QkiZMR/gist:fee9dfac1c51fdce3116cc08497494db

## gistfile1.txt
{
  "_index": "jira-2020.08.04",
  "_type": "_doc",
  "_id": "UqzFuXMBOfD1YlMix7c7",
  "_version": 1,
  "_score": null,
  "_source": {
    "@timestamp": "2020-08-04T14:00:11.612Z",
    "host": {
      "name": "f7a1837cbf34"
    },
    "log": {
      "offset": 4321812,
      "file": {
        "path": "/var/atlassian/jira/log/atlassian-jira.log"
      }
    },
    "message": "2020-08-04 16:00:02,703+0200 Caesium-1-4 WARN johndoe     [c.o.scriptrunner.runner.ScriptBindingsManager] filtr:12823 query: \t\t\t{project not in (\"Finance\")} AND ( {issueFunction in linkedIssuesOf(key=PB-334, Business Project for)} AND {issuetype not in (\"job\", \"error\", \"test\", \"Story Epic\", \"Project Management Epic\", \"Pricing Epic\", \"Bug Epic\", \"Test Epic\")} OR {issueFunction in subtasksOf(issueFunction in linkedIssuesOf(\"key=XX-123\",\"Business Project for\") and issuetype not in (job, error,test,\"Story Epic\",\"Project Management Epic\",\"Pricing Epic\",\"Bug Epic\",\"Test Epic\" )  )} OR {issueFunction in issuesInEpics(issuetype =Epic and issueFunction in linkedIssuesOf(\"key=XX-123\",\"Business Project for\"))} AND {issuetype in (\"Story Epic\", \"Project Management Epic\", \"Pricing Epic\", \"Bug Epic\", \"Test Epic\")} OR {issueFunction in subtasksOf(issueFunction in issuesInEpics('issuetype =Epic and issueFunction in linkedIssuesOf(\"key =XX-123\",\"Business Project for\") ') and issuetype in(\"Story Epic\" ,\"Project Management Epic\",\"Pricing Epic\",\"Bug Epic\",\"Test Epic\" )  )} )",
    "input": {
      "type": "log"
    },
    "agent": {
      "hostname": "f7a1837cbf34",
      "ephemeral_id": "d6b728eb-0de8-4c2b-8714-8f334f9c1162",
      "id": "2db27ce3-60ac-448d-a63a-756672d1fd1e",
      "name": "f7a1837cbf34",
      "type": "filebeat",
      "version": "7.8.1"
    },
    "ecs": {
      "version": "1.5.0"
    }
  },
  "fields": {
    "cef.extensions.flexDate1": [],
    "netflow.flow_end_microseconds": [],
    "netflow.system_init_time_milliseconds": [],
    "netflow.flow_end_nanoseconds": [],
    "misp.observed_data.last_observed": [],
    "netflow.max_flow_end_microseconds": [],
    "file.mtime": [],
    "aws.cloudtrail.user_identity.session_context.creation_date": [],
    "netflow.min_flow_start_seconds": [],
    "misp.intrusion_set.first_seen": [],
    "file.created": [],
    "misp.threat_indicator.valid_from": [],
    "process.parent.start": [],
    "azure.auditlogs.properties.activity_datetime": [],
    "crowdstrike.event.ProcessStartTime": [],
    "zeek.ocsp.update.this": [],
    "crowdstrike.event.IncidentStartTime": [],
    "netflow.observation_time_microseconds": [],
    "event.start": [],
    "cef.extensions.agentReceiptTime": [],
    "cef.extensions.oldFileModificationTime": [],
    "checkpoint.subs_exp": [],
    "event.end": [],
    "netflow.max_flow_end_milliseconds": [],
    "netflow.min_flow_start_nanoseconds": [],
    "zeek.smb_files.times.changed": [],
    "crowdstrike.event.StartTimestamp": [],
    "netflow.flow_start_nanoseconds": [],
    "netflow.flow_start_seconds": [],
    "crowdstrike.event.ProcessEndTime": [],
    "zeek.x509.certificate.valid.until": [],
    "misp.observed_data.first_observed": [],
    "netflow.exporter.timestamp": [],
    "netflow.monitoring_interval_start_milli_seconds": [],
    "cef.extensions.oldFileCreateTime": [],
    "event.ingested": [],
    "@timestamp": [
      "2020-08-04T14:00:11.612Z"
    ],
    "zeek.ocsp.update.next": [],
    "crowdstrike.event.UTCTimestamp": [],
    "tls.server.not_before": [],
    "cef.extensions.startTime": [],
    "netflow.min_flow_start_milliseconds": [],
    "azure.signinlogs.properties.created_at": [],
    "cef.extensions.endTime": [],
    "suricata.eve.tls.notbefore": [],
    "zeek.kerberos.valid.from": [],
    "cef.extensions.fileCreateTime": [],
    "misp.threat_indicator.valid_until": [],
    "crowdstrike.event.EndTimestamp": [],
    "misp.campaign.last_seen": [],
    "cef.extensions.deviceReceiptTime": [],
    "netflow.observation_time_seconds": [],
    "crowdstrike.metadata.eventCreationTime": [],
    "cef.extensions.fileModificationTime": [],
    "tls.client.not_before": [],
    "zeek.smb_files.times.created": [],
    "zeek.smtp.date": [],
    "netflow.collection_time_milliseconds": [],
    "zeek.pe.compile_time": [],
    "netflow.max_flow_end_seconds": [],
    "tls.client.not_after": [],
    "netflow.flow_start_milliseconds": [],
    "event.created": [],
    "package.installed": [],
    "zeek.kerberos.valid.until": [],
    "suricata.eve.flow.end": [],
    "netflow.observation_time_milliseconds": [],
    "netflow.flow_start_microseconds": [],
    "tls.server.not_after": [],
    "netflow.flow_end_seconds": [],
    "process.start": [],
    "suricata.eve.tls.notafter": [],
    "zeek.snmp.up_since": [],
    "azure.enqueued_time": [],
    "netflow.max_flow_end_nanoseconds": [],
    "misp.intrusion_set.last_seen": [],
    "netflow.min_flow_start_microseconds": [],
    "netflow.observation_time_nanoseconds": [],
    "cef.extensions.managerReceiptTime": [],
    "file.accessed": [],
    "netflow.flow_end_milliseconds": [],
    "misp.campaign.first_seen": [],
    "netflow.min_export_seconds": [],
    "suricata.eve.flow.start": [],
    "suricata.eve.timestamp": [
      "2020-08-04T14:00:11.612Z"
    ],
    "cef.extensions.deviceCustomDate1": [],
    "cef.extensions.deviceCustomDate2": [],
    "netflow.monitoring_interval_end_milli_seconds": [],
    "file.ctime": [],
    "crowdstrike.event.IncidentEndTime": [],
    "zeek.smb_files.times.accessed": [],
    "zeek.ocsp.revoke.time": [],
    "zeek.x509.certificate.valid.from": [],
    "netflow.max_export_seconds": [],
    "zeek.smb_files.times.modified": [],
    "kafka.block_timestamp": [],
    "misp.report.published": []
  },
  "sort": [
    1596549611612
  ]
}
	{
	"_index": "jira-2020.08.04",
	"_type": "_doc",
	"_id": "UqzFuXMBOfD1YlMix7c7",
	"_version": 1,
	"_score": null,
	"_source": {
	"@timestamp": "2020-08-04T14:00:11.612Z",
	"host": {
	"name": "f7a1837cbf34"
	},
	"log": {
	"offset": 4321812,
	"file": {
	"path": "/var/atlassian/jira/log/atlassian-jira.log"
	}
	},
	"message": "2020-08-04 16:00:02,703+0200 Caesium-1-4 WARN johndoe [c.o.scriptrunner.runner.ScriptBindingsManager] filtr:12823 query: \t\t\t{project not in (\"Finance\")} AND ( {issueFunction in linkedIssuesOf(key=PB-334, Business Project for)} AND {issuetype not in (\"job\", \"error\", \"test\", \"Story Epic\", \"Project Management Epic\", \"Pricing Epic\", \"Bug Epic\", \"Test Epic\")} OR {issueFunction in subtasksOf(issueFunction in linkedIssuesOf(\"key=XX-123\",\"Business Project for\") and issuetype not in (job, error,test,\"Story Epic\",\"Project Management Epic\",\"Pricing Epic\",\"Bug Epic\",\"Test Epic\" ) )} OR {issueFunction in issuesInEpics(issuetype =Epic and issueFunction in linkedIssuesOf(\"key=XX-123\",\"Business Project for\"))} AND {issuetype in (\"Story Epic\", \"Project Management Epic\", \"Pricing Epic\", \"Bug Epic\", \"Test Epic\")} OR {issueFunction in subtasksOf(issueFunction in issuesInEpics('issuetype =Epic and issueFunction in linkedIssuesOf(\"key =XX-123\",\"Business Project for\") ') and issuetype in(\"Story Epic\" ,\"Project Management Epic\",\"Pricing Epic\",\"Bug Epic\",\"Test Epic\" ) )} )",
	"input": {
	"type": "log"
	},
	"agent": {
	"hostname": "f7a1837cbf34",
	"ephemeral_id": "d6b728eb-0de8-4c2b-8714-8f334f9c1162",
	"id": "2db27ce3-60ac-448d-a63a-756672d1fd1e",
	"name": "f7a1837cbf34",
	"type": "filebeat",
	"version": "7.8.1"
	},
	"ecs": {
	"version": "1.5.0"
	}
	},
	"fields": {
	"cef.extensions.flexDate1": [],
	"netflow.flow_end_microseconds": [],
	"netflow.system_init_time_milliseconds": [],
	"netflow.flow_end_nanoseconds": [],
	"misp.observed_data.last_observed": [],
	"netflow.max_flow_end_microseconds": [],
	"file.mtime": [],
	"aws.cloudtrail.user_identity.session_context.creation_date": [],
	"netflow.min_flow_start_seconds": [],
	"misp.intrusion_set.first_seen": [],
	"file.created": [],
	"misp.threat_indicator.valid_from": [],
	"process.parent.start": [],
	"azure.auditlogs.properties.activity_datetime": [],
	"crowdstrike.event.ProcessStartTime": [],
	"zeek.ocsp.update.this": [],
	"crowdstrike.event.IncidentStartTime": [],
	"netflow.observation_time_microseconds": [],
	"event.start": [],
	"cef.extensions.agentReceiptTime": [],
	"cef.extensions.oldFileModificationTime": [],
	"checkpoint.subs_exp": [],
	"event.end": [],
	"netflow.max_flow_end_milliseconds": [],
	"netflow.min_flow_start_nanoseconds": [],
	"zeek.smb_files.times.changed": [],
	"crowdstrike.event.StartTimestamp": [],
	"netflow.flow_start_nanoseconds": [],
	"netflow.flow_start_seconds": [],
	"crowdstrike.event.ProcessEndTime": [],
	"zeek.x509.certificate.valid.until": [],
	"misp.observed_data.first_observed": [],
	"netflow.exporter.timestamp": [],
	"netflow.monitoring_interval_start_milli_seconds": [],
	"cef.extensions.oldFileCreateTime": [],
	"event.ingested": [],
	"@timestamp": [
	"2020-08-04T14:00:11.612Z"
	],
	"zeek.ocsp.update.next": [],
	"crowdstrike.event.UTCTimestamp": [],
	"tls.server.not_before": [],
	"cef.extensions.startTime": [],
	"netflow.min_flow_start_milliseconds": [],
	"azure.signinlogs.properties.created_at": [],
	"cef.extensions.endTime": [],
	"suricata.eve.tls.notbefore": [],
	"zeek.kerberos.valid.from": [],
	"cef.extensions.fileCreateTime": [],
	"misp.threat_indicator.valid_until": [],
	"crowdstrike.event.EndTimestamp": [],
	"misp.campaign.last_seen": [],
	"cef.extensions.deviceReceiptTime": [],
	"netflow.observation_time_seconds": [],
	"crowdstrike.metadata.eventCreationTime": [],
	"cef.extensions.fileModificationTime": [],
	"tls.client.not_before": [],
	"zeek.smb_files.times.created": [],
	"zeek.smtp.date": [],
	"netflow.collection_time_milliseconds": [],
	"zeek.pe.compile_time": [],
	"netflow.max_flow_end_seconds": [],
	"tls.client.not_after": [],
	"netflow.flow_start_milliseconds": [],
	"event.created": [],
	"package.installed": [],
	"zeek.kerberos.valid.until": [],
	"suricata.eve.flow.end": [],
	"netflow.observation_time_milliseconds": [],
	"netflow.flow_start_microseconds": [],
	"tls.server.not_after": [],
	"netflow.flow_end_seconds": [],
	"process.start": [],
	"suricata.eve.tls.notafter": [],
	"zeek.snmp.up_since": [],
	"azure.enqueued_time": [],
	"netflow.max_flow_end_nanoseconds": [],
	"misp.intrusion_set.last_seen": [],
	"netflow.min_flow_start_microseconds": [],
	"netflow.observation_time_nanoseconds": [],
	"cef.extensions.managerReceiptTime": [],
	"file.accessed": [],
	"netflow.flow_end_milliseconds": [],
	"misp.campaign.first_seen": [],
	"netflow.min_export_seconds": [],
	"suricata.eve.flow.start": [],
	"suricata.eve.timestamp": [
	"2020-08-04T14:00:11.612Z"
	],
	"cef.extensions.deviceCustomDate1": [],
	"cef.extensions.deviceCustomDate2": [],
	"netflow.monitoring_interval_end_milli_seconds": [],
	"file.ctime": [],
	"crowdstrike.event.IncidentEndTime": [],
	"zeek.smb_files.times.accessed": [],
	"zeek.ocsp.revoke.time": [],
	"zeek.x509.certificate.valid.from": [],
	"netflow.max_export_seconds": [],
	"zeek.smb_files.times.modified": [],
	"kafka.block_timestamp": [],
	"misp.report.published": []
	},
	"sort": [
	1596549611612
	]
	}