ceeeekay/pre-ECS Secret

## pre-ECS
{
  "_index": "filebeat-2020.04.01-000001",
  "_type": "_doc",
  "_id": "rivbN3EBWfbVw0yHAD-M",
  "_version": 1,
  "_score": null,
  "_source": {
    "client": {
      "ip": "127.0.0.1"
    },
    "@timestamp": "2020-04-01T22:26:48.752Z",
    "message": "127.0.0.1 - - [01/Apr/2020:22:26:48 +0000] \"get /something\" 400 173 \"-\" \"-\" \"-\"",
    "agent": {
      "hostname": "xxxxxxxxxx",
      "id": "580c34af-1f79-4df0-91dc-72e7012c6aa8",
      "ephemeral_id": "a1c05437-ecc4-47fa-a256-88998f0f7307",
      "version": "7.6.2",
      "type": "filebeat"
    },
    "kelp": {
      "event": {
        "original_timestamp": "2020-04-01T22:26:48.752Z",
        "type": "nginx"
      }
    },
    "@version": "1",
    "bytes": "173",
    "ident": "-",
    "log": {
      "offset": 2412,
      "file": {
        "path": "/var/log/pods/default_nginx-deployment-xxxxxxxx/nginx/3.log"
      }
    },
    "ecs": {
      "version": "1.4.0"
    },
    "tags": [
      "ecs_clientip_renamed"
    ],
    "input": {
      "type": "container"
    },
    "event": {
      "timezone": "Pacific/Auckland",
      "ingested": "2020-04-01T22:26:48.752Z"
    },
    "verb": "get",
    "host": {
      "ip": [
        "xxx.xxx.xxx.xxx"
      ],
      "architecture": "x86_64",
      "containerized": true,
      "hostname": "xxxxxxxx",
      "os": {
        "version": "7 (Core)",
        "codename": "Core",
        "kernel": "4.19.94",
        "family": "redhat",
        "platform": "centos",
        "name": "CentOS Linux"
      },
      "mac": [
        "xx:xx:xx:xx:xx:xx"
      ],
      "name": "xxxxxxxxx"
    },
    "request": "/something",
    "stream": "stdout",
    "referrer": "\"-\"",
    "auth": "-",
    "catalyst": {
      "client": {
        "name": "xxxxx"
      },
      "host": {
        "timezone": "Pacific/Auckland",
        "role": "UNDEFINED",
        "fqdn": "xxxxxxxxxx"
      }
    },
    "response": "400",
    "timestamp": "01/Apr/2020:22:26:48 +0000",
    "metadata": {
      "ingress": {
        "ip_address": "xxx.xxx.xxx.xxx",
        "beat": "filebeat"
      }
    }
  },
  "fields": {
    "event.ingested": [
      "2020-04-01T22:26:48.752Z"
    ],
    "@timestamp": [
      "2020-04-01T22:26:48.752Z"
    ],
    "kelp.event.original_timestamp": [
      "2020-04-01T22:26:48.752Z"
    ]
  },
  "sort": [
    1585780008752
  ]
}
	{
	"_index": "filebeat-2020.04.01-000001",
	"_type": "_doc",
	"_id": "rivbN3EBWfbVw0yHAD-M",
	"_version": 1,
	"_score": null,
	"_source": {
	"client": {
	"ip": "127.0.0.1"
	},
	"@timestamp": "2020-04-01T22:26:48.752Z",
	"message": "127.0.0.1 - - [01/Apr/2020:22:26:48 +0000] \"get /something\" 400 173 \"-\" \"-\" \"-\"",
	"agent": {
	"hostname": "xxxxxxxxxx",
	"id": "580c34af-1f79-4df0-91dc-72e7012c6aa8",
	"ephemeral_id": "a1c05437-ecc4-47fa-a256-88998f0f7307",
	"version": "7.6.2",
	"type": "filebeat"
	},
	"kelp": {
	"event": {
	"original_timestamp": "2020-04-01T22:26:48.752Z",
	"type": "nginx"
	}
	},
	"@version": "1",
	"bytes": "173",
	"ident": "-",
	"log": {
	"offset": 2412,
	"file": {
	"path": "/var/log/pods/default_nginx-deployment-xxxxxxxx/nginx/3.log"
	}
	},
	"ecs": {
	"version": "1.4.0"
	},
	"tags": [
	"ecs_clientip_renamed"
	],
	"input": {
	"type": "container"
	},
	"event": {
	"timezone": "Pacific/Auckland",
	"ingested": "2020-04-01T22:26:48.752Z"
	},
	"verb": "get",
	"host": {
	"ip": [
	"xxx.xxx.xxx.xxx"
	],
	"architecture": "x86_64",
	"containerized": true,
	"hostname": "xxxxxxxx",
	"os": {
	"version": "7 (Core)",
	"codename": "Core",
	"kernel": "4.19.94",
	"family": "redhat",
	"platform": "centos",
	"name": "CentOS Linux"
	},
	"mac": [
	"xx:xx:xx:xx:xx:xx"
	],
	"name": "xxxxxxxxx"
	},
	"request": "/something",
	"stream": "stdout",
	"referrer": "\"-\"",
	"auth": "-",
	"catalyst": {
	"client": {
	"name": "xxxxx"
	},
	"host": {
	"timezone": "Pacific/Auckland",
	"role": "UNDEFINED",
	"fqdn": "xxxxxxxxxx"
	}
	},
	"response": "400",
	"timestamp": "01/Apr/2020:22:26:48 +0000",
	"metadata": {
	"ingress": {
	"ip_address": "xxx.xxx.xxx.xxx",
	"beat": "filebeat"
	}
	}
	},
	"fields": {
	"event.ingested": [
	"2020-04-01T22:26:48.752Z"
	],
	"@timestamp": [
	"2020-04-01T22:26:48.752Z"
	],
	"kelp.event.original_timestamp": [
	"2020-04-01T22:26:48.752Z"
	]
	},
	"sort": [
	1585780008752
	]
	}