND alert.attributes.tags: "__internal_immutable:true" AND alert.attributes.tags:("hello" AND "world") AND (alert.attributes.name: "ruleName" OR alert.attributes.params.index: "ruleName" OR alert.attributes.params.threat.tactic.id: "ruleName" OR alert.attributes.params.threat.tactic.name: "ruleName" OR alert.attributes.params.threat.technique.id: "ruleName" OR alert.attributes.params.threat.technique.name: "ruleName" OR alert.attributes.params.threat.technique.subtechnique.id: "ruleName" OR alert.attributes.params.threat.technique.subtechnique.name: "ruleName")', page: 1, per_page: 20, sort_field: 'enabled', diff --git a/x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/utils.test.ts b/x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/utils.test.ts index e3d2300972a51..a26a4aec3ec02 100644 --- a/x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/utils.test.ts +++ b/x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/utils.test.ts @@ -27,7 +27,7 @@ describe('convertRulesFilterToKQL', () => { const kql = convertRulesFilterToKQL({ ...filterOptions, filter: 'foo' }); expect(kql).toBe( - '(alert.attributes.name: "foo" OR alert.attributes.params.index: "foo" OR alert.attributes.params.threat.tactic.id: "foo" OR alert.attributes.params.threat.tactic.name: "foo" OR alert.attributes.params.threat.technique.id: "foo" OR alert.attributes.params.threat.technique.name: "foo")' + '(alert.attributes.name: "foo" OR alert.attributes.params.index: "foo" OR alert.attributes.params.threat.tactic.id: "foo" OR alert.attributes.params.threat.tactic.name: "foo" OR alert.attributes.params.threat.technique.id: "foo" OR alert.attributes.params.threat.technique.name: "foo" OR alert.attributes.params.threat.technique.subtechnique.id: "foo" OR alert.attributes.params.threat.technique.subtechnique.name: "foo")' ); }); @@ -35,7 +35,7 @@ describe('convertRulesFilterToKQL', () => { const kql = convertRulesFilterToKQL({ ...filterOptions, filter: '" OR (foo: bar)' }); expect(kql).toBe( - '(alert.attributes.name: "\\" OR (foo: bar)" OR alert.attributes.params.index: "\\" OR (foo: bar)" OR alert.attributes.params.threat.tactic.id: "\\" OR (foo: bar)" OR alert.attributes.params.threat.tactic.name: "\\" OR (foo: bar)" OR alert.attributes.params.threat.technique.id: "\\" OR (foo: bar)" OR alert.attributes.params.threat.technique.name: "\\" OR (foo: bar)")' + '(alert.attributes.name: "\\" OR (foo: bar)" OR alert.attributes.params.index: "\\" OR (foo: bar)" OR alert.attributes.params.threat.tactic.id: "\\" OR (foo: bar)" OR alert.attributes.params.threat.tactic.name: "\\" OR (foo: bar)" OR alert.attributes.params.threat.technique.id: "\\" OR (foo: bar)" OR alert.attributes.params.threat.technique.name: "\\" OR (foo: bar)" OR alert.attributes.params.threat.technique.subtechnique.id: "\\" OR (foo: bar)" OR alert.attributes.params.threat.technique.subtechnique.name: "\\" OR (foo: bar)")' ); }); @@ -66,7 +66,7 @@ describe('convertRulesFilterToKQL', () => { }); expect(kql).toBe( - `alert.attributes.tags: "${INTERNAL_IMMUTABLE_KEY}:true" AND alert.attributes.tags:(\"tag1\" AND \"tag2\") AND (alert.attributes.name: \"foo\" OR alert.attributes.params.index: \"foo\" OR alert.attributes.params.threat.tactic.id: \"foo\" OR alert.attributes.params.threat.tactic.name: \"foo\" OR alert.attributes.params.threat.technique.id: \"foo\" OR alert.attributes.params.threat.technique.name: \"foo\")` + `alert.attributes.tags: "${INTERNAL_IMMUTABLE_KEY}:true" AND alert.attributes.tags:("tag1" AND "tag2") AND (alert.attributes.name: "foo" OR alert.attributes.params.index: "foo" OR alert.attributes.params.threat.tactic.id: "foo" OR alert.attributes.params.threat.tactic.name: "foo" OR alert.attributes.params.threat.technique.id: "foo" OR alert.attributes.params.threat.technique.name: "foo" OR alert.attributes.params.threat.technique.subtechnique.id: "foo" OR alert.attributes.params.threat.technique.subtechnique.name: "foo")` ); }); }); diff --git a/x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/utils.ts b/x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/utils.ts index f5e52fd6362c1..069746223731c 100644 --- a/x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/utils.ts +++ b/x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/utils.ts @@ -16,6 +16,8 @@ const SEARCHABLE_RULE_PARAMS = [ 'alert.attributes.params.threat.tactic.name', 'alert.attributes.params.threat.technique.id', 'alert.attributes.params.threat.technique.name', + 'alert.attributes.params.threat.technique.subtechnique.id', + 'alert.attributes.params.threat.technique.subtechnique.name', ]; /** diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/feature_tour/rules_feature_tour.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/feature_tour/rules_feature_tour.tsx new file mode 100644 index 0000000000000..59a26a2289190 --- /dev/null +++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/feature_tour/rules_feature_tour.tsx @@ -0,0 +1,147 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { + EuiButtonIcon, + EuiFlexGroup, + EuiFlexItem, + EuiSpacer, + EuiStatelessTourStep, + EuiText, + EuiTourActions, + EuiTourState, + EuiTourStep, + EuiTourStepProps, + useEuiTour, +} from '@elastic/eui'; +import { noop } from 'lodash'; +import React, { FC, useEffect, useMemo, useState } from 'react'; +import { RULES_MANAGEMENT_FEATURE_TOUR_STORAGE_KEY } from '../../../../../../../common/constants'; +import { useKibana } from '../../../../../../common/lib/kibana'; +import * as i18n from './translations'; + +export interface RulesFeatureTourContextType { + steps: EuiTourStepProps[]; + actions: EuiTourActions; +} + +export const SEARCH_CAPABILITIES_TOUR_ANCHOR = 'search-capabilities-tour-anchor'; + +const TOUR_POPOVER_WIDTH = 400; + +const tourConfig: EuiTourState = { + currentTourStep: 1, + isTourActive: true, + tourPopoverWidth: TOUR_POPOVER_WIDTH, + tourSubtitle: i18n.TOUR_TITLE, +}; + +const stepsConfig: EuiStatelessTourStep[] = [ + { + step: 1, + title: i18n.SEARCH_CAPABILITIES_TITLE, + content: {i18n.SEARCH_CAPABILITIES_DESCRIPTION}, + stepsTotal: 1, + children: <>, + onFinish: noop, + maxWidth: TOUR_POPOVER_WIDTH, + }, +]; + +export const RulesFeatureTour: FC = () => { + const { storage } = useKibana().services; + + const restoredState = useMemo( + () => ({ + ...tourConfig, + ...storage.get(RULES_MANAGEMENT_FEATURE_TOUR_STORAGE_KEY), + }), + [storage] + ); + + const [tourSteps, tourActions, tourState] = useEuiTour(stepsConfig, restoredState); + + useEffect(() => { + const { isTourActive, currentTourStep } = tourState; + storage.set(RULES_MANAGEMENT_FEATURE_TOUR_STORAGE_KEY, { isTourActive, currentTourStep }); + }, [tourState, storage]); + + const [shouldShowSearchCapabilitiesTour, setShouldShowSearchCapabilitiesTour] = useState(false); + + useEffect(() => { + /** + * Wait until the tour target elements are visible on the page and mount + * EuiTourStep components only after that. Otherwise, the tours would never + * show up on the page. + */ + const observer = new MutationObserver(() => { + if (document.querySelector(`#${SEARCH_CAPABILITIES_TOUR_ANCHOR}`)) { + setShouldShowSearchCapabilitiesTour(true); + observer.disconnect(); + } + }); + + observer.observe(document.body, { + childList: true, + subtree: true, + }); + + return () => observer.disconnect(); + }, []); + + const enhancedSteps = useMemo( + () => + tourSteps.map((item, index) => ({ + ...item, + content: ( + <> + {item.content} + {tourSteps.length > 1 && ( + <> + + + + + + + + + + + )} + + ), + })), + [tourSteps, tourActions] + ); + + return shouldShowSearchCapabilitiesTour ? ( + + ) : null; +}; diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/feature_tour/rules_feature_tour_context.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/feature_tour/rules_feature_tour_context.tsx deleted file mode 100644 index aaa483e49fca7..0000000000000 --- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/feature_tour/rules_feature_tour_context.tsx +++ /dev/null @@ -1,150 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import React, { createContext, useContext, useEffect, useMemo, FC } from 'react'; -import { - EuiButtonIcon, - EuiFlexGroup, - EuiFlexItem, - EuiSpacer, - EuiTourState, - EuiStatelessTourStep, - EuiTourStepProps, - EuiTourActions, - useEuiTour, -} from '@elastic/eui'; - -import { noop } from 'lodash'; -import { invariant } from '../../../../../../../common/utils/invariant'; -import { useKibana } from '../../../../../../common/lib/kibana'; -import { RULES_MANAGEMENT_FEATURE_TOUR_STORAGE_KEY } from '../../../../../../../common/constants'; - -import * as i18n from './translations'; - -export interface RulesFeatureTourContextType { - steps: EuiTourStepProps[]; - actions: EuiTourActions; -} - -const TOUR_POPOVER_WIDTH = 360; - -const tourConfig: EuiTourState = { - currentTourStep: 1, - isTourActive: true, - tourPopoverWidth: TOUR_POPOVER_WIDTH, - tourSubtitle: i18n.TOUR_TITLE, -}; - -// This is an example. Replace with the steps for your particular version. Don't forget to use i18n. -const stepsConfig: EuiStatelessTourStep[] = [ - { - step: 1, - title: 'A new feature', - content:

{'This feature allows for...'}

, - stepsTotal: 2, - children: <>, - onFinish: noop, - maxWidth: TOUR_POPOVER_WIDTH, - }, - { - step: 2, - title: 'Another feature', - content:

{'This another feature allows for...'}

, - stepsTotal: 2, - children: <>, - onFinish: noop, - anchorPosition: 'rightUp', - maxWidth: TOUR_POPOVER_WIDTH, - }, -]; - -const RulesFeatureTourContext = createContext(null); - -/** - * Context for new rules features, displayed in demo tour(euiTour) - * It has a common state in useEuiTour, which allows transition from one step to the next, for components within it[context] - * It also stores tour's state in localStorage - */ -export const RulesFeatureTourContextProvider: FC = ({ children }) => { - const { storage } = useKibana().services; - - const restoredState = useMemo( - () => ({ - ...tourConfig, - ...(storage.get(RULES_MANAGEMENT_FEATURE_TOUR_STORAGE_KEY) ?? tourConfig), - }), - [storage] - ); - - const [tourSteps, tourActions, tourState] = useEuiTour(stepsConfig, restoredState); - - const enhancedSteps = useMemo(() => { - return tourSteps.map((item, index, array) => { - return { - ...item, - content: ( - <> - {item.content} - - - - - - - - - - - ), - }; - }); - }, [tourSteps, tourActions]); - - const providerValue = useMemo( - () => ({ steps: enhancedSteps, actions: tourActions }), - [enhancedSteps, tourActions] - ); - - useEffect(() => { - const { isTourActive, currentTourStep } = tourState; - storage.set(RULES_MANAGEMENT_FEATURE_TOUR_STORAGE_KEY, { isTourActive, currentTourStep }); - }, [tourState, storage]); - - return ( - - {children} - - ); -}; - -export const useRulesFeatureTourContext = (): RulesFeatureTourContextType => { - const rulesFeatureTourContext = useContext(RulesFeatureTourContext); - invariant( - rulesFeatureTourContext, - 'useRulesFeatureTourContext should be used inside RulesFeatureTourContextProvider' - ); - - return rulesFeatureTourContext; -}; - -export const useRulesFeatureTourContextOptional = (): RulesFeatureTourContextType | null => { - const rulesFeatureTourContext = useContext(RulesFeatureTourContext); - - return rulesFeatureTourContext; -}; diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/feature_tour/translations.ts b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/feature_tour/translations.ts index bfcda64bb13dd..45715c6ca76d8 100644 --- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/feature_tour/translations.ts +++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/feature_tour/translations.ts @@ -13,3 +13,32 @@ export const TOUR_TITLE = i18n.translate( defaultMessage: "What's new", } ); + +export const PREVIOUS_STEP_LABEL = i18n.translate( + 'xpack.securitySolution.detectionEngine.rules.allRules.featureTour.previousStepLabel', + { + defaultMessage: 'Go to previous step', + } +); + +export const NEXT_STEP_LABEL = i18n.translate( + 'xpack.securitySolution.detectionEngine.rules.allRules.featureTour.nextStepLabel', + { + defaultMessage: 'Go to next step', + } +); + +export const SEARCH_CAPABILITIES_TITLE = i18n.translate( + 'xpack.securitySolution.detectionEngine.rules.allRules.featureTour.searchCapabilitiesTitle', + { + defaultMessage: 'Enhanced search capabilities', + } +); + +export const SEARCH_CAPABILITIES_DESCRIPTION = i18n.translate( + 'xpack.securitySolution.detectionEngine.rules.allRules.featureTour.searchCapabilitiesDescription', + { + defaultMessage: + 'It is now possible to search rules by index patterns, like "filebeat-*", or by MITRE ATT&CK™ tactics or techniques, like "Defense Evasion" or "TA0005".', + } +); diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/index.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/index.tsx index e8c7742125c74..282158cc66d53 100644 --- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/index.tsx +++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/index.tsx @@ -8,6 +8,7 @@ import { EuiSpacer } from '@elastic/eui'; import React, { useState } from 'react'; import { CreatePreBuiltRules } from '../../../../containers/detection_engine/rules'; +import { RulesFeatureTour } from './feature_tour/rules_feature_tour'; import { RulesTables } from './rules_tables'; import { AllRulesTabs, RulesTableToolbar } from './rules_table_toolbar'; @@ -45,6 +46,7 @@ export const AllRules = React.memo( return ( <> + theme.eui.euiSizeXS}; `; +const SearchBarWrapper = styled(EuiFlexItem)` + & .euiPopover, + & .euiPopover__anchor { + // This is needed to "cancel" styles passed down from EuiTourStep that + // interfere with EuiFieldSearch and don't allow it to take the full width + display: block; + } +`; + interface RulesTableFiltersProps { rulesCustomInstalled: number | null; rulesInstalled: number | null; @@ -69,15 +79,16 @@ const RulesTableFiltersComponent = ({ return ( - + - + ` context component and associated `useConsoleManager()` hook allows for the management of consoles in the app by ensuring that one can show/hide/terminate consoles as well as get a list of consoles that are "running". Each console's history is maintained when a console is hidden and re-displayed when it is opened again. + diff --git a/x-pack/plugins/security_solution/public/management/components/console/components/command_input/command_input.test.tsx b/x-pack/plugins/security_solution/public/management/components/console/components/command_input/command_input.test.tsx index e61318227cb1f..94f9d202b0736 100644 --- a/x-pack/plugins/security_solution/public/management/components/console/components/command_input/command_input.test.tsx +++ b/x-pack/plugins/security_solution/public/management/components/console/components/command_input/command_input.test.tsx @@ -5,9 +5,9 @@ * 2.0. */ -import { ConsoleProps } from '../../console'; import { AppContextTestRender } from '../../../../../common/mock/endpoint'; import { ConsoleTestSetup, getConsoleTestSetup } from '../../mocks'; +import { ConsoleProps } from '../../types'; describe('When entering data into the Console input', () => { let render: (props?: Partial) => ReturnType; diff --git a/x-pack/plugins/security_solution/public/management/components/console/components/console_manager/components/confirm_terminate.tsx b/x-pack/plugins/security_solution/public/management/components/console/components/console_manager/components/confirm_terminate.tsx new file mode 100644 index 0000000000000..4489654a16e54 --- /dev/null +++ b/x-pack/plugins/security_solution/public/management/components/console/components/console_manager/components/confirm_terminate.tsx @@ -0,0 +1,88 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React, { memo } from 'react'; +import { + EuiButton, + EuiButtonEmpty, + EuiCallOut, + EuiFlexGroup, + EuiFlexItem, + EuiFocusTrap, + EuiPanel, + EuiSpacer, + EuiText, +} from '@elastic/eui'; +import { FormattedMessage } from '@kbn/i18n-react'; + +export interface ConfirmTerminateProps { + onConfirm: () => void; + onCancel: () => void; +} + +export const ConfirmTerminate = memo(({ onConfirm, onCancel }) => { + return ( +
+ + + + } + > + + + + + + + + + + + + + + + + + + + + + +
+ ); +}); +ConfirmTerminate.displayName = 'ConfirmTerminate'; diff --git a/x-pack/plugins/security_solution/public/management/components/console/components/console_manager/components/console_popup.tsx b/x-pack/plugins/security_solution/public/management/components/console/components/console_manager/components/console_popup.tsx new file mode 100644 index 0000000000000..a6cd5a4d5e906 --- /dev/null +++ b/x-pack/plugins/security_solution/public/management/components/console/components/console_manager/components/console_popup.tsx @@ -0,0 +1,136 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React, { memo, PropsWithChildren, ReactNode, useCallback, useMemo, useState } from 'react'; +import { + EuiButton, + EuiButtonEmpty, + EuiIcon, + EuiModalBody, + EuiModalFooter, + EuiModalHeader, + EuiModalHeaderTitle, +} from '@elastic/eui'; +import styled from 'styled-components'; +import { FormattedMessage } from '@kbn/i18n-react'; +import classNames from 'classnames'; +import { ConfirmTerminate } from './confirm_terminate'; + +const ConsolePopupWrapper = styled.div` + position: fixed; + top: 100px; + right: 0; + min-height: 60vh; + min-width: 40vw; + max-width: 70vw; + + &.is-hidden { + display: none; + } + + &.is-confirming .modal-content { + opacity: 0.3; + } + + .console-holder { + height: 100%; + } + + .terminate-confirm-panel { + max-width: 85%; + flex-grow: 0; + } +`; + +type ConsolePopupProps = PropsWithChildren<{ + isHidden: boolean; + onTerminate: () => void; + onHide: () => void; + title?: ReactNode; +}>; + +export const ConsolePopup = memo( + ({ children, isHidden, title = '', onTerminate, onHide }) => { + const [showTerminateConfirm, setShowTerminateConfirm] = useState(false); + + const cssClassNames = useMemo(() => { + return classNames({ + euiModal: true, + 'euiModal--maxWidth-default': true, + 'is-hidden': isHidden, + 'is-confirming': showTerminateConfirm, + }); + }, [isHidden, showTerminateConfirm]); + + const handleTerminateOnClick = useCallback(() => { + setShowTerminateConfirm(true); + }, []); + + const handleTerminateOnConfirm = useCallback(() => { + setShowTerminateConfirm(false); + onTerminate(); + }, [onTerminate]); + + const handleTerminateOnCancel = useCallback(() => { + setShowTerminateConfirm(false); + }, []); + + return ( + +
+ {!isHidden && ( + + +

+ {title} +

+ + + )} + + {/* + IMPORTANT: The Modal body (below) is always shown. This is how the command history + of each command is persisted - by allowing the consoles to still be + rendered (Console takes care of hiding it own UI in this case) + */} + +
{children}
+ + + {!isHidden && ( + + + + + + + + + )} +
+ + {!isHidden && showTerminateConfirm && ( + + )} + + ); + } +); +ConsolePopup.displayName = 'ConsolePopup'; diff --git a/x-pack/plugins/security_solution/public/management/components/console/components/console_manager/console_manager.test.tsx b/x-pack/plugins/security_solution/public/management/components/console/components/console_manager/console_manager.test.tsx new file mode 100644 index 0000000000000..ef8fb8c37f4c9 --- /dev/null +++ b/x-pack/plugins/security_solution/public/management/components/console/components/console_manager/console_manager.test.tsx @@ -0,0 +1,369 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { renderHook as _renderHook, RenderHookResult, act } from '@testing-library/react-hooks'; +import { ConsoleManager, useConsoleManager } from './console_manager'; +import React, { memo } from 'react'; +import type { + ConsoleManagerClient, + ConsoleRegistrationInterface, + RegisteredConsoleClient, +} from './types'; +import { + AppContextTestRender, + createAppRootMockRenderer, +} from '../../../../../common/mock/endpoint'; +import { ConsoleManagerTestComponent, getNewConsoleRegistrationMock } from './mocks'; +import userEvent from '@testing-library/user-event'; +import { waitFor } from '@testing-library/react'; +import { enterConsoleCommand } from '../../mocks'; + +describe('When using ConsoleManager', () => { + describe('and using the ConsoleManagerInterface via the hook', () => { + type RenderResultInterface = RenderHookResult; + + let renderHook: () => RenderResultInterface; + let renderResult: RenderResultInterface; + + const registerNewConsole = (): ConsoleRegistrationInterface => { + const newConsole = getNewConsoleRegistrationMock(); + + act(() => { + renderResult.result.current.register(newConsole); + }); + + return newConsole; + }; + + beforeEach(() => { + const { AppWrapper } = createAppRootMockRenderer(); + + const RenderWrapper = memo(({ children }) => { + return ( + + {children} + + ); + }); + RenderWrapper.displayName = 'RenderWrapper'; + + renderHook = () => { + renderResult = _renderHook(useConsoleManager, { + wrapper: RenderWrapper, + }); + + return renderResult; + }; + }); + + it('should return the expected interface', async () => { + renderHook(); + + expect(renderResult.result.current).toEqual({ + getList: expect.any(Function), + getOne: expect.any(Function), + hide: expect.any(Function), + register: expect.any(Function), + show: expect.any(Function), + terminate: expect.any(Function), + }); + }); + + it('should register a console', () => { + const newConsole = getNewConsoleRegistrationMock(); + + renderHook(); + act(() => { + renderResult.result.current.register(newConsole); + }); + + expect(renderResult.result.current.getOne(newConsole.id)).toEqual({ + id: newConsole.id, + title: newConsole.title, + meta: newConsole.meta, + show: expect.any(Function), + hide: expect.any(Function), + terminate: expect.any(Function), + isVisible: expect.any(Function), + }); + }); + + it('should show a console by `id`', async () => { + renderHook(); + const { id: consoleId } = registerNewConsole(); + act(() => { + renderResult.result.current.show(consoleId); + }); + + expect(renderResult.result.current.getOne(consoleId)!.isVisible()).toBe(true); + }); + + it('should throw if attempting to show a console with invalid `id`', () => { + renderHook(); + + expect(() => renderResult.result.current.show('some id')).toThrow( + 'Console with id some id not found' + ); + }); + + it('should hide a console by `id`', () => { + renderHook(); + const { id: consoleId } = registerNewConsole(); + act(() => { + renderResult.result.current.show(consoleId); + }); + + expect(renderResult.result.current.getOne(consoleId)!.isVisible()).toBe(true); + + act(() => { + renderResult.result.current.hide(consoleId); + }); + + expect(renderResult.result.current.getOne(consoleId)!.isVisible()).toBe(false); + }); + + it('should throw if attempting to hide a console with invalid `id`', () => { + renderHook(); + + expect(() => renderResult.result.current.hide('some id')).toThrow( + 'Console with id some id not found' + ); + }); + + it('should terminate a console by `id`', () => { + renderHook(); + const { id: consoleId } = registerNewConsole(); + + expect(renderResult.result.current.getOne(consoleId)).toBeTruthy(); + + act(() => { + renderResult.result.current.terminate(consoleId); + }); + + expect(renderResult.result.current.getOne(consoleId)).toBeUndefined(); + }); + + it('should call `onBeforeTerminate()`', () => { + renderHook(); + const { id: consoleId, onBeforeTerminate } = registerNewConsole(); + + act(() => { + renderResult.result.current.terminate(consoleId); + }); + + expect(onBeforeTerminate).toHaveBeenCalled(); + }); + + it('should throw if attempting to terminate a console with invalid `id`', () => { + renderHook(); + + expect(() => renderResult.result.current.terminate('some id')).toThrow( + 'Console with id some id not found' + ); + }); + + it('should return list of registered consoles when calling `getList()`', () => { + renderHook(); + registerNewConsole(); + registerNewConsole(); + + expect(renderResult.result.current.getList()).toHaveLength(2); + }); + + describe('and using the Registered Console client interface', () => { + let consoleId: string; + let registeredConsole: Readonly; + + beforeEach(() => { + renderHook(); + ({ id: consoleId } = registerNewConsole()); + registeredConsole = renderResult.result.current.getOne(consoleId)!; + }); + + it('should have the expected interface', () => { + expect(registeredConsole).toEqual({ + id: expect.any(String), + meta: expect.any(Object), + title: expect.anything(), + show: expect.any(Function), + hide: expect.any(Function), + terminate: expect.any(Function), + isVisible: expect.any(Function), + }); + }); + + it('should display the console when `.show()` is called', async () => { + registeredConsole.show(); + await renderResult.waitForNextUpdate(); + + expect(registeredConsole.isVisible()).toBe(true); + }); + + it('should hide the console when `.hide()` is called', async () => { + registeredConsole.show(); + await renderResult.waitForNextUpdate(); + expect(registeredConsole.isVisible()).toBe(true); + + registeredConsole.hide(); + await renderResult.waitForNextUpdate(); + expect(registeredConsole.isVisible()).toBe(false); + }); + + it('should un-register the console when `.terminate() is called', async () => { + registeredConsole.terminate(); + await renderResult.waitForNextUpdate(); + + expect(renderResult.result.current.getOne(consoleId)).toBeUndefined(); + }); + }); + }); + + describe('and when the console popup is rendered into the page', () => { + let render: () => Promise>; + let renderResult: ReturnType; + + const clickOnRegisterNewConsole = () => { + act(() => { + userEvent.click(renderResult.getByTestId('registerNewConsole')); + }); + }; + + const openRunningConsole = async () => { + act(() => { + userEvent.click(renderResult.queryAllByTestId('showRunningConsole')[0]); + }); + + await waitFor(() => { + expect( + renderResult.getByTestId('consolePopupWrapper').classList.contains('is-hidden') + ).toBe(false); + }); + }; + + beforeEach(() => { + const mockedContext = createAppRootMockRenderer(); + + render = async () => { + renderResult = mockedContext.render( + + + + ); + + clickOnRegisterNewConsole(); + + await waitFor(() => { + expect(renderResult.queryAllByTestId('runningConsole').length).toBeGreaterThan(0); + }); + + await openRunningConsole(); + + return renderResult; + }; + }); + + it('should show the title', async () => { + await render(); + + expect(renderResult.getByTestId('consolePopupHeader').textContent).toMatch(/Test console/); + }); + + it('should show the console', async () => { + await render(); + + expect(renderResult.getByTestId('testRunningConsole')).toBeTruthy(); + }); + + it('should show `terminate` button', async () => { + await render(); + + expect(renderResult.getByTestId('consolePopupTerminateButton')).toBeTruthy(); + }); + + it('should show `hide` button', async () => { + await render(); + + expect(renderResult.getByTestId('consolePopupHideButton')).toBeTruthy(); + }); + + it('should hide the console popup', async () => { + await render(); + userEvent.click(renderResult.getByTestId('consolePopupHideButton')); + + await waitFor(() => { + expect( + renderResult.getByTestId('consolePopupWrapper').classList.contains('is-hidden') + ).toBe(true); + }); + }); + + it("should persist a console's command output history on hide/show", async () => { + await render(); + enterConsoleCommand(renderResult, 'help', { dataTestSubj: 'testRunningConsole' }); + enterConsoleCommand(renderResult, 'help', { dataTestSubj: 'testRunningConsole' }); + + await waitFor(() => { + expect(renderResult.queryAllByTestId('testRunningConsole-historyItem')).toHaveLength(2); + }); + + userEvent.click(renderResult.getByTestId('consolePopupHideButton')); + await waitFor(() => { + expect( + renderResult.getByTestId('consolePopupWrapper').classList.contains('is-hidden') + ).toBe(true); + }); + + await openRunningConsole(); + + await waitFor(() => { + expect(renderResult.queryAllByTestId('testRunningConsole-historyItem')).toHaveLength(2); + }); + }); + + describe('and the terminate confirmation is shown', () => { + const clickOnTerminateButton = async () => { + userEvent.click(renderResult.getByTestId('consolePopupTerminateButton')); + + await waitFor(() => { + expect(renderResult.getByTestId('consolePopupTerminateConfirmModal')).toBeTruthy(); + }); + }; + + beforeEach(async () => { + await render(); + await clickOnTerminateButton(); + }); + + it('should show confirmation when terminate button is clicked', async () => { + expect(renderResult.getByTestId('consolePopupTerminateConfirmMessage')).toBeTruthy(); + }); + + it('should show cancel and terminate buttons', async () => { + expect(renderResult.getByTestId('consolePopupTerminateModalCancelButton')).toBeTruthy(); + expect(renderResult.getByTestId('consolePopupTerminateModalTerminateButton')).toBeTruthy(); + }); + + it('should hide the confirmation when cancel is clicked', async () => { + userEvent.click(renderResult.getByTestId('consolePopupTerminateModalCancelButton')); + + await waitFor(() => { + expect(renderResult.queryByTestId('consolePopupTerminateConfirmModal')).toBeNull(); + }); + }); + + it('should terminate when terminate is clicked', async () => { + userEvent.click(renderResult.getByTestId('consolePopupTerminateModalTerminateButton')); + + await waitFor(() => { + expect( + renderResult.getByTestId('consolePopupWrapper').classList.contains('is-hidden') + ).toBe(true); + }); + }); + }); + }); +}); diff --git a/x-pack/plugins/security_solution/public/management/components/console/components/console_manager/console_manager.tsx b/x-pack/plugins/security_solution/public/management/components/console/components/console_manager/console_manager.tsx new file mode 100644 index 0000000000000..f7af8b51d3a15 --- /dev/null +++ b/x-pack/plugins/security_solution/public/management/components/console/components/console_manager/console_manager.tsx @@ -0,0 +1,306 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React, { + memo, + PropsWithChildren, + useCallback, + useContext, + useMemo, + useRef, + useState, +} from 'react'; +import { ConsolePopup } from './components/console_popup'; +import { + ConsoleManagerClient, + ConsoleRegistrationInterface, + RegisteredConsoleClient, +} from './types'; +import { Console } from '../../console'; + +interface ManagedConsole { + client: RegisteredConsoleClient; + consoleProps: ConsoleRegistrationInterface['consoleProps']; + console: JSX.Element; // actual console component + isOpen: boolean; + key: symbol; + onBeforeTerminate?: ConsoleRegistrationInterface['onBeforeTerminate']; +} + +type RunningConsoleStorage = Record; + +interface ConsoleManagerInternalClient { + /** + * Returns the managed console record for the given ConsoleProps object if its being managed + * @param key + */ + getManagedConsole(key: ManagedConsole['key']): ManagedConsole | undefined; +} + +interface ConsoleManagerContextClients { + client: ConsoleManagerClient; + internal: ConsoleManagerInternalClient; +} + +const ConsoleManagerContext = React.createContext( + undefined +); + +export type ConsoleManagerProps = PropsWithChildren<{ + storage?: RunningConsoleStorage; +}>; + +/** + * A console management context. Allow for the show/hide of consoles without them loosing their + * command history while running in "hidden" mode. + */ +export const ConsoleManager = memo(({ storage = {}, children }) => { + const [consoleStorage, setConsoleStorage] = useState(storage); + + // `consoleStorageRef` keeps a copy (reference) to the latest copy of the `consoleStorage` so that + // some exposed methods (ex. `RegisteredConsoleClient`) are guaranteed to be immutable and function + // as expected between state updates without having to re-update every record stored in the `ConsoleStorage` + const consoleStorageRef = useRef(); + consoleStorageRef.current = consoleStorage; + + const validateIdOrThrow = useCallback((id: string) => { + if (!consoleStorageRef.current?.[id]) { + throw new Error(`Console with id ${id} not found`); + } + }, []); // << IMPORTANT: this callback should have no dependencies + + const show = useCallback( + (id) => { + validateIdOrThrow(id); + + setConsoleStorage((prevState) => { + const newState = { ...prevState }; + + // if any is visible, hide it + Object.entries(newState).forEach(([consoleId, managedConsole]) => { + if (managedConsole.isOpen) { + newState[consoleId] = { + ...managedConsole, + isOpen: false, + }; + } + }); + + newState[id] = { + ...newState[id], + isOpen: true, + }; + + return newState; + }); + }, + [validateIdOrThrow] // << IMPORTANT: this callback should have only immutable dependencies + ); + + const hide = useCallback( + (id) => { + validateIdOrThrow(id); + + setConsoleStorage((prevState) => { + return { + ...prevState, + [id]: { + ...prevState[id], + isOpen: false, + }, + }; + }); + }, + [validateIdOrThrow] // << IMPORTANT: this callback should have only immutable dependencies + ); + + const terminate = useCallback( + (id) => { + validateIdOrThrow(id); + + setConsoleStorage((prevState) => { + const { onBeforeTerminate } = prevState[id]; + + if (onBeforeTerminate) { + onBeforeTerminate(); + } + + const newState = { ...prevState }; + delete newState[id]; + + return newState; + }); + }, + [validateIdOrThrow] // << IMPORTANT: this callback should have only immutable dependencies + ); + + const getOne = useCallback( + >(id: string) => { + if (consoleStorageRef.current?.[id]) { + return consoleStorageRef.current[id].client as Readonly>; + } + }, + [] // << IMPORTANT: this callback should have no dependencies or only immutable dependencies + ); + + const getList = useCallback(< + Meta extends object = Record + >() => { + return Object.values(consoleStorage).map( + (managedConsole) => managedConsole.client + ) as ReadonlyArray>>; + }, [consoleStorage]); // << This callack should always use `consoleStorage` + + const isVisible = useCallback((id: string): boolean => { + if (consoleStorageRef.current?.[id]) { + return consoleStorageRef.current[id].isOpen; + } + + return false; + }, []); // << IMPORTANT: this callback should have no dependencies + + const register = useCallback( + ({ id, title, meta, consoleProps, ...otherRegisterProps }) => { + if (consoleStorage[id]) { + throw new Error(`Console with id ${id} already registered`); + } + + const managedKey = Symbol(id); + // Referencing/using the interface methods here (defined in the outer scope of this function) + // is ok because those are immutable and thus will not change between state changes + const showThisConsole = show.bind(null, id); + const hideThisConsole = hide.bind(null, id); + const terminateThisConsole = terminate.bind(null, id); + const isThisConsoleVisible = isVisible.bind(null, id); + + const managedConsole: ManagedConsole = { + ...otherRegisterProps, + client: { + id, + title, + meta, + // The use of `setTimeout()` below is needed because this client interface can be consumed + // prior to the component state being updated. Placing a delay on the execution of these + // methods allows for state to be updated first and then the action is applied. + // So someone can do: `.register({...}).show()` and it will work + show: () => { + setTimeout(showThisConsole, 0); + }, + hide: () => { + setTimeout(hideThisConsole, 0); + }, + terminate: () => { + setTimeout(terminateThisConsole, 0); + }, + isVisible: () => isThisConsoleVisible(), + }, + consoleProps, + console: , + isOpen: false, + key: managedKey, + }; + + setConsoleStorage((prevState) => { + return { + ...prevState, + [id]: managedConsole, + }; + }); + + return managedConsole.client; + }, + [consoleStorage, hide, isVisible, show, terminate] + ); + + const consoleManagerClient = useMemo(() => { + return { + register, + show, + hide, + terminate, + getOne, + getList, + }; + }, [getList, getOne, hide, register, show, terminate]); + + const consoleManageContextClients = useMemo(() => { + return { + client: consoleManagerClient, + internal: { + getManagedConsole(key): ManagedConsole | undefined { + return Object.values(consoleStorage).find((managedConsole) => managedConsole.key === key); + }, + }, + }; + }, [consoleManagerClient, consoleStorage]); + + const visibleConsole = useMemo(() => { + return Object.values(consoleStorage).find((managedConsole) => managedConsole.isOpen); + }, [consoleStorage]); + + const handleOnTerminate = useCallback(() => { + if (visibleConsole) { + consoleManagerClient.terminate(visibleConsole.client.id); + } + }, [consoleManagerClient, visibleConsole]); + + const handleOnHide = useCallback(() => { + if (visibleConsole) { + consoleManagerClient.hide(visibleConsole.client.id); + } + }, [consoleManagerClient, visibleConsole]); + + const runningConsoles = useMemo(() => { + return Object.values(consoleStorage).map((managedConsole) => managedConsole.console); + }, [consoleStorage]); + + return ( + + {children} + + + {runningConsoles} + + + ); +}); +ConsoleManager.displayName = 'ConsoleManager'; + +/** + * Returns the interface for managing consoles withing a `` context. + */ +export const useConsoleManager = (): ConsoleManagerClient => { + const consoleManagerClients = useContext(ConsoleManagerContext); + + if (!consoleManagerClients) { + throw new Error('ConsoleManagerContext not found'); + } + + return consoleManagerClients.client; +}; + +/** + * For internal use within Console code only! + * Hook will return the `ManagedConsole` interface stored in the manager if it finds + * the `ConsoleProps` provided on input to be one that the ConsoleManager is tracking. + * + * @protected + */ +export const useWithManagedConsole = ( + key: ManagedConsole['key'] | undefined +): ManagedConsole | undefined => { + const consoleManagerClients = useContext(ConsoleManagerContext); + + if (key && consoleManagerClients) { + return consoleManagerClients.internal.getManagedConsole(key); + } +}; diff --git a/x-pack/plugins/security_solution/public/management/components/console/components/console_magenement_provider/index.ts b/x-pack/plugins/security_solution/public/management/components/console/components/console_manager/index.ts similarity index 78% rename from x-pack/plugins/security_solution/public/management/components/console/components/console_magenement_provider/index.ts rename to x-pack/plugins/security_solution/public/management/components/console/components/console_manager/index.ts index 8d7de159bbc5a..d2fa363844042 100644 --- a/x-pack/plugins/security_solution/public/management/components/console/components/console_magenement_provider/index.ts +++ b/x-pack/plugins/security_solution/public/management/components/console/components/console_manager/index.ts @@ -5,4 +5,4 @@ * 2.0. */ -// FIXME:PT implement a React context to manage consoles +export { ConsoleManager, useConsoleManager } from './console_manager'; diff --git a/x-pack/plugins/security_solution/public/management/components/console/components/console_manager/mocks.tsx b/x-pack/plugins/security_solution/public/management/components/console/components/console_manager/mocks.tsx new file mode 100644 index 0000000000000..57ec4246caf41 --- /dev/null +++ b/x-pack/plugins/security_solution/public/management/components/console/components/console_manager/mocks.tsx @@ -0,0 +1,78 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React, { memo, useCallback } from 'react'; +import { EuiButton, EuiFlexGroup, EuiFlexItem, EuiSpacer } from '@elastic/eui'; +import { ConsoleRegistrationInterface, RegisteredConsoleClient } from './types'; +import { useConsoleManager } from './console_manager'; +import { getCommandServiceMock } from '../../mocks'; + +export const getNewConsoleRegistrationMock = ( + overrides: Partial = {} +): ConsoleRegistrationInterface => { + return { + id: Math.random().toString(36), + title: 'Test console', + meta: { about: 'for unit testing ' }, + consoleProps: { + 'data-test-subj': 'testRunningConsole', + commandService: getCommandServiceMock(), + }, + onBeforeTerminate: jest.fn(), + ...overrides, + }; +}; + +const RunningConsole = memo<{ registeredConsole: RegisteredConsoleClient }>( + ({ registeredConsole }) => { + const handleShowOnClick = useCallback(() => { + registeredConsole.show(); + }, [registeredConsole]); + + return ( +
+ + + {registeredConsole.title} + + + + {'show'} + + + + +
+ ); + } +); +RunningConsole.displayName = 'RunningConsole'; + +export const ConsoleManagerTestComponent = memo(() => { + const consoleManager = useConsoleManager(); + const handleRegisterNewConsoleOnClick = useCallback(() => { + consoleManager.register(getNewConsoleRegistrationMock()); + }, [consoleManager]); + + return ( +
+
+ + {'Register and show new managed console'} + +
+
+ {consoleManager.getList().map((registeredConsole) => { + return ( + + ); + })} +
+
+ ); +}); +ConsoleManagerTestComponent.displayName = 'ConsoleManagerTestComponent'; diff --git a/x-pack/plugins/security_solution/public/management/components/console/components/console_manager/types.ts b/x-pack/plugins/security_solution/public/management/components/console/components/console_manager/types.ts new file mode 100644 index 0000000000000..241d3183e1fdc --- /dev/null +++ b/x-pack/plugins/security_solution/public/management/components/console/components/console_manager/types.ts @@ -0,0 +1,57 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { ReactNode } from 'react'; +import { ConsoleProps } from '../../types'; + +export interface ConsoleRegistrationInterface> { + id: string; + /** The title for the console popup */ + title: ReactNode; + consoleProps: ConsoleProps; + onBeforeTerminate?: () => void; + /** + * Any additional metadata about the console. Helpful for when consuming Registered consoles + * (ex. could hold the details data for the Host that the console is opened against) + */ + meta?: Meta; +} + +export interface RegisteredConsoleClient> + extends Pick, 'id' | 'title' | 'meta'> { + show(): void; + + hide(): void; + + terminate(): void; + + isVisible(): boolean; +} + +export interface ConsoleManagerClient { + /** Registers a new console */ + register(console: ConsoleRegistrationInterface): Readonly; + + /** Opens console in a dialog */ + show(id: string): void; + + /** Hides the console (minimize) */ + hide(id: string): void; + + /** Removes the console from management and calls `onBeforeClose` if one was defined */ + terminate(id: string): void; + + /** Retrieve a running console */ + getOne>( + id: string + ): Readonly> | undefined; + + /** Get a list of running consoles */ + getList>(): ReadonlyArray< + Readonly> + >; +} diff --git a/x-pack/plugins/security_solution/public/management/components/console/components/console_state/state_update_handlers/handle_execute_command.test.tsx b/x-pack/plugins/security_solution/public/management/components/console/components/console_state/state_update_handlers/handle_execute_command.test.tsx index b6a8e4db52340..06ecc344d5596 100644 --- a/x-pack/plugins/security_solution/public/management/components/console/components/console_state/state_update_handlers/handle_execute_command.test.tsx +++ b/x-pack/plugins/security_solution/public/management/components/console/components/console_state/state_update_handlers/handle_execute_command.test.tsx @@ -6,11 +6,11 @@ */ import React from 'react'; -import { ConsoleProps } from '../../../console'; import { AppContextTestRender } from '../../../../../../common/mock/endpoint'; import { getConsoleTestSetup } from '../../../mocks'; import type { ConsoleTestSetup } from '../../../mocks'; import { waitFor } from '@testing-library/react'; +import { ConsoleProps } from '../../../types'; describe('When a Console command is entered by the user', () => { let render: (props?: Partial) => ReturnType; diff --git a/x-pack/plugins/security_solution/public/management/components/console/console.test.tsx b/x-pack/plugins/security_solution/public/management/components/console/console.test.tsx index 9adeaa72d683e..e0722c5cf68ce 100644 --- a/x-pack/plugins/security_solution/public/management/components/console/console.test.tsx +++ b/x-pack/plugins/security_solution/public/management/components/console/console.test.tsx @@ -6,9 +6,9 @@ */ import { AppContextTestRender } from '../../../common/mock/endpoint'; -import { ConsoleProps } from './console'; import { getConsoleTestSetup } from './mocks'; import userEvent from '@testing-library/user-event'; +import { ConsoleProps } from './types'; describe('When using Console component', () => { let render: (props?: Partial) => ReturnType; diff --git a/x-pack/plugins/security_solution/public/management/components/console/console.tsx b/x-pack/plugins/security_solution/public/management/components/console/console.tsx index 6c64a045c86fe..0f3645037df02 100644 --- a/x-pack/plugins/security_solution/public/management/components/console/console.tsx +++ b/x-pack/plugins/security_solution/public/management/components/console/console.tsx @@ -6,13 +6,14 @@ */ import React, { memo, useCallback, useRef } from 'react'; -import { CommonProps, EuiFlexGroup, EuiFlexItem, EuiPanel } from '@elastic/eui'; +import { EuiFlexGroup, EuiFlexItem, EuiPanel } from '@elastic/eui'; import styled from 'styled-components'; import { HistoryOutput } from './components/history_output'; import { CommandInput, CommandInputProps } from './components/command_input'; -import { CommandServiceInterface } from './types'; +import { ConsoleProps } from './types'; import { ConsoleStateProvider } from './components/console_state'; import { useTestIdGenerator } from '../hooks/use_test_id_generator'; +import { useWithManagedConsole } from './components/console_manager/console_manager'; // FIXME:PT implement dark mode for the console or light mode switch @@ -43,58 +44,65 @@ const ConsoleWindow = styled.div` } `; -export interface ConsoleProps extends CommonProps, Pick { - commandService: CommandServiceInterface; -} +export const Console = memo( + ({ prompt, commandService, managedKey, ...commonProps }) => { + const consoleWindowRef = useRef(null); + const inputFocusRef: CommandInputProps['focusRef'] = useRef(null); + const getTestId = useTestIdGenerator(commonProps['data-test-subj']); + const managedConsole = useWithManagedConsole(managedKey); -export const Console = memo(({ prompt, commandService, ...commonProps }) => { - const consoleWindowRef = useRef(null); - const inputFocusRef: CommandInputProps['focusRef'] = useRef(null); - const getTestId = useTestIdGenerator(commonProps['data-test-subj']); + const scrollToBottom = useCallback(() => { + // We need the `setTimeout` here because in some cases, the command output + // will take a bit of time to populate its content due to the use of Promises + setTimeout(() => { + if (consoleWindowRef.current) { + consoleWindowRef.current.scrollTop = consoleWindowRef.current.scrollHeight; + } + }, 1); - const scrollToBottom = useCallback(() => { - // We need the `setTimeout` here because in some cases, the command output - // will take a bit of time to populate its content due to the use of Promises - setTimeout(() => { - if (consoleWindowRef.current) { - consoleWindowRef.current.scrollTop = consoleWindowRef.current.scrollHeight; - } - }, 1); - - // NOTE: its IMPORTANT that this callback does NOT have any dependencies, because - // it is stored in State and currently not updated if it changes - }, []); + // NOTE: its IMPORTANT that this callback does NOT have any dependencies, because + // it is stored in State and currently not updated if it changes + }, []); - const handleConsoleClick = useCallback(() => { - if (inputFocusRef.current) { - inputFocusRef.current(); - } - }, []); + const handleConsoleClick = useCallback(() => { + if (inputFocusRef.current) { + inputFocusRef.current(); + } + }, []); - return ( - + return ( - - - - - - - - - - + {/* + If this is a managed console, then we only show its content if it is open. + The state provider, however, continues to be rendered so that as updates to pending + commands are received, those will still make it to the console's state and be + shown when the console is eventually opened again. + */} + {!managedConsole || managedConsole.isOpen ? ( + + + + + + + + + + + + + ) : null} - - ); -}); + ); + } +); Console.displayName = 'Console'; diff --git a/x-pack/plugins/security_solution/public/management/components/console/index.ts b/x-pack/plugins/security_solution/public/management/components/console/index.ts index 81244b3013b36..4264aa5a8f830 100644 --- a/x-pack/plugins/security_solution/public/management/components/console/index.ts +++ b/x-pack/plugins/security_solution/public/management/components/console/index.ts @@ -6,5 +6,10 @@ */ export { Console } from './console'; -export type { ConsoleProps } from './console'; -export type { CommandServiceInterface, CommandDefinition, Command } from './types'; +export { ConsoleManager, useConsoleManager } from './components/console_manager'; +export type { CommandServiceInterface, CommandDefinition, Command, ConsoleProps } from './types'; +export type { + ConsoleRegistrationInterface, + RegisteredConsoleClient, + ConsoleManagerClient, +} from './components/console_manager/types'; diff --git a/x-pack/plugins/security_solution/public/management/components/console/mocks.tsx b/x-pack/plugins/security_solution/public/management/components/console/mocks.tsx index 693daf83ed6ea..d89c5f5374d47 100644 --- a/x-pack/plugins/security_solution/public/management/components/console/mocks.tsx +++ b/x-pack/plugins/security_solution/public/management/components/console/mocks.tsx @@ -12,8 +12,7 @@ import { EuiCode } from '@elastic/eui'; import userEvent from '@testing-library/user-event'; import { act } from '@testing-library/react'; import { Console } from './console'; -import type { ConsoleProps } from './console'; -import type { Command, CommandServiceInterface } from './types'; +import type { Command, CommandServiceInterface, ConsoleProps } from './types'; import type { AppContextTestRender } from '../../../common/mock/endpoint'; import { createAppRootMockRenderer } from '../../../common/mock/endpoint'; import { CommandDefinition } from './types'; @@ -37,6 +36,39 @@ export interface ConsoleTestSetup { ): void; } +/** + * Finds the console in the Render Result and enters the command provided + * @param renderResult + * @param cmd + * @param inputOnly + * @param useKeyboard + * @param dataTestSubj + */ +export const enterConsoleCommand = ( + renderResult: ReturnType, + cmd: string, + { + inputOnly = false, + useKeyboard = false, + dataTestSubj = 'test', + }: Partial<{ inputOnly: boolean; useKeyboard: boolean; dataTestSubj: string }> = {} +): void => { + const keyCaptureInput = renderResult.getByTestId(`${dataTestSubj}-keyCapture-input`); + + act(() => { + if (useKeyboard) { + userEvent.click(keyCaptureInput); + userEvent.keyboard(cmd); + } else { + userEvent.type(keyCaptureInput, cmd); + } + + if (!inputOnly) { + userEvent.keyboard('{enter}'); + } + }); +}; + export const getConsoleTestSetup = (): ConsoleTestSetup => { const mockedContext = createAppRootMockRenderer(); @@ -64,24 +96,8 @@ export const getConsoleTestSetup = (): ConsoleTestSetup => { )); }; - const enterCommand: ConsoleTestSetup['enterCommand'] = ( - cmd, - { inputOnly = false, useKeyboard = false } = {} - ) => { - const keyCaptureInput = renderResult.getByTestId('test-keyCapture-input'); - - act(() => { - if (useKeyboard) { - userEvent.click(keyCaptureInput); - userEvent.keyboard(cmd); - } else { - userEvent.type(keyCaptureInput, cmd); - } - - if (!inputOnly) { - userEvent.keyboard('{enter}'); - } - }); + const enterCommand: ConsoleTestSetup['enterCommand'] = (cmd, options = {}) => { + enterConsoleCommand(renderResult, cmd, options); }; return { diff --git a/x-pack/plugins/security_solution/public/management/components/console/types.ts b/x-pack/plugins/security_solution/public/management/components/console/types.ts index e2b6d5c2a84aa..6b15f03988313 100644 --- a/x-pack/plugins/security_solution/public/management/components/console/types.ts +++ b/x-pack/plugins/security_solution/public/management/components/console/types.ts @@ -6,6 +6,7 @@ */ import { ReactNode } from 'react'; +import { CommonProps } from '@elastic/eui'; import { ParsedArgData, ParsedCommandInput } from './service/parsed_command_input'; export interface CommandDefinition { @@ -62,3 +63,14 @@ export interface CommandServiceInterface { */ getCommandUsage?: (command: CommandDefinition) => Promise<{ result: ReactNode }>; } + +export interface ConsoleProps extends CommonProps { + commandService: CommandServiceInterface; + prompt?: string; + /** + * For internal use only! + * Provided by the ConsoleManager to indicate that the console is being managed by it + * @private + */ + managedKey?: symbol; +} diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/dev_console.tsx b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/dev_console.tsx index 7fb057809919e..6761a32c6fb65 100644 --- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/dev_console.tsx +++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/dev_console.tsx @@ -5,8 +5,16 @@ * 2.0. */ -import React, { memo, useMemo } from 'react'; -import { EuiCode } from '@elastic/eui'; +import React, { memo, useCallback, useMemo } from 'react'; +import { + EuiButton, + EuiCode, + EuiFlexGroup, + EuiFlexItem, + EuiPanel, + EuiSpacer, + EuiText, +} from '@elastic/eui'; import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features'; import { useUrlParams } from '../../../components/hooks/use_url_params'; import { @@ -14,6 +22,8 @@ import { CommandDefinition, CommandServiceInterface, Console, + RegisteredConsoleClient, + useConsoleManager, } from '../../../components/console'; const delay = async (ms: number = 4000) => new Promise((r) => setTimeout(r, ms)); @@ -25,6 +35,17 @@ class DevCommandService implements CommandServiceInterface { name: 'cmd1', about: 'Runs cmd1', }, + { + name: 'get-file', + about: 'retrieve a file from the endpoint', + args: { + file: { + required: true, + allowMultiples: false, + about: 'the file path for the file to be retrieved', + }, + }, + }, { name: 'cmd2', about: 'runs cmd 2', @@ -71,25 +92,101 @@ class DevCommandService implements CommandServiceInterface { } } +const RunningConsole = memo<{ registeredConsole: RegisteredConsoleClient }>( + ({ registeredConsole }) => { + const handleShowOnClick = useCallback(() => { + registeredConsole.show(); + }, [registeredConsole]); + + const handleTerminateOnClick = useCallback(() => { + registeredConsole.terminate(); + }, [registeredConsole]); + + return ( + <> + + {registeredConsole.title} + + + + + {'terminate'} + + + + {'show'} + + + + + + + ); + } +); +RunningConsole.displayName = 'RunningConsole'; + // ------------------------------------------------------------ // FOR DEV PURPOSES ONLY // FIXME:PT Delete once we have support via row actions menu // ------------------------------------------------------------ -export const DevConsole = memo(() => { - const isConsoleEnabled = useIsExperimentalFeatureEnabled('responseActionsConsoleEnabled'); - - const consoleService = useMemo(() => { +export const ShowDevConsole = memo(() => { + const consoleManager = useConsoleManager(); + const commandService = useMemo(() => { return new DevCommandService(); }, []); + const handleRegisterOnClick = useCallback(() => { + consoleManager + .register({ + id: Math.random().toString(36), // getId(), + title: 'Test console here', + meta: { + foo: 'bar', + }, + consoleProps: { + prompt: '>>', + commandService, + 'data-test-subj': 'dev', + }, + }) + .show(); + }, [commandService, consoleManager]); + + return ( + + + + {'Open a managed console'} + + + {consoleManager.getList<{ foo: string }>().map((registeredConsole) => { + return ( + + ); + })} + + + + + + +

{'Un-managed console'}

+ + + + + + ); +}); +ShowDevConsole.displayName = 'ShowDevConsole'; + +export const DevConsole = memo(() => { + const isConsoleEnabled = useIsExperimentalFeatureEnabled('responseActionsConsoleEnabled'); const { urlParams: { showConsole = false }, } = useUrlParams(); - return isConsoleEnabled && showConsole ? ( -
- -
- ) : null; + return isConsoleEnabled && showConsole ? : null; }); DevConsole.displayName = 'DevConsole'; diff --git a/x-pack/plugins/session_view/public/components/session_view/hooks.ts b/x-pack/plugins/session_view/public/components/session_view/hooks.ts index 8c69c34e2c3db..7c2003beb53c3 100644 --- a/x-pack/plugins/session_view/public/components/session_view/hooks.ts +++ b/x-pack/plugins/session_view/public/components/session_view/hooks.ts @@ -107,6 +107,7 @@ export const useFetchSessionViewAlerts = (sessionEntityId: string) => { refetchOnWindowFocus: false, refetchOnMount: false, refetchOnReconnect: false, + cacheTime: 0, } ); diff --git a/x-pack/plugins/snapshot_restore/public/application/app.tsx b/x-pack/plugins/snapshot_restore/public/application/app.tsx index f7056a673cfbb..d2de3dba3d25f 100644 --- a/x-pack/plugins/snapshot_restore/public/application/app.tsx +++ b/x-pack/plugins/snapshot_restore/public/application/app.tsx @@ -18,6 +18,7 @@ import { PageError, WithPrivileges, NotAuthorizedSection, + useExecutionContext, } from '../shared_imports'; import { PageLoading } from './components'; import { DEFAULT_SECTION, Section } from './constants'; @@ -29,11 +30,12 @@ import { PolicyAdd, PolicyEdit, } from './sections'; -import { useConfig } from './app_context'; +import { useAppContext, useConfig } from './app_context'; export const App: React.FunctionComponent = () => { const { slm_ui: slmUi } = useConfig(); const { apiError } = useAuthorizationContext(); + const { core } = useAppContext(); const sections: Section[] = ['repositories', 'snapshots', 'restore_status']; @@ -43,6 +45,11 @@ export const App: React.FunctionComponent = () => { const sectionsRegex = sections.join('|'); + useExecutionContext(core.executionContext, { + type: 'application', + page: 'snapshotRestore', + }); + return apiError ? ( { return linkToRepository(newRepositoryName); @@ -67,6 +68,11 @@ export const RepositoryList: React.FunctionComponent { } = useLoadRestores(currentInterval); const { uiMetricService, history } = useServices(); + const { core } = useAppContext(); // Track component loaded useEffect(() => { uiMetricService.trackUiMetric(UIM_RESTORE_LIST_LOAD); }, [uiMetricService]); + useExecutionContext(core.executionContext, { + type: 'application', + page: 'snapshotRestoreRestoreTab', + }); + let content: JSX.Element; if (isInitialRequest) { diff --git a/x-pack/plugins/snapshot_restore/public/application/sections/home/snapshot_list/snapshot_list.tsx b/x-pack/plugins/snapshot_restore/public/application/sections/home/snapshot_list/snapshot_list.tsx index 0245f14addd42..bfc276410ebc6 100644 --- a/x-pack/plugins/snapshot_restore/public/application/sections/home/snapshot_list/snapshot_list.tsx +++ b/x-pack/plugins/snapshot_restore/public/application/sections/home/snapshot_list/snapshot_list.tsx @@ -11,11 +11,17 @@ import { FormattedMessage } from '@kbn/i18n-react'; import { RouteComponentProps } from 'react-router-dom'; import { EuiCallOut, EuiLink, EuiSpacer } from '@elastic/eui'; -import { PageLoading, PageError, Error, reactRouterNavigate } from '../../../../shared_imports'; +import { + PageLoading, + PageError, + Error, + reactRouterNavigate, + useExecutionContext, +} from '../../../../shared_imports'; import { BASE_PATH, UIM_SNAPSHOT_LIST_LOAD } from '../../../constants'; import { useLoadSnapshots } from '../../../services/http'; import { linkToRepositories } from '../../../services/navigation'; -import { useServices } from '../../../app_context'; +import { useAppContext, useServices } from '../../../app_context'; import { useDecodedParams, SnapshotListParams, DEFAULT_SNAPSHOT_LIST_PARAMS } from '../../../lib'; import { SnapshotDetails } from './snapshot_details'; @@ -52,6 +58,7 @@ export const SnapshotList: React.FunctionComponent { history.push(`${BASE_PATH}/snapshots`); @@ -74,6 +81,11 @@ export const SnapshotList: React.FunctionComponent { if (search) { diff --git a/x-pack/plugins/snapshot_restore/public/shared_imports.ts b/x-pack/plugins/snapshot_restore/public/shared_imports.ts index 65c2bc7dc0f77..21792338caece 100644 --- a/x-pack/plugins/snapshot_restore/public/shared_imports.ts +++ b/x-pack/plugins/snapshot_restore/public/shared_imports.ts @@ -33,4 +33,5 @@ export { APP_WRAPPER_CLASS } from '../../../../src/core/public'; export { reactRouterNavigate, KibanaThemeProvider, + useExecutionContext, } from '../../../../src/plugins/kibana_react/public'; diff --git a/x-pack/plugins/spaces/public/share_saved_objects_to_space/components/selectable_spaces_control.tsx b/x-pack/plugins/spaces/public/share_saved_objects_to_space/components/selectable_spaces_control.tsx index 72976d7bd3157..849a8a7805185 100644 --- a/x-pack/plugins/spaces/public/share_saved_objects_to_space/components/selectable_spaces_control.tsx +++ b/x-pack/plugins/spaces/public/share_saved_objects_to_space/components/selectable_spaces_control.tsx @@ -50,7 +50,9 @@ type SpaceOption = EuiSelectableOption & { ['data-space-id']: string }; const ROW_HEIGHT = 40; const APPEND_ACTIVE_SPACE = ( - {i18n.translate('xpack.spaces.shareToSpace.currentSpaceBadge', { defaultMessage: 'Current' })} + {i18n.translate('xpack.spaces.shareToSpace.currentSpaceBadge', { + defaultMessage: 'This space', + })} ); const APPEND_CANNOT_SELECT = ( @@ -92,23 +94,26 @@ export const SelectableSpacesControl = (props: Props) => { const activeSpaceId = !enableSpaceAgnosticBehavior && spaces.find((space) => space.isActiveSpace)!.id; const isGlobalControlChecked = selectedSpaceIds.includes(ALL_SPACES_ID); - const options = spaces - .filter( - // filter out spaces that are not already selected and have the feature disabled in that space - ({ id, isFeatureDisabled }) => !isFeatureDisabled || initiallySelectedSpaceIds.includes(id) - ) + const filteredSpaces = spaces.filter( + // filter out spaces that are not already selected and have the feature disabled in that space + ({ id, isFeatureDisabled }) => + !isFeatureDisabled || initiallySelectedSpaceIds.includes(id) || isGlobalControlChecked + ); + + const options = filteredSpaces .sort(createSpacesComparator(activeSpaceId)) .map((space) => { const checked = selectedSpaceIds.includes(space.id); const { isAvatarDisabled, ...additionalProps } = getAdditionalProps( space, activeSpaceId, - checked + checked, + isGlobalControlChecked ); return { label: space.name, prepend: , // wrapped in a Suspense below - checked: checked ? 'on' : undefined, + checked: checked || isGlobalControlChecked ? 'on' : undefined, ['data-space-id']: space.id, ['data-test-subj']: `sts-space-selector-row-${space.id}`, ...(isGlobalControlChecked && { disabled: true }), @@ -134,14 +139,16 @@ export const SelectableSpacesControl = (props: Props) => { return null; } + const hiddenCount = selectedSpaceIds.filter((id) => id === UNKNOWN_SPACE).length; const docLink = docLinks?.links.security.kibanaPrivileges; return ( { // if space-agnostic behavior is not enabled, the active space is not selected or deselected by the user, so we have to artificially pad the count for this label const selectedCountPad = enableSpaceAgnosticBehavior ? 0 : 1; - const selectedCount = - selectedSpaceIds.filter((id) => id !== ALL_SPACES_ID && id !== UNKNOWN_SPACE).length + - selectedCountPad; - const hiddenCount = selectedSpaceIds.filter((id) => id === UNKNOWN_SPACE).length; + const selectedCount = isGlobalControlChecked + ? filteredSpaces.length + : selectedSpaceIds.filter((id) => id !== ALL_SPACES_ID && id !== UNKNOWN_SPACE).length + + selectedCountPad; const selectSpacesLabel = i18n.translate( 'xpack.spaces.shareToSpace.shareModeControl.selectSpacesLabel', { defaultMessage: 'Select spaces' } ); const selectedSpacesLabel = i18n.translate( 'xpack.spaces.shareToSpace.shareModeControl.selectedCountLabel', - { defaultMessage: '{selectedCount} selected', values: { selectedCount } } - ); - const hiddenSpacesLabel = i18n.translate( - 'xpack.spaces.shareToSpace.shareModeControl.hiddenCountLabel', - { defaultMessage: '+{hiddenCount} hidden', values: { hiddenCount } } + { + defaultMessage: '{selectedCount}/{totalCount} selected', + values: { selectedCount, totalCount: filteredSpaces.length }, + } ); - const hiddenSpaces = hiddenCount ? {hiddenSpacesLabel} : null; return ( <> - - {selectedSpacesLabel} - - {hiddenSpaces} - - } + labelAppend={{selectedSpacesLabel}} fullWidth > <> - + }> { function getAdditionalProps( space: SpacesDataEntry, activeSpaceId: string | false, - checked: boolean + checked: boolean, + isGlobalControlChecked: boolean ) { if (space.id === activeSpaceId) { return { @@ -251,7 +255,7 @@ function getAdditionalProps( checked: 'on' as 'on', }; } - if (!space.isAuthorizedForPurpose('shareSavedObjectsIntoSpace')) { + if (!isGlobalControlChecked && !space.isAuthorizedForPurpose('shareSavedObjectsIntoSpace')) { return { append: ( <> @@ -259,6 +263,7 @@ function getAdditionalProps( {space.isFeatureDisabled ? APPEND_FEATURE_IS_DISABLED : null} ), + ...(space.isFeatureDisabled && { isAvatarDisabled: true }), disabled: true, }; } diff --git a/x-pack/plugins/spaces/public/share_saved_objects_to_space/components/share_mode_control.tsx b/x-pack/plugins/spaces/public/share_saved_objects_to_space/components/share_mode_control.tsx index 6e39a554420ec..0e8992ea6a3df 100644 --- a/x-pack/plugins/spaces/public/share_saved_objects_to_space/components/share_mode_control.tsx +++ b/x-pack/plugins/spaces/public/share_saved_objects_to_space/components/share_mode_control.tsx @@ -147,7 +147,7 @@ export const ShareModeControl = (props: Props) => { - + { - + { - Current + This space `); // by definition, the active space will always be checked diff --git a/x-pack/plugins/spaces/public/share_saved_objects_to_space/components/share_to_space_flyout_internal.tsx b/x-pack/plugins/spaces/public/share_saved_objects_to_space/components/share_to_space_flyout_internal.tsx index 21bf46773e0bb..71bbae4aa3178 100644 --- a/x-pack/plugins/spaces/public/share_saved_objects_to_space/components/share_to_space_flyout_internal.tsx +++ b/x-pack/plugins/spaces/public/share_saved_objects_to_space/components/share_to_space_flyout_internal.tsx @@ -346,7 +346,7 @@ export const ShareToSpaceFlyoutInternal = (props: ShareToSpaceFlyoutProps) => { referenceGraph={referenceGraph} isDisabled={isStartShareButtonDisabled} /> - + onClose()} @@ -407,10 +407,10 @@ export const ShareToSpaceFlyoutInternal = (props: ShareToSpaceFlyoutProps) => { return ( - + {flyoutIcon && ( - + )} @@ -424,10 +424,11 @@ export const ShareToSpaceFlyoutInternal = (props: ShareToSpaceFlyoutProps) => { - + {savedObjectTarget.icon && ( diff --git a/x-pack/plugins/spaces/public/space_list/space_list_internal.tsx b/x-pack/plugins/spaces/public/space_list/space_list_internal.tsx index 17403fe7134eb..9d0bbd344c647 100644 --- a/x-pack/plugins/spaces/public/space_list/space_list_internal.tsx +++ b/x-pack/plugins/spaces/public/space_list/space_list_internal.tsx @@ -44,6 +44,7 @@ export const SpaceListInternal = ({ displayLimit = DEFAULT_DISPLAY_LIMIT, behaviorContext, listOnClick = () => {}, + cursorStyle, }: SpaceListProps) => { const { spacesDataPromise } = useSpaces(); @@ -148,6 +149,9 @@ export const SpaceListInternal = ({ ) : null; + const styleProps = { + style: cursorStyle ? { cursor: cursorStyle } : undefined, + }; return ( }> @@ -162,7 +166,7 @@ export const SpaceListInternal = ({ size={'s'} onClick={listOnClick} onKeyPress={listOnClick} - style={{ cursor: 'pointer' }} + {...styleProps} /> ); diff --git a/x-pack/plugins/spaces/public/space_list/types.ts b/x-pack/plugins/spaces/public/space_list/types.ts index a167b51155036..65d66e4073b25 100644 --- a/x-pack/plugins/spaces/public/space_list/types.ts +++ b/x-pack/plugins/spaces/public/space_list/types.ts @@ -32,4 +32,8 @@ export interface SpaceListProps { * Click handler for spaces list, specifically excluding expand and contract buttons. */ listOnClick?: () => void; + /** + * Style for the cursor when mousing over space avatars. + */ + cursorStyle?: string; } diff --git a/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json b/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json index 1a3e32a3ccd6f..02cbcf2c7b0c0 100644 --- a/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json +++ b/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json @@ -6118,6 +6118,22 @@ } } } + }, + "error_codes": { + "properties": { + "authentication_expired_error": { + "type": "long" + }, + "queue_timeout_error": { + "type": "long" + }, + "unknown_error": { + "type": "long" + }, + "kibana_shutting_down_error": { + "type": "long" + } + } } } }, @@ -6192,6 +6208,22 @@ } } } + }, + "error_codes": { + "properties": { + "authentication_expired_error": { + "type": "long" + }, + "queue_timeout_error": { + "type": "long" + }, + "unknown_error": { + "type": "long" + }, + "kibana_shutting_down_error": { + "type": "long" + } + } } } }, @@ -6282,6 +6314,31 @@ } } } + }, + "error_codes": { + "properties": { + "authentication_expired_error": { + "type": "long" + }, + "queue_timeout_error": { + "type": "long" + }, + "unknown_error": { + "type": "long" + }, + "kibana_shutting_down_error": { + "type": "long" + }, + "browser_could_not_launch_error": { + "type": "long" + }, + "browser_unexpectedly_closed_error": { + "type": "long" + }, + "browser_screenshot_error": { + "type": "long" + } + } } } }, @@ -6372,6 +6429,31 @@ } } } + }, + "error_codes": { + "properties": { + "authentication_expired_error": { + "type": "long" + }, + "queue_timeout_error": { + "type": "long" + }, + "unknown_error": { + "type": "long" + }, + "kibana_shutting_down_error": { + "type": "long" + }, + "browser_could_not_launch_error": { + "type": "long" + }, + "browser_unexpectedly_closed_error": { + "type": "long" + }, + "browser_screenshot_error": { + "type": "long" + } + } } } }, @@ -6491,6 +6573,34 @@ } } } + }, + "error_codes": { + "properties": { + "pdf_worker_out_of_memory_error": { + "type": "long" + }, + "authentication_expired_error": { + "type": "long" + }, + "queue_timeout_error": { + "type": "long" + }, + "unknown_error": { + "type": "long" + }, + "kibana_shutting_down_error": { + "type": "long" + }, + "browser_could_not_launch_error": { + "type": "long" + }, + "browser_unexpectedly_closed_error": { + "type": "long" + }, + "browser_screenshot_error": { + "type": "long" + } + } } } }, @@ -6610,6 +6720,34 @@ } } } + }, + "error_codes": { + "properties": { + "pdf_worker_out_of_memory_error": { + "type": "long" + }, + "authentication_expired_error": { + "type": "long" + }, + "queue_timeout_error": { + "type": "long" + }, + "unknown_error": { + "type": "long" + }, + "kibana_shutting_down_error": { + "type": "long" + }, + "browser_could_not_launch_error": { + "type": "long" + }, + "browser_unexpectedly_closed_error": { + "type": "long" + }, + "browser_screenshot_error": { + "type": "long" + } + } } } }, @@ -7243,6 +7381,22 @@ } } } + }, + "error_codes": { + "properties": { + "authentication_expired_error": { + "type": "long" + }, + "queue_timeout_error": { + "type": "long" + }, + "unknown_error": { + "type": "long" + }, + "kibana_shutting_down_error": { + "type": "long" + } + } } } }, @@ -7317,6 +7471,22 @@ } } } + }, + "error_codes": { + "properties": { + "authentication_expired_error": { + "type": "long" + }, + "queue_timeout_error": { + "type": "long" + }, + "unknown_error": { + "type": "long" + }, + "kibana_shutting_down_error": { + "type": "long" + } + } } } }, @@ -7407,6 +7577,31 @@ } } } + }, + "error_codes": { + "properties": { + "authentication_expired_error": { + "type": "long" + }, + "queue_timeout_error": { + "type": "long" + }, + "unknown_error": { + "type": "long" + }, + "kibana_shutting_down_error": { + "type": "long" + }, + "browser_could_not_launch_error": { + "type": "long" + }, + "browser_unexpectedly_closed_error": { + "type": "long" + }, + "browser_screenshot_error": { + "type": "long" + } + } } } }, @@ -7497,6 +7692,31 @@ } } } + }, + "error_codes": { + "properties": { + "authentication_expired_error": { + "type": "long" + }, + "queue_timeout_error": { + "type": "long" + }, + "unknown_error": { + "type": "long" + }, + "kibana_shutting_down_error": { + "type": "long" + }, + "browser_could_not_launch_error": { + "type": "long" + }, + "browser_unexpectedly_closed_error": { + "type": "long" + }, + "browser_screenshot_error": { + "type": "long" + } + } } } }, @@ -7616,6 +7836,34 @@ } } } + }, + "error_codes": { + "properties": { + "pdf_worker_out_of_memory_error": { + "type": "long" + }, + "authentication_expired_error": { + "type": "long" + }, + "queue_timeout_error": { + "type": "long" + }, + "unknown_error": { + "type": "long" + }, + "kibana_shutting_down_error": { + "type": "long" + }, + "browser_could_not_launch_error": { + "type": "long" + }, + "browser_unexpectedly_closed_error": { + "type": "long" + }, + "browser_screenshot_error": { + "type": "long" + } + } } } }, @@ -7735,6 +7983,34 @@ } } } + }, + "error_codes": { + "properties": { + "pdf_worker_out_of_memory_error": { + "type": "long" + }, + "authentication_expired_error": { + "type": "long" + }, + "queue_timeout_error": { + "type": "long" + }, + "unknown_error": { + "type": "long" + }, + "kibana_shutting_down_error": { + "type": "long" + }, + "browser_could_not_launch_error": { + "type": "long" + }, + "browser_unexpectedly_closed_error": { + "type": "long" + }, + "browser_screenshot_error": { + "type": "long" + } + } } } }, diff --git a/x-pack/plugins/translations/translations/fr-FR.json b/x-pack/plugins/translations/translations/fr-FR.json index ddb2ca0490c48..77c09a803d2e8 100644 --- a/x-pack/plugins/translations/translations/fr-FR.json +++ b/x-pack/plugins/translations/translations/fr-FR.json @@ -23269,7 +23269,6 @@ "xpack.spaces.shareToSpace.allSpacesTarget": "tous les espaces", "xpack.spaces.shareToSpace.cancelButton": "Annuler", "xpack.spaces.shareToSpace.continueButton": "Continuer", - "xpack.spaces.shareToSpace.currentSpaceBadge": "Actuel", "xpack.spaces.shareToSpace.featureIsDisabledTooltip": "Cette fonctionnalité est désactivée dans cet espace.", "xpack.spaces.shareToSpace.flyoutTitle": "Attribuer {objectNoun} aux espaces", "xpack.spaces.shareToSpace.noAvailableSpaces.canCreateNewSpace.linkText": "créer un nouvel espace", @@ -23284,8 +23283,6 @@ "xpack.spaces.shareToSpace.saveButton": "Enregistrer et fermer", "xpack.spaces.shareToSpace.shareErrorTitle": "Erreur lors de la mise à jour de {objectNoun}", "xpack.spaces.shareToSpace.shareModeControl.buttonGroupLegend": "Choisir le mode de partage", - "xpack.spaces.shareToSpace.shareModeControl.hiddenCountLabel": "+{hiddenCount} masqué(s)", - "xpack.spaces.shareToSpace.shareModeControl.selectedCountLabel": "{selectedCount} sélectionné(s)", "xpack.spaces.shareToSpace.shareModeControl.selectSpacesLabel": "Sélectionner les espaces", "xpack.spaces.shareToSpace.shareModeControl.shareToAllSpaces.buttonLabel": "Tous les espaces", "xpack.spaces.shareToSpace.shareModeControl.shareToAllSpaces.cannotChangeTooltip": "Vous avez besoin de privilèges supplémentaires pour modifier cette option.", @@ -23302,7 +23299,6 @@ "xpack.spaces.shareToSpace.spacesLoadErrorTitle": "Erreur lors du chargement des espaces disponibles", "xpack.spaces.shareToSpace.spacesTarget": "{spacesCount, plural, one {# espace} other {# espaces}}", "xpack.spaces.shareToSpace.unknownSpacesLabel.additionalPrivilegesLink": "privilèges supplémentaires", - "xpack.spaces.shareToSpace.unknownSpacesLabel.text": "Pour afficher les espaces masqués, vous avez besoin de {additionalPrivilegesLink}.", "xpack.spaces.spaceList.allSpacesLabel": "* Tous les espaces", "xpack.spaces.spaceList.showLessSpacesLink": "afficher moins", "xpack.spaces.spaceList.showMoreSpacesLink": "+{count} de plus", diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index 04ef060b80ffd..58568227ea928 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -26593,7 +26593,6 @@ "xpack.spaces.shareToSpace.allSpacesTarget": "すべてのスペース", "xpack.spaces.shareToSpace.cancelButton": "キャンセル", "xpack.spaces.shareToSpace.continueButton": "続行", - "xpack.spaces.shareToSpace.currentSpaceBadge": "現在", "xpack.spaces.shareToSpace.featureIsDisabledTooltip": "この機能はこのスペースでは無効です。", "xpack.spaces.shareToSpace.flyoutTitle": "{objectNoun}をスペースに割り当てる", "xpack.spaces.shareToSpace.noAvailableSpaces.canCreateNewSpace.linkText": "新しいスペースを作成", @@ -26608,8 +26607,6 @@ "xpack.spaces.shareToSpace.saveButton": "保存して閉じる", "xpack.spaces.shareToSpace.shareErrorTitle": "{objectNoun}の更新エラー", "xpack.spaces.shareToSpace.shareModeControl.buttonGroupLegend": "この共有方法を選択", - "xpack.spaces.shareToSpace.shareModeControl.hiddenCountLabel": "+{hiddenCount}個が非表示", - "xpack.spaces.shareToSpace.shareModeControl.selectedCountLabel": "{selectedCount}個が選択済み", "xpack.spaces.shareToSpace.shareModeControl.selectSpacesLabel": "スペースを選択", "xpack.spaces.shareToSpace.shareModeControl.shareToAllSpaces.buttonLabel": "すべてのスペース", "xpack.spaces.shareToSpace.shareModeControl.shareToAllSpaces.cannotChangeTooltip": "このオプションを変更するには、追加権限が必要です。", @@ -26626,7 +26623,6 @@ "xpack.spaces.shareToSpace.spacesLoadErrorTitle": "利用可能なスペースを読み込み中にエラーが発生", "xpack.spaces.shareToSpace.spacesTarget": "{spacesCount, plural, other {# 個のスペース}}", "xpack.spaces.shareToSpace.unknownSpacesLabel.additionalPrivilegesLink": "追加権限", - "xpack.spaces.shareToSpace.unknownSpacesLabel.text": "非表示のスペースを表示するには、{additionalPrivilegesLink}が必要です。", "xpack.spaces.spaceList.allSpacesLabel": "*すべてのスペース", "xpack.spaces.spaceList.showLessSpacesLink": "縮小表示", "xpack.spaces.spaceList.showMoreSpacesLink": "他 {count} 件", diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index da1bda187ee80..c03f091153fbb 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -26622,7 +26622,6 @@ "xpack.spaces.shareToSpace.allSpacesTarget": "所有工作区", "xpack.spaces.shareToSpace.cancelButton": "取消", "xpack.spaces.shareToSpace.continueButton": "继续", - "xpack.spaces.shareToSpace.currentSpaceBadge": "当前", "xpack.spaces.shareToSpace.featureIsDisabledTooltip": "此功能在此工作区中已禁用。", "xpack.spaces.shareToSpace.flyoutTitle": "将 {objectNoun} 分配给工作区", "xpack.spaces.shareToSpace.noAvailableSpaces.canCreateNewSpace.linkText": "创建新工作区", @@ -26637,8 +26636,6 @@ "xpack.spaces.shareToSpace.saveButton": "保存并关闭", "xpack.spaces.shareToSpace.shareErrorTitle": "更新 {objectNoun} 时出错", "xpack.spaces.shareToSpace.shareModeControl.buttonGroupLegend": "选择共享此对象的方式", - "xpack.spaces.shareToSpace.shareModeControl.hiddenCountLabel": "+{hiddenCount} 个已隐藏", - "xpack.spaces.shareToSpace.shareModeControl.selectedCountLabel": "{selectedCount} 个已选择", "xpack.spaces.shareToSpace.shareModeControl.selectSpacesLabel": "选择工作区", "xpack.spaces.shareToSpace.shareModeControl.shareToAllSpaces.buttonLabel": "所有工作区", "xpack.spaces.shareToSpace.shareModeControl.shareToAllSpaces.cannotChangeTooltip": "您还需要其他权限,才能更改此选项。", @@ -26655,7 +26652,6 @@ "xpack.spaces.shareToSpace.spacesLoadErrorTitle": "加载可用工作区时出错", "xpack.spaces.shareToSpace.spacesTarget": "{spacesCount, plural, other {# 个工作区}}", "xpack.spaces.shareToSpace.unknownSpacesLabel.additionalPrivilegesLink": "其他权限", - "xpack.spaces.shareToSpace.unknownSpacesLabel.text": "要查看隐藏的工作区,您需要{additionalPrivilegesLink}。", "xpack.spaces.spaceList.allSpacesLabel": "* 所有工作区", "xpack.spaces.spaceList.showLessSpacesLink": "显示更少", "xpack.spaces.spaceList.showMoreSpacesLink": "另外 {count} 个", diff --git a/x-pack/plugins/uptime/e2e/journeys/monitor_management.journey.ts b/x-pack/plugins/uptime/e2e/journeys/monitor_management.journey.ts index 7dfc7e4e6ab66..0050f8635e35f 100644 --- a/x-pack/plugins/uptime/e2e/journeys/monitor_management.journey.ts +++ b/x-pack/plugins/uptime/e2e/journeys/monitor_management.journey.ts @@ -92,7 +92,7 @@ const createMonitorJourney = ({ monitorDetails: Record; }) => { journey( - `MonitorManagement-${monitorType}`, + `MonitorManagement-monitor-${monitorType}`, async ({ page, params }: { page: Page; params: any }) => { const uptime = monitorManagementPageProvider({ page, kibanaUrl: params.kibanaUrl }); const isRemote = process.env.SYNTHETICS_REMOTE_ENABLED; diff --git a/x-pack/plugins/watcher/__jest__/client_integration/helpers/app_context.mock.tsx b/x-pack/plugins/watcher/__jest__/client_integration/helpers/app_context.mock.tsx index 8176d3fcbbca2..1da2673714a98 100644 --- a/x-pack/plugins/watcher/__jest__/client_integration/helpers/app_context.mock.tsx +++ b/x-pack/plugins/watcher/__jest__/client_integration/helpers/app_context.mock.tsx @@ -5,9 +5,7 @@ * 2.0. */ -import React from 'react'; import { of } from 'rxjs'; -import { ComponentType } from 'enzyme'; import { LocationDescriptorObject } from 'history'; import { @@ -16,8 +14,8 @@ import { notificationServiceMock, httpServiceMock, scopedHistoryMock, + executionContextServiceMock, } from '../../../../../../src/core/public/mocks'; -import { AppContextProvider } from '../../../public/application/app_context'; import { AppDeps } from '../../../public/application/app'; import { LicenseStatus } from '../../../common/types/license_status'; @@ -51,12 +49,5 @@ export const mockContextValue: AppDeps = { http: httpServiceMock.createSetupContract(), history, getUrlForApp: jest.fn(), -}; - -export const withAppContext = (Component: ComponentType) => (props: any) => { - return ( - - - - ); + executionContext: executionContextServiceMock.createStartContract(), }; diff --git a/x-pack/plugins/watcher/__jest__/client_integration/helpers/http_requests.ts b/x-pack/plugins/watcher/__jest__/client_integration/helpers/http_requests.ts index e98cd66a25684..31c82cc33cd59 100644 --- a/x-pack/plugins/watcher/__jest__/client_integration/helpers/http_requests.ts +++ b/x-pack/plugins/watcher/__jest__/client_integration/helpers/http_requests.ts @@ -5,123 +5,115 @@ * 2.0. */ -import sinon, { SinonFakeServer } from 'sinon'; +import { httpServiceMock } from '../../../../../../src/core/public/mocks'; import { ROUTES } from '../../../common/constants'; const { API_ROOT } = ROUTES; type HttpResponse = Record | any[]; - -const mockResponse = (defaultResponse: HttpResponse, response: HttpResponse) => [ - 200, - { 'Content-Type': 'application/json' }, - JSON.stringify({ ...defaultResponse, ...response }), -]; +type HttpMethod = 'GET' | 'PUT' | 'POST'; +export interface ResponseError { + statusCode: number; + message: string | Error; +} // Register helpers to mock HTTP Requests -const registerHttpRequestMockHelpers = (server: SinonFakeServer) => { - const setLoadWatchesResponse = (response: HttpResponse = {}) => { - const defaultResponse = { watches: [] }; - - server.respondWith('GET', `${API_ROOT}/watches`, mockResponse(defaultResponse, response)); - }; - - const setLoadWatchResponse = (response: HttpResponse = {}) => { - const defaultResponse = { watch: {} }; - server.respondWith('GET', `${API_ROOT}/watch/:id`, mockResponse(defaultResponse, response)); - }; - - const setLoadWatchHistoryResponse = (response: HttpResponse = {}) => { - const defaultResponse = { watchHistoryItems: [] }; - server.respondWith( - 'GET', - `${API_ROOT}/watch/:id/history`, - mockResponse(defaultResponse, response) - ); - }; - - const setLoadWatchHistoryItemResponse = (response: HttpResponse = {}) => { - const defaultResponse = { watchHistoryItem: {} }; - server.respondWith('GET', `${API_ROOT}/history/:id`, mockResponse(defaultResponse, response)); - }; - - const setDeleteWatchResponse = (response?: HttpResponse, error?: any) => { - const status = error ? error.status || 400 : 200; - const body = error ? JSON.stringify(error.body) : JSON.stringify(response); - - server.respondWith('POST', `${API_ROOT}/watches/delete`, [ - status, - { 'Content-Type': 'application/json' }, - body, - ]); - }; - - const setSaveWatchResponse = (id: string, response?: HttpResponse, error?: any) => { - const status = error ? error.status || 400 : 200; - const body = error ? JSON.stringify(error.body) : JSON.stringify(response); - - server.respondWith('PUT', `${API_ROOT}/watch/${id}`, [ - status, - { 'Content-Type': 'application/json' }, - body, - ]); - }; - - const setLoadExecutionResultResponse = (response: HttpResponse = {}) => { - const defaultResponse = { watchHistoryItem: {} }; - server.respondWith('PUT', `${API_ROOT}/watch/execute`, mockResponse(defaultResponse, response)); - }; - - const setLoadMatchingIndicesResponse = (response: HttpResponse = {}) => { - const defaultResponse = { indices: [] }; - server.respondWith('POST', `${API_ROOT}/indices`, mockResponse(defaultResponse, response)); - }; - - const setLoadEsFieldsResponse = (response: HttpResponse = {}) => { - const defaultResponse = { fields: [] }; - server.respondWith('POST', `${API_ROOT}/fields`, mockResponse(defaultResponse, response)); - }; - - const setLoadSettingsResponse = (response: HttpResponse = {}) => { - const defaultResponse = { action_types: {} }; - server.respondWith('GET', `${API_ROOT}/settings`, mockResponse(defaultResponse, response)); - }; - - const setLoadWatchVisualizeResponse = (response: HttpResponse = {}) => { - const defaultResponse = { visualizeData: {} }; - server.respondWith( - 'POST', - `${API_ROOT}/watch/visualize`, - mockResponse(defaultResponse, response) - ); - }; - - const setDeactivateWatchResponse = (response: HttpResponse = {}) => { - const defaultResponse = { watchStatus: {} }; - server.respondWith( +const registerHttpRequestMockHelpers = ( + httpSetup: ReturnType +) => { + const mockResponses = new Map>>( + ['GET', 'PUT', 'POST'].map( + (method) => [method, new Map()] as [HttpMethod, Map>] + ) + ); + + const mockMethodImplementation = (method: HttpMethod, path: string) => + mockResponses.get(method)?.get(path) ?? Promise.resolve({}); + + httpSetup.get.mockImplementation((path) => + mockMethodImplementation('GET', path as unknown as string) + ); + httpSetup.post.mockImplementation((path) => + mockMethodImplementation('POST', path as unknown as string) + ); + httpSetup.put.mockImplementation((path) => + mockMethodImplementation('PUT', path as unknown as string) + ); + + const mockResponse = (method: HttpMethod, path: string, response?: unknown, error?: unknown) => { + const defuse = (promise: Promise) => { + promise.catch(() => {}); + return promise; + }; + + return mockResponses + .get(method)! + .set(path, error ? defuse(Promise.reject(error)) : Promise.resolve(response)); + }; + + const setLoadWatchesResponse = (response?: HttpResponse, error?: ResponseError) => + mockResponse('GET', `${API_ROOT}/watches`, response, error); + + const setLoadWatchResponse = (watchId: string, response?: HttpResponse, error?: ResponseError) => + mockResponse('GET', `${API_ROOT}/watch/${watchId}`, response, error); + + const setLoadWatchHistoryResponse = ( + watchId: string, + response?: HttpResponse, + error?: ResponseError + ) => mockResponse('GET', `${API_ROOT}/watch/${watchId}/history`, response, error); + + const setLoadWatchHistoryItemResponse = ( + watchId: string, + response?: HttpResponse, + error?: ResponseError + ) => mockResponse('GET', `${API_ROOT}/watch/history/${watchId}`, response, error); + + const setDeleteWatchResponse = (response?: HttpResponse, error?: ResponseError) => + mockResponse('POST', `${API_ROOT}/watches/delete`, response, error); + + const setSaveWatchResponse = (watchId: string, response?: HttpResponse, error?: ResponseError) => + mockResponse('PUT', `${API_ROOT}/watch/${watchId}`, response, error); + + const setLoadExecutionResultResponse = (response?: HttpResponse, error?: ResponseError) => + mockResponse('PUT', `${API_ROOT}/watch/execute`, response, error); + + const setLoadMatchingIndicesResponse = (response?: HttpResponse, error?: ResponseError) => + mockResponse('PUT', `${API_ROOT}/indices`, response, error); + + const setLoadEsFieldsResponse = (response?: HttpResponse, error?: ResponseError) => + mockResponse('POST', `${API_ROOT}/fields`, response, error); + + const setLoadSettingsResponse = (response?: HttpResponse, error?: ResponseError) => + mockResponse('GET', `${API_ROOT}/settings`, response, error); + + const setLoadWatchVisualizeResponse = (response?: HttpResponse, error?: ResponseError) => + mockResponse('POST', `${API_ROOT}/watch/visualize`, response, error); + + const setDeactivateWatchResponse = ( + watchId: string, + response?: HttpResponse, + error?: ResponseError + ) => mockResponse('PUT', `${API_ROOT}/watch/${watchId}/deactivate`, response, error); + + const setActivateWatchResponse = ( + watchId: string, + response?: HttpResponse, + error?: ResponseError + ) => mockResponse('PUT', `${API_ROOT}/watch/${watchId}/activate`, response, error); + + const setAcknowledgeWatchResponse = ( + watchId: string, + actionId: string, + response?: HttpResponse, + error?: ResponseError + ) => + mockResponse( 'PUT', - `${API_ROOT}/watch/:id/deactivate`, - mockResponse(defaultResponse, response) + `${API_ROOT}/watch/${watchId}/action/${actionId}/acknowledge`, + response, + error ); - }; - - const setActivateWatchResponse = (response: HttpResponse = {}) => { - const defaultResponse = { watchStatus: {} }; - server.respondWith( - 'PUT', - `${API_ROOT}/watch/:id/activate`, - mockResponse(defaultResponse, response) - ); - }; - - const setAcknowledgeWatchResponse = (response: HttpResponse = {}) => { - const defaultResponse = { watchStatus: {} }; - server.respondWith( - 'PUT', - `${API_ROOT}/watch/:id/action/:actionId/acknowledge`, - mockResponse(defaultResponse, response) - ); - }; return { setLoadWatchesResponse, @@ -142,18 +134,11 @@ const registerHttpRequestMockHelpers = (server: SinonFakeServer) => { }; export const init = () => { - const server = sinon.fakeServer.create(); - server.respondImmediately = true; - - // Define default response for unhandled requests. - // We make requests to APIs which don't impact the component under test, e.g. UI metric telemetry, - // and we can mock them all with a 200 instead of mocking each one individually. - server.respondWith([200, {}, 'DefaultResponse']); - - const httpRequestsMockHelpers = registerHttpRequestMockHelpers(server); + const httpSetup = httpServiceMock.createSetupContract(); + const httpRequestsMockHelpers = registerHttpRequestMockHelpers(httpSetup); return { - server, + httpSetup, httpRequestsMockHelpers, }; }; diff --git a/x-pack/plugins/watcher/__jest__/client_integration/helpers/index.ts b/x-pack/plugins/watcher/__jest__/client_integration/helpers/index.ts index 07ced2096e696..4fbcb847022e9 100644 --- a/x-pack/plugins/watcher/__jest__/client_integration/helpers/index.ts +++ b/x-pack/plugins/watcher/__jest__/client_integration/helpers/index.ts @@ -13,7 +13,6 @@ import { setup as watchEditSetup } from './watch_edit.helpers'; export type { TestBed } from '@kbn/test-jest-helpers'; export { getRandomString, findTestSubject } from '@kbn/test-jest-helpers'; -export { wrapBodyResponse, unwrapBodyResponse } from './body_response'; export { setupEnvironment } from './setup_environment'; export const pageHelpers = { diff --git a/x-pack/plugins/watcher/__jest__/client_integration/helpers/setup_environment.ts b/x-pack/plugins/watcher/__jest__/client_integration/helpers/setup_environment.tsx similarity index 54% rename from x-pack/plugins/watcher/__jest__/client_integration/helpers/setup_environment.ts rename to x-pack/plugins/watcher/__jest__/client_integration/helpers/setup_environment.tsx index 5ba0387d21ba7..f42b452818cc5 100644 --- a/x-pack/plugins/watcher/__jest__/client_integration/helpers/setup_environment.ts +++ b/x-pack/plugins/watcher/__jest__/client_integration/helpers/setup_environment.tsx @@ -5,38 +5,33 @@ * 2.0. */ -import axios from 'axios'; -import axiosXhrAdapter from 'axios/lib/adapters/xhr'; +import React from 'react'; +import { HttpSetup } from 'src/core/public'; import { init as initHttpRequests } from './http_requests'; +import { mockContextValue } from './app_context.mock'; +import { AppContextProvider } from '../../../public/application/app_context'; import { setHttpClient, setSavedObjectsClient } from '../../../public/application/lib/api'; -const mockHttpClient = axios.create({ adapter: axiosXhrAdapter }); -mockHttpClient.interceptors.response.use( - (res) => { - return res.data; - }, - (rej) => { - return Promise.reject(rej); - } -); - const mockSavedObjectsClient = () => { return { find: (_params?: any) => {}, }; }; -export const setupEnvironment = () => { - const { server, httpRequestsMockHelpers } = initHttpRequests(); +export const WithAppDependencies = + (Component: any, httpSetup: HttpSetup) => (props: Record) => { + setHttpClient(httpSetup); - // @ts-ignore - setHttpClient(mockHttpClient); + return ( + + + + ); + }; +export const setupEnvironment = () => { setSavedObjectsClient(mockSavedObjectsClient() as any); - return { - server, - httpRequestsMockHelpers, - }; + return initHttpRequests(); }; diff --git a/x-pack/plugins/watcher/__jest__/client_integration/helpers/watch_create_json.helpers.ts b/x-pack/plugins/watcher/__jest__/client_integration/helpers/watch_create_json.helpers.ts index 16e4930510efa..4e76a1687114a 100644 --- a/x-pack/plugins/watcher/__jest__/client_integration/helpers/watch_create_json.helpers.ts +++ b/x-pack/plugins/watcher/__jest__/client_integration/helpers/watch_create_json.helpers.ts @@ -6,10 +6,12 @@ */ import { registerTestBed, TestBed, AsyncTestBedConfig } from '@kbn/test-jest-helpers'; +import { HttpSetup } from 'src/core/public'; + import { WatchEdit } from '../../../public/application/sections/watch_edit/components/watch_edit'; import { registerRouter } from '../../../public/application/lib/navigation'; import { ROUTES, WATCH_TYPES } from '../../../common/constants'; -import { withAppContext } from './app_context.mock'; +import { WithAppDependencies } from './setup_environment'; const testBedConfig: AsyncTestBedConfig = { memoryRouter: { @@ -20,8 +22,6 @@ const testBedConfig: AsyncTestBedConfig = { doMountAsync: true, }; -const initTestBed = registerTestBed(withAppContext(WatchEdit), testBedConfig); - export interface WatchCreateJsonTestBed extends TestBed { actions: { selectTab: (tab: 'edit' | 'simulate') => void; @@ -30,7 +30,8 @@ export interface WatchCreateJsonTestBed extends TestBed => { +export const setup = async (httpSetup: HttpSetup): Promise => { + const initTestBed = registerTestBed(WithAppDependencies(WatchEdit, httpSetup), testBedConfig); const testBed = await initTestBed(); /** diff --git a/x-pack/plugins/watcher/__jest__/client_integration/helpers/watch_create_threshold.helpers.ts b/x-pack/plugins/watcher/__jest__/client_integration/helpers/watch_create_threshold.helpers.ts index cbfdac67597e1..5a8d7b23e0b58 100644 --- a/x-pack/plugins/watcher/__jest__/client_integration/helpers/watch_create_threshold.helpers.ts +++ b/x-pack/plugins/watcher/__jest__/client_integration/helpers/watch_create_threshold.helpers.ts @@ -6,10 +6,12 @@ */ import { registerTestBed, TestBed, AsyncTestBedConfig } from '@kbn/test-jest-helpers'; +import { HttpSetup } from 'src/core/public'; + import { WatchEdit } from '../../../public/application/sections/watch_edit/components/watch_edit'; import { registerRouter } from '../../../public/application/lib/navigation'; import { ROUTES, WATCH_TYPES } from '../../../common/constants'; -import { withAppContext } from './app_context.mock'; +import { WithAppDependencies } from './setup_environment'; const testBedConfig: AsyncTestBedConfig = { memoryRouter: { @@ -20,8 +22,6 @@ const testBedConfig: AsyncTestBedConfig = { doMountAsync: true, }; -const initTestBed = registerTestBed(withAppContext(WatchEdit), testBedConfig); - export interface WatchCreateThresholdTestBed extends TestBed { actions: { clickSubmitButton: () => void; @@ -33,7 +33,8 @@ export interface WatchCreateThresholdTestBed extends TestBed => { +export const setup = async (httpSetup: HttpSetup): Promise => { + const initTestBed = registerTestBed(WithAppDependencies(WatchEdit, httpSetup), testBedConfig); const testBed = await initTestBed(); /** diff --git a/x-pack/plugins/watcher/__jest__/client_integration/helpers/watch_edit.helpers.ts b/x-pack/plugins/watcher/__jest__/client_integration/helpers/watch_edit.helpers.ts index 9f01750d43593..9eb35f3f1bb32 100644 --- a/x-pack/plugins/watcher/__jest__/client_integration/helpers/watch_edit.helpers.ts +++ b/x-pack/plugins/watcher/__jest__/client_integration/helpers/watch_edit.helpers.ts @@ -6,11 +6,13 @@ */ import { registerTestBed, TestBed, AsyncTestBedConfig } from '@kbn/test-jest-helpers'; +import { HttpSetup } from 'src/core/public'; + import { WatchEdit } from '../../../public/application/sections/watch_edit/components/watch_edit'; import { registerRouter } from '../../../public/application/lib/navigation'; import { ROUTES } from '../../../common/constants'; import { WATCH_ID } from './jest_constants'; -import { withAppContext } from './app_context.mock'; +import { WithAppDependencies } from './setup_environment'; const testBedConfig: AsyncTestBedConfig = { memoryRouter: { @@ -21,15 +23,14 @@ const testBedConfig: AsyncTestBedConfig = { doMountAsync: true, }; -const initTestBed = registerTestBed(withAppContext(WatchEdit), testBedConfig); - export interface WatchEditTestBed extends TestBed { actions: { clickSubmitButton: () => void; }; } -export const setup = async (): Promise => { +export const setup = async (httpSetup: HttpSetup): Promise => { + const initTestBed = registerTestBed(WithAppDependencies(WatchEdit, httpSetup), testBedConfig); const testBed = await initTestBed(); /** diff --git a/x-pack/plugins/watcher/__jest__/client_integration/helpers/watch_list.helpers.ts b/x-pack/plugins/watcher/__jest__/client_integration/helpers/watch_list.helpers.ts index 914eaca62465d..f7aca95039863 100644 --- a/x-pack/plugins/watcher/__jest__/client_integration/helpers/watch_list.helpers.ts +++ b/x-pack/plugins/watcher/__jest__/client_integration/helpers/watch_list.helpers.ts @@ -13,9 +13,10 @@ import { TestBed, AsyncTestBedConfig, } from '@kbn/test-jest-helpers'; +import { HttpSetup } from 'src/core/public'; import { WatchList } from '../../../public/application/sections/watch_list/components/watch_list'; import { ROUTES, REFRESH_INTERVALS } from '../../../common/constants'; -import { withAppContext } from './app_context.mock'; +import { WithAppDependencies } from './setup_environment'; const testBedConfig: AsyncTestBedConfig = { memoryRouter: { @@ -24,8 +25,6 @@ const testBedConfig: AsyncTestBedConfig = { doMountAsync: true, }; -const initTestBed = registerTestBed(withAppContext(WatchList), testBedConfig); - export interface WatchListTestBed extends TestBed { actions: { selectWatchAt: (index: number) => void; @@ -35,7 +34,8 @@ export interface WatchListTestBed extends TestBed { }; } -export const setup = async (): Promise => { +export const setup = async (httpSetup: HttpSetup): Promise => { + const initTestBed = registerTestBed(WithAppDependencies(WatchList, httpSetup), testBedConfig); const testBed = await initTestBed(); /** diff --git a/x-pack/plugins/watcher/__jest__/client_integration/helpers/watch_status.helpers.ts b/x-pack/plugins/watcher/__jest__/client_integration/helpers/watch_status.helpers.ts index 63892961d8b57..ab2204f4a6dfe 100644 --- a/x-pack/plugins/watcher/__jest__/client_integration/helpers/watch_status.helpers.ts +++ b/x-pack/plugins/watcher/__jest__/client_integration/helpers/watch_status.helpers.ts @@ -13,21 +13,23 @@ import { TestBed, AsyncTestBedConfig, } from '@kbn/test-jest-helpers'; +import { HttpSetup } from 'src/core/public'; + +import { registerRouter } from '../../../public/application/lib/navigation'; import { WatchStatus } from '../../../public/application/sections/watch_status/components/watch_status'; import { ROUTES } from '../../../common/constants'; import { WATCH_ID } from './jest_constants'; -import { withAppContext } from './app_context.mock'; +import { WithAppDependencies } from './setup_environment'; const testBedConfig: AsyncTestBedConfig = { memoryRouter: { + onRouter: (router) => registerRouter(router), initialEntries: [`${ROUTES.API_ROOT}/watches/watch/${WATCH_ID}/status`], componentRoutePath: `${ROUTES.API_ROOT}/watches/watch/:id/status`, }, doMountAsync: true, }; -const initTestBed = registerTestBed(withAppContext(WatchStatus), testBedConfig); - export interface WatchStatusTestBed extends TestBed { actions: { selectTab: (tab: 'execution history' | 'action statuses') => void; @@ -38,7 +40,8 @@ export interface WatchStatusTestBed extends TestBed { }; } -export const setup = async (): Promise => { +export const setup = async (httpSetup: HttpSetup): Promise => { + const initTestBed = registerTestBed(WithAppDependencies(WatchStatus, httpSetup), testBedConfig); const testBed = await initTestBed(); /** diff --git a/x-pack/plugins/watcher/__jest__/client_integration/watch_create_json.test.ts b/x-pack/plugins/watcher/__jest__/client_integration/watch_create_json.test.ts index f9ea51a80ae76..fc518bcab882b 100644 --- a/x-pack/plugins/watcher/__jest__/client_integration/watch_create_json.test.ts +++ b/x-pack/plugins/watcher/__jest__/client_integration/watch_create_json.test.ts @@ -8,15 +8,16 @@ import { act } from 'react-dom/test-utils'; import { getExecuteDetails } from '../../__fixtures__'; +import { API_BASE_PATH } from '../../common/constants'; import { defaultWatch } from '../../public/application/models/watch'; -import { setupEnvironment, pageHelpers, wrapBodyResponse } from './helpers'; +import { setupEnvironment, pageHelpers } from './helpers'; import { WatchCreateJsonTestBed } from './helpers/watch_create_json.helpers'; import { WATCH } from './helpers/jest_constants'; const { setup } = pageHelpers.watchCreateJson; describe(' create route', () => { - const { server, httpRequestsMockHelpers } = setupEnvironment(); + const { httpSetup, httpRequestsMockHelpers } = setupEnvironment(); let testBed: WatchCreateJsonTestBed; beforeAll(() => { @@ -25,12 +26,11 @@ describe(' create route', () => { afterAll(() => { jest.useRealTimers(); - server.restore(); }); describe('on component mount', () => { beforeEach(async () => { - testBed = await setup(); + testBed = await setup(httpSetup); testBed.component.update(); }); @@ -94,31 +94,32 @@ describe(' create route', () => { actions.clickSubmitButton(); }); - const latestRequest = server.requests[server.requests.length - 1]; - const DEFAULT_LOGGING_ACTION_ID = 'logging_1'; const DEFAULT_LOGGING_ACTION_TYPE = 'logging'; const DEFAULT_LOGGING_ACTION_TEXT = 'There are {{ctx.payload.hits.total}} documents in your index. Threshold is 10.'; - expect(latestRequest.requestBody).toEqual( - wrapBodyResponse({ - id: watch.id, - name: watch.name, - type: watch.type, - isNew: true, - isActive: true, - actions: [ - { - id: DEFAULT_LOGGING_ACTION_ID, - type: DEFAULT_LOGGING_ACTION_TYPE, - text: DEFAULT_LOGGING_ACTION_TEXT, - [DEFAULT_LOGGING_ACTION_TYPE]: { + expect(httpSetup.put).toHaveBeenLastCalledWith( + `${API_BASE_PATH}/watch/${watch.id}`, + expect.objectContaining({ + body: JSON.stringify({ + id: watch.id, + name: watch.name, + type: watch.type, + isNew: true, + isActive: true, + actions: [ + { + id: DEFAULT_LOGGING_ACTION_ID, + type: DEFAULT_LOGGING_ACTION_TYPE, text: DEFAULT_LOGGING_ACTION_TEXT, + [DEFAULT_LOGGING_ACTION_TYPE]: { + text: DEFAULT_LOGGING_ACTION_TEXT, + }, }, - }, - ], - watch: defaultWatch, + ], + watch: defaultWatch, + }), }) ); }); @@ -131,12 +132,13 @@ describe(' create route', () => { form.setInputValue('idInput', watch.id); const error = { - status: 400, + statusCode: 400, error: 'Bad request', message: 'Watch payload is invalid', + response: {}, }; - httpRequestsMockHelpers.setSaveWatchResponse(watch.id, undefined, { body: error }); + httpRequestsMockHelpers.setSaveWatchResponse(watch.id, undefined, error); await act(async () => { actions.clickSubmitButton(); @@ -169,8 +171,6 @@ describe(' create route', () => { actions.clickSimulateButton(); }); - const latestRequest = server.requests[server.requests.length - 1]; - const actionModes = Object.keys(defaultWatch.actions).reduce( (actionAccum: any, action) => { actionAccum[action] = 'simulate'; @@ -188,12 +188,15 @@ describe(' create route', () => { watch: defaultWatch, }; - expect(latestRequest.requestBody).toEqual( - wrapBodyResponse({ - executeDetails: getExecuteDetails({ - actionModes, + expect(httpSetup.put).toHaveBeenLastCalledWith( + `${API_BASE_PATH}/watch/execute`, + expect.objectContaining({ + body: JSON.stringify({ + executeDetails: getExecuteDetails({ + actionModes, + }), + watch: executedWatch, }), - watch: executedWatch, }) ); }); @@ -230,8 +233,6 @@ describe(' create route', () => { }); component.update(); - const latestRequest = server.requests[server.requests.length - 1]; - const actionModes = Object.keys(defaultWatch.actions).reduce( (actionAccum: any, action) => { actionAccum[action] = ACTION_MODE; @@ -252,19 +253,23 @@ describe(' create route', () => { const triggeredTime = `now+${TRIGGERED_TIME}s`; const scheduledTime = `now+${SCHEDULED_TIME}s`; - expect(latestRequest.requestBody).toEqual( - wrapBodyResponse({ - executeDetails: getExecuteDetails({ - triggerData: { - triggeredTime, - scheduledTime, - }, - ignoreCondition: IGNORE_CONDITION, - actionModes, + expect(httpSetup.put).toHaveBeenLastCalledWith( + `${API_BASE_PATH}/watch/execute`, + expect.objectContaining({ + body: JSON.stringify({ + executeDetails: getExecuteDetails({ + triggerData: { + triggeredTime, + scheduledTime, + }, + ignoreCondition: IGNORE_CONDITION, + actionModes, + }), + watch: executedWatch, }), - watch: executedWatch, }) ); + expect(exists('simulateResultsFlyout')).toBe(true); expect(find('simulateResultsFlyoutTitle').text()).toEqual('Simulation results'); }); diff --git a/x-pack/plugins/watcher/__jest__/client_integration/watch_create_threshold.test.tsx b/x-pack/plugins/watcher/__jest__/client_integration/watch_create_threshold.test.tsx index 52c3a69938d74..2a70b4852c77a 100644 --- a/x-pack/plugins/watcher/__jest__/client_integration/watch_create_threshold.test.tsx +++ b/x-pack/plugins/watcher/__jest__/client_integration/watch_create_threshold.test.tsx @@ -7,12 +7,12 @@ import React from 'react'; import { act } from 'react-dom/test-utils'; -import axiosXhrAdapter from 'axios/lib/adapters/xhr'; -import axios from 'axios'; +import { HttpFetchOptionsWithPath } from 'kibana/public'; +import { WATCH_ID } from './helpers/jest_constants'; import { getExecuteDetails } from '../../__fixtures__'; -import { WATCH_TYPES } from '../../common/constants'; -import { setupEnvironment, pageHelpers, wrapBodyResponse, unwrapBodyResponse } from './helpers'; +import { WATCH_TYPES, API_BASE_PATH } from '../../common/constants'; +import { setupEnvironment, pageHelpers } from './helpers'; import { WatchCreateThresholdTestBed } from './helpers/watch_create_threshold.helpers'; const WATCH_NAME = 'my_test_watch'; @@ -23,6 +23,18 @@ const MATCH_INDICES = ['index1']; const ES_FIELDS = [{ name: '@timestamp', type: 'date' }]; +// Since watchID's are dynamically created, we have to mock +// the function that generates them in order to be able to match +// against it. +jest.mock('uuid/v4', () => { + // eslint-disable-next-line @typescript-eslint/no-var-requires + const { WATCH_ID: watchId } = require('./helpers/jest_constants'); + + return function () { + return watchId; + }; +}); + const SETTINGS = { action_types: { email: { enabled: true }, @@ -36,24 +48,15 @@ const SETTINGS = { }; const WATCH_VISUALIZE_DATA = { - count: [ - [1559404800000, 14], - [1559448000000, 196], - [1559491200000, 44], - ], + visualizeData: { + count: [ + [1559404800000, 14], + [1559448000000, 196], + [1559491200000, 44], + ], + }, }; -const mockHttpClient = axios.create({ adapter: axiosXhrAdapter }); - -jest.mock('../../public/application/lib/api', () => { - const original = jest.requireActual('../../public/application/lib/api'); - - return { - ...original, - getHttpClient: () => mockHttpClient, - }; -}); - jest.mock('@elastic/eui', () => { const original = jest.requireActual('@elastic/eui'); @@ -77,7 +80,7 @@ jest.mock('@elastic/eui', () => { const { setup } = pageHelpers.watchCreateThreshold; describe(' create route', () => { - const { server, httpRequestsMockHelpers } = setupEnvironment(); + const { httpSetup, httpRequestsMockHelpers } = setupEnvironment(); let testBed: WatchCreateThresholdTestBed; beforeAll(() => { @@ -86,14 +89,15 @@ describe(' create route', () => { afterAll(() => { jest.useRealTimers(); - server.restore(); }); describe('on component mount', () => { beforeEach(async () => { - testBed = await setup(); - const { component } = testBed; - component.update(); + await act(async () => { + testBed = await setup(httpSetup); + }); + + testBed.component.update(); }); test('should set the correct page title', () => { @@ -159,6 +163,7 @@ describe(' create route', () => { find('indicesComboBox').simulate('change', [{ label: 'index1', value: 'index1' }]); // Using mocked EuiComboBox form.setInputValue('watchTimeFieldSelect', '@timestamp'); }); + component.update(); expect(find('saveWatchButton').props().disabled).toBe(false); @@ -247,11 +252,8 @@ describe(' create route', () => { actions.clickSimulateButton(); }); - // Verify request - const latestRequest = server.requests[server.requests.length - 1]; - const thresholdWatch = { - id: unwrapBodyResponse(latestRequest.requestBody).watch.id, // watch ID is created dynamically + id: WATCH_ID, name: WATCH_NAME, type: WATCH_TYPES.THRESHOLD, isNew: true, @@ -280,16 +282,19 @@ describe(' create route', () => { threshold: 1000, }; - expect(latestRequest.requestBody).toEqual( - wrapBodyResponse({ - executeDetails: getExecuteDetails({ - actionModes: { - logging_1: 'force_execute', - }, - ignoreCondition: true, - recordExecution: false, + expect(httpSetup.put).toHaveBeenLastCalledWith( + `${API_BASE_PATH}/watch/execute`, + expect.objectContaining({ + body: JSON.stringify({ + executeDetails: getExecuteDetails({ + actionModes: { + logging_1: 'force_execute', + }, + ignoreCondition: true, + recordExecution: false, + }), + watch: thresholdWatch, }), - watch: thresholdWatch, }) ); }); @@ -309,11 +314,8 @@ describe(' create route', () => { actions.clickSimulateButton(); }); - // Verify request - const latestRequest = server.requests[server.requests.length - 1]; - const thresholdWatch = { - id: unwrapBodyResponse(latestRequest.requestBody).watch.id, // watch ID is created dynamically + id: WATCH_ID, name: WATCH_NAME, type: WATCH_TYPES.THRESHOLD, isNew: true, @@ -341,16 +343,19 @@ describe(' create route', () => { threshold: 1000, }; - expect(latestRequest.requestBody).toEqual( - wrapBodyResponse({ - executeDetails: getExecuteDetails({ - actionModes: { - index_1: 'force_execute', - }, - ignoreCondition: true, - recordExecution: false, + expect(httpSetup.put).toHaveBeenLastCalledWith( + `${API_BASE_PATH}/watch/execute`, + expect.objectContaining({ + body: JSON.stringify({ + executeDetails: getExecuteDetails({ + actionModes: { + index_1: 'force_execute', + }, + ignoreCondition: true, + recordExecution: false, + }), + watch: thresholdWatch, }), - watch: thresholdWatch, }) ); }); @@ -371,11 +376,8 @@ describe(' create route', () => { actions.clickSimulateButton(); }); - // Verify request - const latestRequest = server.requests[server.requests.length - 1]; - const thresholdWatch = { - id: unwrapBodyResponse(latestRequest.requestBody).watch.id, // watch ID is created dynamically + id: WATCH_ID, name: WATCH_NAME, type: WATCH_TYPES.THRESHOLD, isNew: true, @@ -406,16 +408,19 @@ describe(' create route', () => { threshold: 1000, }; - expect(latestRequest.requestBody).toEqual( - wrapBodyResponse({ - executeDetails: getExecuteDetails({ - actionModes: { - slack_1: 'force_execute', - }, - ignoreCondition: true, - recordExecution: false, + expect(httpSetup.put).toHaveBeenLastCalledWith( + `${API_BASE_PATH}/watch/execute`, + expect.objectContaining({ + body: JSON.stringify({ + executeDetails: getExecuteDetails({ + actionModes: { + slack_1: 'force_execute', + }, + ignoreCondition: true, + recordExecution: false, + }), + watch: thresholdWatch, }), - watch: thresholdWatch, }) ); }); @@ -443,11 +448,8 @@ describe(' create route', () => { actions.clickSimulateButton(); }); - // Verify request - const latestRequest = server.requests[server.requests.length - 1]; - const thresholdWatch = { - id: unwrapBodyResponse(latestRequest.requestBody).watch.id, // watch ID is created dynamically + id: WATCH_ID, name: WATCH_NAME, type: WATCH_TYPES.THRESHOLD, isNew: true, @@ -482,16 +484,19 @@ describe(' create route', () => { threshold: 1000, }; - expect(latestRequest.requestBody).toEqual( - wrapBodyResponse({ - executeDetails: getExecuteDetails({ - actionModes: { - email_1: 'force_execute', - }, - ignoreCondition: true, - recordExecution: false, + expect(httpSetup.put).toHaveBeenLastCalledWith( + `${API_BASE_PATH}/watch/execute`, + expect.objectContaining({ + body: JSON.stringify({ + executeDetails: getExecuteDetails({ + actionModes: { + email_1: 'force_execute', + }, + ignoreCondition: true, + recordExecution: false, + }), + watch: thresholdWatch, }), - watch: thresholdWatch, }) ); }); @@ -535,11 +540,8 @@ describe(' create route', () => { actions.clickSimulateButton(); }); - // Verify request - const latestRequest = server.requests[server.requests.length - 1]; - const thresholdWatch = { - id: unwrapBodyResponse(latestRequest.requestBody).watch.id, // watch ID is created dynamically + id: WATCH_ID, name: WATCH_NAME, type: WATCH_TYPES.THRESHOLD, isNew: true, @@ -576,16 +578,19 @@ describe(' create route', () => { threshold: 1000, }; - expect(latestRequest.requestBody).toEqual( - wrapBodyResponse({ - executeDetails: getExecuteDetails({ - actionModes: { - webhook_1: 'force_execute', - }, - ignoreCondition: true, - recordExecution: false, + expect(httpSetup.put).toHaveBeenLastCalledWith( + `${API_BASE_PATH}/watch/execute`, + expect.objectContaining({ + body: JSON.stringify({ + executeDetails: getExecuteDetails({ + actionModes: { + webhook_1: 'force_execute', + }, + ignoreCondition: true, + recordExecution: false, + }), + watch: thresholdWatch, }), - watch: thresholdWatch, }) ); }); @@ -623,11 +628,8 @@ describe(' create route', () => { actions.clickSimulateButton(); }); - // Verify request - const latestRequest = server.requests[server.requests.length - 1]; - const thresholdWatch = { - id: unwrapBodyResponse(latestRequest.requestBody).watch.id, // watch ID is created dynamically + id: WATCH_ID, name: WATCH_NAME, type: WATCH_TYPES.THRESHOLD, isNew: true, @@ -666,16 +668,19 @@ describe(' create route', () => { threshold: 1000, }; - expect(latestRequest.requestBody).toEqual( - wrapBodyResponse({ - executeDetails: getExecuteDetails({ - actionModes: { - jira_1: 'force_execute', - }, - ignoreCondition: true, - recordExecution: false, + expect(httpSetup.put).toHaveBeenLastCalledWith( + `${API_BASE_PATH}/watch/execute`, + expect.objectContaining({ + body: JSON.stringify({ + executeDetails: getExecuteDetails({ + actionModes: { + jira_1: 'force_execute', + }, + ignoreCondition: true, + recordExecution: false, + }), + watch: thresholdWatch, }), - watch: thresholdWatch, }) ); }); @@ -703,11 +708,8 @@ describe(' create route', () => { actions.clickSimulateButton(); }); - // Verify request - const latestRequest = server.requests[server.requests.length - 1]; - const thresholdWatch = { - id: unwrapBodyResponse(latestRequest.requestBody).watch.id, // watch ID is created dynamically + id: WATCH_ID, name: WATCH_NAME, type: WATCH_TYPES.THRESHOLD, isNew: true, @@ -736,16 +738,19 @@ describe(' create route', () => { threshold: 1000, }; - expect(latestRequest.requestBody).toEqual( - wrapBodyResponse({ - executeDetails: getExecuteDetails({ - actionModes: { - pagerduty_1: 'force_execute', - }, - ignoreCondition: true, - recordExecution: false, + expect(httpSetup.put).toHaveBeenLastCalledWith( + `${API_BASE_PATH}/watch/execute`, + expect.objectContaining({ + body: JSON.stringify({ + executeDetails: getExecuteDetails({ + actionModes: { + pagerduty_1: 'force_execute', + }, + ignoreCondition: true, + recordExecution: false, + }), + watch: thresholdWatch, }), - watch: thresholdWatch, }) ); }); @@ -763,17 +768,14 @@ describe(' create route', () => { }); component.update(); - const latestReqToGetVisualizeData = server.requests.find( - (req) => req.method === 'POST' && req.url === '/api/watcher/watch/visualize' - ); - if (!latestReqToGetVisualizeData) { - throw new Error(`No request found to fetch visualize data.`); - } - - const requestBody = unwrapBodyResponse(latestReqToGetVisualizeData.requestBody); + const lastReq: HttpFetchOptionsWithPath[] = httpSetup.post.mock.calls.pop() || []; + const [requestUrl, watchBody] = lastReq; + // Options contains two dinamically computed timestamps, so it's simpler to just ignore those fields. + const { options, ...body } = JSON.parse((watchBody as Record).body).watch; - expect(requestBody.watch).toEqual({ - id: requestBody.watch.id, // id is dynamic + expect(requestUrl).toBe(`${API_BASE_PATH}/watch/visualize`); + expect(body).toEqual({ + id: WATCH_ID, name: 'my_test_watch', type: 'threshold', isNew: true, @@ -792,8 +794,6 @@ describe(' create route', () => { hasTermsAgg: false, threshold: 1000, }); - - expect(requestBody.options.interval).toBeDefined(); }); }); @@ -813,31 +813,31 @@ describe(' create route', () => { actions.clickSubmitButton(); }); - // Verify request - const latestRequest = server.requests[server.requests.length - 1]; - - const thresholdWatch = { - id: unwrapBodyResponse(latestRequest.requestBody).id, // watch ID is created dynamically - name: WATCH_NAME, - type: WATCH_TYPES.THRESHOLD, - isNew: true, - isActive: true, - actions: [], - index: MATCH_INDICES, - timeField: WATCH_TIME_FIELD, - triggerIntervalSize: 1, - triggerIntervalUnit: 'm', - aggType: 'count', - termSize: 5, - termOrder: 'desc', - thresholdComparator: '>', - timeWindowSize: 5, - timeWindowUnit: 'm', - hasTermsAgg: false, - threshold: 1000, - }; - - expect(latestRequest.requestBody).toEqual(wrapBodyResponse(thresholdWatch)); + expect(httpSetup.put).toHaveBeenLastCalledWith( + `${API_BASE_PATH}/watch/${WATCH_ID}`, + expect.objectContaining({ + body: JSON.stringify({ + id: WATCH_ID, + name: WATCH_NAME, + type: WATCH_TYPES.THRESHOLD, + isNew: true, + isActive: true, + actions: [], + index: MATCH_INDICES, + timeField: WATCH_TIME_FIELD, + triggerIntervalSize: 1, + triggerIntervalUnit: 'm', + aggType: 'count', + termSize: 5, + termOrder: 'desc', + thresholdComparator: '>', + timeWindowSize: 5, + timeWindowUnit: 'm', + hasTermsAgg: false, + threshold: 1000, + }), + }) + ); }); }); }); diff --git a/x-pack/plugins/watcher/__jest__/client_integration/watch_edit.test.ts b/x-pack/plugins/watcher/__jest__/client_integration/watch_edit.test.ts index 37f9838f176af..8b0ee0189695b 100644 --- a/x-pack/plugins/watcher/__jest__/client_integration/watch_edit.test.ts +++ b/x-pack/plugins/watcher/__jest__/client_integration/watch_edit.test.ts @@ -6,31 +6,18 @@ */ import { act } from 'react-dom/test-utils'; -import axiosXhrAdapter from 'axios/lib/adapters/xhr'; -import axios from 'axios'; -import { getRandomString } from '@kbn/test-jest-helpers'; import { getWatch } from '../../__fixtures__'; import { defaultWatch } from '../../public/application/models/watch'; -import { setupEnvironment, pageHelpers, wrapBodyResponse } from './helpers'; +import { setupEnvironment, pageHelpers } from './helpers'; import { WatchEditTestBed } from './helpers/watch_edit.helpers'; -import { WATCH } from './helpers/jest_constants'; - -const mockHttpClient = axios.create({ adapter: axiosXhrAdapter }); - -jest.mock('../../public/application/lib/api', () => { - const original = jest.requireActual('../../public/application/lib/api'); - - return { - ...original, - getHttpClient: () => mockHttpClient, - }; -}); +import { WATCH, WATCH_ID } from './helpers/jest_constants'; +import { API_BASE_PATH } from '../../common/constants'; const { setup } = pageHelpers.watchEdit; describe('', () => { - const { server, httpRequestsMockHelpers } = setupEnvironment(); + const { httpSetup, httpRequestsMockHelpers } = setupEnvironment(); let testBed: WatchEditTestBed; beforeAll(() => { @@ -39,14 +26,13 @@ describe('', () => { afterAll(() => { jest.useRealTimers(); - server.restore(); }); describe('Advanced watch', () => { beforeEach(async () => { - httpRequestsMockHelpers.setLoadWatchResponse(WATCH); + httpRequestsMockHelpers.setLoadWatchResponse(WATCH_ID, WATCH); - testBed = await setup(); + testBed = await setup(httpSetup); testBed.component.update(); }); @@ -82,31 +68,32 @@ describe('', () => { actions.clickSubmitButton(); }); - const latestRequest = server.requests[server.requests.length - 1]; - const DEFAULT_LOGGING_ACTION_ID = 'logging_1'; const DEFAULT_LOGGING_ACTION_TYPE = 'logging'; const DEFAULT_LOGGING_ACTION_TEXT = 'There are {{ctx.payload.hits.total}} documents in your index. Threshold is 10.'; - expect(latestRequest.requestBody).toEqual( - wrapBodyResponse({ - id: watch.id, - name: EDITED_WATCH_NAME, - type: watch.type, - isNew: false, - isActive: true, - actions: [ - { - id: DEFAULT_LOGGING_ACTION_ID, - type: DEFAULT_LOGGING_ACTION_TYPE, - text: DEFAULT_LOGGING_ACTION_TEXT, - [DEFAULT_LOGGING_ACTION_TYPE]: { + expect(httpSetup.put).toHaveBeenLastCalledWith( + `${API_BASE_PATH}/watch/${watch.id}`, + expect.objectContaining({ + body: JSON.stringify({ + id: watch.id, + name: EDITED_WATCH_NAME, + type: watch.type, + isNew: false, + isActive: true, + actions: [ + { + id: DEFAULT_LOGGING_ACTION_ID, + type: DEFAULT_LOGGING_ACTION_TYPE, text: DEFAULT_LOGGING_ACTION_TEXT, + [DEFAULT_LOGGING_ACTION_TYPE]: { + text: DEFAULT_LOGGING_ACTION_TEXT, + }, }, - }, - ], - watch: defaultWatch, + ], + watch: defaultWatch, + }), }) ); }); @@ -115,7 +102,7 @@ describe('', () => { describe('Threshold watch', () => { const watch = getWatch({ - id: getRandomString(), + id: WATCH_ID, type: 'threshold', name: 'my_threshold_watch', timeField: '@timestamp', @@ -130,9 +117,9 @@ describe('', () => { }); beforeEach(async () => { - httpRequestsMockHelpers.setLoadWatchResponse({ watch }); + httpRequestsMockHelpers.setLoadWatchResponse(WATCH_ID, { watch }); - testBed = await setup(); + testBed = await setup(httpSetup); testBed.component.update(); }); @@ -161,8 +148,6 @@ describe('', () => { actions.clickSubmitButton(); }); - const latestRequest = server.requests[server.requests.length - 1]; - const { id, type, @@ -177,25 +162,28 @@ describe('', () => { threshold, } = watch; - expect(latestRequest.requestBody).toEqual( - wrapBodyResponse({ - id, - name: EDITED_WATCH_NAME, - type, - isNew: false, - isActive: true, - actions: [], - timeField, - triggerIntervalSize, - triggerIntervalUnit, - aggType, - termSize, - termOrder: 'desc', - thresholdComparator, - timeWindowSize, - timeWindowUnit, - hasTermsAgg: false, - threshold: threshold && threshold[0], + expect(httpSetup.put).toHaveBeenLastCalledWith( + `${API_BASE_PATH}/watch/${watch.id}`, + expect.objectContaining({ + body: JSON.stringify({ + id, + name: EDITED_WATCH_NAME, + type, + isNew: false, + isActive: true, + actions: [], + timeField, + triggerIntervalSize, + triggerIntervalUnit, + aggType, + termSize, + termOrder: 'desc', + thresholdComparator, + timeWindowSize, + timeWindowUnit, + hasTermsAgg: false, + threshold: threshold && threshold[0], + }), }) ); }); diff --git a/x-pack/plugins/watcher/__jest__/client_integration/watch_list.test.ts b/x-pack/plugins/watcher/__jest__/client_integration/watch_list.test.ts index 1a396a007dd0c..ac1e7291b187a 100644 --- a/x-pack/plugins/watcher/__jest__/client_integration/watch_list.test.ts +++ b/x-pack/plugins/watcher/__jest__/client_integration/watch_list.test.ts @@ -7,16 +7,14 @@ import { act } from 'react-dom/test-utils'; import * as fixtures from '../../__fixtures__'; -import { ROUTES } from '../../common/constants'; import { setupEnvironment, pageHelpers, getRandomString, findTestSubject } from './helpers'; import { WatchListTestBed } from './helpers/watch_list.helpers'; - -const { API_ROOT } = ROUTES; +import { API_BASE_PATH } from '../../common/constants'; const { setup } = pageHelpers.watchList; describe('', () => { - const { server, httpRequestsMockHelpers } = setupEnvironment(); + const { httpSetup, httpRequestsMockHelpers } = setupEnvironment(); let testBed: WatchListTestBed; beforeAll(() => { @@ -25,7 +23,6 @@ describe('', () => { afterAll(() => { jest.useRealTimers(); - server.restore(); }); describe('on component mount', () => { @@ -35,7 +32,7 @@ describe('', () => { httpRequestsMockHelpers.setLoadWatchesResponse({ watches: [] }); await act(async () => { - testBed = await setup(); + testBed = await setup(httpSetup); }); testBed.component.update(); }); @@ -73,7 +70,7 @@ describe('', () => { httpRequestsMockHelpers.setLoadWatchesResponse({ watches }); await act(async () => { - testBed = await setup(); + testBed = await setup(httpSetup); }); testBed.component.update(); @@ -241,10 +238,10 @@ describe('', () => { confirmButton!.click(); }); - const latestRequest = server.requests[server.requests.length - 1]; - - expect(latestRequest.method).toBe('POST'); - expect(latestRequest.url).toBe(`${API_ROOT}/watches/delete`); + expect(httpSetup.post).toHaveBeenLastCalledWith( + `${API_BASE_PATH}/watches/delete`, + expect.anything() + ); }); }); }); diff --git a/x-pack/plugins/watcher/__jest__/client_integration/watch_status.test.ts b/x-pack/plugins/watcher/__jest__/client_integration/watch_status.test.ts index 1b1b813617da6..901ebf156911f 100644 --- a/x-pack/plugins/watcher/__jest__/client_integration/watch_status.test.ts +++ b/x-pack/plugins/watcher/__jest__/client_integration/watch_status.test.ts @@ -8,12 +8,11 @@ import { act } from 'react-dom/test-utils'; import moment from 'moment'; import { getWatchHistory } from '../../__fixtures__'; -import { ROUTES, WATCH_STATES, ACTION_STATES } from '../../common/constants'; +import { WATCH_STATES, ACTION_STATES } from '../../common/constants'; import { setupEnvironment, pageHelpers } from './helpers'; import { WatchStatusTestBed } from './helpers/watch_status.helpers'; -import { WATCH } from './helpers/jest_constants'; - -const { API_ROOT } = ROUTES; +import { WATCH, WATCH_ID } from './helpers/jest_constants'; +import { API_BASE_PATH } from '../../common/constants'; const { setup } = pageHelpers.watchStatus; @@ -40,7 +39,7 @@ const watch = { }; describe('', () => { - const { server, httpRequestsMockHelpers } = setupEnvironment(); + const { httpSetup, httpRequestsMockHelpers } = setupEnvironment(); let testBed: WatchStatusTestBed; beforeAll(() => { @@ -49,15 +48,14 @@ describe('', () => { afterAll(() => { jest.useRealTimers(); - server.restore(); }); describe('on component mount', () => { beforeEach(async () => { - httpRequestsMockHelpers.setLoadWatchResponse({ watch }); - httpRequestsMockHelpers.setLoadWatchHistoryResponse(watchHistoryItems); + httpRequestsMockHelpers.setLoadWatchResponse(WATCH_ID, { watch }); + httpRequestsMockHelpers.setLoadWatchHistoryResponse(WATCH_ID, watchHistoryItems); - testBed = await setup(); + testBed = await setup(httpSetup); testBed.component.update(); }); @@ -127,14 +125,14 @@ describe('', () => { const formattedStartTime = moment(watchHistoryItem.startTime).format(); - httpRequestsMockHelpers.setLoadWatchHistoryItemResponse({ watchHistoryItem }); + httpRequestsMockHelpers.setLoadWatchHistoryItemResponse(WATCH_ID, { watchHistoryItem }); await actions.clickWatchExecutionAt(0, formattedStartTime); - const latestRequest = server.requests[server.requests.length - 1]; - - expect(latestRequest.method).toBe('GET'); - expect(latestRequest.url).toBe(`${API_ROOT}/history/${watchHistoryItem.id}`); + expect(httpSetup.get).toHaveBeenLastCalledWith( + `${API_BASE_PATH}/history/${watchHistoryItem.id}`, + expect.anything() + ); expect(exists('watchHistoryDetailFlyout')).toBe(true); }); @@ -179,10 +177,10 @@ describe('', () => { }); component.update(); - const latestRequest = server.requests[server.requests.length - 1]; - - expect(latestRequest.method).toBe('POST'); - expect(latestRequest.url).toBe(`${API_ROOT}/watches/delete`); + expect(httpSetup.post).toHaveBeenLastCalledWith( + `${API_BASE_PATH}/watches/delete`, + expect.anything() + ); }); }); @@ -190,7 +188,7 @@ describe('', () => { test('should send the correct HTTP request to deactivate and activate a watch', async () => { const { actions } = testBed; - httpRequestsMockHelpers.setDeactivateWatchResponse({ + httpRequestsMockHelpers.setDeactivateWatchResponse(WATCH_ID, { watchStatus: { state: WATCH_STATES.DISABLED, isActive: false, @@ -199,12 +197,12 @@ describe('', () => { await actions.clickToggleActivationButton(); - const deactivateRequest = server.requests[server.requests.length - 1]; - - expect(deactivateRequest.method).toBe('PUT'); - expect(deactivateRequest.url).toBe(`${API_ROOT}/watch/${watch.id}/deactivate`); + expect(httpSetup.put).toHaveBeenLastCalledWith( + `${API_BASE_PATH}/watch/${watch.id}/deactivate`, + expect.anything() + ); - httpRequestsMockHelpers.setActivateWatchResponse({ + httpRequestsMockHelpers.setActivateWatchResponse(WATCH_ID, { watchStatus: { state: WATCH_STATES.FIRING, isActive: true, @@ -213,10 +211,10 @@ describe('', () => { await actions.clickToggleActivationButton(); - const activateRequest = server.requests[server.requests.length - 1]; - - expect(activateRequest.method).toBe('PUT'); - expect(activateRequest.url).toBe(`${API_ROOT}/watch/${watch.id}/activate`); + expect(httpSetup.put).toHaveBeenLastCalledWith( + `${API_BASE_PATH}/watch/${watch.id}/activate`, + expect.anything() + ); }); }); @@ -242,7 +240,7 @@ describe('', () => { test('should allow an action to be acknowledged', async () => { const { actions, table } = testBed; - httpRequestsMockHelpers.setAcknowledgeWatchResponse({ + httpRequestsMockHelpers.setAcknowledgeWatchResponse(WATCH_ID, ACTION_ID, { watchStatus: { state: WATCH_STATES.FIRING, isActive: true, @@ -259,11 +257,12 @@ describe('', () => { await actions.clickAcknowledgeButton(0); - const latestRequest = server.requests[server.requests.length - 1]; - - expect(latestRequest.method).toBe('PUT'); - expect(latestRequest.url).toBe( - `${API_ROOT}/watch/${watch.id}/action/${ACTION_ID}/acknowledge` + // In previous tests we make calls to activate and deactivate using the put method, + // so we need to expect that the acknowledge api call will be the third. + const indexOfAcknowledgeApiCall = 3; + expect(httpSetup.put).toHaveBeenNthCalledWith( + indexOfAcknowledgeApiCall, + `${API_BASE_PATH}/watch/${watch.id}/action/${ACTION_ID}/acknowledge` ); const { tableCellsValues } = table.getMetaData('watchActionStatusTable'); diff --git a/x-pack/plugins/watcher/common/constants/index.ts b/x-pack/plugins/watcher/common/constants/index.ts index 4d497ed1ea67f..153d4e087b064 100644 --- a/x-pack/plugins/watcher/common/constants/index.ts +++ b/x-pack/plugins/watcher/common/constants/index.ts @@ -16,7 +16,7 @@ export { LISTS } from './lists'; export { PAGINATION } from './pagination'; export { PLUGIN } from './plugin'; export { REFRESH_INTERVALS } from './refresh_intervals'; -export { ROUTES } from './routes'; +export { ROUTES, API_BASE_PATH } from './routes'; export { SORT_ORDERS } from './sort_orders'; export { TIME_UNITS } from './time_units'; export { WATCH_STATE_COMMENTS } from './watch_state_comments'; diff --git a/x-pack/plugins/watcher/common/constants/routes.ts b/x-pack/plugins/watcher/common/constants/routes.ts index c45c699c8e1bb..c7df203bb75da 100644 --- a/x-pack/plugins/watcher/common/constants/routes.ts +++ b/x-pack/plugins/watcher/common/constants/routes.ts @@ -5,6 +5,8 @@ * 2.0. */ +export const API_BASE_PATH = '/api/watcher'; + export const ROUTES: { [key: string]: string } = { - API_ROOT: '/api/watcher', + API_ROOT: API_BASE_PATH, }; diff --git a/x-pack/plugins/watcher/public/application/app.tsx b/x-pack/plugins/watcher/public/application/app.tsx index 2f8ca489a5787..7f93d5d8cf798 100644 --- a/x-pack/plugins/watcher/public/application/app.tsx +++ b/x-pack/plugins/watcher/public/application/app.tsx @@ -13,6 +13,7 @@ import { ToastsSetup, IUiSettingsClient, ApplicationStart, + ExecutionContextStart, } from 'kibana/public'; import { Router, Switch, Route, Redirect, withRouter, RouteComponentProps } from 'react-router-dom'; @@ -26,13 +27,14 @@ import { ManagementAppMountParams, } from '../../../../../src/plugins/management/public'; +import { ChartsPluginSetup } from '../../../../../src/plugins/charts/public'; import { LicenseStatus } from '../../common/types/license_status'; import { WatchStatus } from './sections/watch_status/components/watch_status'; import { WatchEdit } from './sections/watch_edit/components/watch_edit'; import { WatchList } from './sections/watch_list/components/watch_list'; import { registerRouter } from './lib/navigation'; import { AppContextProvider } from './app_context'; -import { ChartsPluginSetup } from '../../../../../src/plugins/charts/public'; +import { useExecutionContext } from './shared_imports'; const ShareRouter = withRouter(({ children, history }: RouteComponentProps & { children: any }) => { registerRouter({ history }); @@ -50,6 +52,7 @@ export interface AppDeps { setBreadcrumbs: Parameters[0]['setBreadcrumbs']; history: ManagementAppMountParams['history']; getUrlForApp: ApplicationStart['getUrlForApp']; + executionContext: ExecutionContextStart; } export const App = (deps: AppDeps) => { @@ -60,6 +63,11 @@ export const App = (deps: AppDeps) => { return () => s.unsubscribe(); }, [deps.licenseStatus$]); + useExecutionContext(deps.executionContext, { + type: 'application', + page: 'watcher', + }); + if (!valid) { return ( diff --git a/x-pack/plugins/watcher/public/application/shared_imports.ts b/x-pack/plugins/watcher/public/application/shared_imports.ts index 0e11e0fdcf9be..4001b55bfdd2e 100644 --- a/x-pack/plugins/watcher/public/application/shared_imports.ts +++ b/x-pack/plugins/watcher/public/application/shared_imports.ts @@ -19,4 +19,7 @@ export { EuiCodeEditor, } from '../../../../../src/plugins/es_ui_shared/public'; -export { KibanaThemeProvider } from '../../../../../src/plugins/kibana_react/public'; +export { + KibanaThemeProvider, + useExecutionContext, +} from '../../../../../src/plugins/kibana_react/public'; diff --git a/x-pack/plugins/watcher/public/plugin.ts b/x-pack/plugins/watcher/public/plugin.ts index dcc9d9fd56fdc..2da4415010d6c 100644 --- a/x-pack/plugins/watcher/public/plugin.ts +++ b/x-pack/plugins/watcher/public/plugin.ts @@ -50,6 +50,7 @@ export class WatcherUIPlugin implements Plugin { docLinks, savedObjects, application, + executionContext, } = coreStart; docTitle.change(pluginName); @@ -74,6 +75,7 @@ export class WatcherUIPlugin implements Plugin { history, getUrlForApp: application.getUrlForApp, theme$, + executionContext, }); return () => { diff --git a/x-pack/test/api_integration/apis/index.ts b/x-pack/test/api_integration/apis/index.ts index b37d88a5dc426..ec964f97922ad 100644 --- a/x-pack/test/api_integration/apis/index.ts +++ b/x-pack/test/api_integration/apis/index.ts @@ -35,5 +35,6 @@ export default function ({ loadTestFile }: FtrProviderContext) { loadTestFile(require.resolve('./file_upload')); loadTestFile(require.resolve('./ml')); loadTestFile(require.resolve('./watcher')); + loadTestFile(require.resolve('./logs_ui')); }); } diff --git a/x-pack/plugins/watcher/__jest__/client_integration/helpers/body_response.ts b/x-pack/test/api_integration/apis/logs_ui/index.ts similarity index 53% rename from x-pack/plugins/watcher/__jest__/client_integration/helpers/body_response.ts rename to x-pack/test/api_integration/apis/logs_ui/index.ts index dce7213297388..125ca65f52734 100644 --- a/x-pack/plugins/watcher/__jest__/client_integration/helpers/body_response.ts +++ b/x-pack/test/api_integration/apis/logs_ui/index.ts @@ -5,6 +5,10 @@ * 2.0. */ -export const wrapBodyResponse = (obj: object) => JSON.stringify({ body: JSON.stringify(obj) }); +import { FtrProviderContext } from '../../ftr_provider_context'; -export const unwrapBodyResponse = (string: string) => JSON.parse(JSON.parse(string).body); +export default function ({ loadTestFile }: FtrProviderContext) { + describe('Logs UI routes', () => { + loadTestFile(require.resolve('./log_views')); + }); +} diff --git a/x-pack/test/api_integration/apis/logs_ui/log_views.ts b/x-pack/test/api_integration/apis/logs_ui/log_views.ts new file mode 100644 index 0000000000000..e2b316218c9fd --- /dev/null +++ b/x-pack/test/api_integration/apis/logs_ui/log_views.ts @@ -0,0 +1,200 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import expect from '@kbn/expect'; +import { defaultLogViewId, LogViewAttributes } from '../../../../plugins/infra/common/log_views'; +import { + defaultSourceConfiguration, + infraSourceConfigurationSavedObjectName, + mergeSourceConfiguration, +} from '../../../../plugins/infra/server/lib/sources'; +import { extractSavedObjectReferences } from '../../../../plugins/infra/server/lib/sources/saved_object_references'; +import { logViewSavedObjectName } from '../../../../plugins/infra/server/saved_objects/log_view'; +import { FtrProviderContext } from '../../ftr_provider_context'; + +export default function ({ getService }: FtrProviderContext) { + const logViewsService = getService('infraLogViews'); + const kibanaServer = getService('kibanaServer'); + + describe('log view', () => { + describe('GET', () => { + before(async () => { + await kibanaServer.savedObjects.clean({ + types: [infraSourceConfigurationSavedObjectName, logViewSavedObjectName], + }); + }); + + afterEach(async () => { + await kibanaServer.savedObjects.clean({ + types: [infraSourceConfigurationSavedObjectName, logViewSavedObjectName], + }); + }); + + it('falls back to the static infra source default', async () => { + const logView = await logViewsService.getLogView('NONEXISTENT_LOG_VIEW'); + expect(logView.data.origin).to.eql('infra-source-fallback'); + }); + + it('falls back to a stored infra source', async () => { + await kibanaServer.savedObjects.create({ + id: 'default', + type: infraSourceConfigurationSavedObjectName, + overwrite: true, + ...extractSavedObjectReferences( + mergeSourceConfiguration(defaultSourceConfiguration, { + name: 'Test Infra Source', + logIndices: { type: 'index_pattern', indexPatternId: 'NONEXISTENT_INDEX_PATTERN' }, + }) + ), + }); + const logView = await logViewsService.getLogView('default'); + expect(logView.data.origin).to.eql('infra-source-stored'); + expect(logView.data.attributes.name).to.eql('Test Infra Source'); + expect(logView.data.attributes.logIndices).to.eql({ + type: 'data_view', + dataViewId: 'NONEXISTENT_INDEX_PATTERN', + }); + }); + }); + + describe('PUT', () => { + before(async () => { + await kibanaServer.savedObjects.clean({ + types: [infraSourceConfigurationSavedObjectName, logViewSavedObjectName], + }); + }); + + afterEach(async () => { + await kibanaServer.savedObjects.clean({ + types: [infraSourceConfigurationSavedObjectName, logViewSavedObjectName], + }); + }); + + it('stores new log views', async () => { + const logViewAttributes: Partial = { + name: 'Test Log View 1', + description: 'Test Description 1', + logIndices: { type: 'data_view', dataViewId: 'NONEXISTENT_DATA_VIEW' }, + logColumns: [], + }; + + const storedLogView = await logViewsService.putLogView('TEST_LOG_VIEW_1', { + attributes: logViewAttributes, + }); + + expect(storedLogView.data.attributes).to.eql(logViewAttributes); + + const fetchedLogView = await logViewsService.getLogView('TEST_LOG_VIEW_1'); + + expect(fetchedLogView.data.attributes).to.eql(logViewAttributes); + }); + + it('stores new partial log views with default attributes', async () => { + const storedLogView = await logViewsService.putLogView('TEST_LOG_VIEW_1', { + attributes: {}, + }); + + expect(storedLogView.data.attributes.name).to.be.a('string'); + expect(storedLogView.data.attributes.description).to.be.a('string'); + expect(storedLogView.data.attributes.logIndices.type).to.be.a('string'); + expect(storedLogView.data.attributes.logColumns).to.be.an('array'); + expect(storedLogView.data.attributes.logColumns).to.not.be.empty(); + + const fetchedLogView = await logViewsService.getLogView('TEST_LOG_VIEW_1'); + + expect(fetchedLogView.data.attributes.name).to.be.a('string'); + expect(fetchedLogView.data.attributes.description).to.be.a('string'); + expect(fetchedLogView.data.attributes.logIndices.type).to.be.a('string'); + expect(fetchedLogView.data.attributes.logColumns).to.be.an('array'); + expect(fetchedLogView.data.attributes.logColumns).to.not.be.empty(); + }); + + it('overwrites existing log views', async () => { + const initialLogViewAttributes: Partial = { + name: 'Test Log View 1', + description: 'Test Description 1', + logIndices: { type: 'data_view', dataViewId: 'NONEXISTENT_DATA_VIEW' }, + logColumns: [], + }; + const changedLogViewAttributes: Partial = { + name: 'Test Log View 1A', + description: 'Test Description 1A', + logIndices: { type: 'data_view', dataViewId: 'NONEXISTENT_DATA_VIEW_A' }, + logColumns: [{ timestampColumn: { id: 'TIMESTAMP_COLUMN' } }], + }; + + const initialStoredLogView = await logViewsService.putLogView('TEST_LOG_VIEW_1', { + attributes: initialLogViewAttributes, + }); + + expect(initialStoredLogView.data.attributes).to.eql(initialLogViewAttributes); + + const changedStoredLogView = await logViewsService.putLogView('TEST_LOG_VIEW_1', { + attributes: changedLogViewAttributes, + }); + + expect(changedStoredLogView.data.attributes).to.eql(changedLogViewAttributes); + }); + + it('overwrites existing default log view', async () => { + const oldestLogViewAttributes: Partial = { + name: 'Oldest Log View 1', + description: 'Oldest Description 1', + logIndices: { type: 'data_view', dataViewId: 'NONEXISTENT_DATA_VIEW' }, + logColumns: [], + }; + const newerLogViewAttributes: Partial = { + name: 'Newer Log View 1', + description: 'Newer Description 1', + logIndices: { type: 'data_view', dataViewId: 'NONEXISTENT_DATA_VIEW' }, + logColumns: [], + }; + const newestLogViewAttributes: Partial = { + name: 'Newest Log View 1A', + description: 'Newest Description 1A', + logIndices: { type: 'data_view', dataViewId: 'NONEXISTENT_DATA_VIEW_A' }, + logColumns: [{ timestampColumn: { id: 'TIMESTAMP_COLUMN' } }], + }; + + // initially this is the default view + const oldestStoredLogView = await logViewsService.putLogView('OLDEST_LOG_VIEW_ID', { + attributes: oldestLogViewAttributes, + }); + + // check that it's interpreted as the default view + const fetchedOldestLogView = await logViewsService.getLogView(defaultLogViewId); + + expect(oldestStoredLogView).to.eql(fetchedOldestLogView); + + // this becomes the default view now + const newerStoredLogView = await logViewsService.putLogView('NEWER_LOG_VIEW_ID', { + attributes: newerLogViewAttributes, + }); + + expect(newerStoredLogView.data.attributes).to.eql(newerLogViewAttributes); + + // this update should change the newer view + const newestStoredLogView = await logViewsService.putLogView(defaultLogViewId, { + attributes: newestLogViewAttributes, + }); + + expect(newestStoredLogView.data.attributes).to.eql(newestLogViewAttributes); + + // check that default id translation works + expect(newerStoredLogView.data.id).to.eql(newestStoredLogView.data.id); + + // check that the oldest view is unchanged + const refetchedOldestLogView = await logViewsService.getLogView('OLDEST_LOG_VIEW_ID'); + expect(refetchedOldestLogView).to.eql(fetchedOldestLogView); + + // check that the newer view has been changed + const refetchedNewerLogView = await logViewsService.getLogView('NEWER_LOG_VIEW_ID'); + expect(refetchedNewerLogView).to.eql(newestStoredLogView); + }); + }); + }); +} diff --git a/x-pack/test/api_integration/apis/metrics_ui/index.js b/x-pack/test/api_integration/apis/metrics_ui/index.js index 77560d966350e..150a123121051 100644 --- a/x-pack/test/api_integration/apis/metrics_ui/index.js +++ b/x-pack/test/api_integration/apis/metrics_ui/index.js @@ -9,7 +9,6 @@ export default function ({ loadTestFile }) { describe('MetricsUI Endpoints', () => { loadTestFile(require.resolve('./metadata')); loadTestFile(require.resolve('./log_entry_highlights')); - loadTestFile(require.resolve('./log_sources')); loadTestFile(require.resolve('./log_summary')); loadTestFile(require.resolve('./metrics')); loadTestFile(require.resolve('./sources')); diff --git a/x-pack/test/api_integration/apis/metrics_ui/inventory_threshold_alert.ts b/x-pack/test/api_integration/apis/metrics_ui/inventory_threshold_alert.ts index 0deff26e00aad..456d69d90ad45 100644 --- a/x-pack/test/api_integration/apis/metrics_ui/inventory_threshold_alert.ts +++ b/x-pack/test/api_integration/apis/metrics_ui/inventory_threshold_alert.ts @@ -232,6 +232,132 @@ export default function ({ getService }: FtrProviderContext) { }); }); + describe('Custom rate metric per host', () => { + before(() => esArchiver.load('x-pack/test/functional/es_archives/infra/8.0.0/hosts_only')); + after(() => esArchiver.unload('x-pack/test/functional/es_archives/infra/8.0.0/hosts_only')); + it('should work FOR LAST 1 minute', async () => { + const results = await evaluateCondition({ + ...baseOptions, + condition: { + ...baseCondition, + metric: 'custom', + customMetric: { + type: 'custom', + id: 'alert-custom-metric', + aggregation: 'rate', + field: 'system.network.in.bytes', + label: 'RX', + }, + threshold: [1], + }, + esClient, + }); + expect(results).to.eql({ + 'host-0': { + metric: 'custom', + timeSize: 1, + timeUnit: 'm', + sourceId: 'default', + threshold: [1], + comparator: '>', + customMetric: { + type: 'custom', + id: 'alert-custom-metric', + aggregation: 'rate', + field: 'system.network.in.bytes', + label: 'RX', + }, + shouldFire: true, + shouldWarn: false, + isNoData: false, + isError: false, + currentValue: 833.3333333333334, + }, + 'host-1': { + metric: 'custom', + timeSize: 1, + timeUnit: 'm', + sourceId: 'default', + threshold: [1], + comparator: '>', + customMetric: { + type: 'custom', + id: 'alert-custom-metric', + aggregation: 'rate', + field: 'system.network.in.bytes', + label: 'RX', + }, + shouldFire: true, + shouldWarn: false, + isNoData: false, + isError: false, + currentValue: 1000, + }, + }); + }); + it('should work FOR LAST 5 minute', async () => { + const results = await evaluateCondition({ + ...baseOptions, + condition: { + ...baseCondition, + metric: 'custom', + customMetric: { + type: 'custom', + id: 'alert-custom-metric', + aggregation: 'rate', + field: 'system.network.in.bytes', + label: 'RX', + }, + threshold: [1], + timeSize: 5, + }, + esClient, + }); + expect(results).to.eql({ + 'host-0': { + metric: 'custom', + timeSize: 5, + timeUnit: 'm', + sourceId: 'default', + threshold: [1], + comparator: '>', + customMetric: { + type: 'custom', + id: 'alert-custom-metric', + aggregation: 'rate', + field: 'system.network.in.bytes', + label: 'RX', + }, + shouldFire: true, + shouldWarn: false, + isNoData: false, + isError: false, + currentValue: 1133.3333333333333, + }, + 'host-1': { + metric: 'custom', + timeSize: 5, + timeUnit: 'm', + sourceId: 'default', + threshold: [1], + comparator: '>', + customMetric: { + type: 'custom', + id: 'alert-custom-metric', + aggregation: 'rate', + field: 'system.network.in.bytes', + label: 'RX', + }, + shouldFire: true, + shouldWarn: false, + isNoData: false, + isError: false, + currentValue: 1133.3333333333333, + }, + }); + }); + }); + describe('Log rate per host', () => { before(() => esArchiver.load('x-pack/test/functional/es_archives/infra/8.0.0/hosts_only')); after(() => esArchiver.unload('x-pack/test/functional/es_archives/infra/8.0.0/hosts_only')); diff --git a/x-pack/test/api_integration/apis/metrics_ui/log_sources.ts b/x-pack/test/api_integration/apis/metrics_ui/log_sources.ts deleted file mode 100644 index 516c262429299..0000000000000 --- a/x-pack/test/api_integration/apis/metrics_ui/log_sources.ts +++ /dev/null @@ -1,183 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import expect from '@kbn/expect'; -import { beforeEach } from 'mocha'; -import { - getLogSourceConfigurationSuccessResponsePayloadRT, - patchLogSourceConfigurationSuccessResponsePayloadRT, -} from '../../../../plugins/infra/common/http_api/log_sources'; -import { decodeOrThrow } from '../../../../plugins/infra/common/runtime_types'; -import { FtrProviderContext } from '../../ftr_provider_context'; - -export default function ({ getService }: FtrProviderContext) { - const esArchiver = getService('esArchiver'); - const logSourceConfiguration = getService('infraLogSourceConfiguration'); - - describe('log sources api', () => { - before(() => esArchiver.load('x-pack/test/functional/es_archives/infra/metrics_and_logs')); - after(() => esArchiver.unload('x-pack/test/functional/es_archives/infra/metrics_and_logs')); - beforeEach(() => esArchiver.load('x-pack/test/functional/es_archives/empty_kibana')); - afterEach(() => esArchiver.unload('x-pack/test/functional/es_archives/empty_kibana')); - - describe('source configuration get method for non-existant source', () => { - it('returns the default source configuration', async () => { - const response = await logSourceConfiguration - .createGetLogSourceConfigurationAgent('default') - .expect(200); - - const { - data: { configuration, origin }, - } = decodeOrThrow(getLogSourceConfigurationSuccessResponsePayloadRT)(response.body); - - expect(origin).to.be('fallback'); - expect(configuration.name).to.be('Default'); - expect(configuration.logIndices).to.eql({ - type: 'index_name', - indexName: 'logs-*,filebeat-*,kibana_sample_data_logs*', - }); - expect(configuration.logColumns[0]).to.have.key('timestampColumn'); - expect(configuration.logColumns[1]).to.have.key('fieldColumn'); - expect(configuration.logColumns[2]).to.have.key('messageColumn'); - }); - }); - - describe('source configuration patch method for non-existant source', () => { - it('creates a source configuration', async () => { - const response = await logSourceConfiguration - .createUpdateLogSourceConfigurationAgent('default', { - name: 'NAME', - description: 'DESCRIPTION', - logIndices: { - type: 'index_pattern', - indexPatternId: 'kip-id', - }, - logColumns: [ - { - messageColumn: { - id: 'MESSAGE_COLUMN', - }, - }, - ], - }) - .expect(200); - - // check direct response - const { - data: { configuration, origin }, - } = decodeOrThrow(patchLogSourceConfigurationSuccessResponsePayloadRT)(response.body); - - expect(configuration.name).to.be('NAME'); - expect(origin).to.be('stored'); - expect(configuration.logIndices).to.eql({ - type: 'index_pattern', - indexPatternId: 'kip-id', - }); - expect(configuration.logColumns).to.have.length(1); - expect(configuration.logColumns[0]).to.have.key('messageColumn'); - - // check for persistence - const { - data: { configuration: persistedConfiguration }, - } = await logSourceConfiguration.getLogSourceConfiguration('default'); - - expect(configuration).to.eql(persistedConfiguration); - }); - - it('creates a source configuration with default values for unspecified properties', async () => { - const response = await logSourceConfiguration - .createUpdateLogSourceConfigurationAgent('default', {}) - .expect(200); - - const { - data: { configuration, origin }, - } = decodeOrThrow(patchLogSourceConfigurationSuccessResponsePayloadRT)(response.body); - - expect(configuration.name).to.be('Default'); - expect(origin).to.be('stored'); - expect(configuration.logIndices).eql({ - type: 'index_name', - indexName: 'logs-*,filebeat-*,kibana_sample_data_logs*', - }); - expect(configuration.logColumns).to.have.length(3); - expect(configuration.logColumns[0]).to.have.key('timestampColumn'); - expect(configuration.logColumns[1]).to.have.key('fieldColumn'); - expect(configuration.logColumns[2]).to.have.key('messageColumn'); - - // check for persistence - const { - data: { configuration: persistedConfiguration, origin: persistedOrigin }, - } = await logSourceConfiguration.getLogSourceConfiguration('default'); - - expect(persistedOrigin).to.be('stored'); - expect(configuration).to.eql(persistedConfiguration); - }); - }); - - describe('source configuration patch method for existing source', () => { - beforeEach(async () => { - await logSourceConfiguration.updateLogSourceConfiguration('default', {}); - }); - - it('updates a source configuration', async () => { - const response = await logSourceConfiguration - .createUpdateLogSourceConfigurationAgent('default', { - name: 'NAME', - description: 'DESCRIPTION', - logIndices: { - type: 'index_pattern', - indexPatternId: 'kip-id', - }, - logColumns: [ - { - messageColumn: { - id: 'MESSAGE_COLUMN', - }, - }, - ], - }) - .expect(200); - - const { - data: { configuration, origin }, - } = decodeOrThrow(patchLogSourceConfigurationSuccessResponsePayloadRT)(response.body); - - expect(configuration.name).to.be('NAME'); - expect(origin).to.be('stored'); - expect(configuration.logIndices).to.eql({ - type: 'index_pattern', - indexPatternId: 'kip-id', - }); - expect(configuration.logColumns).to.have.length(1); - expect(configuration.logColumns[0]).to.have.key('messageColumn'); - }); - - it('partially updates a source configuration', async () => { - const response = await logSourceConfiguration - .createUpdateLogSourceConfigurationAgent('default', { - name: 'NAME', - }) - .expect(200); - - const { - data: { configuration, origin }, - } = decodeOrThrow(patchLogSourceConfigurationSuccessResponsePayloadRT)(response.body); - - expect(configuration.name).to.be('NAME'); - expect(origin).to.be('stored'); - expect(configuration.logIndices).to.eql({ - type: 'index_name', - indexName: 'logs-*,filebeat-*,kibana_sample_data_logs*', - }); - expect(configuration.logColumns).to.have.length(3); - expect(configuration.logColumns[0]).to.have.key('timestampColumn'); - expect(configuration.logColumns[1]).to.have.key('fieldColumn'); - expect(configuration.logColumns[2]).to.have.key('messageColumn'); - }); - }); - }); -} diff --git a/x-pack/test/api_integration/services/index.ts b/x-pack/test/api_integration/services/index.ts index cf439eb7cd5a8..5db28d64cf953 100644 --- a/x-pack/test/api_integration/services/index.ts +++ b/x-pack/test/api_integration/services/index.ts @@ -16,7 +16,6 @@ import { SupertestWithoutAuthProvider } from './supertest_without_auth'; import { UsageAPIProvider } from './usage_api'; import { InfraOpsSourceConfigurationProvider } from './infraops_source_configuration'; -import { InfraLogSourceConfigurationProvider } from './infra_log_source_configuration'; import { MachineLearningProvider } from './ml'; import { IngestManagerProvider } from '../../common/services/ingest_manager'; import { TransformProvider } from './transform'; @@ -29,7 +28,6 @@ export const services = { esSupertestWithoutAuth: EsSupertestWithoutAuthProvider, infraOpsSourceConfiguration: InfraOpsSourceConfigurationProvider, - infraLogSourceConfiguration: InfraLogSourceConfigurationProvider, supertestWithoutAuth: SupertestWithoutAuthProvider, usageAPI: UsageAPIProvider, ml: MachineLearningProvider, diff --git a/x-pack/test/api_integration/services/infra_log_source_configuration.ts b/x-pack/test/api_integration/services/infra_log_source_configuration.ts deleted file mode 100644 index cc8eaa81a9e7f..0000000000000 --- a/x-pack/test/api_integration/services/infra_log_source_configuration.ts +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { - getLogSourceConfigurationPath, - getLogSourceConfigurationSuccessResponsePayloadRT, - PatchLogSourceConfigurationRequestBody, - patchLogSourceConfigurationRequestBodyRT, - patchLogSourceConfigurationResponsePayloadRT, -} from '../../../plugins/infra/common/http_api/log_sources'; -import { decodeOrThrow } from '../../../plugins/infra/common/runtime_types'; -import { FtrProviderContext } from '../ftr_provider_context'; - -export function InfraLogSourceConfigurationProvider({ getService }: FtrProviderContext) { - const supertest = getService('supertest'); - const log = getService('log'); - - const createGetLogSourceConfigurationAgent = (sourceId: string) => - supertest - .get(getLogSourceConfigurationPath(sourceId)) - .set({ - 'kbn-xsrf': 'some-xsrf-token', - }) - .send(); - - const getLogSourceConfiguration = async (sourceId: string) => { - log.debug(`Fetching Logs UI source configuration "${sourceId}"`); - - const response = await createGetLogSourceConfigurationAgent(sourceId); - - return decodeOrThrow(getLogSourceConfigurationSuccessResponsePayloadRT)(response.body); - }; - - const createUpdateLogSourceConfigurationAgent = ( - sourceId: string, - sourceProperties: PatchLogSourceConfigurationRequestBody['data'] - ) => - supertest - .patch(getLogSourceConfigurationPath(sourceId)) - .set({ - 'kbn-xsrf': 'some-xsrf-token', - }) - .send(patchLogSourceConfigurationRequestBodyRT.encode({ data: sourceProperties })); - - const updateLogSourceConfiguration = async ( - sourceId: string, - sourceProperties: PatchLogSourceConfigurationRequestBody['data'] - ) => { - log.debug( - `Updating Logs UI source configuration "${sourceId}" with properties ${JSON.stringify( - sourceProperties - )}` - ); - - const response = await createUpdateLogSourceConfigurationAgent(sourceId, sourceProperties); - - return decodeOrThrow(patchLogSourceConfigurationResponsePayloadRT)(response.body); - }; - - return { - createGetLogSourceConfigurationAgent, - createUpdateLogSourceConfigurationAgent, - getLogSourceConfiguration, - updateLogSourceConfiguration, - }; -} diff --git a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/find_cases.ts b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/find_cases.ts index 89f6f96aeb7d1..5cf7c4947c23c 100644 --- a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/find_cases.ts +++ b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/find_cases.ts @@ -52,6 +52,7 @@ export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); const supertestWithoutAuth = getService('supertestWithoutAuth'); const esArchiver = getService('esArchiver'); + const kibanaServer = getService('kibanaServer'); describe('find_cases', () => { describe('basic tests', () => { @@ -478,6 +479,53 @@ export default ({ getService }: FtrProviderContext): void => { }); }); + describe('range queries', () => { + before(async () => { + await kibanaServer.importExport.load( + 'x-pack/test/functional/fixtures/kbn_archiver/cases/8.2.0/cases_various_dates.json' + ); + }); + + after(async () => { + await kibanaServer.importExport.unload( + 'x-pack/test/functional/fixtures/kbn_archiver/cases/8.2.0/cases_various_dates.json' + ); + await deleteAllCaseItems(es); + }); + + it('returns all cases without a range filter', async () => { + const EXPECTED_CASES = 3; + const cases = await findCases({ supertest }); + + expect(cases.total).to.be(EXPECTED_CASES); + expect(cases.count_open_cases).to.be(EXPECTED_CASES); + expect(cases.cases.length).to.be(EXPECTED_CASES); + }); + + it('respects the range parameters', async () => { + const queries = [ + { expectedCases: 2, query: { from: '2022-03-16' } }, + { expectedCases: 2, query: { to: '2022-03-21' } }, + { expectedCases: 2, query: { from: '2022-03-15', to: '2022-03-21' } }, + ]; + + for (const query of queries) { + const cases = await findCases({ + supertest, + query: query.query, + }); + + expect(cases.total).to.be(query.expectedCases); + expect(cases.count_open_cases).to.be(query.expectedCases); + expect(cases.cases.length).to.be(query.expectedCases); + } + }); + + it('returns a bad request on malformed parameter', async () => { + await findCases({ supertest, query: { from: '<' }, expectedHttpCode: 400 }); + }); + }); + describe('rbac', () => { afterEach(async () => { await deleteAllCaseItems(es); @@ -717,6 +765,40 @@ export default ({ getService }: FtrProviderContext): void => { // Only security solution cases are being returned ensureSavedObjectIsAuthorized(res.cases, 1, ['securitySolutionFixture']); }); + + describe('range queries', () => { + before(async () => { + await kibanaServer.importExport.load( + 'x-pack/test/functional/fixtures/kbn_archiver/cases/8.2.0/cases_various_dates.json', + { space: 'space1' } + ); + }); + + after(async () => { + await kibanaServer.importExport.unload( + 'x-pack/test/functional/fixtures/kbn_archiver/cases/8.2.0/cases_various_dates.json', + { space: 'space1' } + ); + await deleteAllCaseItems(es); + }); + + it('should respect the owner filter when using range queries', async () => { + const res = await findCases({ + supertest: supertestWithoutAuth, + query: { + from: '2022-03-15', + to: '2022-03-21', + }, + auth: { + user: secOnly, + space: 'space1', + }, + }); + + // Only security solution cases are being returned + ensureSavedObjectIsAuthorized(res.cases, 1, ['securitySolutionFixture']); + }); + }); }); }); }; diff --git a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/status/get_status.ts b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/status/get_status.ts index c170dc0ff3ccd..27433c09cd2e0 100644 --- a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/status/get_status.ts +++ b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/status/get_status.ts @@ -34,12 +34,9 @@ import { assertWarningHeader } from '../../../../../common/lib/validation'; export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const es = getService('es'); + const kibanaServer = getService('kibanaServer'); describe('get_status', () => { - afterEach(async () => { - await deleteAllCaseItems(es); - }); - it('should return case statuses', async () => { const [, inProgressCase, postedCase] = await Promise.all([ createCase(supertest, postCaseReq), @@ -74,7 +71,58 @@ export default ({ getService }: FtrProviderContext): void => { }); }); + describe('range queries', () => { + before(async () => { + await deleteAllCaseItems(es); + await kibanaServer.importExport.load( + 'x-pack/test/functional/fixtures/kbn_archiver/cases/8.2.0/cases_various_dates.json' + ); + }); + + after(async () => { + await kibanaServer.importExport.unload( + 'x-pack/test/functional/fixtures/kbn_archiver/cases/8.2.0/cases_various_dates.json' + ); + await deleteAllCaseItems(es); + }); + + it('returns all cases without a range filter', async () => { + const statuses = await getAllCasesStatuses({ supertest }); + + expect(statuses).to.eql({ + count_open_cases: 3, + count_closed_cases: 0, + count_in_progress_cases: 0, + }); + }); + + it('respects the range parameters', async () => { + const queries = [ + { expectedCases: 2, query: { from: '2022-03-16' } }, + { expectedCases: 2, query: { to: '2022-03-21' } }, + { expectedCases: 2, query: { from: '2022-03-15', to: '2022-03-21' } }, + ]; + + for (const query of queries) { + const statuses = await getAllCasesStatuses({ supertest, query: query.query }); + expect(statuses).to.eql({ + count_open_cases: query.expectedCases, + count_closed_cases: 0, + count_in_progress_cases: 0, + }); + } + }); + + it('returns a bad request on malformed parameter', async () => { + await getAllCasesStatuses({ supertest, query: { from: '<' }, expectedHttpCode: 400 }); + }); + }); + describe('rbac', () => { + afterEach(async () => { + await deleteAllCaseItems(es); + }); + const supertestWithoutAuth = getService('supertestWithoutAuth'); it('should return the correct status stats', async () => { @@ -183,6 +231,43 @@ export default ({ getService }: FtrProviderContext): void => { }); }); } + + describe('range queries', () => { + before(async () => { + await kibanaServer.importExport.load( + 'x-pack/test/functional/fixtures/kbn_archiver/cases/8.2.0/cases_various_dates.json', + { space: 'space1' } + ); + }); + + after(async () => { + await kibanaServer.importExport.unload( + 'x-pack/test/functional/fixtures/kbn_archiver/cases/8.2.0/cases_various_dates.json', + { space: 'space1' } + ); + await deleteAllCaseItems(es); + }); + + it('should respect the owner filter when using range queries', async () => { + const res = await getAllCasesStatuses({ + supertest: supertestWithoutAuth, + query: { + from: '2022-03-15', + to: '2022-03-21', + }, + auth: { + user: secOnly, + space: 'space1', + }, + }); + + expect(res).to.eql({ + count_open_cases: 1, + count_closed_cases: 0, + count_in_progress_cases: 0, + }); + }); + }); }); describe('deprecations', () => { diff --git a/x-pack/test/common/services/index.ts b/x-pack/test/common/services/index.ts index b015e10309efb..c51fe7a06e6ac 100644 --- a/x-pack/test/common/services/index.ts +++ b/x-pack/test/common/services/index.ts @@ -5,16 +5,16 @@ * 2.0. */ -import { services as kibanaCommonServices } from '../../../../test/common/services'; import { services as kibanaApiIntegrationServices } from '../../../../test/api_integration/services'; - +import { services as kibanaCommonServices } from '../../../../test/common/services'; +import { InfraLogViewsServiceProvider } from './infra_log_views'; import { SpacesServiceProvider } from './spaces'; import { BSecureSearchProvider } from './bsearch_secure'; export const services = { ...kibanaCommonServices, + infraLogViews: InfraLogViewsServiceProvider, supertest: kibanaApiIntegrationServices.supertest, - spaces: SpacesServiceProvider, secureBsearch: BSecureSearchProvider, }; diff --git a/x-pack/test/common/services/infra_log_views.ts b/x-pack/test/common/services/infra_log_views.ts new file mode 100644 index 0000000000000..df7eb96ebc793 --- /dev/null +++ b/x-pack/test/common/services/infra_log_views.ts @@ -0,0 +1,58 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { + getLogViewResponsePayloadRT, + getLogViewUrl, + PutLogViewRequestPayload, + putLogViewRequestPayloadRT, + putLogViewResponsePayloadRT, +} from '../../../plugins/infra/common/http_api/log_views'; +import { decodeOrThrow } from '../../../plugins/infra/common/runtime_types'; +import { FtrProviderContext } from '../ftr_provider_context'; + +export function InfraLogViewsServiceProvider({ getService }: FtrProviderContext) { + const supertest = getService('supertest'); + const log = getService('log'); + + const createGetLogViewAgent = (logViewId: string) => + supertest + .get(getLogViewUrl(logViewId)) + .set({ + 'kbn-xsrf': 'some-xsrf-token', + }) + .send(); + + const getLogView = async (logViewId: string) => { + log.debug(`Fetching log view "${logViewId}"...`); + + const response = await createGetLogViewAgent(logViewId); + + return decodeOrThrow(getLogViewResponsePayloadRT)(response.body); + }; + + const createPutLogViewAgent = (logViewId: string, payload: PutLogViewRequestPayload) => + supertest + .put(getLogViewUrl(logViewId)) + .set({ + 'kbn-xsrf': 'some-xsrf-token', + }) + .send(putLogViewRequestPayloadRT.encode(payload)); + + const putLogView = async (logViewId: string, payload: PutLogViewRequestPayload) => { + log.debug(`Storing log view "${logViewId}"...`); + + const response = await createPutLogViewAgent(logViewId, payload); + + return decodeOrThrow(putLogViewResponsePayloadRT)(response.body); + }; + + return { + getLogView, + putLogView, + }; +} diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/telemetry/index.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/telemetry/index.ts index ce1966c3175a9..8936115ac6e59 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/telemetry/index.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/telemetry/index.ts @@ -14,6 +14,7 @@ export default ({ loadTestFile }: FtrProviderContext): void => { this.tags('ciGroup11'); loadTestFile(require.resolve('./usage_collector/all_types')); loadTestFile(require.resolve('./usage_collector/detection_rules')); + loadTestFile(require.resolve('./usage_collector/detection_rule_status')); loadTestFile(require.resolve('./task_based/all_types')); loadTestFile(require.resolve('./task_based/detection_rules')); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/telemetry/usage_collector/detection_rule_status.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/telemetry/usage_collector/detection_rule_status.ts new file mode 100644 index 0000000000000..9092cacdad050 --- /dev/null +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/telemetry/usage_collector/detection_rule_status.ts @@ -0,0 +1,810 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import expect from '@kbn/expect'; +import type { MlJobUsageMetric } from '../../../../../../plugins/security_solution/server/usage/detections/ml_jobs/types'; +import type { RulesTypeUsage } from '../../../../../../plugins/security_solution/server/usage/detections/rules/types'; +import type { DetectionMetrics } from '../../../../../../plugins/security_solution/server/usage/detections/types'; +import type { + ThreatMatchCreateSchema, + ThresholdCreateSchema, +} from '../../../../../../plugins/security_solution/common/detection_engine/schemas/request'; +import type { FtrProviderContext } from '../../../../common/ftr_provider_context'; +import { getInitialMlJobUsage } from '../../../../../../plugins/security_solution/server/usage/detections/ml_jobs/get_initial_usage'; +import { + createRule, + createSignalsIndex, + deleteAllAlerts, + deleteSignalsIndex, + getEqlRuleForSignalTesting, + getRuleForSignalTesting, + getSimpleThreatMatch, + getStats, + getThresholdRuleForSignalTesting, + waitForRuleSuccessOrStatus, + waitForSignalsToBePresent, + deleteAllEventLogExecutionEvents, +} from '../../../../utils'; +import { getInitialDetectionMetrics } from '../../../../../../plugins/security_solution/server/usage/detections/get_initial_usage'; +import { + getInitialMaxAvgMin, + getInitialSingleEventLogUsage, + getInitialSingleEventMetric, +} from '../../../../../../plugins/security_solution/server/usage/detections/rules/get_initial_usage'; + +// eslint-disable-next-line import/no-default-export +export default ({ getService }: FtrProviderContext) => { + const supertest = getService('supertest'); + const esArchiver = getService('esArchiver'); + const log = getService('log'); + const retry = getService('retry'); + const es = getService('es'); + + // Note: We don't actually find signals well with ML tests at the moment so there are not tests for ML rule type for telemetry + describe('Detection rule status telemetry', async () => { + before(async () => { + // Just in case other tests do not clean up the event logs, let us clear them now and here only once. + await deleteAllEventLogExecutionEvents(es, log); + await esArchiver.load('x-pack/test/functional/es_archives/security_solution/telemetry'); + }); + + after(async () => { + await esArchiver.unload('x-pack/test/functional/es_archives/security_solution/telemetry'); + }); + + beforeEach(async () => { + await createSignalsIndex(supertest, log); + }); + + afterEach(async () => { + await deleteSignalsIndex(supertest, log); + await deleteAllAlerts(supertest, log); + await deleteAllEventLogExecutionEvents(es, log); + }); + + describe('"kql" rule type', () => { + let stats: DetectionMetrics | undefined; + before(async () => { + const rule = getRuleForSignalTesting(['telemetry']); + const { id } = await createRule(supertest, log, rule); + await waitForRuleSuccessOrStatus(supertest, log, id); + await waitForSignalsToBePresent(supertest, log, 4, [id]); + // get the stats for all the tests where we at least have the expected "query" to reduce chances of flake by checking that at least one custom rule passed + await retry.try(async () => { + stats = await getStats(supertest, log); + expect(stats.detection_rules.detection_rule_status.custom_rules.total.succeeded).to.eql( + 1 + ); + }); + }); + + it('should have an empty "ml_jobs"', () => { + const expectedMLJobs: MlJobUsageMetric = { + ml_job_usage: getInitialMlJobUsage(), + ml_job_metrics: [], + }; + expect(stats?.ml_jobs).to.eql(expectedMLJobs); + }); + + it('should have an empty "detection_rule_detail"', () => { + expect(stats?.detection_rules.detection_rule_detail).to.eql([]); + }); + + it('should have an active "detection_rule_usage" with non-zero values', () => { + const expectedRuleUsage: RulesTypeUsage = { + ...getInitialDetectionMetrics().detection_rules.detection_rule_usage, + query: { + ...getInitialDetectionMetrics().detection_rules.detection_rule_usage.query, + enabled: 1, + alerts: 4, + notifications_enabled: 0, + notifications_disabled: 0, + legacy_notifications_disabled: 0, + legacy_notifications_enabled: 0, + }, + custom_total: { + ...getInitialDetectionMetrics().detection_rules.detection_rule_usage.custom_total, + enabled: 1, + alerts: 4, + notifications_enabled: 0, + notifications_disabled: 0, + legacy_notifications_disabled: 0, + legacy_notifications_enabled: 0, + }, + }; + expect(stats?.detection_rules.detection_rule_usage).to.eql(expectedRuleUsage); + }); + + it('should have zero values for "detection_rule_status.all_rules" rules that are not query based', () => { + expect(stats?.detection_rules.detection_rule_status.all_rules.eql).to.eql( + getInitialSingleEventMetric() + ); + expect(stats?.detection_rules.detection_rule_status.all_rules.machine_learning).to.eql( + getInitialSingleEventMetric() + ); + expect(stats?.detection_rules.detection_rule_status.all_rules.saved_query).to.eql( + getInitialSingleEventMetric() + ); + expect(stats?.detection_rules.detection_rule_status.all_rules.threat_match).to.eql( + getInitialSingleEventMetric() + ); + expect(stats?.detection_rules.detection_rule_status.all_rules.threshold).to.eql( + getInitialSingleEventMetric() + ); + }); + + it('should have zero values for "detection_rule_status.custom_rules" rules that are not query based', () => { + expect(stats?.detection_rules.detection_rule_status.custom_rules.eql).to.eql( + getInitialSingleEventMetric() + ); + expect(stats?.detection_rules.detection_rule_status.custom_rules.machine_learning).to.eql( + getInitialSingleEventMetric() + ); + expect(stats?.detection_rules.detection_rule_status.custom_rules.saved_query).to.eql( + getInitialSingleEventMetric() + ); + expect(stats?.detection_rules.detection_rule_status.custom_rules.threat_match).to.eql( + getInitialSingleEventMetric() + ); + expect(stats?.detection_rules.detection_rule_status.custom_rules.threshold).to.eql( + getInitialSingleEventMetric() + ); + }); + + it('should have zero values for failures of the query based rule', () => { + expect(stats?.detection_rules.detection_rule_status.custom_rules.query.failures).to.eql(0); + expect(stats?.detection_rules.detection_rule_status.custom_rules.query.top_failures).to.eql( + [] + ); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.query.partial_failures + ).to.eql([]); + }); + + it('should have zero values for gaps', () => { + expect(stats?.detection_rules.detection_rule_status.custom_rules.query.gap_duration).to.eql( + getInitialMaxAvgMin() + ); + }); + + it('should have non zero values for "index_duration"', () => { + expect( + stats?.detection_rules.detection_rule_status.custom_rules.query.index_duration.max + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.query.index_duration.avg + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.query.index_duration.min + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.query.search_duration.max + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.query.search_duration.avg + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.query.search_duration.min + ).to.be.above(1); + }); + + it('should have non zero values for "search_duration"', () => { + expect( + stats?.detection_rules.detection_rule_status.custom_rules.query.search_duration.max + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.query.search_duration.avg + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.query.search_duration.min + ).to.be.above(1); + }); + + it('should have non zero values for "succeeded"', () => { + expect(stats?.detection_rules.detection_rule_status.custom_rules.query.succeeded).to.eql(1); + }); + + it('should have non zero values for "succeeded", "index_duration", and "search_duration"', () => { + expect( + stats?.detection_rules.detection_rule_status.custom_rules.query.index_duration.max + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.query.index_duration.avg + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.query.index_duration.min + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.query.search_duration.max + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.query.search_duration.avg + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.query.search_duration.min + ).to.be.above(1); + }); + + it('should have a total value for "detection_rule_status.custom_rules" rule ', () => { + expect(stats?.detection_rules.detection_rule_status.custom_rules.total).to.eql({ + failures: 0, + partial_failures: 0, + succeeded: 1, + }); + }); + + it('should have zero values for "detection_rule_status.elastic_rules"', async () => { + expect(stats?.detection_rules.detection_rule_status.elastic_rules).to.eql( + getInitialSingleEventLogUsage() + ); + }); + }); + + describe('"eql" rule type', () => { + let stats: DetectionMetrics | undefined; + before(async () => { + const rule = getEqlRuleForSignalTesting(['telemetry']); + const { id } = await createRule(supertest, log, rule); + await waitForRuleSuccessOrStatus(supertest, log, id); + await waitForSignalsToBePresent(supertest, log, 4, [id]); + // get the stats for all the tests where we at least have the expected "query" to reduce chances of flake by checking that at least one custom rule passed + await retry.try(async () => { + stats = await getStats(supertest, log); + expect(stats.detection_rules.detection_rule_status.custom_rules.total.succeeded).to.eql( + 1 + ); + }); + }); + + it('should have an empty "ml_jobs"', () => { + const expectedMLJobs: MlJobUsageMetric = { + ml_job_usage: getInitialMlJobUsage(), + ml_job_metrics: [], + }; + expect(stats?.ml_jobs).to.eql(expectedMLJobs); + }); + + it('should have an empty "detection_rule_detail"', () => { + expect(stats?.detection_rules.detection_rule_detail).to.eql([]); + }); + + it('should have an active "detection_rule_usage" with non-zero values', () => { + const expectedRuleUsage: RulesTypeUsage = { + ...getInitialDetectionMetrics().detection_rules.detection_rule_usage, + eql: { + ...getInitialDetectionMetrics().detection_rules.detection_rule_usage.eql, + enabled: 1, + alerts: 4, + notifications_enabled: 0, + notifications_disabled: 0, + legacy_notifications_disabled: 0, + legacy_notifications_enabled: 0, + }, + custom_total: { + ...getInitialDetectionMetrics().detection_rules.detection_rule_usage.custom_total, + enabled: 1, + alerts: 4, + notifications_enabled: 0, + notifications_disabled: 0, + legacy_notifications_disabled: 0, + legacy_notifications_enabled: 0, + }, + }; + expect(stats?.detection_rules.detection_rule_usage).to.eql(expectedRuleUsage); + }); + + it('should have zero values for "detection_rule_status.all_rules" rules that are not eql based', () => { + expect(stats?.detection_rules.detection_rule_status.all_rules.query).to.eql( + getInitialSingleEventMetric() + ); + expect(stats?.detection_rules.detection_rule_status.all_rules.machine_learning).to.eql( + getInitialSingleEventMetric() + ); + expect(stats?.detection_rules.detection_rule_status.all_rules.saved_query).to.eql( + getInitialSingleEventMetric() + ); + expect(stats?.detection_rules.detection_rule_status.all_rules.threat_match).to.eql( + getInitialSingleEventMetric() + ); + expect(stats?.detection_rules.detection_rule_status.all_rules.threshold).to.eql( + getInitialSingleEventMetric() + ); + }); + + it('should have zero values for "detection_rule_status.custom_rules" rules that are not eql based', () => { + expect(stats?.detection_rules.detection_rule_status.custom_rules.query).to.eql( + getInitialSingleEventMetric() + ); + expect(stats?.detection_rules.detection_rule_status.custom_rules.machine_learning).to.eql( + getInitialSingleEventMetric() + ); + expect(stats?.detection_rules.detection_rule_status.custom_rules.saved_query).to.eql( + getInitialSingleEventMetric() + ); + expect(stats?.detection_rules.detection_rule_status.custom_rules.threat_match).to.eql( + getInitialSingleEventMetric() + ); + expect(stats?.detection_rules.detection_rule_status.custom_rules.threshold).to.eql( + getInitialSingleEventMetric() + ); + }); + + it('should have zero values for failures of the eql based rule', () => { + expect(stats?.detection_rules.detection_rule_status.custom_rules.eql.failures).to.eql(0); + expect(stats?.detection_rules.detection_rule_status.custom_rules.eql.top_failures).to.eql( + [] + ); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.eql.partial_failures + ).to.eql([]); + }); + + it('should have zero values for gaps', () => { + expect(stats?.detection_rules.detection_rule_status.custom_rules.eql.gap_duration).to.eql( + getInitialMaxAvgMin() + ); + }); + + it('should have non zero values for "index_duration"', () => { + expect( + stats?.detection_rules.detection_rule_status.custom_rules.eql.index_duration.max + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.eql.index_duration.avg + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.eql.index_duration.min + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.eql.search_duration.max + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.eql.search_duration.avg + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.eql.search_duration.min + ).to.be.above(1); + }); + + it('should have non zero values for "search_duration"', () => { + expect( + stats?.detection_rules.detection_rule_status.custom_rules.eql.search_duration.max + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.eql.search_duration.avg + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.eql.search_duration.min + ).to.be.above(1); + }); + + it('should have non zero values for "succeeded"', () => { + expect(stats?.detection_rules.detection_rule_status.custom_rules.eql.succeeded).to.eql(1); + }); + + it('should have non zero values for "succeeded", "index_duration", and "search_duration"', () => { + expect( + stats?.detection_rules.detection_rule_status.custom_rules.eql.index_duration.max + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.eql.index_duration.avg + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.eql.index_duration.min + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.eql.search_duration.max + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.eql.search_duration.avg + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.eql.search_duration.min + ).to.be.above(1); + }); + + it('should have a total value for "detection_rule_status.custom_rules" rule ', () => { + expect(stats?.detection_rules.detection_rule_status.custom_rules.total).to.eql({ + failures: 0, + partial_failures: 0, + succeeded: 1, + }); + }); + + it('should have zero values for "detection_rule_status.elastic_rules"', async () => { + expect(stats?.detection_rules.detection_rule_status.elastic_rules).to.eql( + getInitialSingleEventLogUsage() + ); + }); + }); + + describe('"threshold" rule type', () => { + let stats: DetectionMetrics | undefined; + before(async () => { + const rule: ThresholdCreateSchema = { + ...getThresholdRuleForSignalTesting(['telemetry']), + threshold: { + field: 'keyword', + value: 1, + }, + }; + const { id } = await createRule(supertest, log, rule); + await waitForRuleSuccessOrStatus(supertest, log, id); + await waitForSignalsToBePresent(supertest, log, 4, [id]); + // get the stats for all the tests where we at least have the expected "query" to reduce chances of flake by checking that at least one custom rule passed + await retry.try(async () => { + stats = await getStats(supertest, log); + expect(stats.detection_rules.detection_rule_status.custom_rules.total.succeeded).to.eql( + 1 + ); + }); + }); + + it('should have an empty "ml_jobs"', () => { + const expectedMLJobs: MlJobUsageMetric = { + ml_job_usage: getInitialMlJobUsage(), + ml_job_metrics: [], + }; + expect(stats?.ml_jobs).to.eql(expectedMLJobs); + }); + + it('should have an empty "detection_rule_detail"', () => { + expect(stats?.detection_rules.detection_rule_detail).to.eql([]); + }); + + it('should have an active "detection_rule_usage" with non-zero values', () => { + const expectedRuleUsage: RulesTypeUsage = { + ...getInitialDetectionMetrics().detection_rules.detection_rule_usage, + threshold: { + ...getInitialDetectionMetrics().detection_rules.detection_rule_usage.threshold, + enabled: 1, + alerts: 4, + notifications_enabled: 0, + notifications_disabled: 0, + legacy_notifications_disabled: 0, + legacy_notifications_enabled: 0, + }, + custom_total: { + ...getInitialDetectionMetrics().detection_rules.detection_rule_usage.custom_total, + enabled: 1, + alerts: 4, + notifications_enabled: 0, + notifications_disabled: 0, + legacy_notifications_disabled: 0, + legacy_notifications_enabled: 0, + }, + }; + expect(stats?.detection_rules.detection_rule_usage).to.eql(expectedRuleUsage); + }); + + it('should have zero values for "detection_rule_status.all_rules" rules that are not threshold based', () => { + expect(stats?.detection_rules.detection_rule_status.all_rules.query).to.eql( + getInitialSingleEventMetric() + ); + expect(stats?.detection_rules.detection_rule_status.all_rules.machine_learning).to.eql( + getInitialSingleEventMetric() + ); + expect(stats?.detection_rules.detection_rule_status.all_rules.saved_query).to.eql( + getInitialSingleEventMetric() + ); + expect(stats?.detection_rules.detection_rule_status.all_rules.threat_match).to.eql( + getInitialSingleEventMetric() + ); + expect(stats?.detection_rules.detection_rule_status.all_rules.eql).to.eql( + getInitialSingleEventMetric() + ); + }); + + it('should have zero values for "detection_rule_status.custom_rules" rules that are not threshold based', () => { + expect(stats?.detection_rules.detection_rule_status.custom_rules.query).to.eql( + getInitialSingleEventMetric() + ); + expect(stats?.detection_rules.detection_rule_status.custom_rules.machine_learning).to.eql( + getInitialSingleEventMetric() + ); + expect(stats?.detection_rules.detection_rule_status.custom_rules.saved_query).to.eql( + getInitialSingleEventMetric() + ); + expect(stats?.detection_rules.detection_rule_status.custom_rules.threat_match).to.eql( + getInitialSingleEventMetric() + ); + expect(stats?.detection_rules.detection_rule_status.custom_rules.eql).to.eql( + getInitialSingleEventMetric() + ); + }); + + it('should have zero values for failures of the threshold based rule', () => { + expect(stats?.detection_rules.detection_rule_status.custom_rules.threshold.failures).to.eql( + 0 + ); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.threshold.top_failures + ).to.eql([]); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.threshold.partial_failures + ).to.eql([]); + }); + + it('should have zero values for gaps', () => { + expect( + stats?.detection_rules.detection_rule_status.custom_rules.threshold.gap_duration + ).to.eql(getInitialMaxAvgMin()); + }); + + it('should have non zero values for "index_duration"', () => { + expect( + stats?.detection_rules.detection_rule_status.custom_rules.threshold.index_duration.max + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.threshold.index_duration.avg + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.threshold.index_duration.min + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.threshold.search_duration.max + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.threshold.search_duration.avg + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.threshold.search_duration.min + ).to.be.above(1); + }); + + it('should have non zero values for "search_duration"', () => { + expect( + stats?.detection_rules.detection_rule_status.custom_rules.threshold.search_duration.max + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.threshold.search_duration.avg + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.threshold.search_duration.min + ).to.be.above(1); + }); + + it('should have non zero values for "succeeded"', () => { + expect( + stats?.detection_rules.detection_rule_status.custom_rules.threshold.succeeded + ).to.eql(1); + }); + + it('should have non zero values for "succeeded", "index_duration", and "search_duration"', () => { + expect( + stats?.detection_rules.detection_rule_status.custom_rules.threshold.index_duration.max + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.threshold.index_duration.avg + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.threshold.index_duration.min + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.threshold.search_duration.max + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.threshold.search_duration.avg + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.threshold.search_duration.min + ).to.be.above(1); + }); + + it('should have a total value for "detection_rule_status.custom_rules" rule ', () => { + expect(stats?.detection_rules.detection_rule_status.custom_rules.total).to.eql({ + failures: 0, + partial_failures: 0, + succeeded: 1, + }); + }); + + it('should have zero values for "detection_rule_status.elastic_rules"', async () => { + expect(stats?.detection_rules.detection_rule_status.elastic_rules).to.eql( + getInitialSingleEventLogUsage() + ); + }); + }); + + describe('"indicator_match/threat_match" rule type', () => { + let stats: DetectionMetrics | undefined; + before(async () => { + const rule: ThreatMatchCreateSchema = { + ...getSimpleThreatMatch('rule-1', true), + index: ['telemetry'], + threat_index: ['telemetry'], + threat_mapping: [ + { + entries: [ + { + field: 'keyword', + value: 'keyword', + type: 'mapping', + }, + ], + }, + ], + }; + const { id } = await createRule(supertest, log, rule); + await waitForRuleSuccessOrStatus(supertest, log, id); + await waitForSignalsToBePresent(supertest, log, 4, [id]); + // get the stats for all the tests where we at least have the expected "query" to reduce chances of flake by checking that at least one custom rule passed + await retry.try(async () => { + stats = await getStats(supertest, log); + expect(stats.detection_rules.detection_rule_status.custom_rules.total.succeeded).to.eql( + 1 + ); + }); + }); + + it('should have an empty "ml_jobs"', () => { + const expectedMLJobs: MlJobUsageMetric = { + ml_job_usage: getInitialMlJobUsage(), + ml_job_metrics: [], + }; + expect(stats?.ml_jobs).to.eql(expectedMLJobs); + }); + + it('should have an empty "detection_rule_detail"', () => { + expect(stats?.detection_rules.detection_rule_detail).to.eql([]); + }); + + it('should have an active "detection_rule_usage" with non-zero values', () => { + const expectedRuleUsage: RulesTypeUsage = { + ...getInitialDetectionMetrics().detection_rules.detection_rule_usage, + threat_match: { + ...getInitialDetectionMetrics().detection_rules.detection_rule_usage.threat_match, + enabled: 1, + alerts: 4, + notifications_enabled: 0, + notifications_disabled: 0, + legacy_notifications_disabled: 0, + legacy_notifications_enabled: 0, + }, + custom_total: { + ...getInitialDetectionMetrics().detection_rules.detection_rule_usage.custom_total, + enabled: 1, + alerts: 4, + notifications_enabled: 0, + notifications_disabled: 0, + legacy_notifications_disabled: 0, + legacy_notifications_enabled: 0, + }, + }; + expect(stats?.detection_rules.detection_rule_usage).to.eql(expectedRuleUsage); + }); + + it('should have zero values for "detection_rule_status.all_rules" rules that are not threat_match based', () => { + expect(stats?.detection_rules.detection_rule_status.all_rules.query).to.eql( + getInitialSingleEventMetric() + ); + expect(stats?.detection_rules.detection_rule_status.all_rules.machine_learning).to.eql( + getInitialSingleEventMetric() + ); + expect(stats?.detection_rules.detection_rule_status.all_rules.saved_query).to.eql( + getInitialSingleEventMetric() + ); + expect(stats?.detection_rules.detection_rule_status.all_rules.threshold).to.eql( + getInitialSingleEventMetric() + ); + expect(stats?.detection_rules.detection_rule_status.all_rules.eql).to.eql( + getInitialSingleEventMetric() + ); + }); + + it('should have zero values for "detection_rule_status.custom_rules" rules that are not threat_match based', () => { + expect(stats?.detection_rules.detection_rule_status.custom_rules.query).to.eql( + getInitialSingleEventMetric() + ); + expect(stats?.detection_rules.detection_rule_status.custom_rules.machine_learning).to.eql( + getInitialSingleEventMetric() + ); + expect(stats?.detection_rules.detection_rule_status.custom_rules.saved_query).to.eql( + getInitialSingleEventMetric() + ); + expect(stats?.detection_rules.detection_rule_status.custom_rules.threshold).to.eql( + getInitialSingleEventMetric() + ); + expect(stats?.detection_rules.detection_rule_status.custom_rules.eql).to.eql( + getInitialSingleEventMetric() + ); + }); + + it('should have zero values for failures of the threat_match based rule', () => { + expect( + stats?.detection_rules.detection_rule_status.custom_rules.threat_match.failures + ).to.eql(0); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.threat_match.top_failures + ).to.eql([]); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.threat_match.partial_failures + ).to.eql([]); + }); + + it('should have zero values for gaps', () => { + expect( + stats?.detection_rules.detection_rule_status.custom_rules.threat_match.gap_duration + ).to.eql(getInitialMaxAvgMin()); + }); + + it('should have non zero values for "index_duration"', () => { + expect( + stats?.detection_rules.detection_rule_status.custom_rules.threat_match.index_duration.max + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.threat_match.index_duration.avg + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.threat_match.index_duration.min + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.threat_match.search_duration.max + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.threat_match.search_duration.avg + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.threat_match.search_duration.min + ).to.be.above(1); + }); + + it('should have non zero values for "search_duration"', () => { + expect( + stats?.detection_rules.detection_rule_status.custom_rules.threat_match.search_duration.max + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.threat_match.search_duration.avg + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.threat_match.search_duration.min + ).to.be.above(1); + }); + + it('should have non zero values for "succeeded"', () => { + expect( + stats?.detection_rules.detection_rule_status.custom_rules.threat_match.succeeded + ).to.eql(1); + }); + + it('should have non zero values for "succeeded", "index_duration", and "search_duration"', () => { + expect( + stats?.detection_rules.detection_rule_status.custom_rules.threat_match.index_duration.max + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.threat_match.index_duration.avg + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.threat_match.index_duration.min + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.threat_match.search_duration.max + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.threat_match.search_duration.avg + ).to.be.above(1); + expect( + stats?.detection_rules.detection_rule_status.custom_rules.threat_match.search_duration.min + ).to.be.above(1); + }); + + it('should have a total value for "detection_rule_status.custom_rules" rule ', () => { + expect(stats?.detection_rules.detection_rule_status.custom_rules.total).to.eql({ + failures: 0, + partial_failures: 0, + succeeded: 1, + }); + }); + + it('should have zero values for "detection_rule_status.elastic_rules"', async () => { + expect(stats?.detection_rules.detection_rule_status.elastic_rules).to.eql( + getInitialSingleEventLogUsage() + ); + }); + }); + }); +}; diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/telemetry/usage_collector/detection_rules.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/telemetry/usage_collector/detection_rules.ts index 41415e8bafc1e..d565960cb2442 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/telemetry/usage_collector/detection_rules.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/telemetry/usage_collector/detection_rules.ts @@ -32,6 +32,7 @@ import { waitForRuleSuccessOrStatus, waitForSignalsToBePresent, updateRule, + deleteAllEventLogExecutionEvents, } from '../../../../utils'; import { getInitialDetectionMetrics } from '../../../../../../plugins/security_solution/server/usage/detections/get_initial_usage'; import { getInitialEventLogUsage } from '../../../../../../plugins/security_solution/server/usage/detections/rules/get_initial_usage'; @@ -42,9 +43,12 @@ export default ({ getService }: FtrProviderContext) => { const esArchiver = getService('esArchiver'); const log = getService('log'); const retry = getService('retry'); + const es = getService('es'); describe('Detection rule telemetry', async () => { before(async () => { + // Just in case other tests do not clean up the event logs, let us clear them now and here only once. + await deleteAllEventLogExecutionEvents(es, log); await esArchiver.load('x-pack/test/functional/es_archives/security_solution/telemetry'); }); @@ -59,6 +63,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); await deleteAllAlerts(supertest, log); + await deleteAllEventLogExecutionEvents(es, log); }); describe('"kql" rule type', () => { @@ -67,10 +72,6 @@ export default ({ getService }: FtrProviderContext) => { await createRule(supertest, log, rule); await retry.try(async () => { const stats = await getStats(supertest, log); - - // remove "detection_rule_status" from the test by resetting it to initial - stats.detection_rules.detection_rule_status = getInitialEventLogUsage(); - const expected: DetectionMetrics = { ...getInitialDetectionMetrics(), detection_rules: { @@ -108,7 +109,7 @@ export default ({ getService }: FtrProviderContext) => { await retry.try(async () => { const stats = await getStats(supertest, log); - // remove "detection_rule_status" from the test by resetting it to initial + // remove "detection_rule_status" from the test by resetting it to initial (see detection_rule_status.ts for more in-depth testing of this structure) stats.detection_rules.detection_rule_status = getInitialEventLogUsage(); const expected: DetectionMetrics = { @@ -151,7 +152,7 @@ export default ({ getService }: FtrProviderContext) => { await retry.try(async () => { const stats = await getStats(supertest, log); - // remove "detection_rule_status" from the test by resetting it to initial + // remove "detection_rule_status" from the test by resetting it to initial (see detection_rule_status.ts for more in-depth testing of this structure) stats.detection_rules.detection_rule_status = getInitialEventLogUsage(); const expected: DetectionMetrics = { @@ -224,10 +225,6 @@ export default ({ getService }: FtrProviderContext) => { await retry.try(async () => { const stats = await getStats(supertest, log); - - // remove "detection_rule_status" from the test by resetting it to initial - stats.detection_rules.detection_rule_status = getInitialEventLogUsage(); - const expected: DetectionMetrics = { ...getInitialDetectionMetrics(), detection_rules: { @@ -262,7 +259,7 @@ export default ({ getService }: FtrProviderContext) => { await retry.try(async () => { const stats = await getStats(supertest, log); - // remove "detection_rule_status" from the test by resetting it to initial + // remove "detection_rule_status" from the test by resetting it to initial (see detection_rule_status.ts for more in-depth testing of this structure) stats.detection_rules.detection_rule_status = getInitialEventLogUsage(); const expected: DetectionMetrics = { @@ -297,10 +294,6 @@ export default ({ getService }: FtrProviderContext) => { await createRule(supertest, log, rule); await retry.try(async () => { const stats = await getStats(supertest, log); - - // remove "detection_rule_status" from the test by resetting it to initial - stats.detection_rules.detection_rule_status = getInitialEventLogUsage(); - const expected: DetectionMetrics = { ...getInitialDetectionMetrics(), detection_rules: { @@ -338,7 +331,7 @@ export default ({ getService }: FtrProviderContext) => { await retry.try(async () => { const stats = await getStats(supertest, log); - // remove "detection_rule_status" from the test by resetting it to initial + // remove "detection_rule_status" from the test by resetting it to initial (see detection_rule_status.ts for more in-depth testing of this structure) stats.detection_rules.detection_rule_status = getInitialEventLogUsage(); const expected: DetectionMetrics = { @@ -381,7 +374,7 @@ export default ({ getService }: FtrProviderContext) => { await retry.try(async () => { const stats = await getStats(supertest, log); - // remove "detection_rule_status" from the test by resetting it to initial + // remove "detection_rule_status" from the test by resetting it to initial (see detection_rule_status.ts for more in-depth testing of this structure) stats.detection_rules.detection_rule_status = getInitialEventLogUsage(); const expected: DetectionMetrics = { @@ -418,7 +411,7 @@ export default ({ getService }: FtrProviderContext) => { await retry.try(async () => { const stats = await getStats(supertest, log); - // remove "detection_rule_status" from the test by resetting it to initial + // remove "detection_rule_status" from the test by resetting it to initial (see detection_rule_status.ts for more in-depth testing of this structure) stats.detection_rules.detection_rule_status = getInitialEventLogUsage(); const expected: DetectionMetrics = { @@ -454,10 +447,6 @@ export default ({ getService }: FtrProviderContext) => { await retry.try(async () => { const stats = await getStats(supertest, log); - - // remove "detection_rule_status" from the test by resetting it to initial - stats.detection_rules.detection_rule_status = getInitialEventLogUsage(); - const expected: DetectionMetrics = { ...getInitialDetectionMetrics(), detection_rules: { @@ -492,7 +481,7 @@ export default ({ getService }: FtrProviderContext) => { await retry.try(async () => { const stats = await getStats(supertest, log); - // remove "detection_rule_status" from the test by resetting it to initial + // remove "detection_rule_status" from the test by resetting it to initial (see detection_rule_status.ts for more in-depth testing of this structure) stats.detection_rules.detection_rule_status = getInitialEventLogUsage(); const expected: DetectionMetrics = { @@ -533,10 +522,6 @@ export default ({ getService }: FtrProviderContext) => { await createRule(supertest, log, rule); await retry.try(async () => { const stats = await getStats(supertest, log); - - // remove "detection_rule_status" from the test by resetting it to initial - stats.detection_rules.detection_rule_status = getInitialEventLogUsage(); - const expected: DetectionMetrics = { ...getInitialDetectionMetrics(), detection_rules: { @@ -794,10 +779,6 @@ export default ({ getService }: FtrProviderContext) => { await createRule(supertest, log, rule); await retry.try(async () => { const stats = await getStats(supertest, log); - - // remove "detection_rule_status" from the test by resetting it to initial - stats.detection_rules.detection_rule_status = getInitialEventLogUsage(); - const expected: DetectionMetrics = { ...getInitialDetectionMetrics(), detection_rules: { @@ -1018,10 +999,6 @@ export default ({ getService }: FtrProviderContext) => { await createRule(supertest, log, rule); await retry.try(async () => { const stats = await getStats(supertest, log); - - // remove "detection_rule_status" from the test by resetting it to initial - stats.detection_rules.detection_rule_status = getInitialEventLogUsage(); - const expected: DetectionMetrics = { ...getInitialDetectionMetrics(), detection_rules: { @@ -1292,10 +1269,6 @@ export default ({ getService }: FtrProviderContext) => { await installPrePackagedRules(supertest, log); await retry.try(async () => { const stats = await getStats(supertest, log); - - // remove "detection_rule_status" from the test by resetting it to initial - stats.detection_rules.detection_rule_status = getInitialEventLogUsage(); - expect(stats.detection_rules.detection_rule_usage.elastic_total.enabled).above(0); expect(stats.detection_rules.detection_rule_usage.elastic_total.disabled).above(0); expect(stats.detection_rules.detection_rule_usage.elastic_total.enabled).above(0); @@ -1329,10 +1302,6 @@ export default ({ getService }: FtrProviderContext) => { await installPrePackagedRules(supertest, log); await retry.try(async () => { const stats = await getStats(supertest, log); - - // remove "detection_rule_status" from the test by resetting it to initial - stats.detection_rules.detection_rule_status = getInitialEventLogUsage(); - // Rule id of "9a1a2dae-0b5f-4c3d-8305-a268d404c306" is from the file: // x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security.json // We have to search by "rule_name" since the "rule_id" it is storing is the Saved Object ID and not the rule_id @@ -1374,10 +1343,6 @@ export default ({ getService }: FtrProviderContext) => { await retry.try(async () => { const stats = await getStats(supertest, log); - - // remove "detection_rule_status" from the test by resetting it to initial - stats.detection_rules.detection_rule_status = getInitialEventLogUsage(); - // We have to search by "rule_name" since the "rule_id" it is storing is the Saved Object ID and not the rule_id const foundRule = stats.detection_rules.detection_rule_detail.find( (rule) => rule.rule_id === '9a1a2dae-0b5f-4c3d-8305-a268d404c306' @@ -1432,10 +1397,6 @@ export default ({ getService }: FtrProviderContext) => { await retry.try(async () => { const stats = await getStats(supertest, log); - - // remove "detection_rule_status" from the test by resetting it to initial - stats.detection_rules.detection_rule_status = getInitialEventLogUsage(); - // We have to search by "rule_name" since the "rule_id" it is storing is the Saved Object ID and not the rule_id const foundRule = stats.detection_rules.detection_rule_detail.find( (rule) => rule.rule_id === '9a1a2dae-0b5f-4c3d-8305-a268d404c306' @@ -1490,10 +1451,6 @@ export default ({ getService }: FtrProviderContext) => { await retry.try(async () => { const stats = await getStats(supertest, log); - - // remove "detection_rule_status" from the test by resetting it to initial - stats.detection_rules.detection_rule_status = getInitialEventLogUsage(); - // We have to search by "rule_name" since the "rule_id" it is storing is the Saved Object ID and not the rule_id const foundRule = stats.detection_rules.detection_rule_detail.find( (rule) => rule.rule_id === '9a1a2dae-0b5f-4c3d-8305-a268d404c306' @@ -1548,10 +1505,6 @@ export default ({ getService }: FtrProviderContext) => { await retry.try(async () => { const stats = await getStats(supertest, log); - - // remove "detection_rule_status" from the test by resetting it to initial - stats.detection_rules.detection_rule_status = getInitialEventLogUsage(); - // We have to search by "rule_name" since the "rule_id" it is storing is the Saved Object ID and not the rule_id const foundRule = stats.detection_rules.detection_rule_detail.find( (rule) => rule.rule_id === '9a1a2dae-0b5f-4c3d-8305-a268d404c306' diff --git a/x-pack/test/functional/es_archives/reporting/errors/data.json b/x-pack/test/functional/es_archives/reporting/errors/data.json new file mode 100644 index 0000000000000..5e8bc8241554b --- /dev/null +++ b/x-pack/test/functional/es_archives/reporting/errors/data.json @@ -0,0 +1,202 @@ +{ + "type": "doc", + "value": { + "id": "l0voxhg902ed8f5fe5bskgyf", + "index": ".reporting-2022-03-13", + "source": { + "attempts": 1, + "completed_at": "2022-03-18T00:36:45.897Z", + "created_at": "2022-03-18T00:36:10.521Z", + "created_by": "elastic", + "jobtype": "printable_pdf_v2", + "kibana_id": "acf18950-a6a6-41cb-9808-b65c6d0aa241", + "kibana_name": "reporting-benchmark", + "max_attempts": 1, + "meta": { + "layout": "print", + "objectType": "dashboard" + }, + "metrics": { + "pdf": { + "cpu": 0, + "cpuInPercentage": 0, + "memory": 123101184, + "memoryInMegabytes": 117.4, + "pages": 8 + } + }, + "migration_version": "7.14.0", + "output": { + "content_type": "application/pdf", + "size": 1610958 + }, + "payload": { + "browserTimezone": "America/Phoenix", + "forceNow": "2022-03-18T00:36:10.520Z", + "layout": { + "dimensions": { + "height": 2052, + "width": 2119.111083984375 + }, + "id": "print" + }, + "locatorParams": [ + { + "id": "DASHBOARD_APP_LOCATOR", + "params": { + "dashboardId": "722b74f0-b882-11e8-a6d9-e546fe2bba5f", + "preserveSavedFilters": true, + "timeRange": { + "from": "2022-01-13T19:00:00.000Z", + "to": "2022-01-20T19:00:00.000Z" + }, + "useHash": false, + "viewMode": "view" + }, + "version": "8.2.0-SNAPSHOT" + } + ], + "objectType": "dashboard", + "spaceId": "reporting-test-fixtures", + "title": "[eCommerce] Revenue Dashboard", + "version": "8.2.0-SNAPSHOT" + }, + "process_expiration": "2022-03-18T00:38:13.528Z", + "started_at": "2022-03-18T00:36:13.528Z", + "status": "completed", + "timeout": 120000 + } + } +} + +{ + "type": "doc", + "value": { + "id": "l0vp0um102ed8f5fe5c6p49v", + "index": ".reporting-2022-03-13", + "source": { + "attempts": 1, + "completed_at": "2022-03-18T00:41:15.816Z", + "created_at": "2022-03-18T00:38:47.545Z", + "created_by": "elastic", + "jobtype": "printable_pdf_v2", + "kibana_id": "acf18950-a6a6-41cb-9808-b65c6d0aa241", + "kibana_name": "reporting-benchmark", + "max_attempts": 1, + "meta": { + "layout": "print", + "objectType": "dashboard" + }, + "migration_version": "7.14.0", + "output": { + "content": "ReportingError(code: unknown_error) \"Max attempts (1) reached for job l0vp0um102ed8f5fe5c6p49v. Failed with: undefined\"", + "content_type": null, + "error_code": "unknown_error", + "warnings": [ + "ReportingError(code: unknown_error) \"Max attempts (1) reached for job l0vp0um102ed8f5fe5c6p49v. Failed with: undefined\"" + ] + }, + "payload": { + "browserTimezone": "America/Phoenix", + "forceNow": "2022-03-18T00:38:47.537Z", + "layout": { + "dimensions": { + "height": 12356, + "width": 2071.111083984375 + }, + "id": "print" + }, + "locatorParams": [ + { + "id": "DASHBOARD_APP_LOCATOR", + "params": { + "dashboardId": "722b74f0-b882-11e8-a6d9-e546fe2bba5f", + "preserveSavedFilters": true, + "timeRange": { + "from": "2022-01-13T19:00:00.000Z", + "to": "2022-01-20T19:00:00.000Z" + }, + "useHash": false, + "viewMode": "view" + }, + "version": "8.2.0-SNAPSHOT" + } + ], + "objectType": "dashboard", + "spaceId": "reporting-test-fixtures", + "title": "[eCommerce] Revenue Dashboard", + "version": "8.2.0-SNAPSHOT" + }, + "process_expiration": "2022-03-18T00:42:47.911Z", + "started_at": "2022-03-18T00:40:47.911Z", + "status": "failed", + "timeout": 120000 + } + } +} + +{ + "type": "doc", + "value": { + "id": "l0vp0rtu02ed8f5fe525941x", + "index": ".reporting-2022-03-13", + "source": { + "attempts": 1, + "completed_at": "2022-03-18T00:41:19.222Z", + "created_at": "2022-03-18T00:38:43.938Z", + "created_by": "elastic", + "jobtype": "printable_pdf_v2", + "kibana_id": "acf18950-a6a6-41cb-9808-b65c6d0aa241", + "kibana_name": "reporting-benchmark", + "max_attempts": 1, + "meta": { + "layout": "preserve_layout", + "objectType": "dashboard" + }, + "migration_version": "7.14.0", + "output": { + "content": "ReportingError(code: queue_timeout_error) \"Max attempts reached (1). Queue timeout reached.\"", + "content_type": null, + "error_code": "queue_timeout_error", + "warnings": [ + "ReportingError(code: queue_timeout_error) \"Max attempts reached (1). Queue timeout reached.\"" + ] + }, + "payload": { + "browserTimezone": "America/Phoenix", + "forceNow": "2022-03-18T00:38:43.928Z", + "layout": { + "dimensions": { + "height": 12356, + "width": 2071.111083984375 + }, + "id": "preserve_layout" + }, + "locatorParams": [ + { + "id": "DASHBOARD_APP_LOCATOR", + "params": { + "dashboardId": "722b74f0-b882-11e8-a6d9-e546fe2bba5f", + "preserveSavedFilters": true, + "timeRange": { + "from": "2022-01-13T19:00:00.000Z", + "to": "2022-01-20T19:00:00.000Z" + }, + "useHash": false, + "viewMode": "view" + }, + "version": "8.2.0-SNAPSHOT" + } + ], + "objectType": "dashboard", + "spaceId": "reporting-test-fixtures", + "title": "[eCommerce] Revenue Dashboard", + "version": "8.2.0-SNAPSHOT" + }, + "process_expiration": null, + "started_at": "2022-03-18T00:38:44.816Z", + "status": "failed", + "timeout": 120000 + } + } +} diff --git a/x-pack/test/functional/es_archives/reporting/errors/mappings.json b/x-pack/test/functional/es_archives/reporting/errors/mappings.json new file mode 100644 index 0000000000000..23912641e12c8 --- /dev/null +++ b/x-pack/test/functional/es_archives/reporting/errors/mappings.json @@ -0,0 +1,172 @@ +{ + "type": "index", + "value": { + "aliases": { + }, + "index": ".reporting-2022-03-13", + "mappings": { + "properties": { + "attempts": { + "type": "short" + }, + "completed_at": { + "type": "date" + }, + "created_at": { + "type": "date" + }, + "created_by": { + "type": "keyword" + }, + "jobtype": { + "type": "keyword" + }, + "kibana_id": { + "type": "keyword" + }, + "kibana_name": { + "type": "keyword" + }, + "max_attempts": { + "type": "short" + }, + "meta": { + "properties": { + "isDeprecated": { + "type": "boolean" + }, + "layout": { + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + }, + "type": "text" + }, + "objectType": { + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + }, + "type": "text" + } + } + }, + "metrics": { + "properties": { + "csv": { + "properties": { + "rows": { + "type": "long" + } + } + }, + "pdf": { + "properties": { + "cpu": { + "type": "double" + }, + "cpuInPercentage": { + "type": "double" + }, + "memory": { + "type": "long" + }, + "memoryInMegabytes": { + "type": "double" + }, + "pages": { + "type": "long" + } + } + }, + "png": { + "properties": { + "cpu": { + "type": "double" + }, + "cpuInPercentage": { + "type": "double" + }, + "memory": { + "type": "long" + }, + "memoryInMegabytes": { + "type": "double" + } + } + } + } + }, + "migration_version": { + "type": "keyword" + }, + "output": { + "properties": { + "chunk": { + "type": "long" + }, + "content": { + "enabled": false, + "type": "object" + }, + "content_type": { + "type": "keyword" + }, + "error_code": { + "type": "keyword" + }, + "size": { + "type": "long" + }, + "warnings": { + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + }, + "type": "text" + } + } + }, + "parent_id": { + "type": "keyword" + }, + "payload": { + "enabled": false, + "type": "object" + }, + "priority": { + "type": "byte" + }, + "process_expiration": { + "type": "date" + }, + "started_at": { + "type": "date" + }, + "status": { + "type": "keyword" + }, + "timeout": { + "type": "long" + } + } + }, + "settings": { + "index": { + "auto_expand_replicas": "0-1", + "hidden": "true", + "lifecycle": { + "name": "kibana-reporting" + }, + "number_of_replicas": "0", + "number_of_shards": "1" + } + } + } +} \ No newline at end of file diff --git a/x-pack/test/functional/fixtures/kbn_archiver/cases/8.2.0/cases_various_dates.json b/x-pack/test/functional/fixtures/kbn_archiver/cases/8.2.0/cases_various_dates.json new file mode 100644 index 0000000000000..ffdfef08735fd --- /dev/null +++ b/x-pack/test/functional/fixtures/kbn_archiver/cases/8.2.0/cases_various_dates.json @@ -0,0 +1,125 @@ +{ + "attributes": { + "closed_at": null, + "closed_by": null, + "connector": { + "fields": null, + "name": "none", + "type": ".none" + }, + "created_at": "2022-03-15T10:16:56.252Z", + "created_by": { + "email": "", + "full_name": "", + "username": "cnasikas" + }, + "description": "test", + "external_service": null, + "owner": "securitySolutionFixture", + "settings": { + "syncAlerts": false + }, + "status": "open", + "tags": [], + "title": "stack", + "updated_at": "2022-03-29T10:33:09.754Z", + "updated_by": { + "email": "", + "full_name": "", + "username": "cnasikas" + } + }, + "coreMigrationVersion": "8.2.0", + "id": "1537b380-a512-11ec-b94f-85999e89e434", + "migrationVersion": { + "cases": "8.1.0" + }, + "references": [], + "type": "cases", + "updated_at": "2022-03-29T10:33:09.754Z", + "version": "WzE2OTYyNCwxNF0=" +} + +{ + "attributes": { + "closed_at": null, + "closed_by": null, + "connector": { + "fields": null, + "name": "none", + "type": ".none" + }, + "created_at": "2022-03-20T10:16:56.252Z", + "created_by": { + "email": "", + "full_name": "", + "username": "cnasikas" + }, + "description": "test 2", + "external_service": null, + "owner": "observabilityFixture", + "settings": { + "syncAlerts": false + }, + "status": "open", + "tags": [], + "title": "stack", + "updated_at": "2022-03-29T10:33:09.754Z", + "updated_by": { + "email": "", + "full_name": "", + "username": "cnasikas" + } + }, + "coreMigrationVersion": "8.2.0", + "id": "3537b580-a512-11ec-b94f-85979e89e434", + "migrationVersion": { + "cases": "8.1.0" + }, + "references": [], + "type": "cases", + "updated_at": "2022-03-29T10:33:09.754Z", + "version": "WzE2OTYyNCwxNF0=" +} + +{ + "attributes": { + "closed_at": null, + "closed_by": null, + "connector": { + "fields": null, + "name": "none", + "type": ".none" + }, + "created_at": "2022-03-25T10:16:56.252Z", + "created_by": { + "email": "", + "full_name": "", + "username": "cnasikas" + }, + "description": "test 2", + "external_service": null, + "owner": "securitySolutionFixture", + "settings": { + "syncAlerts": false + }, + "status": "open", + "tags": [], + "title": "stack", + "updated_at": "2022-03-29T10:33:09.754Z", + "updated_by": { + "email": "", + "full_name": "", + "username": "cnasikas" + } + }, + "coreMigrationVersion": "8.2.0", + "id": "4537b380-a512-11ec-b92f-859b9e89e434", + "migrationVersion": { + "cases": "8.1.0" + }, + "references": [], + "type": "cases", + "updated_at": "2022-03-29T10:33:09.754Z", + "version": "WzE2OTYyNCwxNF0=" +} diff --git a/x-pack/test/reporting_api_integration/reporting_and_security/usage/error_codes.ts b/x-pack/test/reporting_api_integration/reporting_and_security/usage/error_codes.ts new file mode 100644 index 0000000000000..73cabb26d9aa9 --- /dev/null +++ b/x-pack/test/reporting_api_integration/reporting_and_security/usage/error_codes.ts @@ -0,0 +1,73 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import expect from '@kbn/expect'; +import { FtrProviderContext } from '../../ftr_provider_context'; +import { UsageStats } from '../../services/usage'; + +type ReportingUsage = UsageStats['reporting']; +interface ReportingUsageApiResponse { + all: ReportingUsage['_all']; + csv_searchsource: ReportingUsage['csv_searchsource']; + pngv_2: ReportingUsage['PNGV2']; + printable_pdf_v_2: ReportingUsage['printable_pdf_v2']; +} + +const DATA_ARCHIVE_PATH = 'x-pack/test/functional/es_archives/reporting/errors'; + +// eslint-disable-next-line import/no-default-export +export default function ({ getService }: FtrProviderContext) { + const esArchiver = getService('esArchiver'); + const reportingAPI = getService('reportingAPI'); + const usageAPI = getService('usageAPI'); + + describe(`error codes`, () => { + let reporting: ReportingUsageApiResponse; + + before(async () => { + await reportingAPI.deleteAllReports(); + await esArchiver.load(DATA_ARCHIVE_PATH); + ({ reporting } = await usageAPI.getUsageStats()); + }); + + after(async () => { + await esArchiver.unload(DATA_ARCHIVE_PATH); + await reportingAPI.deleteAllReports(); + }); + + it('includes error code statistics', async () => { + expect(reporting.all).equal(3); + expectSnapshot( + ['csv_searchsource', 'pngv_2', 'printable_pdf_v_2'].map((k) => { + const field = reporting[k as keyof Omit]; + return { key: k, error_codes: field.error_codes, total: field.total }; + }) + ).toMatchInline(` + Array [ + Object { + "error_codes": undefined, + "key": "csv_searchsource", + "total": 0, + }, + Object { + "error_codes": undefined, + "key": "pngv_2", + "total": 0, + }, + Object { + "error_codes": Object { + "queue_timeout_error": 1, + "unknown_error": 1, + }, + "key": "printable_pdf_v_2", + "total": 3, + }, + ] + `); + }); + }); +} diff --git a/x-pack/test/reporting_api_integration/reporting_and_security/usage/index.ts b/x-pack/test/reporting_api_integration/reporting_and_security/usage/index.ts index 5b6dc7cc31ab0..4abb52ac4796a 100644 --- a/x-pack/test/reporting_api_integration/reporting_and_security/usage/index.ts +++ b/x-pack/test/reporting_api_integration/reporting_and_security/usage/index.ts @@ -20,5 +20,6 @@ export default function ({ getService, loadTestFile }: FtrProviderContext) { loadTestFile(require.resolve('./initial')); loadTestFile(require.resolve('./metrics')); loadTestFile(require.resolve('./new_jobs')); + loadTestFile(require.resolve('./error_codes')); }); }