{
  "_index": "filebeat-7.5.0-2019.10.22-000001",
  "_type": "_doc",
  "_id": "PyaY920Bvvm8d1N9aG5X",
  "_version": 1,
  "_score": null,
  "_source": {
    "agent": {
      "hostname": "rdesktop",
      "id": "5e591dbf-29ed-40f2-8d1e-2a0e09175150",
      "type": "filebeat",
      "ephemeral_id": "1153eca0-c3ef-4ef8-b507-8704c8ddd436",
      "version": "7.5.0"
    },
    "destination": {
      "geo": {
        "continent_name": "Europe",
        "country_iso_code": "FR",
        "location": {
          "lon": 2.3387000000000002,
          "lat": 48.8582
        }
      },
      "as": {
        "number": 44788,
        "organization": {
          "name": "Criteo SA"
        }
      },
      "port": 443,
      "ip": "178.250.2.146",
      "locality": "public"
    },
    "source": {
      "port": 54978,
      "ip": "10.24.235.212",
      "locality": "private"
    },
    "fileset": {
      "name": "log"
    },
    "network": {
      "community_id": "1:DFUUDUeJXlg+Ks3iVPqn4xlaAG4=",
      "transport": "tcp",
      "iana_number": 6,
      "direction": "unknown"
    },
    "input": {
      "type": "netflow"
    },
    "observer": {
      "ip": "94.142.111.115"
    },
    "netflow": {
      "post_nat_destination_ipv4_address": "178.250.2.146",
      "fragment_identification": 57872,
      "egress_vrfid": 0,
      "type": "netflow_flow",
      "tcp_acknowledgement_number": 2900156405,
      "icmp_type_ipv4": 0,
      "source_ipv4_address": "10.24.235.212",
      "exporter": {
        "uptime_millis": 1811188469,
        "address": "94.142.111.115:5152",
        "source_id": 300,
        "version": 9,
        "timestamp": "2019-10-23T07:51:06.000Z"
      },
      "tcp_control_bits": 25,
      "ingress_vrfid": 2,
      "icmp_code_ipv4": 0,
      "post_napt_source_transport_port": 5995,
      "destination_transport_port": 443,
      "firewall_event": 3,
      "responder_octets": 0,
      "tcp_sequence_number": 4161800233,
      "protocol_identifier": 6,
      "egress_interface": 1,
      "initiator_octets": 0,
      "post_napt_destination_transport_port": 443,
      "observation_time_milliseconds": "2019-10-23T07:51:06.727Z",
      "application_id": [
        0,
        0,
        0,
        0
      ],
      "destination_ipv4_address": "178.250.2.146",
      "post_nat_source_ipv4_address": "94.142.111.115",
      "ingress_interface": 19,
      "source_transport_port": 54978
    },
    "@timestamp": "2019-10-23T07:51:06.000Z",
    "ecs": {
      "version": "1.1.0"
    },
    "service": {
      "type": "netflow"
    },
    "host": {
      "hostname": "rdesktop",
      "os": {
        "build": "7601.24494",
        "kernel": "6.1.7601.24499 (win7sp1_ldr.190612-0600)",
        "name": "Windows Server 2008 R2 Standard",
        "family": "windows",
        "version": "6.1",
        "platform": "windows"
      },
      "name": "rdesktop",
      "id": "e07c141b-c40d-4c00-b318-fd70a98cb10b",
      "architecture": "x86_64"
    },
    "event": {
      "created": "2019-10-23T07:51:06.000Z",
      "kind": "event",
      "module": "netflow",
      "action": "netflow_flow",
      "category": "network_traffic",
      "dataset": "netflow.log"
    },
    "flow": {
      "locality": "public",
      "id": "6c7OfN1K_as"
    }
  },
  "fields": {
    "event.created": [
      "2019-10-23T07:51:06.000Z"
    ],
    "netflow.observation_time_milliseconds": [
      "2019-10-23T07:51:06.727Z"
    ],
    "netflow.exporter.timestamp": [
      "2019-10-23T07:51:06.000Z"
    ],
    "suricata.eve.timestamp": [
      "2019-10-23T07:51:06.000Z"
    ],
    "@timestamp": [
      "2019-10-23T07:51:06.000Z"
    ]
  },
  "sort": [
    1571817066000
  ]
}