Skip to content

Instantly share code, notes, and snippets.

@hamidallaoui
Created September 2, 2020 13:11
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save hamidallaoui/84bc7ea870fa46da7feaff8567eac335 to your computer and use it in GitHub Desktop.
Save hamidallaoui/84bc7ea870fa46da7feaff8567eac335 to your computer and use it in GitHub Desktop.
{"log.level":"debug","@timestamp":"2020-09-02T12:00:05.452+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:00:05.463+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:00:05.464+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:00:05.466+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:00:05.466+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:00:05.467+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:00:15.467+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:00:15.467+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:00:15.467+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:00:15.469+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:00:15.469+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:00:15.469+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:00:21.044+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828,"time":{"ms":16}},"total":{"ticks":3281,"time":{"ms":16},"value":3281},"user":{"ticks":2453}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":77853929}},"memstats":{"gc_next":17283504,"memory_alloc":8654840,"memory_total":73351464,"rss":57344},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:00:25.467+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:00:25.467+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:00:25.467+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:00:25.469+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:00:25.469+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:00:25.469+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:00:35.469+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:00:35.469+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:00:35.469+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:00:35.470+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:00:35.470+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:00:35.470+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:00:45.471+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:00:45.471+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:00:45.471+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:00:45.471+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:00:45.471+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:00:45.471+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:00:51.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3281,"value":3281},"user":{"ticks":2453}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":77883928}},"memstats":{"gc_next":17283504,"memory_alloc":8742520,"memory_total":73439144},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:00:55.472+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:00:55.472+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:00:55.472+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:00:55.472+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:00:55.472+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:00:55.472+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:01:05.474+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:01:05.474+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:01:05.474+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:01:05.474+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:01:05.474+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:01:05.474+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:01:15.475+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:01:15.475+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:01:15.475+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:01:15.475+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:01:15.475+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:01:15.475+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:01:21.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3281,"value":3281},"user":{"ticks":2453}},"handles":{"open":242},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":77913928}},"memstats":{"gc_next":17283504,"memory_alloc":8810136,"memory_total":73506760,"rss":-1024000},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:01:25.475+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:01:25.475+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:01:25.475+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:01:25.475+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:01:25.475+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:01:25.475+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:01:35.475+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:01:35.475+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:01:35.475+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:01:35.475+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:01:35.475+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:01:35.475+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:01:45.476+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:01:45.476+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:01:45.476+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:01:45.476+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:01:45.476+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:01:45.477+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:01:51.044+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3281,"value":3281},"user":{"ticks":2453}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":77943929}},"memstats":{"gc_next":17283504,"memory_alloc":8885016,"memory_total":73581640,"rss":-53248},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:01:55.477+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:01:55.477+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:01:55.477+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:01:55.477+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:01:55.477+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:01:55.477+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:05.477+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:05.478+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:05.478+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:05.478+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:05.478+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:05.479+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:15.478+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:15.478+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:15.478+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:15.479+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:15.479+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:15.479+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:02:21.044+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3281,"value":3281},"user":{"ticks":2453}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":77973929}},"memstats":{"gc_next":17239872,"memory_alloc":8630784,"memory_total":73658720,"rss":868352},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:25.478+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:25.478+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:25.478+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:25.481+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:25.481+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:25.481+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:35.479+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:35.479+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:35.479+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:35.482+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:35.482+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:35.482+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:45.480+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:45.480+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:45.480+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:45.482+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:45.482+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:45.482+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:02:51.044+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3281,"value":3281},"user":{"ticks":2453}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":78003929}},"memstats":{"gc_next":17239872,"memory_alloc":8708448,"memory_total":73736384},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:51.083+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":59},"message":"Start store cleanup","input_type":"o365audit","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:51.083+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":59},"message":"Start store cleanup","input_type":"winlog","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:51.083+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":68},"message":"No entries to remove were found","input_type":"o365audit","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:51.083+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":68},"message":"No entries to remove were found","input_type":"winlog","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:51.083+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":69},"message":"Done store cleanup","input_type":"winlog","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:51.083+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":69},"message":"Done store cleanup","input_type":"o365audit","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:55.481+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:55.481+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:55.481+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:55.483+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:55.483+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:02:55.483+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:03:05.481+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:03:05.481+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:03:05.481+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:03:05.483+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:03:05.483+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:03:05.483+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:03:15.481+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:03:15.481+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:03:15.481+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:03:15.484+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:03:15.484+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:03:15.484+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:03:21.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3281,"value":3281},"user":{"ticks":2453}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":78033928}},"memstats":{"gc_next":17239872,"memory_alloc":8781904,"memory_total":73809840},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:03:25.482+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:03:25.482+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:03:25.482+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:03:25.485+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:03:25.485+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:03:25.485+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:03:35.482+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:03:35.482+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:03:35.482+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:03:35.485+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:03:35.485+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:03:35.485+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:03:45.482+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:03:45.482+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:03:45.482+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:03:45.485+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:03:45.485+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:03:45.485+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:03:51.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3281,"value":3281},"user":{"ticks":2453}},"handles":{"open":242},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":78063928}},"memstats":{"gc_next":17239872,"memory_alloc":8862704,"memory_total":73890640,"rss":16384},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:03:55.483+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:03:55.483+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:03:55.483+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:03:55.485+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:03:55.485+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:03:55.485+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:04:05.485+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:04:05.485+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:04:05.486+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:04:05.486+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:04:05.486+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:04:05.486+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:04:15.486+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:04:15.486+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:04:15.486+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:04:15.486+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:04:15.486+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:04:15.486+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:04:21.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3343,"time":{"ms":62},"value":3343},"user":{"ticks":2515,"time":{"ms":62}}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":78093929}},"memstats":{"gc_next":17240544,"memory_alloc":8632192,"memory_total":73968104,"rss":61440},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:04:25.487+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:04:25.487+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:04:25.487+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:04:25.487+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:04:25.487+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:04:25.487+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:04:35.489+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:04:35.489+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:04:35.489+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:04:35.489+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:04:35.489+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:04:35.489+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:04:45.489+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:04:45.489+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:04:45.489+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:04:45.489+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:04:45.489+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:04:45.489+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:04:51.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3343,"value":3343},"user":{"ticks":2515}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":78123928}},"memstats":{"gc_next":17240544,"memory_alloc":8712560,"memory_total":74048472,"rss":8192},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:04:55.490+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:04:55.490+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:04:55.490+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:04:55.490+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:04:55.490+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:04:55.490+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:05:05.492+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:05:05.492+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:05:05.492+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:05:05.492+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:05:05.492+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:05:05.492+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:05:15.492+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:05:15.492+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:05:15.492+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:05:15.492+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:05:15.492+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:05:15.492+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:05:21.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3343,"value":3343},"user":{"ticks":2515}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":78153929}},"memstats":{"gc_next":17240544,"memory_alloc":8797456,"memory_total":74133368,"rss":8192},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:05:25.493+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:05:25.493+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:05:25.493+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:05:25.493+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:05:25.493+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:05:25.493+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:05:35.493+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:05:35.493+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:05:35.493+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:05:35.493+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:05:35.493+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:05:35.493+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:05:45.493+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:05:45.493+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:05:45.493+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:05:45.493+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:05:45.493+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:05:45.493+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:05:51.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3343,"value":3343},"user":{"ticks":2515}},"handles":{"open":242},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":78183928}},"memstats":{"gc_next":17240544,"memory_alloc":8858448,"memory_total":74194360,"rss":12288},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:05:55.495+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:05:55.495+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:05:55.495+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:05:55.495+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:05:55.495+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:05:55.495+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:06:05.496+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:06:05.496+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:06:05.497+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:06:05.496+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:06:05.497+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:06:05.498+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:06:15.497+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:06:15.497+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:06:15.497+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:06:15.498+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:06:15.498+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:06:15.498+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:06:21.044+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3359,"time":{"ms":16},"value":3359},"user":{"ticks":2531,"time":{"ms":16}}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":78213929}},"memstats":{"gc_next":17240160,"memory_alloc":8627136,"memory_total":74272064,"rss":86016},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:06:25.498+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:06:25.498+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:06:25.498+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:06:25.498+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:06:25.498+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:06:25.498+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:06:35.499+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:06:35.499+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:06:35.499+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:06:35.499+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:06:35.499+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:06:35.500+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:06:45.500+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:06:45.500+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:06:45.500+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:06:45.500+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:06:45.500+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:06:45.500+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:06:51.044+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3359,"value":3359},"user":{"ticks":2531}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":78243930}},"memstats":{"gc_next":17240160,"memory_alloc":8710272,"memory_total":74355200,"rss":-122880},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:06:55.502+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:06:55.502+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:06:55.502+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:06:55.502+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:06:55.502+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:06:55.502+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:05.503+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:05.503+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:05.503+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:05.503+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:05.504+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:05.504+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:15.504+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:15.504+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:15.504+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:15.504+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:15.504+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:15.504+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:07:21.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3359,"value":3359},"user":{"ticks":2531}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":78273928}},"memstats":{"gc_next":17240160,"memory_alloc":8786848,"memory_total":74431776},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:25.504+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:25.504+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:25.504+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:25.504+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:25.504+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:25.504+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:35.505+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:35.505+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:35.505+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:35.505+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:35.505+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:35.505+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:45.506+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:45.506+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:45.506+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:45.506+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:45.507+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:45.507+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:07:51.044+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3359,"value":3359},"user":{"ticks":2531}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":78303929}},"memstats":{"gc_next":17240160,"memory_alloc":8862368,"memory_total":74507296},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:51.084+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":59},"message":"Start store cleanup","input_type":"o365audit","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:51.084+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":59},"message":"Start store cleanup","input_type":"winlog","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:51.084+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":68},"message":"No entries to remove were found","input_type":"o365audit","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:51.084+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":68},"message":"No entries to remove were found","input_type":"winlog","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:51.084+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":69},"message":"Done store cleanup","input_type":"o365audit","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:51.084+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":69},"message":"Done store cleanup","input_type":"winlog","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:55.507+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:55.507+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:55.507+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:55.507+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:55.507+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:07:55.507+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:08:05.508+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:08:05.509+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:08:05.509+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:08:05.509+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:08:05.509+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:08:05.509+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:08:15.509+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:08:15.509+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:08:15.509+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:08:15.509+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:08:15.509+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:08:15.509+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:08:21.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3359,"value":3359},"user":{"ticks":2531}},"handles":{"open":242},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":78333928}},"memstats":{"gc_next":17240896,"memory_alloc":8632368,"memory_total":74588408,"rss":12288},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:08:25.509+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:08:25.509+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:08:25.509+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:08:25.509+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:08:25.509+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:08:25.509+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:08:35.510+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:08:35.510+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:08:35.510+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:08:35.510+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:08:35.510+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:08:35.510+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:08:45.511+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:08:45.511+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:08:45.511+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:08:45.511+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:08:45.511+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:08:45.511+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:08:51.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3359,"value":3359},"user":{"ticks":2531}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":78363928}},"memstats":{"gc_next":17240896,"memory_alloc":8725232,"memory_total":74681272},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:08:55.512+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:08:55.512+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:08:55.512+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:08:55.512+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:08:55.512+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:08:55.512+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:09:05.512+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:09:05.512+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:09:05.512+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:09:05.512+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:09:05.513+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:09:05.513+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:09:15.514+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:09:15.514+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:09:15.514+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:09:15.514+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:09:15.514+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:09:15.514+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:09:21.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3359,"value":3359},"user":{"ticks":2531}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":78393928}},"memstats":{"gc_next":17240896,"memory_alloc":8786384,"memory_total":74742424,"rss":4096},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:09:25.514+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:09:25.514+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:09:25.514+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:09:25.514+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:09:29.425+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:09:29.425+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:09:39.425+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:09:39.425+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:09:39.425+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:09:39.425+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:09:39.425+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:09:39.425+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:09:49.426+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:09:49.426+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:09:49.426+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:09:49.426+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:09:49.426+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:09:49.426+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:09:51.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3359,"value":3359},"user":{"ticks":2531}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":78423928}},"memstats":{"gc_next":17240896,"memory_alloc":8858592,"memory_total":74814632},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:09:59.427+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:09:59.427+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:09:59.427+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:09:59.427+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:09:59.427+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:09:59.427+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:10:09.428+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:10:09.428+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:10:09.428+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:10:09.428+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:10:09.428+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:10:09.428+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:10:19.429+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:10:19.429+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:10:19.429+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:10:19.429+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:10:19.429+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:10:19.429+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:10:21.044+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3359,"value":3359},"user":{"ticks":2531}},"handles":{"open":242},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":78453929}},"memstats":{"gc_next":17232368,"memory_alloc":8634752,"memory_total":74898592},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:10:29.430+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:10:29.430+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:10:29.430+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:10:29.430+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:10:29.430+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:10:29.430+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:10:39.430+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:10:39.430+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:10:39.430+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:10:39.430+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:10:39.430+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:10:39.431+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:10:49.431+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:10:49.431+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:10:49.431+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:10:49.431+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:10:49.431+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:10:49.431+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:10:51.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3359,"value":3359},"user":{"ticks":2531}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":78483928}},"memstats":{"gc_next":17232368,"memory_alloc":8708256,"memory_total":74972096},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:10:59.432+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:10:59.432+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:10:59.432+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:10:59.432+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:10:59.432+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:10:59.432+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:11:09.433+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:11:09.433+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:11:09.433+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:11:09.433+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:11:09.433+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:11:09.433+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:11:19.433+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:11:19.433+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:11:19.433+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:11:19.433+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:11:19.433+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:11:19.433+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:11:21.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3359,"value":3359},"user":{"ticks":2531}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":78513928}},"memstats":{"gc_next":17232368,"memory_alloc":8783056,"memory_total":75046896},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:11:29.435+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:11:29.435+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:11:29.435+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:11:29.435+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:11:29.435+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:11:29.435+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:11:39.435+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:11:39.435+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:11:39.435+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:11:39.435+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:11:39.435+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:11:39.435+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:11:49.435+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:11:49.435+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:11:49.435+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:11:49.435+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:11:49.768+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:11:49.769+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:11:51.067+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3359,"value":3359},"user":{"ticks":2531}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":78543928}},"memstats":{"gc_next":17232368,"memory_alloc":8862224,"memory_total":75126064,"rss":12288},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:11:59.770+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:11:59.770+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:11:59.770+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:11:59.770+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:11:59.770+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:11:59.770+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:09.771+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:09.771+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:09.771+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:09.771+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:09.771+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:09.771+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:19.772+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:19.772+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:19.772+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:19.772+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:19.772+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:19.772+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:12:21.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3359,"value":3359},"user":{"ticks":2531}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":78573928}},"memstats":{"gc_next":17230480,"memory_alloc":8634080,"memory_total":75205032,"rss":8192},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:29.772+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:29.772+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:29.772+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:29.772+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:29.772+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:29.772+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:39.773+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:39.773+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:39.773+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:39.773+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:39.773+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:39.773+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:49.774+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:49.774+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:49.774+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:49.774+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:49.775+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:49.775+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:12:51.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3359,"value":3359},"user":{"ticks":2531}},"handles":{"open":242},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":78603928}},"memstats":{"gc_next":17230480,"memory_alloc":8710640,"memory_total":75281592},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:51.083+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":59},"message":"Start store cleanup","input_type":"o365audit","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:51.083+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":68},"message":"No entries to remove were found","input_type":"o365audit","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:51.083+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":59},"message":"Start store cleanup","input_type":"winlog","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:51.083+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":68},"message":"No entries to remove were found","input_type":"winlog","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:51.083+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":69},"message":"Done store cleanup","input_type":"o365audit","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:51.083+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":69},"message":"Done store cleanup","input_type":"winlog","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:59.775+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:59.775+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:59.775+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:59.775+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:59.775+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:12:59.775+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:13:09.776+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:13:09.776+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:13:09.776+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:13:09.776+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:13:09.776+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:13:09.776+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:13:19.777+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:13:19.777+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:13:19.777+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:13:19.777+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:13:19.777+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:13:19.777+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:13:21.044+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3359,"value":3359},"user":{"ticks":2531}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":78633930}},"memstats":{"gc_next":17230480,"memory_alloc":8783600,"memory_total":75354552,"rss":4096},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:13:29.778+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:13:29.778+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:13:29.778+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:13:29.778+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:13:29.778+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:13:29.779+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:13:39.780+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:13:39.780+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:13:39.780+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:13:39.780+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:13:39.780+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:13:39.780+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:13:49.781+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:13:49.781+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:13:49.781+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:13:49.781+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:13:49.781+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:13:49.781+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:13:51.044+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3359,"value":3359},"user":{"ticks":2531}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":78663929}},"memstats":{"gc_next":17230480,"memory_alloc":8863520,"memory_total":75434472,"rss":4096},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:13:59.782+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:13:59.782+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:13:59.782+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:13:59.782+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:13:59.782+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:13:59.782+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:14:09.783+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:14:09.783+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:14:09.783+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:14:09.783+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:14:09.784+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:14:09.784+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:14:19.784+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:14:19.784+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:14:19.784+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:14:19.784+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:14:19.784+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:14:19.784+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:14:21.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3453,"time":{"ms":94},"value":3453},"user":{"ticks":2625,"time":{"ms":94}}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":78693928}},"memstats":{"gc_next":17224048,"memory_alloc":8631792,"memory_total":75514864,"rss":4096},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:14:29.786+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:14:29.786+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:14:29.786+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:14:29.786+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:14:29.786+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:14:29.786+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:14:39.787+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:14:39.787+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:14:39.787+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:14:39.787+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:14:39.787+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:14:39.787+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:14:49.787+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:14:49.787+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:14:49.787+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:14:49.787+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:14:49.787+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:14:49.787+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:14:51.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3453,"value":3453},"user":{"ticks":2625}},"handles":{"open":242},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":78723929}},"memstats":{"gc_next":17224048,"memory_alloc":8709600,"memory_total":75592672},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:14:59.787+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:14:59.787+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:14:59.787+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:14:59.787+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:14:59.787+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:14:59.787+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:15:09.788+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:15:09.788+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:15:09.788+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:15:09.788+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:15:09.788+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:15:09.788+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:15:19.789+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:15:19.789+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:15:19.789+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:15:19.789+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:15:19.789+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:15:19.789+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:15:21.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3453,"value":3453},"user":{"ticks":2625}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":78753928}},"memstats":{"gc_next":17224048,"memory_alloc":8785520,"memory_total":75668592},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:15:29.790+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:15:29.790+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:15:29.790+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:15:29.790+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:15:29.790+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:15:29.790+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:15:39.790+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:15:39.790+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:15:39.790+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:15:39.790+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:15:39.790+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:15:39.790+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:15:49.792+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:15:49.792+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:15:49.792+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:15:49.792+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:15:49.792+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:15:49.792+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:15:51.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3453,"value":3453},"user":{"ticks":2625}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":78783928}},"memstats":{"gc_next":17224048,"memory_alloc":8859856,"memory_total":75742928,"rss":4096},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:15:59.792+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:15:59.792+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:15:59.792+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:15:59.792+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:15:59.792+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:15:59.792+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:16:09.792+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:16:09.792+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:16:09.792+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:16:09.792+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:16:09.792+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:16:09.792+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:16:19.793+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:16:19.793+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:16:19.793+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:16:19.793+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:16:19.793+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:16:19.793+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:16:21.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3453,"value":3453},"user":{"ticks":2625}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":78813928}},"memstats":{"gc_next":17229360,"memory_alloc":8632608,"memory_total":75822296,"rss":-1003520},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:16:29.794+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:16:29.794+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:16:29.794+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:16:29.794+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:16:29.794+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:16:29.794+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:16:39.795+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:16:39.795+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:16:39.795+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:16:39.795+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:16:39.795+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:16:39.795+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:16:49.795+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:16:49.795+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:16:49.795+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:16:49.795+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:16:49.795+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:16:49.795+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:16:51.044+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3453,"value":3453},"user":{"ticks":2625}},"handles":{"open":242},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":78843929}},"memstats":{"gc_next":17229360,"memory_alloc":8710864,"memory_total":75900552,"rss":-8192},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:16:59.795+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:16:59.795+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:16:59.795+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:16:59.795+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:16:59.795+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:16:59.795+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:09.796+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:09.796+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:09.796+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:09.796+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:09.796+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:09.796+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:19.797+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:19.797+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:19.797+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:19.797+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:19.797+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:19.797+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:17:21.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3453,"value":3453},"user":{"ticks":2625}},"handles":{"open":242},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":78873928}},"memstats":{"gc_next":17229360,"memory_alloc":8788928,"memory_total":75978616,"rss":20480},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:29.797+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:29.797+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:29.797+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:29.797+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:29.797+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:29.797+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:39.798+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:39.798+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:39.798+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:39.798+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:39.798+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:39.798+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:49.798+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:49.798+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:49.798+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:49.798+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:49.798+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:49.798+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:17:51.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3453,"value":3453},"user":{"ticks":2625}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":78903929}},"memstats":{"gc_next":17229360,"memory_alloc":8863616,"memory_total":76053304,"rss":8192},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:51.084+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":59},"message":"Start store cleanup","input_type":"winlog","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:51.084+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":68},"message":"No entries to remove were found","input_type":"winlog","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:51.084+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":59},"message":"Start store cleanup","input_type":"o365audit","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:51.084+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":68},"message":"No entries to remove were found","input_type":"o365audit","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:51.084+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":69},"message":"Done store cleanup","input_type":"winlog","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:51.084+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":69},"message":"Done store cleanup","input_type":"o365audit","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:59.798+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:59.798+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:59.798+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:59.798+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:59.798+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:17:59.798+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:18:09.800+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:18:09.800+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:18:09.800+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:18:09.800+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:18:09.800+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:18:09.800+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:18:19.800+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:18:19.800+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:18:19.800+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:18:19.800+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:18:19.800+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:18:19.800+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:18:21.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3468,"time":{"ms":15},"value":3468},"user":{"ticks":2640,"time":{"ms":15}}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":78933928}},"memstats":{"gc_next":17230864,"memory_alloc":8629856,"memory_total":76132064,"rss":835584},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:18:29.800+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:18:29.800+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:18:29.800+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:18:29.800+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:18:29.800+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:18:29.800+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:18:39.802+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:18:39.802+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:18:39.802+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:18:39.802+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:18:39.802+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:18:39.802+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:18:49.803+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:18:49.803+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:18:49.803+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:18:49.803+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:18:49.803+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:18:49.803+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:18:51.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3468,"value":3468},"user":{"ticks":2640}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":78963928}},"memstats":{"gc_next":17230864,"memory_alloc":8715616,"memory_total":76217824,"rss":4096},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:18:59.804+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:18:59.804+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:18:59.804+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:18:59.804+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:18:59.804+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:18:59.804+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:19:09.804+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:19:09.804+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:19:09.804+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:19:09.804+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:19:09.804+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:19:09.804+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:19:19.805+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:19:19.805+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:19:19.805+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:19:19.805+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:19:19.805+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:19:19.805+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:19:21.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3468,"value":3468},"user":{"ticks":2640}},"handles":{"open":242},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":78993928}},"memstats":{"gc_next":17230864,"memory_alloc":8790976,"memory_total":76293184,"rss":8192},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:19:29.806+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:19:29.806+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:19:29.806+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:19:29.806+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:19:29.806+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:19:29.806+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:19:39.806+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:19:39.806+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:19:39.806+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:19:39.806+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:19:39.806+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:19:39.806+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:19:49.807+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:19:49.807+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:19:49.807+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:19:49.807+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:19:49.807+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:19:49.807+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:19:51.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3468,"value":3468},"user":{"ticks":2640}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":79023928}},"memstats":{"gc_next":17230864,"memory_alloc":8867024,"memory_total":76369232,"rss":4096},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:19:59.807+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:19:59.807+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:19:59.807+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:19:59.807+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:19:59.807+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:19:59.807+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:20:09.808+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:20:09.808+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:20:09.808+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:20:09.808+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:20:09.809+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:20:09.809+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:20:19.809+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:20:19.809+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:20:19.809+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:20:19.809+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:20:19.809+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:20:19.809+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:20:21.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3468,"value":3468},"user":{"ticks":2640}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":79053928}},"memstats":{"gc_next":17230352,"memory_alloc":8632144,"memory_total":76446760,"rss":65536},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:20:29.810+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:20:29.810+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:20:29.810+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:20:29.810+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:20:29.810+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:20:29.810+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:20:39.811+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:20:39.811+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:20:39.811+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:20:39.811+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:20:39.811+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:20:39.811+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:20:49.811+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:20:49.811+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:20:49.811+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:20:49.811+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:20:49.811+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:20:49.812+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:20:51.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3468,"value":3468},"user":{"ticks":2640}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":79083928}},"memstats":{"gc_next":17230352,"memory_alloc":8709936,"memory_total":76524552},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:20:59.813+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:20:59.813+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:20:59.813+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:20:59.813+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:20:59.813+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:20:59.813+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:21:09.813+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:21:09.813+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:21:09.813+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:21:09.813+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:21:09.813+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:21:09.813+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:21:19.814+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:21:19.814+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:21:19.814+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:21:19.814+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:21:19.814+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:21:19.814+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:21:21.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3468,"value":3468},"user":{"ticks":2640}},"handles":{"open":242},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":79113929}},"memstats":{"gc_next":17230352,"memory_alloc":8795712,"memory_total":76610328},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:21:29.814+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:21:29.814+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:21:29.814+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:21:29.814+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:21:29.814+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:21:29.814+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:21:39.815+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:21:39.815+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:21:39.815+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:21:39.815+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:21:39.815+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:21:39.815+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:21:49.816+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:21:49.816+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:21:49.816+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:21:49.816+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:21:49.816+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:21:49.816+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:21:51.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3468,"value":3468},"user":{"ticks":2640}},"handles":{"open":242},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":79143928}},"memstats":{"gc_next":17230352,"memory_alloc":8860128,"memory_total":76674744,"rss":12288},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:21:59.816+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:21:59.816+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:21:59.816+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:21:59.816+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:21:59.816+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:21:59.816+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:09.817+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:09.817+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:09.817+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:09.817+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:09.818+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:09.818+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:19.819+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:19.819+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:19.819+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:19.819+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:19.819+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:19.819+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:22:21.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3531,"time":{"ms":63},"value":3531},"user":{"ticks":2703,"time":{"ms":63}}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":79173928}},"memstats":{"gc_next":17232496,"memory_alloc":8629536,"memory_total":76750048,"rss":53248},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:29.820+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:29.820+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:29.820+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:29.820+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:29.820+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:29.820+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:39.820+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:39.820+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:39.820+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:39.820+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:39.820+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:39.820+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:49.820+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:49.820+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:49.820+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:49.820+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:49.820+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:49.820+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:22:51.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3531,"value":3531},"user":{"ticks":2703}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":79203928}},"memstats":{"gc_next":17232496,"memory_alloc":8709952,"memory_total":76830464},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:51.083+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":59},"message":"Start store cleanup","input_type":"o365audit","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:51.083+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":59},"message":"Start store cleanup","input_type":"winlog","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:51.083+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":68},"message":"No entries to remove were found","input_type":"o365audit","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:51.083+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":68},"message":"No entries to remove were found","input_type":"winlog","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:51.083+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":69},"message":"Done store cleanup","input_type":"o365audit","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:51.083+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":69},"message":"Done store cleanup","input_type":"winlog","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:59.820+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:59.820+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:59.820+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:59.820+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:59.820+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:22:59.820+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:23:09.822+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:23:09.822+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:23:09.822+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:23:09.822+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:23:09.822+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:23:09.822+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:23:19.822+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:23:19.822+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:23:19.822+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:23:19.822+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:23:19.822+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:23:19.822+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:23:21.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3531,"value":3531},"user":{"ticks":2703}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":79233928}},"memstats":{"gc_next":17232496,"memory_alloc":8791616,"memory_total":76912128},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:23:29.822+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:23:29.822+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:23:29.822+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:23:29.822+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:23:29.822+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:23:29.822+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:23:39.824+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:23:39.824+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:23:39.824+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:23:39.824+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:23:39.824+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:23:39.824+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:23:49.824+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:23:49.824+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:23:49.824+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:23:49.824+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:23:49.824+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:23:49.824+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:23:51.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3531,"value":3531},"user":{"ticks":2703}},"handles":{"open":242},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":79263928}},"memstats":{"gc_next":17232496,"memory_alloc":8866928,"memory_total":76987440,"rss":8192},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:23:59.824+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:23:59.824+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:23:59.824+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:23:59.825+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:23:59.825+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:23:59.825+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:24:09.825+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:24:09.825+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:24:09.825+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:24:09.825+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:24:09.825+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:24:09.825+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:24:19.826+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:24:19.826+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:24:19.826+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:24:19.826+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:24:19.826+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:24:19.826+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:24:21.044+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3531,"value":3531},"user":{"ticks":2703}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":79293929}},"memstats":{"gc_next":17231504,"memory_alloc":8632512,"memory_total":77065912},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:24:29.827+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:24:29.827+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:24:29.827+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:24:29.827+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:24:29.827+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:24:29.827+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:24:39.827+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:24:39.827+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:24:39.827+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:24:39.827+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:24:39.827+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:24:39.827+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:24:49.827+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:24:49.827+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:24:49.827+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:24:49.827+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:24:49.827+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:24:49.827+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:24:51.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3531,"value":3531},"user":{"ticks":2703}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":79323928}},"memstats":{"gc_next":17231504,"memory_alloc":8705344,"memory_total":77138744},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:24:59.828+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:24:59.828+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:24:59.828+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:24:59.828+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:24:59.829+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:24:59.829+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:25:09.830+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:25:09.830+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:25:09.830+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:25:09.830+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:25:09.830+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:25:09.830+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:25:19.832+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:25:19.832+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:25:19.832+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:25:19.832+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:25:19.832+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:25:19.832+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:25:21.044+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3531,"value":3531},"user":{"ticks":2703}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":79353930}},"memstats":{"gc_next":17231504,"memory_alloc":8796256,"memory_total":77229656,"rss":4096},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:25:29.833+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:25:29.833+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:25:29.833+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:25:29.833+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:25:29.834+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:25:29.834+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:25:39.834+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:25:39.834+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:25:39.834+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:25:39.834+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:25:39.835+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:25:39.835+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:25:49.837+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:25:49.837+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:25:49.837+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:25:49.837+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:25:49.838+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:25:49.838+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:25:51.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3531,"value":3531},"user":{"ticks":2703}},"handles":{"open":242},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":79383928}},"memstats":{"gc_next":17231504,"memory_alloc":8863232,"memory_total":77296632,"rss":-12288},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:25:59.839+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:25:59.839+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:25:59.839+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:25:59.839+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:25:59.839+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:25:59.839+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:26:09.839+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:26:09.839+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:26:09.839+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:26:09.839+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:26:09.839+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:26:09.840+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:26:19.841+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:26:19.841+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:26:19.841+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:26:19.841+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:26:19.841+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:26:19.841+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:26:21.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3531,"value":3531},"user":{"ticks":2703}},"handles":{"open":242},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":79413928}},"memstats":{"gc_next":17232240,"memory_alloc":8634304,"memory_total":77374544,"rss":24576},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:26:29.842+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:26:29.842+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:26:29.842+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:26:29.842+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:26:29.842+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:26:29.842+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:26:39.844+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:26:39.844+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:26:39.844+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:26:39.844+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:26:39.845+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:26:39.845+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:26:49.846+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:26:49.846+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:26:49.846+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:26:49.846+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:26:49.846+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:26:49.847+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:26:51.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3531,"value":3531},"user":{"ticks":2703}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":79443928}},"memstats":{"gc_next":17232240,"memory_alloc":8708032,"memory_total":77448272},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:26:59.847+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:26:59.847+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:26:59.847+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:26:59.847+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:26:59.847+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:26:59.847+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:09.848+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:09.848+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:09.848+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:09.848+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:09.848+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:09.848+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:19.849+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:19.849+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:19.849+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:19.849+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:19.849+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:19.849+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:27:21.044+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3531,"value":3531},"user":{"ticks":2703}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":79473929}},"memstats":{"gc_next":17232240,"memory_alloc":8805488,"memory_total":77545728,"rss":8192},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:29.849+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:29.849+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:29.849+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:29.849+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:29.849+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:29.849+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:39.849+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:39.849+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:39.849+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:39.849+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:39.849+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:39.849+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:49.850+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:49.850+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:49.850+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:49.850+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:49.850+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:49.850+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:27:51.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3531,"value":3531},"user":{"ticks":2703}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":79503928}},"memstats":{"gc_next":17232240,"memory_alloc":8866496,"memory_total":77606736,"rss":4096},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:51.083+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":59},"message":"Start store cleanup","input_type":"winlog","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:51.083+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":59},"message":"Start store cleanup","input_type":"o365audit","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:51.083+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":68},"message":"No entries to remove were found","input_type":"o365audit","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:51.083+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":68},"message":"No entries to remove were found","input_type":"winlog","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:51.083+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":69},"message":"Done store cleanup","input_type":"o365audit","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:51.083+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":69},"message":"Done store cleanup","input_type":"winlog","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:59.851+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:59.851+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:59.851+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:59.851+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:59.851+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:27:59.851+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:28:09.852+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:28:09.852+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:28:09.852+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:28:09.852+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:28:09.852+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:28:09.852+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:28:19.852+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:28:19.852+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:28:19.852+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:28:19.852+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:28:19.852+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:28:19.852+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:28:21.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3531,"value":3531},"user":{"ticks":2703}},"handles":{"open":242},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":79533929}},"memstats":{"gc_next":17234832,"memory_alloc":8634992,"memory_total":77687736,"rss":4096},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:28:29.853+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:28:29.853+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:28:29.853+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:28:29.853+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:28:29.853+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:28:29.853+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:28:39.853+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:28:39.853+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:28:39.853+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:28:39.854+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:28:39.854+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:28:39.854+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:28:49.854+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:28:49.854+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:28:49.854+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:28:49.855+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:28:49.855+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:28:49.855+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:28:51.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3531,"value":3531},"user":{"ticks":2703}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":79563928}},"memstats":{"gc_next":17234832,"memory_alloc":8706864,"memory_total":77759608},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:28:59.854+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:28:59.854+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:28:59.854+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:28:59.855+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:28:59.855+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:28:59.855+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:29:09.856+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:29:09.856+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:29:09.856+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:29:09.856+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:29:09.856+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:29:09.856+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:29:19.857+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:29:19.857+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:29:19.857+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:29:19.857+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:29:19.857+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:29:19.857+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:29:21.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3531,"value":3531},"user":{"ticks":2703}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":79593928}},"memstats":{"gc_next":17234832,"memory_alloc":8785600,"memory_total":77838344},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:29:29.859+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:29:29.859+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:29:29.859+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:29:29.859+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:29:29.859+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:29:29.859+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:29:39.860+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:29:39.860+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:29:39.860+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:29:39.860+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:29:39.860+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:29:39.860+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:29:49.861+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:29:49.861+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:29:49.861+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:29:49.861+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:29:49.861+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:29:49.861+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:29:51.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3531,"value":3531},"user":{"ticks":2703}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":79623928}},"memstats":{"gc_next":17234832,"memory_alloc":8860800,"memory_total":77913544},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:29:59.863+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:29:59.863+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:29:59.863+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:29:59.863+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:29:59.863+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:29:59.863+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:56:46.805+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":59},"message":"Start store cleanup","input_type":"o365audit","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:56:46.805+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":68},"message":"No entries to remove were found","input_type":"o365audit","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:56:46.805+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":69},"message":"Done store cleanup","input_type":"o365audit","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:56:46.805+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":59},"message":"Start store cleanup","input_type":"winlog","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:56:46.805+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":68},"message":"No entries to remove were found","input_type":"winlog","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:56:46.805+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":69},"message":"Done store cleanup","input_type":"winlog","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:56:46.826+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:56:46.826+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:56:46.826+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:56:46.826+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:56:46.826+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:56:46.827+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:56:46.828+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3531,"value":3531},"user":{"ticks":2703}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":81239700}},"memstats":{"gc_next":17234832,"memory_alloc":8925952,"memory_total":77978696,"rss":32768},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"info","@timestamp":"2020-09-02T12:56:51.221+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3593,"time":{"ms":62},"value":3593},"user":{"ticks":2765,"time":{"ms":62}}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":81243960}},"memstats":{"gc_next":17233296,"memory_alloc":8614520,"memory_total":78029160,"rss":98304},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:56:56.828+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:56:56.829+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:56:56.830+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:56:56.828+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:56:56.831+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:56:56.831+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:06.830+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:06.830+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:06.830+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:06.833+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:06.833+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:06.833+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:16.832+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:16.832+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:16.832+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:16.834+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:16.834+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:16.834+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:57:21.044+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3593,"value":3593},"user":{"ticks":2765}},"handles":{"open":242},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":81273930}},"memstats":{"gc_next":17233296,"memory_alloc":8705584,"memory_total":78120224,"rss":16384},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:26.832+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:26.832+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:26.832+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:26.834+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:26.834+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:26.834+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:36.886+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:36.886+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:36.886+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:36.887+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:36.887+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:36.887+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:46.887+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:46.887+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:46.887+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:46.887+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:46.887+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:46.887+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:57:51.044+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3593,"value":3593},"user":{"ticks":2765}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":81303929}},"memstats":{"gc_next":17233296,"memory_alloc":8784192,"memory_total":78198832},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.083+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":59},"message":"Start store cleanup","input_type":"o365audit","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.083+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":68},"message":"No entries to remove were found","input_type":"o365audit","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.083+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":59},"message":"Start store cleanup","input_type":"winlog","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.083+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":69},"message":"Done store cleanup","input_type":"o365audit","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.083+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":68},"message":"No entries to remove were found","input_type":"winlog","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.083+0300","log.logger":"input","log.origin":{"file.name":"input-cursor/clean.go","file.line":69},"message":"Done store cleanup","input_type":"winlog","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:56.888+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:56.888+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:56.888+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:56.888+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:56.888+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:56.888+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:06.889+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:06.889+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:06.889+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:06.889+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:06.889+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:06.889+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:16.891+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:16.891+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:16.891+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:16.891+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:16.891+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:16.891+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:58:21.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3593,"value":3593},"user":{"ticks":2765}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":81333929}},"memstats":{"gc_next":17233296,"memory_alloc":8846032,"memory_total":78260672,"rss":-16384},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:26.891+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:26.891+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:26.891+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:26.891+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:26.892+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:26.892+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:36.892+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:36.892+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:36.892+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:36.892+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:36.892+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:36.892+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:46.892+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:46.892+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:46.892+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:46.892+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:46.892+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:46.892+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:58:51.043+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3593,"value":3593},"user":{"ticks":2765}},"handles":{"open":244},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":81363929}},"memstats":{"gc_next":17234864,"memory_alloc":8619528,"memory_total":78342016,"rss":16384},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:56.893+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:56.893+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:56.893+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:56.893+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:56.895+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:56.895+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:59:06.896+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:59:06.896+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:59:06.896+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:59:06.896+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:59:06.896+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:59:06.896+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:59:16.898+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:59:16.898+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:59:16.898+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:59:16.898+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:59:16.898+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:59:16.898+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:59:21.044+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3593,"value":3593},"user":{"ticks":2765}},"handles":{"open":242},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":81393928}},"memstats":{"gc_next":17234864,"memory_alloc":8695248,"memory_total":78417736,"rss":-4096},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:59:26.898+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:59:26.898+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:59:26.898+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:59:26.898+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:59:26.898+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:59:26.898+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:59:36.900+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:59:36.900+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:59:36.900+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:59:36.900+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:59:36.900+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:59:36.900+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:59:46.900+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:59:46.900+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:59:46.900+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:59:46.900+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:59:46.901+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:59:46.901+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:59:51.044+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":828},"total":{"ticks":3593,"value":3593},"user":{"ticks":2765}},"handles":{"open":242},"info":{"ephemeral_id":"ee1ca8bd-cd1b-4da4-8e0c-c827e43762cf","uptime":{"ms":81423929}},"memstats":{"gc_next":17234864,"memory_alloc":8775472,"memory_total":78497960,"rss":16384},"runtime":{"goroutines":45}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:59:56.903+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:59:56.903+0300","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:59:56.903+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:59:56.903+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:59:56.903+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:59:56.903+0300","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 0, After: 0, Pending: 0","ecs.version":"1.5.0"}
This file has been truncated, but you can view the full file.
{"log.level":"info","@timestamp":"2020-09-02T12:56:57.844+0300","log.origin":{"file.name":"instance/beat.go","file.line":640},"message":"Home path: [C:\\Program Files\\Elastic-Agent\\data\\install\\metricbeat-7.9.0-windows-x86_64] Config path: [C:\\Program Files\\Elastic-Agent\\data\\install\\metricbeat-7.9.0-windows-x86_64] Data path: [C:\\Program Files\\Elastic-Agent\\data\\run\\default\\metricbeat--7.9.0] Logs path: [C:\\Program Files\\Elastic-Agent\\data\\install\\metricbeat-7.9.0-windows-x86_64\\logs]","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:56:57.880+0300","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":692},"message":"Beat metadata path: C:\\Program Files\\Elastic-Agent\\data\\run\\default\\metricbeat--7.9.0\\meta.json","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:56:57.892+0300","log.origin":{"file.name":"instance/beat.go","file.line":648},"message":"Beat ID: 864913ac-c66b-45c8-ba7e-89feb383d023","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:56:58.373+0300","log.logger":"docker","log.origin":{"file.name":"docker/client.go","file.line":48},"message":"Docker client will negotiate the API version on the first request.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:56:58.374+0300","log.logger":"add_docker_metadata","log.origin":{"file.name":"add_docker_metadata/add_docker_metadata.go","file.line":87},"message":"add_docker_metadata: docker environment not detected: protocol not available","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:56:58.374+0300","log.logger":"add_cloud_metadata","log.origin":{"file.name":"add_cloud_metadata/providers.go","file.line":126},"message":"add_cloud_metadata: starting to fetch metadata, timeout=3s","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:56:58.377+0300","log.logger":"kubernetes","log.origin":{"file.name":"add_kubernetes_metadata/kubernetes.go","file.line":138},"message":"Could not create kubernetes client using in_cluster config: unable to build kube config due to error: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable","libbeat.processor":"add_kubernetes_metadata","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:56:58.404+0300","log.logger":"add_cloud_metadata","log.origin":{"file.name":"add_cloud_metadata/providers.go","file.line":162},"message":"add_cloud_metadata: received disposition for openstack after 4.0076ms. result=[provider:openstack, error=failed requesting openstack metadata: Get \"http://169.254.169.254/2009-04-04/meta-data/instance-id\": dial tcp 169.254.169.254:80: connectex: A socket operation was attempted to an unreachable network., metadata={}]","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:56:58.405+0300","log.logger":"add_cloud_metadata","log.origin":{"file.name":"add_cloud_metadata/providers.go","file.line":162},"message":"add_cloud_metadata: received disposition for digitalocean after 30.0068ms. result=[provider:digitalocean, error=failed requesting digitalocean metadata: Get \"http://169.254.169.254/metadata/v1.json\": dial tcp 169.254.169.254:80: connectex: A socket operation was attempted to an unreachable network., metadata={}]","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:56:58.405+0300","log.logger":"add_cloud_metadata","log.origin":{"file.name":"add_cloud_metadata/providers.go","file.line":162},"message":"add_cloud_metadata: received disposition for aws after 31.0038ms. result=[provider:aws, error=failed requesting aws metadata: Get \"http://169.254.169.254/2014-02-25/dynamic/instance-identity/document\": dial tcp 169.254.169.254:80: connectex: A socket operation was attempted to an unreachable network., metadata={}]","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:56:58.405+0300","log.logger":"add_cloud_metadata","log.origin":{"file.name":"add_cloud_metadata/providers.go","file.line":162},"message":"add_cloud_metadata: received disposition for az after 31.0038ms. result=[provider:az, error=failed requesting az metadata: Get \"http://169.254.169.254/metadata/instance/compute?api-version=2017-04-02\": dial tcp 169.254.169.254:80: connectex: A socket operation was attempted to an unreachable network., metadata={}]","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:56:58.405+0300","log.logger":"add_cloud_metadata","log.origin":{"file.name":"add_cloud_metadata/providers.go","file.line":162},"message":"add_cloud_metadata: received disposition for gcp after 31.0038ms. result=[provider:gcp, error=failed requesting gcp metadata: Get \"http://169.254.169.254/computeMetadata/v1/?recursive=true&alt=json\": dial tcp 169.254.169.254:80: connectex: A socket operation was attempted to an unreachable network., metadata={}]","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:56:58.405+0300","log.logger":"add_cloud_metadata","log.origin":{"file.name":"add_cloud_metadata/providers.go","file.line":129},"message":"add_cloud_metadata: fetchMetadata ran for 31.0038ms","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:56:58.406+0300","log.logger":"add_cloud_metadata","log.origin":{"file.name":"add_cloud_metadata/add_cloud_metadata.go","file.line":89},"message":"add_cloud_metadata: hosting provider type not detected.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:56:58.406+0300","log.logger":"processors","log.origin":{"file.name":"processors/processor.go","file.line":101},"message":"Generated new processors: add_host_metadata=[netinfo.enabled=[true], cache.ttl=[5m0s]], add_cloud_metadata={}, add_docker_metadata=[match_fields=[] match_pids=[process.pid, process.ppid]], add_kubernetes_metadata","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:56:58.407+0300","log.logger":"api","log.origin":{"file.name":"api/server.go","file.line":62},"message":"Starting stats endpoint","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:56:58.407+0300","log.logger":"seccomp","log.origin":{"file.name":"seccomp/seccomp.go","file.line":96},"message":"Syscall filtering is only supported on Linux","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:56:58.407+0300","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":976},"message":"Beat info","system_info":{"beat":{"path":{"config":"C:\\Program Files\\Elastic-Agent\\data\\install\\metricbeat-7.9.0-windows-x86_64","data":"C:\\Program Files\\Elastic-Agent\\data\\run\\default\\metricbeat--7.9.0","home":"C:\\Program Files\\Elastic-Agent\\data\\install\\metricbeat-7.9.0-windows-x86_64","logs":"C:\\Program Files\\Elastic-Agent\\data\\install\\metricbeat-7.9.0-windows-x86_64\\logs"},"type":"metricbeat","uuid":"864913ac-c66b-45c8-ba7e-89feb383d023"},"ecs.version":"1.5.0"}}
{"log.level":"info","@timestamp":"2020-09-02T12:56:58.407+0300","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":985},"message":"Build info","system_info":{"build":{"commit":"b2ee705fc4a59c023136c046803b56bc82a16c8d","libbeat":"7.9.0","time":"2020-08-11T19:56:46.000Z","version":"7.9.0"},"ecs.version":"1.5.0"}}
{"log.level":"info","@timestamp":"2020-09-02T12:56:58.407+0300","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":988},"message":"Go runtime info","system_info":{"go":{"os":"windows","arch":"amd64","max_procs":4,"version":"go1.14.4"},"ecs.version":"1.5.0"}}
{"log.level":"info","@timestamp":"2020-09-02T12:56:58.410+0300","log.logger":"api","log.origin":{"file.name":"api/server.go","file.line":64},"message":"Metrics endpoint listening on: \\\\.\\pipe\\default-metricbeat (configured: npipe:///default-metricbeat)","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:56:59.250+0300","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":992},"message":"Host info","system_info":{"host":{"architecture":"x86_64","boot_time":"2020-09-01T14:06:19.2+03:00","name":"Hamid-PC","ip":["fe80::29ce:d576:7bf7:6f17/64","192.168.0.40/24","fe80::5d9e:14a9:f711:2688/64","192.168.56.1/24","fe80::6916:2c0f:d5b7:e3dc/64","169.254.227.220/16","fe80::886e:6edc:cb00:f42/64","169.254.15.66/16","fe80::6463:a1d1:beb5:8061/64","192.168.188.1/24","fe80::98e0:fc9a:de73:45cc/64","192.168.108.1/24","fe80::21ed:d7bf:86e:131/64","10.30.30.131/24","::1/128","127.0.0.1/8","fe80::c4db:8ca7:7b84:1e80/64","172.18.111.113/28"],"kernel_version":"10.0.18362.1016 (WinBuild.160101.0800)","mac":["5c:ff:35:06:57:f3","0a:00:27:00:00:11","00:24:d7:9b:29:6d","02:24:d7:9b:29:6c","00:50:56:c0:00:01","00:50:56:c0:00:08","00:24:d7:9b:29:6c","00:15:5d:38:42:6d"],"os":{"family":"windows","platform":"windows","name":"Windows 10 Pro","version":"10.0","major":10,"minor":0,"patch":0,"build":"18363.1016"},"timezone":"+03","timezone_offset_sec":10800,"id":"99800768-a362-4799-9840-677baad76c96"},"ecs.version":"1.5.0"}}
{"log.level":"info","@timestamp":"2020-09-02T12:56:59.250+0300","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":1021},"message":"Process info","system_info":{"process":{"cwd":"C:\\Program Files\\Elastic-Agent\\data\\install\\metricbeat-7.9.0-windows-x86_64","exe":"C:\\Program Files\\Elastic-Agent\\data\\install\\metricbeat-7.9.0-windows-x86_64\\metricbeat.exe","name":"metricbeat.exe","pid":14304,"ppid":8608,"start_time":"2020-09-02T12:56:46.826+0300"},"ecs.version":"1.5.0"}}
{"log.level":"info","@timestamp":"2020-09-02T12:56:59.250+0300","log.origin":{"file.name":"instance/beat.go","file.line":299},"message":"Setup Beat: metricbeat; Version: 7.9.0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:56:59.251+0300","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":325},"message":"Initializing output plugins","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:56:59.251+0300","log.origin":{"file.name":"eslegclient/connection.go","file.line":99},"message":"elasticsearch url: http://localhost:9200","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:56:59.252+0300","log.logger":"publisher","log.origin":{"file.name":"pipeline/consumer.go","file.line":148},"message":"start pipeline event consumer","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:56:59.252+0300","log.logger":"publisher","log.origin":{"file.name":"pipeline/module.go","file.line":113},"message":"Beat name: Hamid-PC","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:00.026+0300","log.logger":"modules","log.origin":{"file.name":"beater/metricbeat.go","file.line":151},"message":"Available modules and metricsets: Register [ModuleFactory:[aws, azure, beat, cloudfoundry, docker, elasticsearch, kibana, linux, logstash, mongodb, mssql, mysql, oracle, postgresql, system, uwsgi, windows], MetricSetFactory:[aerospike/namespace, apache/status, appsearch/stats, aws/cloudwatch, aws/ec2, aws/rds, aws/s3_daily_storage, aws/s3_request, aws/sqs, azure/app_insights, azure/billing, azure/compute_vm, azure/compute_vm_scaleset, azure/monitor, azure/storage, beat/state, beat/stats, ceph/cluster_disk, ceph/cluster_health, ceph/cluster_status, ceph/mgr_cluster_disk, ceph/mgr_cluster_health, ceph/mgr_osd_perf, ceph/mgr_osd_pool_stats, ceph/mgr_osd_tree, ceph/mgr_pool_disk, ceph/monitor_health, ceph/osd_df, ceph/osd_tree, ceph/pool_disk, cloudfoundry/container, cloudfoundry/counter, cloudfoundry/value, consul/agent, coredns/stats, couchbase/bucket, couchbase/cluster, couchbase/node, couchdb/server, docker/container, docker/cpu, docker/diskio, docker/event, docker/healthcheck, docker/image, docker/info, docker/memory, docker/network, dropwizard/collector, elasticsearch/ccr, elasticsearch/cluster_stats, elasticsearch/enrich, elasticsearch/index, elasticsearch/index_recovery, elasticsearch/index_summary, elasticsearch/ml_job, elasticsearch/node, elasticsearch/node_stats, elasticsearch/pending_tasks, elasticsearch/shard, envoyproxy/server, etcd/leader, etcd/metrics, etcd/self, etcd/store, golang/expvar, golang/heap, googlecloud/metrics, graphite/server, haproxy/info, haproxy/stat, http/json, http/server, iis/application_pool, istio/citadel, istio/galley, istio/mesh, istio/mixer, istio/pilot, jolokia/jmx, kafka/consumergroup, kafka/partition, kibana/stats, kibana/status, kubernetes/apiserver, kubernetes/container, kubernetes/controllermanager, kubernetes/event, kubernetes/node, kubernetes/pod, kubernetes/proxy, kubernetes/scheduler, kubernetes/state_container, kubernetes/state_cronjob, kubernetes/state_deployment, kubernetes/state_node, kubernetes/state_persistentvolume, kubernetes/state_persistentvolumeclaim, kubernetes/state_pod, kubernetes/state_replicaset, kubernetes/state_resourcequota, kubernetes/state_service, kubernetes/state_statefulset, kubernetes/state_storageclass, kubernetes/system, kubernetes/volume, kvm/dommemstat, kvm/status, linux/conntrack, linux/ksm, linux/pageinfo, logstash/node, logstash/node_stats, memcached/stats, mongodb/collstats, mongodb/dbstats, mongodb/metrics, mongodb/replstatus, mongodb/status, mssql/performance, mssql/transaction_log, munin/node, mysql/galera_status, mysql/query, mysql/status, nats/connections, nats/routes, nats/stats, nats/subscriptions, nginx/stubstatus, openmetrics/collector, oracle/performance, oracle/tablespace, php_fpm/pool, php_fpm/process, postgresql/activity, postgresql/bgwriter, postgresql/database, postgresql/statement, prometheus/collector, prometheus/query, prometheus/remote_write, rabbitmq/connection, rabbitmq/exchange, rabbitmq/node, rabbitmq/queue, redis/info, redis/key, redis/keyspace, sql/query, stan/channels, stan/stats, stan/subscriptions, statsd/server, system/core, system/cpu, system/diskio, system/filesystem, system/fsstat, system/memory, system/network, system/network_summary, system/process, system/process_summary, system/raid, system/service, system/socket_summary, system/uptime, traefik/health, uwsgi/status, vsphere/datastore, vsphere/host, vsphere/virtualmachine, windows/perfmon, windows/service, zookeeper/connection, zookeeper/mntr, zookeeper/server], LightModules:[LightModules:[tomcat/threading, tomcat/memory, tomcat/requests, tomcat/cache, ibmmq/qmgr, googlecloud/compute, googlecloud/pubsub, googlecloud/loadbalancing, googlecloud/storage, mysql/performance, azure/container_registry, azure/container_instance, azure/container_service, azure/database_account, iis/webserver, iis/website, cockroachdb/status, kafka/broker, kafka/producer, kafka/consumer, activemq/topic, activemq/broker, activemq/queue, aws/vpn, aws/transitgateway, aws/elb, aws/ebs, aws/dynamodb, aws/lambda, aws/natgateway, aws/usage, aws/billing, aws/sns, redisenterprise/node, redisenterprise/proxy]]]","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:57:00.026+0300","log.origin":{"file.name":"instance/beat.go","file.line":450},"message":"metricbeat start running.","ecs.version":"1.5.0"}
{"log.level":"warn","@timestamp":"2020-09-02T12:57:00.026+0300","log.logger":"cfgwarn","log.origin":{"file.name":"fleet/manager.go","file.line":101},"message":"BETA: Fleet management is enabled","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:57:00.026+0300","log.logger":"centralmgmt.fleet","log.origin":{"file.name":"fleet/manager.go","file.line":102},"message":"Starting fleet management service","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:00.027+0300","log.logger":"cfgfile","log.origin":{"file.name":"cfgfile/reload.go","file.line":132},"message":"Checking module configs from: C:\\Program Files\\Elastic-Agent\\data\\install\\metricbeat-7.9.0-windows-x86_64/modules.d/*.yml","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:00.028+0300","log.logger":"cfgfile","log.origin":{"file.name":"cfgfile/reload.go","file.line":146},"message":"Number of module configs found: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:57:00.028+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":118},"message":"Starting metrics logging every 30s","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:57:00.031+0300","log.origin":{"file.name":"cfgfile/reload.go","file.line":164},"message":"Config reloader started","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:00.032+0300","log.logger":"cfgfile","log.origin":{"file.name":"cfgfile/reload.go","file.line":194},"message":"Scan for new config files","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:00.033+0300","log.logger":"cfgfile","log.origin":{"file.name":"cfgfile/reload.go","file.line":213},"message":"Number of module configs found: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:00.033+0300","log.logger":"reload","log.origin":{"file.name":"cfgfile/list.go","file.line":63},"message":"Starting reload procedure, current runners: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:00.033+0300","log.logger":"service","log.origin":{"file.name":"service/service_windows.go","file.line":93},"message":"Windows is interactive: true","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:00.033+0300","log.logger":"reload","log.origin":{"file.name":"cfgfile/list.go","file.line":81},"message":"Start list: 0, Stop list: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:57:00.033+0300","log.origin":{"file.name":"cfgfile/reload.go","file.line":224},"message":"Loading of config files completed.","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:57:00.900+0300","log.logger":"centralmgmt.fleet","log.origin":{"file.name":"fleet/manager.go","file.line":138},"message":"Status change to %!s(management.Status=2): Updating configuration","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:57:00.934+0300","log.logger":"centralmgmt.fleet","log.origin":{"file.name":"fleet/manager.go","file.line":224},"message":"Applying settings for metricbeat.modules","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:00.937+0300","log.logger":"centralmgmt","log.origin":{"file.name":"cfgfile/list.go","file.line":63},"message":"Starting reload procedure, current runners: 0","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:00.938+0300","log.logger":"centralmgmt","log.origin":{"file.name":"cfgfile/list.go","file.line":81},"message":"Start list: 9, Stop list: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:57:01.087+0300","log.origin":{"file.name":"helper/privileges_windows.go","file.line":79},"message":"Metricbeat process and system info: {\"OSVersion\":{\"Major\":6,\"Minor\":2,\"Build\":9200},\"Arch\":\"amd64\",\"NumCPU\":4,\"User\":{\"SID\":\"S-1-5-21-3305353934-3371294646-1252006547-1000\",\"Account\":\"Hamid\",\"Domain\":\"Hamid-PC\",\"Type\":1},\"ProcessPrivs\":{\"SeBackupPrivilege\":{\"enabled\":false},\"SeChangeNotifyPrivilege\":{\"enabled_by_default\":true,\"enabled\":true},\"SeCreateGlobalPrivilege\":{\"enabled_by_default\":true,\"enabled\":true},\"SeCreatePagefilePrivilege\":{\"enabled\":false},\"SeCreateSymbolicLinkPrivilege\":{\"enabled\":false},\"SeDebugPrivilege\":{\"enabled\":true},\"SeImpersonatePrivilege\":{\"enabled_by_default\":true,\"enabled\":true},\"SeIncreaseBasePriorityPrivilege\":{\"enabled\":false},\"SeIncreaseQuotaPrivilege\":{\"enabled\":false},\"SeIncreaseWorkingSetPrivilege\":{\"enabled\":false},\"SeLoadDriverPrivilege\":{\"enabled\":false},\"SeManageVolumePrivilege\":{\"enabled\":false},\"SeProfileSingleProcessPrivilege\":{\"enabled\":false},\"SeRemoteShutdownPrivilege\":{\"enabled\":false},\"SeRestorePrivilege\":{\"enabled\":false},\"SeSecurityPrivilege\":{\"enabled\":false},\"SeShutdownPrivilege\":{\"enabled\":false},\"SeSystemEnvironmentPrivilege\":{\"enabled\":false},\"SeSystemProfilePrivilege\":{\"enabled\":false},\"SeSystemtimePrivilege\":{\"enabled\":false},\"SeTakeOwnershipPrivilege\":{\"enabled\":false},\"SeTimeZonePrivilege\":{\"enabled\":false},\"SeUndockPrivilege\":{\"enabled\":false}}}","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:57:01.087+0300","log.origin":{"file.name":"helper/privileges_windows.go","file.line":87},"message":"SeDebugPrivilege is enabled. SeDebugPrivilege=(Enabled)","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.089+0300","log.logger":"processors","log.origin":{"file.name":"processors/processor.go","file.line":101},"message":"Generated new processors: add_fields={\"data_stream\":{\"dataset\":\"system.diskio\",\"namespace\":\"default\",\"type\":\"metrics\"}}, add_fields={\"event\":{\"dataset\":\"system.diskio\"}}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.089+0300","log.logger":"centralmgmt","log.origin":{"file.name":"cfgfile/list.go","file.line":100},"message":"Starting runner: RunnerGroup{system [metricsets=1]}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.090+0300","log.logger":"module","log.origin":{"file.name":"module/wrapper.go","file.line":127},"message":"Starting Wrapper[name=system, len(metricSetWrappers)=1]","ecs.version":"1.5.0"}
{"log.level":"error","@timestamp":"2020-09-02T12:57:01.091+0300","log.logger":"centralmgmt","log.origin":{"file.name":"cfgfile/list.go","file.line":95},"message":"Error creating runner from config: 1 error: metricset 'system/load' not found","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.091+0300","log.logger":"module","log.origin":{"file.name":"module/wrapper.go","file.line":189},"message":"Starting metricSetWrapper[module=system, name=diskio, host=]","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.092+0300","log.logger":"processors","log.origin":{"file.name":"processors/processor.go","file.line":101},"message":"Generated new processors: add_fields={\"data_stream\":{\"dataset\":\"system.network\",\"namespace\":\"default\",\"type\":\"metrics\"}}, add_fields={\"event\":{\"dataset\":\"system.network\"}}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.092+0300","log.logger":"centralmgmt","log.origin":{"file.name":"cfgfile/list.go","file.line":100},"message":"Starting runner: RunnerGroup{system [metricsets=1]}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.092+0300","log.logger":"module","log.origin":{"file.name":"module/wrapper.go","file.line":127},"message":"Starting Wrapper[name=system, len(metricSetWrappers)=1]","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.092+0300","log.logger":"module","log.origin":{"file.name":"module/wrapper.go","file.line":189},"message":"Starting metricSetWrapper[module=system, name=network, host=]","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.093+0300","log.logger":"processors","log.origin":{"file.name":"processors/processor.go","file.line":101},"message":"Generated new processors: add_fields={\"data_stream\":{\"dataset\":\"system.process_summary\",\"namespace\":\"default\",\"type\":\"metrics\"}}, add_fields={\"event\":{\"dataset\":\"system.process_summary\"}}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.093+0300","log.logger":"centralmgmt","log.origin":{"file.name":"cfgfile/list.go","file.line":100},"message":"Starting runner: RunnerGroup{system [metricsets=1]}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.093+0300","log.logger":"module","log.origin":{"file.name":"module/wrapper.go","file.line":127},"message":"Starting Wrapper[name=system, len(metricSetWrappers)=1]","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.093+0300","log.logger":"processors","log.origin":{"file.name":"processors/processor.go","file.line":101},"message":"Generated new processors: add_fields={\"data_stream\":{\"dataset\":\"system.socket_summary\",\"namespace\":\"default\",\"type\":\"metrics\"}}, add_fields={\"event\":{\"dataset\":\"system.socket_summary\"}}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.093+0300","log.logger":"centralmgmt","log.origin":{"file.name":"cfgfile/list.go","file.line":100},"message":"Starting runner: RunnerGroup{system [metricsets=1]}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.093+0300","log.logger":"module","log.origin":{"file.name":"module/wrapper.go","file.line":127},"message":"Starting Wrapper[name=system, len(metricSetWrappers)=1]","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.094+0300","log.logger":"processors","log.origin":{"file.name":"processors/processor.go","file.line":101},"message":"Generated new processors: add_fields={\"data_stream\":{\"dataset\":\"system.uptime\",\"namespace\":\"default\",\"type\":\"metrics\"}}, add_fields={\"event\":{\"dataset\":\"system.uptime\"}}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.094+0300","log.logger":"centralmgmt","log.origin":{"file.name":"cfgfile/list.go","file.line":100},"message":"Starting runner: RunnerGroup{system [metricsets=1]}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.094+0300","log.logger":"module","log.origin":{"file.name":"module/wrapper.go","file.line":127},"message":"Starting Wrapper[name=system, len(metricSetWrappers)=1]","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.094+0300","log.logger":"processors","log.origin":{"file.name":"processors/processor.go","file.line":101},"message":"Generated new processors: add_fields={\"data_stream\":{\"dataset\":\"system.cpu\",\"namespace\":\"default\",\"type\":\"metrics\"}}, add_fields={\"event\":{\"dataset\":\"system.cpu\"}}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.094+0300","log.logger":"centralmgmt","log.origin":{"file.name":"cfgfile/list.go","file.line":100},"message":"Starting runner: RunnerGroup{system [metricsets=1]}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.095+0300","log.logger":"module","log.origin":{"file.name":"module/wrapper.go","file.line":127},"message":"Starting Wrapper[name=system, len(metricSetWrappers)=1]","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.095+0300","log.logger":"processors","log.origin":{"file.name":"processors/processor.go","file.line":101},"message":"Generated new processors: add_fields={\"data_stream\":{\"dataset\":\"system.process\",\"namespace\":\"default\",\"type\":\"metrics\"}}, add_fields={\"event\":{\"dataset\":\"system.process\"}}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.095+0300","log.logger":"centralmgmt","log.origin":{"file.name":"cfgfile/list.go","file.line":100},"message":"Starting runner: RunnerGroup{system [metricsets=1]}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.095+0300","log.logger":"module","log.origin":{"file.name":"module/wrapper.go","file.line":127},"message":"Starting Wrapper[name=system, len(metricSetWrappers)=1]","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.095+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:01.092Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.diskio-default\"\n },\n \"agent\": {\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"os\": {\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"name\": \"Hamid-PC\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\"\n },\n \"system\": {\n \"diskio\": {\n \"read\": {\n \"count\": 241322,\n \"time\": 28642008,\n \"bytes\": 8554232320\n },\n \"write\": {\n \"count\": 194954,\n \"time\": 5620052,\n \"bytes\": 4478149120\n },\n \"io\": {\n \"time\": 0\n },\n \"name\": \"C:\"\n }\n },\n \"event\": {\n \"module\": \"system\",\n \"dataset\": \"system.diskio\"\n },\n \"metricset\": {\n \"name\": \"diskio\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.diskio\",\n \"namespace\": \"default\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.096+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:01.092Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.diskio-default\"\n },\n \"event\": {\n \"dataset\": \"system.diskio\",\n \"module\": \"system\"\n },\n \"metricset\": {\n \"name\": \"diskio\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"diskio\": {\n \"read\": {\n \"count\": 2429,\n \"time\": 47155,\n \"bytes\": 63854592\n },\n \"write\": {\n \"count\": 1528,\n \"time\": 9150,\n \"bytes\": 15421440\n },\n \"io\": {\n \"time\": 0\n },\n \"name\": \"D:\"\n }\n },\n \"data_stream\": {\n \"dataset\": \"system.diskio\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\"\n },\n \"name\": \"Hamid-PC\",\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ]\n },\n \"agent\": {\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.096+0300","log.logger":"module","log.origin":{"file.name":"module/wrapper.go","file.line":189},"message":"Starting metricSetWrapper[module=system, name=uptime, host=]","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.096+0300","log.logger":"module","log.origin":{"file.name":"module/wrapper.go","file.line":189},"message":"Starting metricSetWrapper[module=system, name=process, host=]","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.097+0300","log.logger":"module","log.origin":{"file.name":"module/wrapper.go","file.line":189},"message":"Starting metricSetWrapper[module=system, name=process_summary, host=]","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.097+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:01.096Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.uptime-default\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"uptime\": {\n \"duration\": {\n \"ms\": 82241906\n }\n }\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.uptime\"\n },\n \"host\": {\n \"name\": \"Hamid-PC\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\"\n },\n \"agent\": {\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"metricset\": {\n \"name\": \"uptime\",\n \"period\": 10000\n },\n \"event\": {\n \"dataset\": \"system.uptime\",\n \"module\": \"system\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.098+0300","log.logger":"module","log.origin":{"file.name":"module/wrapper.go","file.line":189},"message":"Starting metricSetWrapper[module=system, name=socket_summary, host=]","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.110+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:01.098Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.socket_summary-default\"\n },\n \"event\": {\n \"module\": \"system\",\n \"duration\": 11998400,\n \"dataset\": \"system.socket_summary\"\n },\n \"metricset\": {\n \"name\": \"socket_summary\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.socket_summary\",\n \"namespace\": \"default\"\n },\n \"host\": {\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"name\": \"Hamid-PC\"\n },\n \"agent\": {\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"system\": {\n \"socket\": {\n \"summary\": {\n \"all\": {\n \"count\": 199,\n \"listening\": 47\n },\n \"tcp\": {\n \"all\": {\n \"established\": 44,\n \"close_wait\": 1,\n \"time_wait\": 23,\n \"count\": 117,\n \"listening\": 47\n }\n },\n \"udp\": {\n \"all\": {\n \"count\": 82\n }\n }\n }\n }\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.096+0300","log.logger":"processors","log.origin":{"file.name":"processors/processor.go","file.line":101},"message":"Generated new processors: add_fields={\"data_stream\":{\"dataset\":\"system.memory\",\"namespace\":\"default\",\"type\":\"metrics\"}}, add_fields={\"event\":{\"dataset\":\"system.memory\"}}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.111+0300","log.logger":"centralmgmt","log.origin":{"file.name":"cfgfile/list.go","file.line":100},"message":"Starting runner: RunnerGroup{system [metricsets=1]}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.111+0300","log.logger":"module","log.origin":{"file.name":"module/wrapper.go","file.line":127},"message":"Starting Wrapper[name=system, len(metricSetWrappers)=1]","ecs.version":"1.5.0"}
{"log.level":"error","@timestamp":"2020-09-02T12:57:01.111+0300","log.logger":"centralmgmt.fleet","log.origin":{"file.name":"fleet/manager.go","file.line":260},"message":"1 error: Error creating runner from config: 1 error: metricset 'system/load' not found","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:57:01.111+0300","log.logger":"centralmgmt.fleet","log.origin":{"file.name":"fleet/manager.go","file.line":224},"message":"Applying settings for output","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:57:01.111+0300","log.origin":{"file.name":"eslegclient/connection.go","file.line":99},"message":"elasticsearch url: https://45cd934da9d443b187c79007c5bcb586.10.30.30.204.ip.es.io:9243","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:57:01.117+0300","log.logger":"centralmgmt.fleet","log.origin":{"file.name":"fleet/manager.go","file.line":138},"message":"Status change to %!s(management.Status=4): 1 error: 1 error: Error creating runner from config: 1 error: metricset 'system/load' not found","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.117+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":475},"message":"Skip process pid=0: error getting process state for pid=0: getProcName failed: OpenProcess failed for pid=0: The parameter is incorrect.; getProcStatus failed: OpenProcess failed for pid=0: The parameter is incorrect.; getParentPid failed: OpenProcess failed for pid=0: The parameter is incorrect.","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:57:01.117+0300","log.logger":"publisher","log.origin":{"file.name":"pipeline/retry.go","file.line":213},"message":"retryer: send wait signal to consumer","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:57:01.117+0300","log.logger":"publisher","log.origin":{"file.name":"pipeline/retry.go","file.line":217},"message":" done","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:57:01.117+0300","log.logger":"publisher","log.origin":{"file.name":"pipeline/retry.go","file.line":219},"message":"retryer: send unwait signal to consumer","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:57:01.117+0300","log.logger":"publisher","log.origin":{"file.name":"pipeline/retry.go","file.line":223},"message":" done","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.117+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":475},"message":"Skip process pid=4: error getting process state for pid=4: getProcName failed: GetProcessImageFileName failed for pid=4: GetProcessImageFileName failed: invalid argument","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.118+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":475},"message":"Skip process pid=56: error getting process state for pid=56: getProcName failed: GetProcessImageFileName failed for pid=56: GetProcessImageFileName failed: invalid argument","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.118+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process Registry with pid=100: error getting process mem for pid=100: OpenProcess failed for pid=100: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.118+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process smss.exe with pid=480: error getting process mem for pid=480: OpenProcess failed for pid=480: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.118+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process csrss.exe with pid=700: error getting process mem for pid=700: OpenProcess failed for pid=700: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.118+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process csrss.exe with pid=776: error getting process mem for pid=776: OpenProcess failed for pid=776: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.117+0300","log.logger":"module","log.origin":{"file.name":"module/wrapper.go","file.line":189},"message":"Starting metricSetWrapper[module=system, name=memory, host=]","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.132+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process wininit.exe with pid=800: error getting process mem for pid=800: OpenProcess failed for pid=800: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.096+0300","log.logger":"module","log.origin":{"file.name":"module/wrapper.go","file.line":189},"message":"Starting metricSetWrapper[module=system, name=cpu, host=]","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.134+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process services.exe with pid=900: error getting process mem for pid=900: OpenProcess failed for pid=900: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.139+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:01.133Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.cpu-default\"\n },\n \"event\": {\n \"module\": \"system\",\n \"duration\": 4996600,\n \"dataset\": \"system.cpu\"\n },\n \"metricset\": {\n \"name\": \"cpu\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"cpu\": {\n \"steal\": {\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n }\n },\n \"total\": {\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n }\n },\n \"user\": {\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n }\n },\n \"iowait\": {\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n }\n },\n \"irq\": {\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n }\n },\n \"system\": {\n \"norm\": {\n \"pct\": 0\n },\n \"pct\": 0\n },\n \"idle\": {\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n }\n },\n \"cores\": 4,\n \"softirq\": {\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n }\n },\n \"nice\": {\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n }\n }\n }\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.cpu\",\n \"namespace\": \"default\"\n },\n \"host\": {\n \"name\": \"Hamid-PC\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\"\n },\n \"agent\": {\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.149+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:01.092Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"in\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0\n },\n \"out\": {\n \"bytes\": 0,\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 0\n },\n \"name\": \"Local Area Connection\"\n }\n },\n \"data_stream\": {\n \"dataset\": \"system.network\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"name\": \"Hamid-PC\",\n \"os\": {\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\"\n },\n \"agent\": {\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\"\n },\n \"event\": {\n \"module\": \"system\",\n \"duration\": 56996700,\n \"dataset\": \"system.network\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.150+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:01.092Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"host\": {\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"name\": \"Hamid-PC\",\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ]\n },\n \"agent\": {\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\"\n },\n \"event\": {\n \"module\": \"system\",\n \"duration\": 56996700,\n \"dataset\": \"system.network\"\n },\n \"metricset\": {\n \"period\": 10000,\n \"name\": \"network\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"name\": \"VirtualBox Host-Only Network\",\n \"in\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0\n },\n \"out\": {\n \"dropped\": 0,\n \"packets\": 0,\n \"bytes\": 0,\n \"errors\": 0\n }\n }\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.150+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:01.092Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"agent\": {\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\"\n },\n \"event\": {\n \"module\": \"system\",\n \"duration\": 56996700,\n \"dataset\": \"system.network\"\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"name\": \"Local Area Connection* 10\",\n \"in\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0\n },\n \"out\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 0,\n \"bytes\": 0\n }\n }\n },\n \"data_stream\": {\n \"dataset\": \"system.network\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"name\": \"Hamid-PC\",\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ]\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.151+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:01.092Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"name\": \"Hamid-PC\",\n \"os\": {\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ]\n },\n \"agent\": {\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\"\n },\n \"event\": {\n \"module\": \"system\",\n \"duration\": 57997500,\n \"dataset\": \"system.network\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"name\": \"Local Area Connection* 13\",\n \"in\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0\n },\n \"out\": {\n \"packets\": 0,\n \"bytes\": 0,\n \"errors\": 0,\n \"dropped\": 0\n }\n }\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.151+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:01.092Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.network\",\n \"namespace\": \"default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"name\": \"Hamid-PC\",\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\"\n }\n },\n \"agent\": {\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\"\n },\n \"event\": {\n \"duration\": 57997500,\n \"dataset\": \"system.network\",\n \"module\": \"system\"\n },\n \"metricset\": {\n \"period\": 10000,\n \"name\": \"network\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"name\": \"Mobile Broadband Connection\",\n \"in\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0\n },\n \"out\": {\n \"packets\": 0,\n \"bytes\": 0,\n \"errors\": 0,\n \"dropped\": 0\n }\n }\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.151+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:01.092Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"event\": {\n \"dataset\": \"system.network\",\n \"module\": \"system\",\n \"duration\": 57997500\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"in\": {\n \"bytes\": 0,\n \"packets\": 0,\n \"errors\": 0,\n \"dropped\": 0\n },\n \"out\": {\n \"dropped\": 0,\n \"packets\": 0,\n \"bytes\": 206,\n \"errors\": 0\n },\n \"name\": \"VMware Network Adapter VMnet1\"\n }\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n },\n \"host\": {\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"name\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ]\n },\n \"agent\": {\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.152+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:01.092Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"data_stream\": {\n \"dataset\": \"system.network\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"name\": \"Hamid-PC\",\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ]\n },\n \"agent\": {\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\"\n },\n \"event\": {\n \"module\": \"system\",\n \"duration\": 59996400,\n \"dataset\": \"system.network\"\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"name\": \"VMware Network Adapter VMnet8\",\n \"in\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0\n },\n \"out\": {\n \"bytes\": 203,\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 0\n }\n }\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.152+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:01.092Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"host\": {\n \"os\": {\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"name\": \"Hamid-PC\",\n \"architecture\": \"x86_64\"\n },\n \"agent\": {\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\"\n },\n \"system\": {\n \"network\": {\n \"name\": \"Wi-Fi\",\n \"in\": {\n \"packets\": 11888,\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 7261950\n },\n \"out\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 30813,\n \"bytes\": 5281041\n }\n }\n },\n \"event\": {\n \"module\": \"system\",\n \"duration\": 59996400,\n \"dataset\": \"system.network\"\n },\n \"metricset\": {\n \"period\": 10000,\n \"name\": \"network\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.152+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:01.092Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"event\": {\n \"dataset\": \"system.network\",\n \"module\": \"system\",\n \"duration\": 59996400\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"in\": {\n \"packets\": 0,\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0\n },\n \"out\": {\n \"bytes\": 0,\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 0\n },\n \"name\": \"Loopback Pseudo-Interface 1\"\n }\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"name\": \"Hamid-PC\",\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\"\n },\n \"agent\": {\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.153+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:01.092Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"system\": {\n \"network\": {\n \"out\": {\n \"bytes\": 1817228,\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 0\n },\n \"name\": \"vEthernet (Default Switch)\",\n \"in\": {\n \"bytes\": 0,\n \"packets\": 0,\n \"errors\": 0,\n \"dropped\": 0\n }\n }\n },\n \"event\": {\n \"dataset\": \"system.network\",\n \"module\": \"system\",\n \"duration\": 59996400\n },\n \"data_stream\": {\n \"dataset\": \"system.network\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"name\": \"Hamid-PC\"\n },\n \"agent\": {\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\"\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.184+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process MemCompression with pid=2060: error getting process mem for pid=2060: OpenProcess failed for pid=2060: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.228+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process MsMpEng.exe with pid=4136: error getting process mem for pid=4136: OpenProcess failed for pid=4136: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.299+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process NisSrv.exe with pid=4004: error getting process mem for pid=4004: OpenProcess failed for pid=4004: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.323+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process SecurityHealthService.exe with pid=4240: error getting process mem for pid=4240: OpenProcess failed for pid=4240: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.339+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process SgrmBroker.exe with pid=7692: error getting process mem for pid=7692: OpenProcess failed for pid=7692: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.345+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:01.097Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process_summary-default\"\n },\n \"event\": {\n \"dataset\": \"system.process_summary\",\n \"module\": \"system\",\n \"duration\": 246990100\n },\n \"metricset\": {\n \"name\": \"process_summary\",\n \"period\": 10000\n },\n \"data_stream\": {\n \"dataset\": \"system.process_summary\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"name\": \"Hamid-PC\",\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ]\n },\n \"agent\": {\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"process\": {\n \"summary\": {\n \"stopped\": 0,\n \"zombie\": 0,\n \"unknown\": 3,\n \"dead\": 0,\n \"total\": 253,\n \"sleeping\": 0,\n \"running\": 250,\n \"idle\": 0\n }\n }\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.345+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process svchost.exe with pid=9264: error getting process mem for pid=9264: OpenProcess failed for pid=9264: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.369+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process svchost.exe with pid=14552: error getting process mem for pid=14552: OpenProcess failed for pid=14552: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.370+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":434},"message":"Filtered top processes down to 10 processes","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.371+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:01.096Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"process\": {\n \"ppid\": 768,\n \"pgid\": 0,\n \"args\": [\n \"winlogon.exe\"\n ],\n \"name\": \"winlogon.exe\",\n \"pid\": 876\n },\n \"user\": {\n \"name\": \"NT AUTHORITY\\\\SYSTEM\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"data_stream\": {\n \"dataset\": \"system.process\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"host\": {\n \"name\": \"Hamid-PC\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\"\n },\n \"event\": {\n \"dataset\": \"system.process\",\n \"module\": \"system\",\n \"duration\": 274999100\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"system\": {\n \"process\": {\n \"memory\": {\n \"share\": 0,\n \"size\": 2707456,\n \"rss\": {\n \"bytes\": 8871936,\n \"pct\": 0.0011\n }\n },\n \"cmdline\": \"winlogon.exe\",\n \"cpu\": {\n \"total\": {\n \"norm\": {\n \"pct\": 0\n },\n \"value\": 0,\n \"pct\": 0\n },\n \"start_time\": \"2020-09-01T11:06:53.812Z\"\n },\n \"state\": \"running\"\n }\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"agent\": {\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.372+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:01.096Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"process\": {\n \"name\": \"LsaIso.exe\",\n \"pid\": 924,\n \"ppid\": 800,\n \"pgid\": 0,\n \"args\": [\n \"\\\\??\\\\C:\\\\WINDOWS\\\\system32\\\\lsaiso.exe\"\n ]\n },\n \"user\": {\n \"name\": \"NT AUTHORITY\\\\SYSTEM\"\n },\n \"event\": {\n \"module\": \"system\",\n \"duration\": 274999100,\n \"dataset\": \"system.process\"\n },\n \"data_stream\": {\n \"dataset\": \"system.process\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"system\": {\n \"process\": {\n \"cpu\": {\n \"total\": {\n \"norm\": {\n \"pct\": 0\n },\n \"value\": 0,\n \"pct\": 0\n },\n \"start_time\": \"2020-09-01T11:06:54.190Z\"\n },\n \"state\": \"running\",\n \"memory\": {\n \"size\": 847872,\n \"rss\": {\n \"bytes\": 1912832,\n \"pct\": 0.0002\n },\n \"share\": 0\n },\n \"cmdline\": \"\\\\??\\\\C:\\\\WINDOWS\\\\system32\\\\lsaiso.exe\"\n }\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"agent\": {\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\"\n },\n \"host\": {\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"name\": \"Hamid-PC\",\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\"\n }\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.372+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:01.096Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"process\": {\n \"args\": [\n \"C:\\\\WINDOWS\\\\system32\\\\lsass.exe\"\n ],\n \"name\": \"lsass.exe\",\n \"pid\": 944,\n \"ppid\": 800,\n \"pgid\": 0\n },\n \"event\": {\n \"dataset\": \"system.process\",\n \"module\": \"system\",\n \"duration\": 274999100\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.process\"\n },\n \"agent\": {\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\"\n },\n \"system\": {\n \"process\": {\n \"cmdline\": \"C:\\\\WINDOWS\\\\system32\\\\lsass.exe\",\n \"state\": \"running\",\n \"cpu\": {\n \"total\": {\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n },\n \"value\": 0\n },\n \"start_time\": \"2020-09-01T11:06:54.198Z\"\n },\n \"memory\": {\n \"size\": 7610368,\n \"rss\": {\n \"pct\": 0.0019,\n \"bytes\": 16109568\n },\n \"share\": 0\n }\n }\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"name\": \"Hamid-PC\"\n },\n \"user\": {\n \"name\": \"NT AUTHORITY\\\\SYSTEM\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.372+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:01.096Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"process\": {\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\WINDOWS\\\\system32\\\\svchost.exe\",\n \"-k\",\n \"DcomLaunch\",\n \"-p\",\n \"-s\",\n \"PlugPlay\"\n ],\n \"name\": \"svchost.exe\",\n \"pid\": 652,\n \"ppid\": 900\n },\n \"event\": {\n \"duration\": 274999100,\n \"dataset\": \"system.process\",\n \"module\": \"system\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"process\": {\n \"cpu\": {\n \"total\": {\n \"value\": 0,\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n }\n },\n \"start_time\": \"2020-09-01T11:06:56.253Z\"\n },\n \"memory\": {\n \"size\": 917504,\n \"rss\": {\n \"bytes\": 2392064,\n \"pct\": 0.0003\n },\n \"share\": 0\n },\n \"state\": \"running\",\n \"cmdline\": \"C:\\\\WINDOWS\\\\system32\\\\svchost.exe -k DcomLaunch -p -s PlugPlay\"\n }\n },\n \"data_stream\": {\n \"dataset\": \"system.process\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"user\": {\n \"name\": \"NT AUTHORITY\\\\SYSTEM\"\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"os\": {\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"name\": \"Hamid-PC\",\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\"\n },\n \"agent\": {\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.373+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:01.096Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"event\": {\n \"dataset\": \"system.process\",\n \"module\": \"system\",\n \"duration\": 275997700\n },\n \"process\": {\n \"pid\": 660,\n \"ppid\": 900,\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\WINDOWS\\\\system32\\\\svchost.exe\",\n \"-k\",\n \"DcomLaunch\",\n \"-p\"\n ],\n \"name\": \"svchost.exe\"\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.process\"\n },\n \"agent\": {\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"name\": \"Hamid-PC\",\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ]\n },\n \"user\": {\n \"name\": \"NT AUTHORITY\\\\SYSTEM\"\n },\n \"metricset\": {\n \"period\": 10000,\n \"name\": \"process\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"process\": {\n \"cpu\": {\n \"start_time\": \"2020-09-01T11:06:56.350Z\",\n \"total\": {\n \"value\": 0,\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n }\n }\n },\n \"state\": \"running\",\n \"memory\": {\n \"rss\": {\n \"pct\": 0.0038,\n \"bytes\": 32014336\n },\n \"share\": 0,\n \"size\": 14381056\n },\n \"cmdline\": \"C:\\\\WINDOWS\\\\system32\\\\svchost.exe -k DcomLaunch -p\"\n }\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.373+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:01.096Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"agent\": {\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\"\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"event\": {\n \"duration\": 275997700,\n \"dataset\": \"system.process\",\n \"module\": \"system\"\n },\n \"system\": {\n \"process\": {\n \"state\": \"running\",\n \"cpu\": {\n \"total\": {\n \"value\": 0,\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n }\n },\n \"start_time\": \"2020-09-01T11:11:50.306Z\"\n },\n \"memory\": {\n \"rss\": {\n \"pct\": 0.028,\n \"bytes\": 234299392\n },\n \"share\": 0,\n \"size\": 148967424\n },\n \"cmdline\": \"C:\\\\Windows\\\\SystemApps\\\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\\\SearchUI.exe -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca\"\n }\n },\n \"process\": {\n \"name\": \"SearchUI.exe\",\n \"pid\": 3256,\n \"ppid\": 660,\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\Windows\\\\SystemApps\\\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\\\SearchUI.exe\",\n \"-ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca\"\n ]\n },\n \"data_stream\": {\n \"dataset\": \"system.process\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"architecture\": \"x86_64\",\n \"os\": {\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"name\": \"Hamid-PC\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.374+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:01.096Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"agent\": {\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\"\n },\n \"process\": {\n \"pid\": 1768,\n \"ppid\": 3480,\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\Program Files (x86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe\",\n \"--flag-switches-begin\",\n \"--flag-switches-end\",\n \"--enable-audio-service-sandbox\",\n \"--origin-trial-disabled-features=MeasureMemory\",\n \"--restore-last-session\"\n ],\n \"name\": \"chrome.exe\"\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\"\n },\n \"name\": \"Hamid-PC\",\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ]\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n },\n \"event\": {\n \"dataset\": \"system.process\",\n \"module\": \"system\",\n \"duration\": 276999500\n },\n \"system\": {\n \"process\": {\n \"memory\": {\n \"share\": 0,\n \"size\": 251944960,\n \"rss\": {\n \"bytes\": 233865216,\n \"pct\": 0.0279\n }\n },\n \"cpu\": {\n \"start_time\": \"2020-09-01T11:11:59.970Z\",\n \"total\": {\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n },\n \"value\": 0\n }\n },\n \"state\": \"running\",\n \"cmdline\": \"C:\\\\Program Files (x86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --origin-trial-disabled-features=MeasureMemory --restore-last-session\"\n }\n },\n \"data_stream\": {\n \"dataset\": \"system.process\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.374+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:01.096Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"host\": {\n \"name\": \"Hamid-PC\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\"\n },\n \"system\": {\n \"process\": {\n \"state\": \"running\",\n \"memory\": {\n \"size\": 137891840,\n \"rss\": {\n \"bytes\": 154271744,\n \"pct\": 0.0184\n },\n \"share\": 0\n },\n \"cmdline\": \"C:\\\\Program Files (x86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe --type=renderer --field-trial-handle=1548,14710917769990325656,12595360292849818750,131072 --lang=en-US --extension-process --enable-auto-reload --origin-trial-disabled-features=MeasureMemory --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2584 /prefetch:1\",\n \"cpu\": {\n \"start_time\": \"2020-09-01T11:13:20.524Z\",\n \"total\": {\n \"value\": 0,\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n }\n }\n }\n }\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"data_stream\": {\n \"dataset\": \"system.process\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"process\": {\n \"name\": \"chrome.exe\",\n \"pid\": 8524,\n \"ppid\": 1768,\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\Program Files (x86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe\",\n \"--type=renderer\",\n \"--field-trial-handle=1548,14710917769990325656,12595360292849818750,131072\",\n \"--lang=en-US\",\n \"--extension-process\",\n \"--enable-auto-reload\",\n \"--origin-trial-disabled-features=MeasureMemory\",\n \"--device-scale-factor=1\",\n \"--num-raster-threads=2\",\n \"--enable-main-frame-before-activation\",\n \"--renderer-client-id=4\",\n \"--no-v8-untrusted-code-mitigations\",\n \"--mojo-platform-channel-handle=2584\",\n \"/prefetch:1\"\n ]\n },\n \"event\": {\n \"dataset\": \"system.process\",\n \"module\": \"system\",\n \"duration\": 276999500\n },\n \"agent\": {\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.375+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:01.096Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"process\": {\n \"name\": \"Dropbox.exe\",\n \"pid\": 9868,\n \"ppid\": 8548,\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\Program Files (x86)\\\\Dropbox\\\\Client\\\\Dropbox.exe\",\n \"/systemstartup\"\n ]\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n },\n \"event\": {\n \"duration\": 277999000,\n \"dataset\": \"system.process\",\n \"module\": \"system\"\n },\n \"system\": {\n \"process\": {\n \"memory\": {\n \"size\": 225308672,\n \"rss\": {\n \"bytes\": 145850368,\n \"pct\": 0.0174\n },\n \"share\": 0\n },\n \"cmdline\": \"C:\\\\Program Files (x86)\\\\Dropbox\\\\Client\\\\Dropbox.exe /systemstartup\",\n \"cpu\": {\n \"start_time\": \"2020-09-01T11:12:20.366Z\",\n \"total\": {\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n },\n \"value\": 0\n }\n },\n \"state\": \"running\"\n }\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.process\",\n \"namespace\": \"default\"\n },\n \"agent\": {\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\"\n },\n \"host\": {\n \"os\": {\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"name\": \"Hamid-PC\",\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.375+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:01.096Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"process\": {\n \"ppid\": 10044,\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\Program Files\\\\WindowsApps\\\\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\\\\Skype\\\\Skype.exe\",\n \"--type=renderer\",\n \"--autoplay-policy=no-user-gesture-required\",\n \"--disable-background-timer-throttling\",\n \"--ms-disable-indexeddb-transaction-timeout\",\n \"--field-trial-handle=2360,13621305819969103586,15743625929938196683,131072\",\n \"--disable-features=PictureInPicture,SpareRendererForSitePerProcess\",\n \"--lang=en-US\",\n \"--app-user-model-id=Microsoft.Skype.SkypeDesktop\",\n \"--app-path=C:\\\\Program Files\\\\WindowsApps\\\\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\\\\Skype\\\\resources\\\\app.asar\",\n \"--webview-tag\",\n \"--no-sandbox\",\n \"--no-zygote\",\n \"--native-window-open\",\n \"--preload=C:\\\\Program Files\\\\WindowsApps\\\\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\\\\Skype\\\\resources\\\\app.asar\\\\Preload.js\",\n \"--disable-remote-module\",\n \"--background-color=#fff\",\n \"--node-integration-in-subframes\",\n \"--enable-websql\",\n \"--enable-spellcheck\",\n \"--electron-shared-settings=eyJjci5jb21wYW55IjoiRWxlY3Ryb24iLCJjci5kdW1wcyI6IiIsImNyLmVuYWJsZWQiOmZhbHNlLCJjci5wcm9kdWN0IjoiRWxlY3Ryb24iLCJjci5zZXNzaW9uIjoiIiwiY3IudXJsIjoiIiwiY3IudmVyc2lvbiI6IiJ9\",\n \"--device-scale-factor=1\",\n \"--num-raster-threads=2\",\n \"--enable-main-frame-before-activation\",\n \"--service-request-channel-token=16785184594504848381\",\n \"--renderer-client-id=5\",\n \"--no-v8-untrusted-code-mitigations\",\n \"--mojo-platform-channel-handle=3008\",\n \"/prefetch:1\",\n \"--skype-process-type=Main\",\n \"--skype-window-id=__MAIN_ROOT_VIEW_ID__\"\n ],\n \"name\": \"Skype.exe\",\n \"pid\": 9184\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n },\n \"event\": {\n \"dataset\": \"system.process\",\n \"module\": \"system\",\n \"duration\": 277999000\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.process\",\n \"namespace\": \"default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"process\": {\n \"cpu\": {\n \"total\": {\n \"value\": 0,\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n }\n },\n \"start_time\": \"2020-09-01T11:15:44.398Z\"\n },\n \"state\": \"running\",\n \"memory\": {\n \"size\": 213671936,\n \"rss\": {\n \"bytes\": 136753152,\n \"pct\": 0.0163\n },\n \"share\": 0\n },\n \"cmdline\": \"C:\\\\Program Files\\\\WindowsApps\\\\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\\\\Skype\\\\Skype.exe --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --ms-disable-indexeddb-transaction-timeout --field-trial-handle=2360,13621305819969103586,15743625929938196683,131072 --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --app-user-model-id=Microsoft.Skype.SkypeDesktop --app-path=C:\\\\Program Files\\\\WindowsApps\\\\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\\\\Skype\\\\resources\\\\app.asar --webview-tag --no-sandbox --no-zygote --native-window-open --preload=C:\\\\Program Files\\\\WindowsApps\\\\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\\\\Skype\\\\resources\\\\app.asar\\\\Preload.js --disable-remote-module --background-color=#fff --node-integration-in-subframes --enable-websql --enable-spellcheck --electron-shared-settings=eyJjci5jb21wYW55IjoiRWxlY3Ryb24iLCJjci5kdW1wcyI6IiIsImNyLmVuYWJsZWQiOmZhbHNlLCJjci5wcm9kdWN0IjoiRWxlY3Ryb24iLCJjci5zZXNzaW9uIjoiIiwiY3IudXJsIjoiIiwiY3IudmVyc2lvbiI6IiJ9 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=16785184594504848381 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3008 /prefetch:1 --skype-process-type=Main --skype-window-id=__MAIN_ROOT_VIEW_ID__\"\n }\n },\n \"agent\": {\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\"\n },\n \"host\": {\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"name\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:01.439+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:01.129Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.memory-default\"\n },\n \"host\": {\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"name\": \"Hamid-PC\"\n },\n \"agent\": {\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"metricset\": {\n \"name\": \"memory\",\n \"period\": 10000\n },\n \"event\": {\n \"dataset\": \"system.memory\",\n \"module\": \"system\",\n \"duration\": 309996900\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"memory\": {\n \"total\": 8375672832,\n \"used\": {\n \"bytes\": 5120614400,\n \"pct\": 0.6114\n },\n \"free\": 3255058432,\n \"actual\": {\n \"free\": 3255058432,\n \"used\": {\n \"pct\": 0.6114,\n \"bytes\": 5120614400\n }\n },\n \"swap\": {\n \"total\": 16965607424,\n \"used\": {\n \"bytes\": 6970081280,\n \"pct\": 0.4108\n },\n \"free\": 9995526144\n }\n }\n },\n \"data_stream\": {\n \"dataset\": \"system.memory\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:57:02.132+0300","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/output.go","file.line":143},"message":"Connecting to backoff(elasticsearch(https://45cd934da9d443b187c79007c5bcb586.10.30.30.204.ip.es.io:9243))","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:02.132+0300","log.logger":"esclientleg","log.origin":{"file.name":"eslegclient/connection.go","file.line":290},"message":"ES Ping(url=https://45cd934da9d443b187c79007c5bcb586.10.30.30.204.ip.es.io:9243)","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:57:02.158+0300","log.logger":"publisher","log.origin":{"file.name":"pipeline/retry.go","file.line":219},"message":"retryer: send unwait signal to consumer","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:57:02.158+0300","log.logger":"publisher","log.origin":{"file.name":"pipeline/retry.go","file.line":223},"message":" done","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:03.373+0300","log.logger":"esclientleg","log.origin":{"file.name":"eslegclient/connection.go","file.line":294},"message":"Ping request failed with: Get \"https://45cd934da9d443b187c79007c5bcb586.10.30.30.204.ip.es.io:9243\": x509: certificate signed by unknown authority","ecs.version":"1.5.0"}
{"log.level":"error","@timestamp":"2020-09-02T12:57:04.407+0300","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/output.go","file.line":154},"message":"Failed to connect to backoff(elasticsearch(https://45cd934da9d443b187c79007c5bcb586.10.30.30.204.ip.es.io:9243)): Get \"https://45cd934da9d443b187c79007c5bcb586.10.30.30.204.ip.es.io:9243\": x509: certificate signed by unknown authority","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:57:04.407+0300","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/output.go","file.line":145},"message":"Attempting to reconnect to backoff(elasticsearch(https://45cd934da9d443b187c79007c5bcb586.10.30.30.204.ip.es.io:9243)) with 1 reconnect attempt(s)","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:04.407+0300","log.logger":"esclientleg","log.origin":{"file.name":"eslegclient/connection.go","file.line":290},"message":"ES Ping(url=https://45cd934da9d443b187c79007c5bcb586.10.30.30.204.ip.es.io:9243)","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:57:04.410+0300","log.logger":"publisher","log.origin":{"file.name":"pipeline/retry.go","file.line":219},"message":"retryer: send unwait signal to consumer","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:57:04.410+0300","log.logger":"publisher","log.origin":{"file.name":"pipeline/retry.go","file.line":223},"message":" done","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:04.431+0300","log.logger":"esclientleg","log.origin":{"file.name":"eslegclient/connection.go","file.line":294},"message":"Ping request failed with: Get \"https://45cd934da9d443b187c79007c5bcb586.10.30.30.204.ip.es.io:9243\": x509: certificate signed by unknown authority","ecs.version":"1.5.0"}
{"log.level":"error","@timestamp":"2020-09-02T12:57:08.015+0300","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/output.go","file.line":154},"message":"Failed to connect to backoff(elasticsearch(https://45cd934da9d443b187c79007c5bcb586.10.30.30.204.ip.es.io:9243)): Get \"https://45cd934da9d443b187c79007c5bcb586.10.30.30.204.ip.es.io:9243\": x509: certificate signed by unknown authority","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:57:08.015+0300","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/output.go","file.line":145},"message":"Attempting to reconnect to backoff(elasticsearch(https://45cd934da9d443b187c79007c5bcb586.10.30.30.204.ip.es.io:9243)) with 2 reconnect attempt(s)","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:08.015+0300","log.logger":"esclientleg","log.origin":{"file.name":"eslegclient/connection.go","file.line":290},"message":"ES Ping(url=https://45cd934da9d443b187c79007c5bcb586.10.30.30.204.ip.es.io:9243)","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:57:08.015+0300","log.logger":"publisher","log.origin":{"file.name":"pipeline/retry.go","file.line":219},"message":"retryer: send unwait signal to consumer","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:57:08.015+0300","log.logger":"publisher","log.origin":{"file.name":"pipeline/retry.go","file.line":223},"message":" done","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:09.450+0300","log.logger":"esclientleg","log.origin":{"file.name":"eslegclient/connection.go","file.line":294},"message":"Ping request failed with: Get \"https://45cd934da9d443b187c79007c5bcb586.10.30.30.204.ip.es.io:9243\": x509: certificate signed by unknown authority","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.097+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:11.097Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.uptime-default\"\n },\n \"data_stream\": {\n \"dataset\": \"system.uptime\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"name\": \"Hamid-PC\",\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ]\n },\n \"agent\": {\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\"\n },\n \"event\": {\n \"dataset\": \"system.uptime\",\n \"module\": \"system\"\n },\n \"metricset\": {\n \"name\": \"uptime\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"uptime\": {\n \"duration\": {\n \"ms\": 82251906\n }\n }\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.097+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:11.096Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.diskio-default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"name\": \"Hamid-PC\",\n \"os\": {\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ]\n },\n \"agent\": {\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"diskio\": {\n \"name\": \"C:\",\n \"read\": {\n \"count\": 241443,\n \"time\": 28646388,\n \"bytes\": 8576626688\n },\n \"write\": {\n \"time\": 5630463,\n \"bytes\": 4500127232,\n \"count\": 195402\n },\n \"io\": {\n \"time\": 0\n }\n }\n },\n \"event\": {\n \"dataset\": \"system.diskio\",\n \"module\": \"system\"\n },\n \"metricset\": {\n \"name\": \"diskio\",\n \"period\": 10000\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.diskio\",\n \"namespace\": \"default\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.097+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:11.096Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.diskio-default\"\n },\n \"metricset\": {\n \"name\": \"diskio\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"data_stream\": {\n \"dataset\": \"system.diskio\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"name\": \"Hamid-PC\",\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ]\n },\n \"agent\": {\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\"\n },\n \"system\": {\n \"diskio\": {\n \"name\": \"D:\",\n \"read\": {\n \"count\": 2429,\n \"time\": 47155,\n \"bytes\": 63854592\n },\n \"write\": {\n \"bytes\": 15458304,\n \"count\": 1533,\n \"time\": 9151\n },\n \"io\": {\n \"time\": 0\n }\n }\n },\n \"event\": {\n \"module\": \"system\",\n \"dataset\": \"system.diskio\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.112+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:11.110Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.socket_summary-default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"name\": \"Hamid-PC\",\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\"\n }\n },\n \"agent\": {\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\"\n },\n \"system\": {\n \"socket\": {\n \"summary\": {\n \"udp\": {\n \"all\": {\n \"count\": 87\n }\n },\n \"all\": {\n \"count\": 261,\n \"listening\": 47\n },\n \"tcp\": {\n \"all\": {\n \"count\": 174,\n \"listening\": 47,\n \"established\": 45,\n \"close_wait\": 1,\n \"time_wait\": 80\n }\n }\n }\n }\n },\n \"event\": {\n \"module\": \"system\",\n \"duration\": 1951000,\n \"dataset\": \"system.socket_summary\"\n },\n \"metricset\": {\n \"name\": \"socket_summary\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.socket_summary\",\n \"namespace\": \"default\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.138+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:11.138Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.cpu-default\"\n },\n \"host\": {\n \"architecture\": \"x86_64\",\n \"os\": {\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"name\": \"Hamid-PC\",\n \"hostname\": \"Hamid-PC\"\n },\n \"agent\": {\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\"\n },\n \"event\": {\n \"dataset\": \"system.cpu\",\n \"module\": \"system\"\n },\n \"metricset\": {\n \"name\": \"cpu\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"cpu\": {\n \"total\": {\n \"pct\": 3.4578,\n \"norm\": {\n \"pct\": 0.8644\n }\n },\n \"system\": {\n \"pct\": 1.5875,\n \"norm\": {\n \"pct\": 0.3969\n }\n },\n \"cores\": 4,\n \"idle\": {\n \"pct\": 0.5422,\n \"norm\": {\n \"pct\": 0.1356\n }\n },\n \"irq\": {\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n }\n },\n \"softirq\": {\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n }\n },\n \"steal\": {\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n }\n },\n \"user\": {\n \"pct\": 1.8703,\n \"norm\": {\n \"pct\": 0.4676\n }\n },\n \"iowait\": {\n \"norm\": {\n \"pct\": 0\n },\n \"pct\": 0\n },\n \"nice\": {\n \"norm\": {\n \"pct\": 0\n },\n \"pct\": 0\n }\n }\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.cpu\",\n \"namespace\": \"default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.169+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:11.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n },\n \"agent\": {\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"name\": \"Hamid-PC\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\"\n }\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"event\": {\n \"module\": \"system\",\n \"duration\": 16963500,\n \"dataset\": \"system.network\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"out\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 0,\n \"bytes\": 0\n },\n \"name\": \"Local Area Connection\",\n \"in\": {\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0,\n \"errors\": 0\n }\n }\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.170+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:11.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"agent\": {\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"os\": {\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"name\": \"Hamid-PC\",\n \"architecture\": \"x86_64\"\n },\n \"event\": {\n \"duration\": 16963500,\n \"dataset\": \"system.network\",\n \"module\": \"system\"\n },\n \"metricset\": {\n \"period\": 10000,\n \"name\": \"network\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"name\": \"VirtualBox Host-Only Network\",\n \"in\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0\n },\n \"out\": {\n \"bytes\": 0,\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 0\n }\n }\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.170+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:11.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"event\": {\n \"dataset\": \"system.network\",\n \"module\": \"system\",\n \"duration\": 16963500\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.network\",\n \"namespace\": \"default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"name\": \"Hamid-PC\"\n },\n \"agent\": {\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\"\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"name\": \"Local Area Connection* 10\",\n \"in\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0\n },\n \"out\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 0,\n \"bytes\": 0\n }\n }\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.170+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:11.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"host\": {\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"name\": \"Hamid-PC\",\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ]\n },\n \"agent\": {\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\"\n },\n \"event\": {\n \"module\": \"system\",\n \"duration\": 18021600,\n \"dataset\": \"system.network\"\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"out\": {\n \"bytes\": 0,\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 0\n },\n \"name\": \"Local Area Connection* 13\",\n \"in\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0\n }\n }\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.171+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:11.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"agent\": {\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\"\n },\n \"system\": {\n \"network\": {\n \"name\": \"Mobile Broadband Connection\",\n \"in\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0\n },\n \"out\": {\n \"bytes\": 0,\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 0\n }\n }\n },\n \"event\": {\n \"dataset\": \"system.network\",\n \"module\": \"system\",\n \"duration\": 18021600\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"hostname\": \"Hamid-PC\",\n \"name\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ]\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.171+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:11.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"host\": {\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"name\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\"\n },\n \"agent\": {\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"event\": {\n \"dataset\": \"system.network\",\n \"module\": \"system\",\n \"duration\": 18021600\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"name\": \"VMware Network Adapter VMnet1\",\n \"in\": {\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0,\n \"errors\": 0\n },\n \"out\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 0,\n \"bytes\": 411\n }\n }\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.network\",\n \"namespace\": \"default\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.171+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:11.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"architecture\": \"x86_64\",\n \"os\": {\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"name\": \"Hamid-PC\"\n },\n \"event\": {\n \"dataset\": \"system.network\",\n \"module\": \"system\",\n \"duration\": 18996400\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"name\": \"VMware Network Adapter VMnet8\",\n \"in\": {\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0,\n \"errors\": 0\n },\n \"out\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 0,\n \"bytes\": 407\n }\n }\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n },\n \"agent\": {\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.172+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:11.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"event\": {\n \"dataset\": \"system.network\",\n \"module\": \"system\",\n \"duration\": 18996400\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"in\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 7676188,\n \"packets\": 12739\n },\n \"out\": {\n \"packets\": 31588,\n \"bytes\": 5546483,\n \"errors\": 0,\n \"dropped\": 0\n },\n \"name\": \"Wi-Fi\"\n }\n },\n \"data_stream\": {\n \"dataset\": \"system.network\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"hostname\": \"Hamid-PC\",\n \"name\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ]\n },\n \"agent\": {\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.172+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:11.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.network\",\n \"namespace\": \"default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"name\": \"Hamid-PC\",\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\"\n },\n \"agent\": {\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\"\n },\n \"event\": {\n \"module\": \"system\",\n \"duration\": 18996400,\n \"dataset\": \"system.network\"\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"out\": {\n \"dropped\": 0,\n \"packets\": 0,\n \"bytes\": 0,\n \"errors\": 0\n },\n \"name\": \"Loopback Pseudo-Interface 1\",\n \"in\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0\n }\n }\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.172+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:11.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"architecture\": \"x86_64\",\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"name\": \"Hamid-PC\",\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\"\n },\n \"agent\": {\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"name\": \"vEthernet (Default Switch)\",\n \"in\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0\n },\n \"out\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 0,\n \"bytes\": 1868350\n }\n }\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"event\": {\n \"dataset\": \"system.network\",\n \"module\": \"system\",\n \"duration\": 20000800\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.network\",\n \"namespace\": \"default\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.382+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":475},"message":"Skip process pid=0: error getting process state for pid=0: getProcName failed: OpenProcess failed for pid=0: The parameter is incorrect.; getProcStatus failed: OpenProcess failed for pid=0: The parameter is incorrect.; getParentPid failed: OpenProcess failed for pid=0: The parameter is incorrect.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.382+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":475},"message":"Skip process pid=4: error getting process state for pid=4: getProcName failed: GetProcessImageFileName failed for pid=4: GetProcessImageFileName failed: invalid argument","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.382+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":475},"message":"Skip process pid=56: error getting process state for pid=56: getProcName failed: GetProcessImageFileName failed for pid=56: GetProcessImageFileName failed: invalid argument","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.382+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process Registry with pid=100: error getting process mem for pid=100: OpenProcess failed for pid=100: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.383+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process smss.exe with pid=480: error getting process mem for pid=480: OpenProcess failed for pid=480: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.383+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process csrss.exe with pid=700: error getting process mem for pid=700: OpenProcess failed for pid=700: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.383+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process csrss.exe with pid=776: error getting process mem for pid=776: OpenProcess failed for pid=776: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.383+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process wininit.exe with pid=800: error getting process mem for pid=800: OpenProcess failed for pid=800: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.384+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process services.exe with pid=900: error getting process mem for pid=900: OpenProcess failed for pid=900: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.391+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process MemCompression with pid=2060: error getting process mem for pid=2060: OpenProcess failed for pid=2060: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.405+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:11.344Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process_summary-default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"name\": \"Hamid-PC\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\"\n },\n \"agent\": {\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\"\n },\n \"metricset\": {\n \"name\": \"process_summary\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"process\": {\n \"summary\": {\n \"running\": 247,\n \"idle\": 0,\n \"stopped\": 0,\n \"zombie\": 0,\n \"unknown\": 3,\n \"dead\": 0,\n \"total\": 250,\n \"sleeping\": 0\n }\n }\n },\n \"event\": {\n \"duration\": 60959300,\n \"dataset\": \"system.process_summary\",\n \"module\": \"system\"\n },\n \"data_stream\": {\n \"dataset\": \"system.process_summary\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.410+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process MsMpEng.exe with pid=4136: error getting process mem for pid=4136: OpenProcess failed for pid=4136: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.415+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process NisSrv.exe with pid=4004: error getting process mem for pid=4004: OpenProcess failed for pid=4004: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.428+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process SecurityHealthService.exe with pid=4240: error getting process mem for pid=4240: OpenProcess failed for pid=4240: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.446+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process SgrmBroker.exe with pid=7692: error getting process mem for pid=7692: OpenProcess failed for pid=7692: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.457+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process svchost.exe with pid=9264: error getting process mem for pid=9264: OpenProcess failed for pid=9264: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.484+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process svchost.exe with pid=14552: error getting process mem for pid=14552: OpenProcess failed for pid=14552: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.485+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":434},"message":"Filtered top processes down to 8 processes","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.486+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:11.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"process\": {\n \"args\": [\n \"C:\\\\Program Files (x86)\\\\Dropbox\\\\Client\\\\Dropbox.exe\",\n \"/systemstartup\"\n ],\n \"name\": \"Dropbox.exe\",\n \"pid\": 9868,\n \"ppid\": 8548,\n \"pgid\": 0\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"process\": {\n \"state\": \"running\",\n \"memory\": {\n \"size\": 224993280,\n \"rss\": {\n \"bytes\": 152453120,\n \"pct\": 0.0182\n },\n \"share\": 0\n },\n \"cmdline\": \"C:\\\\Program Files (x86)\\\\Dropbox\\\\Client\\\\Dropbox.exe /systemstartup\",\n \"cpu\": {\n \"total\": {\n \"pct\": 0.4143,\n \"norm\": {\n \"pct\": 0.1036\n },\n \"value\": 184983\n },\n \"start_time\": \"2020-09-01T11:12:20.366Z\"\n }\n }\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n },\n \"event\": {\n \"dataset\": \"system.process\",\n \"module\": \"system\",\n \"duration\": 111967800\n },\n \"data_stream\": {\n \"dataset\": \"system.process\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"agent\": {\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\"\n },\n \"host\": {\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"name\": \"Hamid-PC\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\"\n },\n \"metricset\": {\n \"period\": 10000,\n \"name\": \"process\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.487+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:11.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n },\n \"event\": {\n \"duration\": 111967800,\n \"dataset\": \"system.process\",\n \"module\": \"system\"\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"system\": {\n \"process\": {\n \"memory\": {\n \"rss\": {\n \"bytes\": 33263616,\n \"pct\": 0.004\n },\n \"share\": 0,\n \"size\": 12877824\n },\n \"cmdline\": \"C:\\\\WINDOWS\\\\system32\\\\SettingSyncHost.exe -Embedding\",\n \"cpu\": {\n \"total\": {\n \"pct\": 0.3155,\n \"norm\": {\n \"pct\": 0.0789\n },\n \"value\": 25640\n },\n \"start_time\": \"2020-09-01T11:10:46.221Z\"\n },\n \"state\": \"running\"\n }\n },\n \"agent\": {\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\"\n },\n \"process\": {\n \"ppid\": 660,\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\WINDOWS\\\\system32\\\\SettingSyncHost.exe\",\n \"-Embedding\"\n ],\n \"name\": \"SettingSyncHost.exe\",\n \"pid\": 5248\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.process\",\n \"namespace\": \"default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"architecture\": \"x86_64\",\n \"name\": \"Hamid-PC\",\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\"\n },\n \"service\": {\n \"type\": \"system\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.487+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:11.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"agent\": {\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\"\n },\n \"process\": {\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\WINDOWS\\\\system32\\\\svchost.exe\",\n \"-k\",\n \"NetworkService\",\n \"-p\",\n \"-s\",\n \"Dnscache\"\n ],\n \"name\": \"svchost.exe\",\n \"pid\": 2616,\n \"ppid\": 900\n },\n \"event\": {\n \"dataset\": \"system.process\",\n \"module\": \"system\",\n \"duration\": 111967800\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"system\": {\n \"process\": {\n \"memory\": {\n \"share\": 0,\n \"size\": 4087808,\n \"rss\": {\n \"bytes\": 7966720,\n \"pct\": 0.001\n }\n },\n \"cmdline\": \"C:\\\\WINDOWS\\\\system32\\\\svchost.exe -k NetworkService -p -s Dnscache\",\n \"cpu\": {\n \"total\": {\n \"value\": 192624,\n \"pct\": 0.2405,\n \"norm\": {\n \"pct\": 0.0601\n }\n },\n \"start_time\": \"2020-09-01T11:07:10.232Z\"\n },\n \"state\": \"running\"\n }\n },\n \"data_stream\": {\n \"dataset\": \"system.process\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"host\": {\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\"\n },\n \"name\": \"Hamid-PC\",\n \"id\": \"99800768-a362-4799-9840-677baad76c96\"\n },\n \"user\": {\n \"name\": \"NT AUTHORITY\\\\NETWORK SERVICE\"\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.487+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:11.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n },\n \"host\": {\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\"\n },\n \"name\": \"Hamid-PC\",\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ]\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"system\": {\n \"process\": {\n \"cmdline\": \"C:\\\\WINDOWS\\\\explorer.exe /factory,{ceff45ee-c862-41de-aee2-a022c81eda92} -Embedding\",\n \"state\": \"running\",\n \"memory\": {\n \"rss\": {\n \"bytes\": 83709952,\n \"pct\": 0.01\n },\n \"share\": 0,\n \"size\": 39714816\n },\n \"cpu\": {\n \"start_time\": \"2020-09-01T11:25:33.693Z\",\n \"total\": {\n \"pct\": 0.1329,\n \"norm\": {\n \"pct\": 0.0332\n },\n \"value\": 104437\n }\n }\n }\n },\n \"process\": {\n \"name\": \"explorer.exe\",\n \"pid\": 7260,\n \"ppid\": 660,\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\WINDOWS\\\\explorer.exe\",\n \"/factory,{ceff45ee-c862-41de-aee2-a022c81eda92}\",\n \"-Embedding\"\n ]\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.process\"\n },\n \"agent\": {\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"event\": {\n \"module\": \"system\",\n \"duration\": 112963500,\n \"dataset\": \"system.process\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.488+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:11.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"data_stream\": {\n \"dataset\": \"system.process\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"name\": \"Hamid-PC\"\n },\n \"agent\": {\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\"\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n },\n \"event\": {\n \"duration\": 112963500,\n \"dataset\": \"system.process\",\n \"module\": \"system\"\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"process\": {\n \"cpu\": {\n \"start_time\": \"2020-09-01T11:09:56.576Z\",\n \"total\": {\n \"value\": 109078,\n \"pct\": 0.1037,\n \"norm\": {\n \"pct\": 0.0259\n }\n }\n },\n \"state\": \"running\",\n \"memory\": {\n \"size\": 63938560,\n \"rss\": {\n \"bytes\": 127733760,\n \"pct\": 0.0153\n },\n \"share\": 0\n },\n \"cmdline\": \"C:\\\\WINDOWS\\\\Explorer.EXE\"\n }\n },\n \"process\": {\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\WINDOWS\\\\Explorer.EXE\"\n ],\n \"name\": \"explorer.exe\",\n \"pid\": 3480,\n \"ppid\": 5260\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.488+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:11.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.process\"\n },\n \"agent\": {\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\"\n },\n \"process\": {\n \"args\": [\n \"C:\\\\Program Files (x86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe\",\n \"--flag-switches-begin\",\n \"--flag-switches-end\",\n \"--enable-audio-service-sandbox\",\n \"--origin-trial-disabled-features=MeasureMemory\",\n \"--restore-last-session\"\n ],\n \"name\": \"chrome.exe\",\n \"pid\": 1768,\n \"ppid\": 3480,\n \"pgid\": 0\n },\n \"event\": {\n \"module\": \"system\",\n \"duration\": 112963500,\n \"dataset\": \"system.process\"\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n },\n \"system\": {\n \"process\": {\n \"cmdline\": \"C:\\\\Program Files (x86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --origin-trial-disabled-features=MeasureMemory --restore-last-session\",\n \"state\": \"running\",\n \"memory\": {\n \"size\": 251961344,\n \"rss\": {\n \"bytes\": 234852352,\n \"pct\": 0.028\n },\n \"share\": 0\n },\n \"cpu\": {\n \"start_time\": \"2020-09-01T11:11:59.970Z\",\n \"total\": {\n \"value\": 288593,\n \"pct\": 0.0541,\n \"norm\": {\n \"pct\": 0.0135\n }\n }\n }\n }\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"name\": \"Hamid-PC\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.488+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:11.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\"\n },\n \"name\": \"Hamid-PC\"\n },\n \"agent\": {\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\"\n },\n \"process\": {\n \"name\": \"SearchUI.exe\",\n \"pid\": 3256,\n \"ppid\": 660,\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\Windows\\\\SystemApps\\\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\\\SearchUI.exe\",\n \"-ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca\"\n ]\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n },\n \"event\": {\n \"dataset\": \"system.process\",\n \"module\": \"system\",\n \"duration\": 113967900\n },\n \"system\": {\n \"process\": {\n \"cmdline\": \"C:\\\\Windows\\\\SystemApps\\\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\\\SearchUI.exe -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca\",\n \"state\": \"running\",\n \"memory\": {\n \"size\": 148865024,\n \"rss\": {\n \"bytes\": 234233856,\n \"pct\": 0.028\n },\n \"share\": 0\n },\n \"cpu\": {\n \"total\": {\n \"value\": 60749,\n \"pct\": 0.0047,\n \"norm\": {\n \"pct\": 0.0012\n }\n },\n \"start_time\": \"2020-09-01T11:11:50.306Z\"\n }\n }\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.process\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.489+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:11.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.process\",\n \"namespace\": \"default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"agent\": {\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\"\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n },\n \"process\": {\n \"args\": [\n \"C:\\\\Program Files (x86)\\\\Mozilla Thunderbird\\\\thunderbird.exe\"\n ],\n \"name\": \"thunderbird.exe\",\n \"pid\": 4824,\n \"ppid\": 3480,\n \"pgid\": 0\n },\n \"event\": {\n \"module\": \"system\",\n \"duration\": 113967900,\n \"dataset\": \"system.process\"\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"host\": {\n \"architecture\": \"x86_64\",\n \"os\": {\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"name\": \"Hamid-PC\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\"\n },\n \"system\": {\n \"process\": {\n \"cpu\": {\n \"total\": {\n \"norm\": {\n \"pct\": 0.0212\n },\n \"value\": 32843,\n \"pct\": 0.085\n },\n \"start_time\": \"2020-09-01T13:36:21.496Z\"\n },\n \"state\": \"running\",\n \"memory\": {\n \"rss\": {\n \"bytes\": 158617600,\n \"pct\": 0.0189\n },\n \"share\": 0,\n \"size\": 151584768\n },\n \"cmdline\": \"C:\\\\Program Files (x86)\\\\Mozilla Thunderbird\\\\thunderbird.exe\"\n }\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:11.646+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:11.439Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.memory-default\"\n },\n \"host\": {\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"name\": \"Hamid-PC\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\"\n }\n },\n \"agent\": {\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\"\n },\n \"metricset\": {\n \"name\": \"memory\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"memory\": {\n \"total\": 8375672832,\n \"used\": {\n \"bytes\": 5012680704,\n \"pct\": 0.5985\n },\n \"free\": 3362992128,\n \"actual\": {\n \"free\": 3362992128,\n \"used\": {\n \"pct\": 0.5985,\n \"bytes\": 5012680704\n }\n },\n \"swap\": {\n \"total\": 16965607424,\n \"used\": {\n \"bytes\": 6792433664,\n \"pct\": 0.4004\n },\n \"free\": 10173173760\n }\n }\n },\n \"event\": {\n \"module\": \"system\",\n \"duration\": 207056700,\n \"dataset\": \"system.memory\"\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.memory\",\n \"namespace\": \"default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"error","@timestamp":"2020-09-02T12:57:15.040+0300","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/output.go","file.line":154},"message":"Failed to connect to backoff(elasticsearch(https://45cd934da9d443b187c79007c5bcb586.10.30.30.204.ip.es.io:9243)): Get \"https://45cd934da9d443b187c79007c5bcb586.10.30.30.204.ip.es.io:9243\": x509: certificate signed by unknown authority","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:57:15.040+0300","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/output.go","file.line":145},"message":"Attempting to reconnect to backoff(elasticsearch(https://45cd934da9d443b187c79007c5bcb586.10.30.30.204.ip.es.io:9243)) with 3 reconnect attempt(s)","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:15.040+0300","log.logger":"esclientleg","log.origin":{"file.name":"eslegclient/connection.go","file.line":290},"message":"ES Ping(url=https://45cd934da9d443b187c79007c5bcb586.10.30.30.204.ip.es.io:9243)","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:57:15.042+0300","log.logger":"publisher","log.origin":{"file.name":"pipeline/retry.go","file.line":219},"message":"retryer: send unwait signal to consumer","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:57:15.042+0300","log.logger":"publisher","log.origin":{"file.name":"pipeline/retry.go","file.line":223},"message":" done","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:15.062+0300","log.logger":"esclientleg","log.origin":{"file.name":"eslegclient/connection.go","file.line":294},"message":"Ping request failed with: Get \"https://45cd934da9d443b187c79007c5bcb586.10.30.30.204.ip.es.io:9243\": x509: certificate signed by unknown authority","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.097+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:21.096Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.diskio-default\"\n },\n \"system\": {\n \"diskio\": {\n \"name\": \"C:\",\n \"read\": {\n \"count\": 241550,\n \"time\": 28650013,\n \"bytes\": 8581402112\n },\n \"write\": {\n \"bytes\": 4512661504,\n \"count\": 195918,\n \"time\": 5632988\n },\n \"io\": {\n \"time\": 0\n }\n }\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.diskio\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"name\": \"Hamid-PC\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\"\n }\n },\n \"agent\": {\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\"\n },\n \"event\": {\n \"dataset\": \"system.diskio\",\n \"module\": \"system\"\n },\n \"metricset\": {\n \"name\": \"diskio\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.097+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:21.097Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.uptime-default\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"uptime\": {\n \"duration\": {\n \"ms\": 82261906\n }\n }\n },\n \"event\": {\n \"dataset\": \"system.uptime\",\n \"module\": \"system\"\n },\n \"data_stream\": {\n \"dataset\": \"system.uptime\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"name\": \"Hamid-PC\",\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ]\n },\n \"agent\": {\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\"\n },\n \"metricset\": {\n \"name\": \"uptime\",\n \"period\": 10000\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.097+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:21.096Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.diskio-default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"name\": \"Hamid-PC\",\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ]\n },\n \"metricset\": {\n \"name\": \"diskio\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"diskio\": {\n \"write\": {\n \"count\": 1542,\n \"time\": 9218,\n \"bytes\": 15687168\n },\n \"io\": {\n \"time\": 0\n },\n \"name\": \"D:\",\n \"read\": {\n \"time\": 47155,\n \"bytes\": 63854592,\n \"count\": 2429\n }\n }\n },\n \"event\": {\n \"dataset\": \"system.diskio\",\n \"module\": \"system\"\n },\n \"data_stream\": {\n \"dataset\": \"system.diskio\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"agent\": {\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.113+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:21.111Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.socket_summary-default\"\n },\n \"agent\": {\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\"\n },\n \"event\": {\n \"dataset\": \"system.socket_summary\",\n \"module\": \"system\",\n \"duration\": 1995700\n },\n \"metricset\": {\n \"name\": \"socket_summary\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"socket\": {\n \"summary\": {\n \"udp\": {\n \"all\": {\n \"count\": 92\n }\n },\n \"all\": {\n \"count\": 298,\n \"listening\": 47\n },\n \"tcp\": {\n \"all\": {\n \"close_wait\": 1,\n \"time_wait\": 89,\n \"count\": 206,\n \"listening\": 47,\n \"established\": 68\n }\n }\n }\n }\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.socket_summary\",\n \"namespace\": \"default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\"\n },\n \"name\": \"Hamid-PC\",\n \"id\": \"99800768-a362-4799-9840-677baad76c96\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.138+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:21.138Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.cpu-default\"\n },\n \"metricset\": {\n \"name\": \"cpu\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"cpu\": {\n \"steal\": {\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n }\n },\n \"system\": {\n \"norm\": {\n \"pct\": 0.209\n },\n \"pct\": 0.8359\n },\n \"idle\": {\n \"pct\": 1.85,\n \"norm\": {\n \"pct\": 0.4625\n }\n },\n \"nice\": {\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n }\n },\n \"softirq\": {\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n }\n },\n \"irq\": {\n \"norm\": {\n \"pct\": 0\n },\n \"pct\": 0\n },\n \"user\": {\n \"pct\": 1.3141,\n \"norm\": {\n \"pct\": 0.3285\n }\n },\n \"iowait\": {\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n }\n },\n \"total\": {\n \"pct\": 2.15,\n \"norm\": {\n \"pct\": 0.5375\n }\n },\n \"cores\": 4\n }\n },\n \"event\": {\n \"module\": \"system\",\n \"dataset\": \"system.cpu\"\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.cpu\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\"\n },\n \"name\": \"Hamid-PC\",\n \"id\": \"99800768-a362-4799-9840-677baad76c96\"\n },\n \"agent\": {\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.168+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:21.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"host\": {\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"name\": \"Hamid-PC\",\n \"os\": {\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\"\n }\n },\n \"agent\": {\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\"\n },\n \"system\": {\n \"network\": {\n \"name\": \"Local Area Connection\",\n \"in\": {\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0,\n \"errors\": 0\n },\n \"out\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 0,\n \"bytes\": 0\n }\n }\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"event\": {\n \"dataset\": \"system.network\",\n \"module\": \"system\",\n \"duration\": 15963100\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.168+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:21.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"system\": {\n \"network\": {\n \"in\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0\n },\n \"out\": {\n \"packets\": 0,\n \"bytes\": 0,\n \"errors\": 0,\n \"dropped\": 0\n },\n \"name\": \"VirtualBox Host-Only Network\"\n }\n },\n \"data_stream\": {\n \"dataset\": \"system.network\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"architecture\": \"x86_64\",\n \"name\": \"Hamid-PC\",\n \"os\": {\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\"\n },\n \"agent\": {\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\"\n },\n \"event\": {\n \"dataset\": \"system.network\",\n \"module\": \"system\",\n \"duration\": 15963100\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.169+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:21.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"name\": \"Local Area Connection* 10\",\n \"in\": {\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0,\n \"errors\": 0\n },\n \"out\": {\n \"packets\": 0,\n \"bytes\": 0,\n \"errors\": 0,\n \"dropped\": 0\n }\n }\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n },\n \"host\": {\n \"architecture\": \"x86_64\",\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"name\": \"Hamid-PC\"\n },\n \"agent\": {\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"event\": {\n \"dataset\": \"system.network\",\n \"module\": \"system\",\n \"duration\": 15963100\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.169+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:21.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"host\": {\n \"name\": \"Hamid-PC\",\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ]\n },\n \"agent\": {\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\"\n },\n \"metricset\": {\n \"period\": 10000,\n \"name\": \"network\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"out\": {\n \"dropped\": 0,\n \"packets\": 0,\n \"bytes\": 0,\n \"errors\": 0\n },\n \"name\": \"Local Area Connection* 13\",\n \"in\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0\n }\n }\n },\n \"event\": {\n \"dataset\": \"system.network\",\n \"module\": \"system\",\n \"duration\": 15963100\n },\n \"data_stream\": {\n \"dataset\": \"system.network\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.169+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:21.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"out\": {\n \"bytes\": 0,\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 0\n },\n \"name\": \"Mobile Broadband Connection\",\n \"in\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0\n }\n }\n },\n \"data_stream\": {\n \"dataset\": \"system.network\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"agent\": {\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"name\": \"Hamid-PC\",\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\"\n },\n \"event\": {\n \"dataset\": \"system.network\",\n \"module\": \"system\",\n \"duration\": 16956900\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.169+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:21.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n },\n \"agent\": {\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"name\": \"Hamid-PC\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ]\n },\n \"system\": {\n \"network\": {\n \"in\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0\n },\n \"out\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 0,\n \"bytes\": 587\n },\n \"name\": \"VMware Network Adapter VMnet1\"\n }\n },\n \"event\": {\n \"module\": \"system\",\n \"duration\": 16956900,\n \"dataset\": \"system.network\"\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.170+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:21.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"host\": {\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"name\": \"Hamid-PC\",\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ]\n },\n \"event\": {\n \"duration\": 16956900,\n \"dataset\": \"system.network\",\n \"module\": \"system\"\n },\n \"metricset\": {\n \"period\": 10000,\n \"name\": \"network\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"out\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 0,\n \"bytes\": 580\n },\n \"name\": \"VMware Network Adapter VMnet8\",\n \"in\": {\n \"bytes\": 0,\n \"packets\": 0,\n \"errors\": 0,\n \"dropped\": 0\n }\n }\n },\n \"data_stream\": {\n \"dataset\": \"system.network\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"agent\": {\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.170+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:21.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"event\": {\n \"duration\": 16956900,\n \"dataset\": \"system.network\",\n \"module\": \"system\"\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"name\": \"Wi-Fi\",\n \"in\": {\n \"dropped\": 0,\n \"bytes\": 8297805,\n \"packets\": 13957,\n \"errors\": 0\n },\n \"out\": {\n \"bytes\": 6905656,\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 33071\n }\n }\n },\n \"data_stream\": {\n \"dataset\": \"system.network\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"name\": \"Hamid-PC\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ]\n },\n \"agent\": {\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.170+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:21.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"system\": {\n \"network\": {\n \"name\": \"Loopback Pseudo-Interface 1\",\n \"in\": {\n \"packets\": 0,\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0\n },\n \"out\": {\n \"packets\": 0,\n \"bytes\": 0,\n \"errors\": 0,\n \"dropped\": 0\n }\n }\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.network\",\n \"namespace\": \"default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"name\": \"Hamid-PC\",\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ]\n },\n \"agent\": {\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\"\n },\n \"event\": {\n \"duration\": 16956900,\n \"dataset\": \"system.network\",\n \"module\": \"system\"\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.170+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:21.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"event\": {\n \"module\": \"system\",\n \"duration\": 17956000,\n \"dataset\": \"system.network\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"name\": \"vEthernet (Default Switch)\",\n \"in\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0\n },\n \"out\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 0,\n \"bytes\": 1889716\n }\n }\n },\n \"data_stream\": {\n \"dataset\": \"system.network\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"host\": {\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"name\": \"Hamid-PC\",\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ]\n },\n \"agent\": {\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.382+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":475},"message":"Skip process pid=0: error getting process state for pid=0: getProcName failed: OpenProcess failed for pid=0: The parameter is incorrect.; getProcStatus failed: OpenProcess failed for pid=0: The parameter is incorrect.; getParentPid failed: OpenProcess failed for pid=0: The parameter is incorrect.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.383+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":475},"message":"Skip process pid=4: error getting process state for pid=4: getProcName failed: GetProcessImageFileName failed for pid=4: GetProcessImageFileName failed: invalid argument","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.383+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":475},"message":"Skip process pid=56: error getting process state for pid=56: getProcName failed: GetProcessImageFileName failed for pid=56: GetProcessImageFileName failed: invalid argument","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.383+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process Registry with pid=100: error getting process mem for pid=100: OpenProcess failed for pid=100: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.383+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process smss.exe with pid=480: error getting process mem for pid=480: OpenProcess failed for pid=480: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.383+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process csrss.exe with pid=700: error getting process mem for pid=700: OpenProcess failed for pid=700: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.383+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process csrss.exe with pid=776: error getting process mem for pid=776: OpenProcess failed for pid=776: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.384+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process wininit.exe with pid=800: error getting process mem for pid=800: OpenProcess failed for pid=800: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.384+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process services.exe with pid=900: error getting process mem for pid=900: OpenProcess failed for pid=900: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.391+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process MemCompression with pid=2060: error getting process mem for pid=2060: OpenProcess failed for pid=2060: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.405+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process MsMpEng.exe with pid=4136: error getting process mem for pid=4136: OpenProcess failed for pid=4136: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.410+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process NisSrv.exe with pid=4004: error getting process mem for pid=4004: OpenProcess failed for pid=4004: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.415+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:21.345Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process_summary-default\"\n },\n \"metricset\": {\n \"name\": \"process_summary\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"process\": {\n \"summary\": {\n \"total\": 253,\n \"sleeping\": 0,\n \"running\": 250,\n \"idle\": 0,\n \"stopped\": 0,\n \"zombie\": 0,\n \"unknown\": 3,\n \"dead\": 0\n }\n }\n },\n \"event\": {\n \"dataset\": \"system.process_summary\",\n \"module\": \"system\",\n \"duration\": 68916000\n },\n \"data_stream\": {\n \"dataset\": \"system.process_summary\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\"\n },\n \"name\": \"Hamid-PC\",\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ]\n },\n \"agent\": {\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.420+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process SecurityHealthService.exe with pid=4240: error getting process mem for pid=4240: OpenProcess failed for pid=4240: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.429+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process SgrmBroker.exe with pid=7692: error getting process mem for pid=7692: OpenProcess failed for pid=7692: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.432+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process svchost.exe with pid=9264: error getting process mem for pid=9264: OpenProcess failed for pid=9264: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.448+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process svchost.exe with pid=14552: error getting process mem for pid=14552: OpenProcess failed for pid=14552: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.451+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":434},"message":"Filtered top processes down to 8 processes","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.451+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:21.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"event\": {\n \"dataset\": \"system.process\",\n \"module\": \"system\",\n \"duration\": 77000200\n },\n \"data_stream\": {\n \"dataset\": \"system.process\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"host\": {\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"name\": \"Hamid-PC\",\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ]\n },\n \"agent\": {\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\"\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"system\": {\n \"process\": {\n \"cmdline\": \"C:\\\\Program Files (x86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe --type=renderer --field-trial-handle=1548,14710917769990325656,12595360292849818750,131072 --lang=en-US --enable-auto-reload --origin-trial-disabled-features=MeasureMemory --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2976 /prefetch:1\",\n \"cpu\": {\n \"start_time\": \"2020-09-01T11:14:12.015Z\",\n \"total\": {\n \"value\": 39874,\n \"pct\": 0.2832,\n \"norm\": {\n \"pct\": 0.0708\n }\n }\n },\n \"state\": \"running\",\n \"memory\": {\n \"share\": 0,\n \"size\": 130969600,\n \"rss\": {\n \"bytes\": 141717504,\n \"pct\": 0.0169\n }\n }\n }\n },\n \"process\": {\n \"ppid\": 1768,\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\Program Files (x86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe\",\n \"--type=renderer\",\n \"--field-trial-handle=1548,14710917769990325656,12595360292849818750,131072\",\n \"--lang=en-US\",\n \"--enable-auto-reload\",\n \"--origin-trial-disabled-features=MeasureMemory\",\n \"--device-scale-factor=1\",\n \"--num-raster-threads=2\",\n \"--enable-main-frame-before-activation\",\n \"--renderer-client-id=7\",\n \"--no-v8-untrusted-code-mitigations\",\n \"--mojo-platform-channel-handle=2976\",\n \"/prefetch:1\"\n ],\n \"name\": \"chrome.exe\",\n \"pid\": 9508\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.452+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:21.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"name\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ]\n },\n \"process\": {\n \"args\": [\n \"C:\\\\WINDOWS\\\\system32\\\\svchost.exe\",\n \"-k\",\n \"LocalServiceNoNetworkFirewall\",\n \"-p\"\n ],\n \"name\": \"svchost.exe\",\n \"pid\": 2752,\n \"ppid\": 900,\n \"pgid\": 0\n },\n \"user\": {\n \"name\": \"NT AUTHORITY\\\\LOCAL SERVICE\"\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"agent\": {\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\"\n },\n \"event\": {\n \"dataset\": \"system.process\",\n \"module\": \"system\",\n \"duration\": 77000200\n },\n \"system\": {\n \"process\": {\n \"cmdline\": \"C:\\\\WINDOWS\\\\system32\\\\svchost.exe -k LocalServiceNoNetworkFirewall -p\",\n \"state\": \"running\",\n \"memory\": {\n \"size\": 19083264,\n \"rss\": {\n \"bytes\": 25997312,\n \"pct\": 0.0031\n },\n \"share\": 0\n },\n \"cpu\": {\n \"total\": {\n \"value\": 34483,\n \"pct\": 0.1624,\n \"norm\": {\n \"pct\": 0.0406\n }\n },\n \"start_time\": \"2020-09-01T11:07:11.465Z\"\n }\n }\n },\n \"data_stream\": {\n \"dataset\": \"system.process\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.452+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:21.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"user\": {\n \"name\": \"NT AUTHORITY\\\\NETWORK SERVICE\"\n },\n \"event\": {\n \"dataset\": \"system.process\",\n \"module\": \"system\",\n \"duration\": 77000200\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"process\": {\n \"cmdline\": \"C:\\\\WINDOWS\\\\system32\\\\svchost.exe -k NetworkService -p -s Dnscache\",\n \"state\": \"running\",\n \"memory\": {\n \"size\": 4558848,\n \"rss\": {\n \"bytes\": 8429568,\n \"pct\": 0.001\n },\n \"share\": 0\n },\n \"cpu\": {\n \"start_time\": \"2020-09-01T11:07:10.232Z\",\n \"total\": {\n \"value\": 193905,\n \"pct\": 0.1281,\n \"norm\": {\n \"pct\": 0.032\n }\n }\n }\n }\n },\n \"data_stream\": {\n \"dataset\": \"system.process\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"process\": {\n \"name\": \"svchost.exe\",\n \"pid\": 2616,\n \"ppid\": 900,\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\WINDOWS\\\\system32\\\\svchost.exe\",\n \"-k\",\n \"NetworkService\",\n \"-p\",\n \"-s\",\n \"Dnscache\"\n ]\n },\n \"metricset\": {\n \"period\": 10000,\n \"name\": \"process\"\n },\n \"host\": {\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"name\": \"Hamid-PC\",\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\"\n },\n \"agent\": {\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.452+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:21.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"process\": {\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\Program Files\\\\WindowsApps\\\\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\\\\Skype\\\\Skype.exe\",\n \"--type=renderer\",\n \"--autoplay-policy=no-user-gesture-required\",\n \"--disable-background-timer-throttling\",\n \"--ms-disable-indexeddb-transaction-timeout\",\n \"--field-trial-handle=2360,13621305819969103586,15743625929938196683,131072\",\n \"--disable-features=PictureInPicture,SpareRendererForSitePerProcess\",\n \"--lang=en-US\",\n \"--app-user-model-id=Microsoft.Skype.SkypeDesktop\",\n \"--app-path=C:\\\\Program Files\\\\WindowsApps\\\\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\\\\Skype\\\\resources\\\\app.asar\",\n \"--webview-tag\",\n \"--no-sandbox\",\n \"--no-zygote\",\n \"--native-window-open\",\n \"--preload=C:\\\\Program Files\\\\WindowsApps\\\\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\\\\Skype\\\\resources\\\\app.asar\\\\Preload.js\",\n \"--disable-remote-module\",\n \"--background-color=#fff\",\n \"--node-integration-in-subframes\",\n \"--enable-websql\",\n \"--enable-spellcheck\",\n \"--electron-shared-settings=eyJjci5jb21wYW55IjoiRWxlY3Ryb24iLCJjci5kdW1wcyI6IiIsImNyLmVuYWJsZWQiOmZhbHNlLCJjci5wcm9kdWN0IjoiRWxlY3Ryb24iLCJjci5zZXNzaW9uIjoiIiwiY3IudXJsIjoiIiwiY3IudmVyc2lvbiI6IiJ9\",\n \"--device-scale-factor=1\",\n \"--num-raster-threads=2\",\n \"--enable-main-frame-before-activation\",\n \"--service-request-channel-token=16785184594504848381\",\n \"--renderer-client-id=5\",\n \"--no-v8-untrusted-code-mitigations\",\n \"--mojo-platform-channel-handle=3008\",\n \"/prefetch:1\",\n \"--skype-process-type=Main\",\n \"--skype-window-id=__MAIN_ROOT_VIEW_ID__\"\n ],\n \"name\": \"Skype.exe\",\n \"pid\": 9184,\n \"ppid\": 10044\n },\n \"event\": {\n \"dataset\": \"system.process\",\n \"module\": \"system\",\n \"duration\": 77995000\n },\n \"system\": {\n \"process\": {\n \"cmdline\": \"C:\\\\Program Files\\\\WindowsApps\\\\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\\\\Skype\\\\Skype.exe --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --ms-disable-indexeddb-transaction-timeout --field-trial-handle=2360,13621305819969103586,15743625929938196683,131072 --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --app-user-model-id=Microsoft.Skype.SkypeDesktop --app-path=C:\\\\Program Files\\\\WindowsApps\\\\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\\\\Skype\\\\resources\\\\app.asar --webview-tag --no-sandbox --no-zygote --native-window-open --preload=C:\\\\Program Files\\\\WindowsApps\\\\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\\\\Skype\\\\resources\\\\app.asar\\\\Preload.js --disable-remote-module --background-color=#fff --node-integration-in-subframes --enable-websql --enable-spellcheck --electron-shared-settings=eyJjci5jb21wYW55IjoiRWxlY3Ryb24iLCJjci5kdW1wcyI6IiIsImNyLmVuYWJsZWQiOmZhbHNlLCJjci5wcm9kdWN0IjoiRWxlY3Ryb24iLCJjci5zZXNzaW9uIjoiIiwiY3IudXJsIjoiIiwiY3IudmVyc2lvbiI6IiJ9 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=16785184594504848381 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3008 /prefetch:1 --skype-process-type=Main --skype-window-id=__MAIN_ROOT_VIEW_ID__\",\n \"memory\": {\n \"size\": 187498496,\n \"rss\": {\n \"bytes\": 121319424,\n \"pct\": 0.0145\n },\n \"share\": 0\n },\n \"cpu\": {\n \"total\": {\n \"pct\": 0.116,\n \"norm\": {\n \"pct\": 0.029\n },\n \"value\": 28234\n },\n \"start_time\": \"2020-09-01T11:15:44.398Z\"\n },\n \"state\": \"running\"\n }\n },\n \"host\": {\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"name\": \"Hamid-PC\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\"\n }\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"data_stream\": {\n \"dataset\": \"system.process\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"agent\": {\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.453+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:21.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"event\": {\n \"duration\": 77995000,\n \"dataset\": \"system.process\",\n \"module\": \"system\"\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.process\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"name\": \"Hamid-PC\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\"\n },\n \"system\": {\n \"process\": {\n \"cpu\": {\n \"total\": {\n \"norm\": {\n \"pct\": 0.027\n },\n \"value\": 33921,\n \"pct\": 0.1082\n },\n \"start_time\": \"2020-09-01T13:36:21.496Z\"\n },\n \"state\": \"running\",\n \"memory\": {\n \"share\": 0,\n \"size\": 157298688,\n \"rss\": {\n \"bytes\": 174448640,\n \"pct\": 0.0208\n }\n },\n \"cmdline\": \"C:\\\\Program Files (x86)\\\\Mozilla Thunderbird\\\\thunderbird.exe\"\n }\n },\n \"process\": {\n \"name\": \"thunderbird.exe\",\n \"pid\": 4824,\n \"ppid\": 3480,\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\Program Files (x86)\\\\Mozilla Thunderbird\\\\thunderbird.exe\"\n ]\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"agent\": {\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.453+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:21.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"process\": {\n \"name\": \"chrome.exe\",\n \"pid\": 1768,\n \"ppid\": 3480,\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\Program Files (x86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe\",\n \"--flag-switches-begin\",\n \"--flag-switches-end\",\n \"--enable-audio-service-sandbox\",\n \"--origin-trial-disabled-features=MeasureMemory\",\n \"--restore-last-session\"\n ]\n },\n \"metricset\": {\n \"period\": 10000,\n \"name\": \"process\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"process\": {\n \"cmdline\": \"C:\\\\Program Files (x86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --origin-trial-disabled-features=MeasureMemory --restore-last-session\",\n \"cpu\": {\n \"start_time\": \"2020-09-01T11:11:59.970Z\",\n \"total\": {\n \"value\": 289296,\n \"pct\": 0.0704,\n \"norm\": {\n \"pct\": 0.0176\n }\n }\n },\n \"state\": \"running\",\n \"memory\": {\n \"rss\": {\n \"pct\": 0.0282,\n \"bytes\": 236589056\n },\n \"share\": 0,\n \"size\": 251953152\n }\n }\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"name\": \"Hamid-PC\",\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ]\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n },\n \"event\": {\n \"dataset\": \"system.process\",\n \"module\": \"system\",\n \"duration\": 77995000\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.process\",\n \"namespace\": \"default\"\n },\n \"agent\": {\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.453+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:21.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.process\",\n \"namespace\": \"default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"agent\": {\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\"\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"process\": {\n \"pid\": 3256,\n \"ppid\": 660,\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\Windows\\\\SystemApps\\\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\\\SearchUI.exe\",\n \"-ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca\"\n ],\n \"name\": \"SearchUI.exe\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"process\": {\n \"memory\": {\n \"rss\": {\n \"bytes\": 234233856,\n \"pct\": 0.028\n },\n \"share\": 0,\n \"size\": 148865024\n },\n \"cpu\": {\n \"start_time\": \"2020-09-01T11:11:50.306Z\",\n \"total\": {\n \"norm\": {\n \"pct\": 0\n },\n \"value\": 60749,\n \"pct\": 0\n }\n },\n \"cmdline\": \"C:\\\\Windows\\\\SystemApps\\\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\\\SearchUI.exe -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca\",\n \"state\": \"running\"\n }\n },\n \"host\": {\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"name\": \"Hamid-PC\",\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ]\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n },\n \"event\": {\n \"duration\": 78993400,\n \"dataset\": \"system.process\",\n \"module\": \"system\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.453+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:21.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"agent\": {\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\"\n },\n \"host\": {\n \"os\": {\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"name\": \"Hamid-PC\",\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\"\n },\n \"event\": {\n \"module\": \"system\",\n \"duration\": 78993400,\n \"dataset\": \"system.process\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"process\": {\n \"cpu\": {\n \"total\": {\n \"pct\": 0.0016,\n \"norm\": {\n \"pct\": 0.0004\n },\n \"value\": 184999\n },\n \"start_time\": \"2020-09-01T11:12:20.366Z\"\n },\n \"cmdline\": \"C:\\\\Program Files (x86)\\\\Dropbox\\\\Client\\\\Dropbox.exe /systemstartup\",\n \"state\": \"running\",\n \"memory\": {\n \"size\": 225361920,\n \"rss\": {\n \"bytes\": 152506368,\n \"pct\": 0.0182\n },\n \"share\": 0\n }\n }\n },\n \"process\": {\n \"pid\": 9868,\n \"ppid\": 8548,\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\Program Files (x86)\\\\Dropbox\\\\Client\\\\Dropbox.exe\",\n \"/systemstartup\"\n ],\n \"name\": \"Dropbox.exe\"\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.process\",\n \"namespace\": \"default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:21.593+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:21.439Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.memory-default\"\n },\n \"host\": {\n \"name\": \"Hamid-PC\",\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ]\n },\n \"agent\": {\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"system\": {\n \"memory\": {\n \"free\": 3211239424,\n \"actual\": {\n \"free\": 3211239424,\n \"used\": {\n \"pct\": 0.6166,\n \"bytes\": 5164433408\n }\n },\n \"swap\": {\n \"total\": 16965607424,\n \"used\": {\n \"bytes\": 6853943296,\n \"pct\": 0.404\n },\n \"free\": 10111664128\n },\n \"total\": 8375672832,\n \"used\": {\n \"bytes\": 5164433408,\n \"pct\": 0.6166\n }\n }\n },\n \"metricset\": {\n \"name\": \"memory\",\n \"period\": 10000\n },\n \"event\": {\n \"dataset\": \"system.memory\",\n \"module\": \"system\",\n \"duration\": 154040400\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.memory\",\n \"namespace\": \"default\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"error","@timestamp":"2020-09-02T12:57:27.799+0300","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/output.go","file.line":154},"message":"Failed to connect to backoff(elasticsearch(https://45cd934da9d443b187c79007c5bcb586.10.30.30.204.ip.es.io:9243)): Get \"https://45cd934da9d443b187c79007c5bcb586.10.30.30.204.ip.es.io:9243\": x509: certificate signed by unknown authority","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:57:27.799+0300","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/output.go","file.line":145},"message":"Attempting to reconnect to backoff(elasticsearch(https://45cd934da9d443b187c79007c5bcb586.10.30.30.204.ip.es.io:9243)) with 4 reconnect attempt(s)","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:27.799+0300","log.logger":"esclientleg","log.origin":{"file.name":"eslegclient/connection.go","file.line":290},"message":"ES Ping(url=https://45cd934da9d443b187c79007c5bcb586.10.30.30.204.ip.es.io:9243)","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:57:27.799+0300","log.logger":"publisher","log.origin":{"file.name":"pipeline/retry.go","file.line":219},"message":"retryer: send unwait signal to consumer","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:57:27.799+0300","log.logger":"publisher","log.origin":{"file.name":"pipeline/retry.go","file.line":223},"message":" done","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:27.817+0300","log.logger":"esclientleg","log.origin":{"file.name":"eslegclient/connection.go","file.line":294},"message":"Ping request failed with: Get \"https://45cd934da9d443b187c79007c5bcb586.10.30.30.204.ip.es.io:9243\": x509: certificate signed by unknown authority","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:57:30.029+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":953,"time":{"ms":953}},"total":{"ticks":1578,"time":{"ms":1578},"value":1578},"user":{"ticks":625,"time":{"ms":625}}},"handles":{"open":391},"info":{"ephemeral_id":"41aad6a1-ed1e-4ddf-885b-8ce2690911a1","uptime":{"ms":35089}},"memstats":{"gc_next":17995184,"memory_alloc":12281008,"memory_total":40835720,"rss":59101184},"runtime":{"goroutines":69}},"libbeat":{"config":{"module":{"running":8,"starts":8},"reloads":1,"scans":1},"output":{"type":"elasticsearch"},"pipeline":{"clients":8,"events":{"active":77,"published":77,"retry":108,"total":77}}},"metricbeat":{"system":{"cpu":{"events":3,"success":3},"diskio":{"events":6,"success":6},"memory":{"events":3,"success":3},"network":{"events":30,"success":30},"process":{"events":26,"success":26},"process_summary":{"events":3,"success":3},"socket_summary":{"events":3,"success":3},"uptime":{"events":3,"success":3}}},"system":{"cpu":{"cores":4}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.097+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:31.096Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.diskio-default\"\n },\n \"metricset\": {\n \"name\": \"diskio\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.diskio\",\n \"namespace\": \"default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"name\": \"Hamid-PC\",\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\"\n }\n },\n \"agent\": {\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\"\n },\n \"system\": {\n \"diskio\": {\n \"write\": {\n \"count\": 196409,\n \"time\": 5633492,\n \"bytes\": 4520074240\n },\n \"io\": {\n \"time\": 0\n },\n \"name\": \"C:\",\n \"read\": {\n \"bytes\": 8581467648,\n \"count\": 241558,\n \"time\": 28650166\n }\n }\n },\n \"event\": {\n \"dataset\": \"system.diskio\",\n \"module\": \"system\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.097+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:31.097Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.uptime-default\"\n },\n \"event\": {\n \"dataset\": \"system.uptime\",\n \"module\": \"system\"\n },\n \"metricset\": {\n \"name\": \"uptime\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"data_stream\": {\n \"dataset\": \"system.uptime\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"host\": {\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"name\": \"Hamid-PC\"\n },\n \"agent\": {\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"system\": {\n \"uptime\": {\n \"duration\": {\n \"ms\": 82271906\n }\n }\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.097+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:31.096Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.diskio-default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"name\": \"Hamid-PC\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\"\n }\n },\n \"agent\": {\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\"\n },\n \"metricset\": {\n \"name\": \"diskio\",\n \"period\": 10000\n },\n \"event\": {\n \"dataset\": \"system.diskio\",\n \"module\": \"system\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"diskio\": {\n \"write\": {\n \"time\": 9228,\n \"bytes\": 16086016,\n \"count\": 1574\n },\n \"io\": {\n \"time\": 0\n },\n \"name\": \"D:\",\n \"read\": {\n \"count\": 2429,\n \"time\": 47155,\n \"bytes\": 63854592\n }\n }\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.diskio\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.113+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:31.111Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.socket_summary-default\"\n },\n \"agent\": {\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"metricset\": {\n \"name\": \"socket_summary\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"socket\": {\n \"summary\": {\n \"udp\": {\n \"all\": {\n \"count\": 86\n }\n },\n \"all\": {\n \"count\": 293,\n \"listening\": 47\n },\n \"tcp\": {\n \"all\": {\n \"time_wait\": 93,\n \"count\": 207,\n \"listening\": 47,\n \"established\": 65,\n \"close_wait\": 1\n }\n }\n }\n }\n },\n \"event\": {\n \"duration\": 1997300,\n \"dataset\": \"system.socket_summary\",\n \"module\": \"system\"\n },\n \"data_stream\": {\n \"dataset\": \"system.socket_summary\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"host\": {\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"name\": \"Hamid-PC\",\n \"os\": {\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ]\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.138+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:31.138Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.cpu-default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"architecture\": \"x86_64\",\n \"os\": {\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"name\": \"Hamid-PC\",\n \"hostname\": \"Hamid-PC\"\n },\n \"agent\": {\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\"\n },\n \"system\": {\n \"cpu\": {\n \"cores\": 4,\n \"idle\": {\n \"pct\": 3.4891,\n \"norm\": {\n \"pct\": 0.8723\n }\n },\n \"irq\": {\n \"norm\": {\n \"pct\": 0\n },\n \"pct\": 0\n },\n \"softirq\": {\n \"norm\": {\n \"pct\": 0\n },\n \"pct\": 0\n },\n \"steal\": {\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n }\n },\n \"total\": {\n \"pct\": 0.5109,\n \"norm\": {\n \"pct\": 0.1277\n }\n },\n \"system\": {\n \"pct\": 0.225,\n \"norm\": {\n \"pct\": 0.0563\n }\n },\n \"iowait\": {\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n }\n },\n \"nice\": {\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n }\n },\n \"user\": {\n \"pct\": 0.2859,\n \"norm\": {\n \"pct\": 0.0715\n }\n }\n }\n },\n \"event\": {\n \"module\": \"system\",\n \"dataset\": \"system.cpu\"\n },\n \"metricset\": {\n \"name\": \"cpu\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"data_stream\": {\n \"dataset\": \"system.cpu\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.167+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:31.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"in\": {\n \"packets\": 0,\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0\n },\n \"out\": {\n \"bytes\": 0,\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 0\n },\n \"name\": \"Local Area Connection\"\n }\n },\n \"event\": {\n \"module\": \"system\",\n \"duration\": 14013200,\n \"dataset\": \"system.network\"\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n },\n \"host\": {\n \"os\": {\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"name\": \"Hamid-PC\",\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\"\n },\n \"agent\": {\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.167+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:31.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"name\": \"Hamid-PC\",\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\"\n },\n \"agent\": {\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\"\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"name\": \"VirtualBox Host-Only Network\",\n \"in\": {\n \"bytes\": 0,\n \"packets\": 0,\n \"errors\": 0,\n \"dropped\": 0\n },\n \"out\": {\n \"packets\": 0,\n \"bytes\": 0,\n \"errors\": 0,\n \"dropped\": 0\n }\n }\n },\n \"event\": {\n \"dataset\": \"system.network\",\n \"module\": \"system\",\n \"duration\": 14013200\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.167+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:31.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"event\": {\n \"duration\": 14013200,\n \"dataset\": \"system.network\",\n \"module\": \"system\"\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"name\": \"Local Area Connection* 10\",\n \"in\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0\n },\n \"out\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 0,\n \"bytes\": 0\n }\n }\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n },\n \"host\": {\n \"architecture\": \"x86_64\",\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"name\": \"Hamid-PC\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\"\n },\n \"agent\": {\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.167+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:31.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"name\": \"Local Area Connection* 13\",\n \"in\": {\n \"packets\": 0,\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0\n },\n \"out\": {\n \"bytes\": 0,\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 0\n }\n }\n },\n \"event\": {\n \"duration\": 14980900,\n \"dataset\": \"system.network\",\n \"module\": \"system\"\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.network\",\n \"namespace\": \"default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"name\": \"Hamid-PC\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ]\n },\n \"agent\": {\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\"\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.168+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:31.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"name\": \"Hamid-PC\",\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n }\n },\n \"agent\": {\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\"\n },\n \"event\": {\n \"dataset\": \"system.network\",\n \"module\": \"system\",\n \"duration\": 14980900\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"in\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0\n },\n \"out\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 0,\n \"bytes\": 0\n },\n \"name\": \"Mobile Broadband Connection\"\n }\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.168+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:31.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"event\": {\n \"dataset\": \"system.network\",\n \"module\": \"system\",\n \"duration\": 14980900\n },\n \"metricset\": {\n \"period\": 10000,\n \"name\": \"network\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"name\": \"VMware Network Adapter VMnet1\",\n \"in\": {\n \"packets\": 0,\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0\n },\n \"out\": {\n \"dropped\": 0,\n \"packets\": 0,\n \"bytes\": 714,\n \"errors\": 0\n }\n }\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n },\n \"host\": {\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"name\": \"Hamid-PC\",\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\"\n },\n \"agent\": {\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.168+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:31.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"agent\": {\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"name\": \"Hamid-PC\",\n \"os\": {\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\"\n }\n },\n \"event\": {\n \"dataset\": \"system.network\",\n \"module\": \"system\",\n \"duration\": 16016200\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"in\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0\n },\n \"out\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 0,\n \"bytes\": 707\n },\n \"name\": \"VMware Network Adapter VMnet8\"\n }\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.168+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:31.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"name\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\"\n },\n \"agent\": {\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\"\n },\n \"event\": {\n \"duration\": 16016200,\n \"dataset\": \"system.network\",\n \"module\": \"system\"\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"name\": \"Wi-Fi\",\n \"in\": {\n \"bytes\": 8561185,\n \"packets\": 14415,\n \"errors\": 0,\n \"dropped\": 0\n },\n \"out\": {\n \"packets\": 33564,\n \"bytes\": 7339068,\n \"errors\": 0,\n \"dropped\": 0\n }\n }\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.168+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:31.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"event\": {\n \"dataset\": \"system.network\",\n \"module\": \"system\",\n \"duration\": 16016200\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"name\": \"Hamid-PC\",\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\"\n },\n \"agent\": {\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\"\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"in\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0\n },\n \"out\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 0,\n \"bytes\": 0\n },\n \"name\": \"Loopback Pseudo-Interface 1\"\n }\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.169+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:31.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"host\": {\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"name\": \"Hamid-PC\",\n \"os\": {\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ]\n },\n \"event\": {\n \"dataset\": \"system.network\",\n \"module\": \"system\",\n \"duration\": 16016200\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"name\": \"vEthernet (Default Switch)\",\n \"in\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0\n },\n \"out\": {\n \"packets\": 0,\n \"bytes\": 1933944,\n \"errors\": 0,\n \"dropped\": 0\n }\n }\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n },\n \"agent\": {\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.380+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":475},"message":"Skip process pid=0: error getting process state for pid=0: getProcName failed: OpenProcess failed for pid=0: The parameter is incorrect.; getProcStatus failed: OpenProcess failed for pid=0: The parameter is incorrect.; getParentPid failed: OpenProcess failed for pid=0: The parameter is incorrect.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.380+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":475},"message":"Skip process pid=4: error getting process state for pid=4: getProcName failed: GetProcessImageFileName failed for pid=4: GetProcessImageFileName failed: invalid argument","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.381+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":475},"message":"Skip process pid=56: error getting process state for pid=56: getProcName failed: GetProcessImageFileName failed for pid=56: GetProcessImageFileName failed: invalid argument","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.381+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process Registry with pid=100: error getting process mem for pid=100: OpenProcess failed for pid=100: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.381+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process smss.exe with pid=480: error getting process mem for pid=480: OpenProcess failed for pid=480: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.381+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process csrss.exe with pid=700: error getting process mem for pid=700: OpenProcess failed for pid=700: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.382+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process csrss.exe with pid=776: error getting process mem for pid=776: OpenProcess failed for pid=776: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.382+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process wininit.exe with pid=800: error getting process mem for pid=800: OpenProcess failed for pid=800: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.382+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process services.exe with pid=900: error getting process mem for pid=900: OpenProcess failed for pid=900: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.389+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process MemCompression with pid=2060: error getting process mem for pid=2060: OpenProcess failed for pid=2060: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.398+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:31.345Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process_summary-default\"\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.process_summary\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"hostname\": \"Hamid-PC\",\n \"name\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ]\n },\n \"agent\": {\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\"\n },\n \"metricset\": {\n \"name\": \"process_summary\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"process\": {\n \"summary\": {\n \"sleeping\": 0,\n \"running\": 247,\n \"idle\": 0,\n \"stopped\": 0,\n \"zombie\": 0,\n \"unknown\": 3,\n \"dead\": 0,\n \"total\": 250\n }\n }\n },\n \"event\": {\n \"duration\": 51988500,\n \"dataset\": \"system.process_summary\",\n \"module\": \"system\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.404+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process MsMpEng.exe with pid=4136: error getting process mem for pid=4136: OpenProcess failed for pid=4136: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.409+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process NisSrv.exe with pid=4004: error getting process mem for pid=4004: OpenProcess failed for pid=4004: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.418+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process SecurityHealthService.exe with pid=4240: error getting process mem for pid=4240: OpenProcess failed for pid=4240: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.428+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process SgrmBroker.exe with pid=7692: error getting process mem for pid=7692: OpenProcess failed for pid=7692: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.431+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process svchost.exe with pid=9264: error getting process mem for pid=9264: OpenProcess failed for pid=9264: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.446+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process svchost.exe with pid=14552: error getting process mem for pid=14552: OpenProcess failed for pid=14552: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.447+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":434},"message":"Filtered top processes down to 8 processes","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.448+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:31.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n },\n \"event\": {\n \"dataset\": \"system.process\",\n \"module\": \"system\",\n \"duration\": 72941100\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.process\",\n \"namespace\": \"default\"\n },\n \"agent\": {\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"system\": {\n \"process\": {\n \"state\": \"running\",\n \"memory\": {\n \"size\": 127901696,\n \"rss\": {\n \"bytes\": 139530240,\n \"pct\": 0.0167\n },\n \"share\": 0\n },\n \"cmdline\": \"C:\\\\Program Files (x86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe --type=renderer --field-trial-handle=1548,14710917769990325656,12595360292849818750,131072 --lang=en-US --enable-auto-reload --origin-trial-disabled-features=MeasureMemory --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2976 /prefetch:1\",\n \"cpu\": {\n \"start_time\": \"2020-09-01T11:14:12.015Z\",\n \"total\": {\n \"value\": 41327,\n \"pct\": 0.1453,\n \"norm\": {\n \"pct\": 0.0363\n }\n }\n }\n }\n },\n \"process\": {\n \"ppid\": 1768,\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\Program Files (x86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe\",\n \"--type=renderer\",\n \"--field-trial-handle=1548,14710917769990325656,12595360292849818750,131072\",\n \"--lang=en-US\",\n \"--enable-auto-reload\",\n \"--origin-trial-disabled-features=MeasureMemory\",\n \"--device-scale-factor=1\",\n \"--num-raster-threads=2\",\n \"--enable-main-frame-before-activation\",\n \"--renderer-client-id=7\",\n \"--no-v8-untrusted-code-mitigations\",\n \"--mojo-platform-channel-handle=2976\",\n \"/prefetch:1\"\n ],\n \"name\": \"chrome.exe\",\n \"pid\": 9508\n },\n \"host\": {\n \"name\": \"Hamid-PC\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.448+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:31.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"system\": {\n \"process\": {\n \"memory\": {\n \"size\": 4927488,\n \"rss\": {\n \"pct\": 0.0016,\n \"bytes\": 13365248\n },\n \"share\": 0\n },\n \"cmdline\": \"C:\\\\WINDOWS\\\\system32\\\\wermgr.exe -upload\",\n \"state\": \"running\",\n \"cpu\": {\n \"start_time\": \"2020-09-02T09:29:59.484Z\",\n \"total\": {\n \"norm\": {\n \"pct\": 0.0278\n },\n \"value\": 2812,\n \"pct\": 0.111\n }\n }\n }\n },\n \"user\": {\n \"name\": \"NT AUTHORITY\\\\SYSTEM\"\n },\n \"host\": {\n \"os\": {\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"name\": \"Hamid-PC\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\"\n },\n \"agent\": {\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"process\": {\n \"pid\": 15268,\n \"ppid\": 1688,\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\WINDOWS\\\\system32\\\\wermgr.exe\",\n \"-upload\"\n ],\n \"name\": \"wermgr.exe\"\n },\n \"event\": {\n \"dataset\": \"system.process\",\n \"module\": \"system\",\n \"duration\": 72941100\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.process\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.449+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:31.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"system\": {\n \"process\": {\n \"state\": \"running\",\n \"memory\": {\n \"size\": 156200960,\n \"rss\": {\n \"bytes\": 174637056,\n \"pct\": 0.0209\n },\n \"share\": 0\n },\n \"cmdline\": \"C:\\\\Program Files (x86)\\\\Mozilla Thunderbird\\\\thunderbird.exe\",\n \"cpu\": {\n \"start_time\": \"2020-09-01T13:36:21.496Z\",\n \"total\": {\n \"norm\": {\n \"pct\": 0.0055\n },\n \"value\": 34140,\n \"pct\": 0.0219\n }\n }\n }\n },\n \"process\": {\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\Program Files (x86)\\\\Mozilla Thunderbird\\\\thunderbird.exe\"\n ],\n \"name\": \"thunderbird.exe\",\n \"pid\": 4824,\n \"ppid\": 3480\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.process\",\n \"namespace\": \"default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"name\": \"Hamid-PC\",\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ]\n },\n \"metricset\": {\n \"period\": 10000,\n \"name\": \"process\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"event\": {\n \"dataset\": \"system.process\",\n \"module\": \"system\",\n \"duration\": 72941100\n },\n \"agent\": {\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.449+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:31.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"process\": {\n \"cpu\": {\n \"total\": {\n \"norm\": {\n \"pct\": 0.0051\n },\n \"value\": 1702,\n \"pct\": 0.0203\n },\n \"start_time\": \"2020-09-02T09:56:46.826Z\"\n },\n \"memory\": {\n \"size\": 39108608,\n \"rss\": {\n \"bytes\": 59670528,\n \"pct\": 0.0071\n },\n \"share\": 0\n },\n \"cmdline\": \"C:\\\\Program Files\\\\Elastic-Agent\\\\data\\\\install\\\\metricbeat-7.9.0-windows-x86_64\\\\metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.mode=x-pack-fleet -E management.enabled=true -E logging.level=debug -E logging.level=debug -E http.enabled=true -E http.host=npipe:///default-metricbeat -E logging.json=true -E logging.ecs=true -E logging.files.path=C:\\\\Program Files\\\\Elastic-Agent\\\\data\\\\logs\\\\default -E logging.files.name=metricbeat-json.log -E logging.files.keepfiles=7 -E logging.files.permission=0640 -E logging.files.interval=1h -E path.data=C:\\\\Program Files\\\\Elastic-Agent\\\\data\\\\run\\\\default\\\\metricbeat--7.9.0\",\n \"state\": \"running\"\n }\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"process\": {\n \"ppid\": 8608,\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\Program Files\\\\Elastic-Agent\\\\data\\\\install\\\\metricbeat-7.9.0-windows-x86_64\\\\metricbeat\",\n \"-E\",\n \"setup.ilm.enabled=false\",\n \"-E\",\n \"setup.template.enabled=false\",\n \"-E\",\n \"management.mode=x-pack-fleet\",\n \"-E\",\n \"management.enabled=true\",\n \"-E\",\n \"logging.level=debug\",\n \"-E\",\n \"logging.level=debug\",\n \"-E\",\n \"http.enabled=true\",\n \"-E\",\n \"http.host=npipe:///default-metricbeat\",\n \"-E\",\n \"logging.json=true\",\n \"-E\",\n \"logging.ecs=true\",\n \"-E\",\n \"logging.files.path=C:\\\\Program Files\\\\Elastic-Agent\\\\data\\\\logs\\\\default\",\n \"-E\",\n \"logging.files.name=metricbeat-json.log\",\n \"-E\",\n \"logging.files.keepfiles=7\",\n \"-E\",\n \"logging.files.permission=0640\",\n \"-E\",\n \"logging.files.interval=1h\",\n \"-E\",\n \"path.data=C:\\\\Program Files\\\\Elastic-Agent\\\\data\\\\run\\\\default\\\\metricbeat--7.9.0\"\n ],\n \"name\": \"metricbeat.exe\",\n \"pid\": 14304\n },\n \"event\": {\n \"duration\": 73944200,\n \"dataset\": \"system.process\",\n \"module\": \"system\"\n },\n \"data_stream\": {\n \"dataset\": \"system.process\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"host\": {\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"name\": \"Hamid-PC\",\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\"\n },\n \"agent\": {\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.449+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:31.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"name\": \"Hamid-PC\"\n },\n \"process\": {\n \"name\": \"svchost.exe\",\n \"pid\": 1080,\n \"ppid\": 900,\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\WINDOWS\\\\system32\\\\svchost.exe\",\n \"-k\",\n \"RPCSS\",\n \"-p\"\n ]\n },\n \"user\": {\n \"name\": \"NT AUTHORITY\\\\NETWORK SERVICE\"\n },\n \"event\": {\n \"dataset\": \"system.process\",\n \"module\": \"system\",\n \"duration\": 73944200\n },\n \"system\": {\n \"process\": {\n \"memory\": {\n \"size\": 10383360,\n \"rss\": {\n \"bytes\": 16986112,\n \"pct\": 0.002\n },\n \"share\": 0\n },\n \"cmdline\": \"C:\\\\WINDOWS\\\\system32\\\\svchost.exe -k RPCSS -p\",\n \"state\": \"running\",\n \"cpu\": {\n \"total\": {\n \"value\": 57328,\n \"pct\": 0.0157,\n \"norm\": {\n \"pct\": 0.0039\n }\n },\n \"start_time\": \"2020-09-01T11:06:57.477Z\"\n }\n }\n },\n \"data_stream\": {\n \"dataset\": \"system.process\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"agent\": {\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.450+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:31.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"agent\": {\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\"\n },\n \"process\": {\n \"name\": \"chrome.exe\",\n \"pid\": 1768,\n \"ppid\": 3480,\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\Program Files (x86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe\",\n \"--flag-switches-begin\",\n \"--flag-switches-end\",\n \"--enable-audio-service-sandbox\",\n \"--origin-trial-disabled-features=MeasureMemory\",\n \"--restore-last-session\"\n ]\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"process\": {\n \"memory\": {\n \"rss\": {\n \"bytes\": 236613632,\n \"pct\": 0.0283\n },\n \"share\": 0,\n \"size\": 251953152\n },\n \"cmdline\": \"C:\\\\Program Files (x86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --origin-trial-disabled-features=MeasureMemory --restore-last-session\",\n \"cpu\": {\n \"total\": {\n \"value\": 289342,\n \"pct\": 0.0046,\n \"norm\": {\n \"pct\": 0.0012\n }\n },\n \"start_time\": \"2020-09-01T11:11:59.970Z\"\n },\n \"state\": \"running\"\n }\n },\n \"host\": {\n \"name\": \"Hamid-PC\",\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n }\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n },\n \"event\": {\n \"module\": \"system\",\n \"duration\": 74943400,\n \"dataset\": \"system.process\"\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.process\",\n \"namespace\": \"default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.450+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:31.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n },\n \"system\": {\n \"process\": {\n \"cpu\": {\n \"total\": {\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n },\n \"value\": 60749\n },\n \"start_time\": \"2020-09-01T11:11:50.306Z\"\n },\n \"state\": \"running\",\n \"memory\": {\n \"share\": 0,\n \"size\": 148865024,\n \"rss\": {\n \"bytes\": 234196992,\n \"pct\": 0.028\n }\n },\n \"cmdline\": \"C:\\\\Windows\\\\SystemApps\\\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\\\SearchUI.exe -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca\"\n }\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.process\",\n \"namespace\": \"default\"\n },\n \"agent\": {\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\"\n },\n \"process\": {\n \"name\": \"SearchUI.exe\",\n \"pid\": 3256,\n \"ppid\": 660,\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\Windows\\\\SystemApps\\\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\\\SearchUI.exe\",\n \"-ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca\"\n ]\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"host\": {\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"name\": \"Hamid-PC\",\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\"\n }\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"event\": {\n \"dataset\": \"system.process\",\n \"module\": \"system\",\n \"duration\": 74943400\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.451+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:31.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"system\": {\n \"process\": {\n \"cmdline\": \"C:\\\\Program Files (x86)\\\\Dropbox\\\\Client\\\\Dropbox.exe /systemstartup\",\n \"cpu\": {\n \"total\": {\n \"value\": 185062,\n \"pct\": 0.0063,\n \"norm\": {\n \"pct\": 0.0016\n }\n },\n \"start_time\": \"2020-09-01T11:12:20.366Z\"\n },\n \"memory\": {\n \"size\": 225284096,\n \"rss\": {\n \"pct\": 0.0182,\n \"bytes\": 152494080\n },\n \"share\": 0\n },\n \"state\": \"running\"\n }\n },\n \"process\": {\n \"name\": \"Dropbox.exe\",\n \"pid\": 9868,\n \"ppid\": 8548,\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\Program Files (x86)\\\\Dropbox\\\\Client\\\\Dropbox.exe\",\n \"/systemstartup\"\n ]\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.process\",\n \"namespace\": \"default\"\n },\n \"host\": {\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"name\": \"Hamid-PC\",\n \"os\": {\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\"\n }\n },\n \"agent\": {\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\"\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"event\": {\n \"dataset\": \"system.process\",\n \"module\": \"system\",\n \"duration\": 75980500\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:31.584+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:31.439Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.memory-default\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"memory\": {\n \"total\": 8375672832,\n \"used\": {\n \"bytes\": 5146062848,\n \"pct\": 0.6144\n },\n \"free\": 3229609984,\n \"actual\": {\n \"free\": 3229609984,\n \"used\": {\n \"pct\": 0.6144,\n \"bytes\": 5146062848\n }\n },\n \"swap\": {\n \"total\": 16965607424,\n \"used\": {\n \"bytes\": 6832566272,\n \"pct\": 0.4027\n },\n \"free\": 10133041152\n }\n }\n },\n \"data_stream\": {\n \"dataset\": \"system.memory\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"name\": \"Hamid-PC\"\n },\n \"agent\": {\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\"\n },\n \"event\": {\n \"module\": \"system\",\n \"duration\": 144993800,\n \"dataset\": \"system.memory\"\n },\n \"metricset\": {\n \"name\": \"memory\",\n \"period\": 10000\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.097+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:41.097Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.uptime-default\"\n },\n \"data_stream\": {\n \"dataset\": \"system.uptime\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"name\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n }\n },\n \"agent\": {\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\"\n },\n \"event\": {\n \"dataset\": \"system.uptime\",\n \"module\": \"system\"\n },\n \"metricset\": {\n \"name\": \"uptime\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"uptime\": {\n \"duration\": {\n \"ms\": 82281906\n }\n }\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.099+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:41.097Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.diskio-default\"\n },\n \"system\": {\n \"diskio\": {\n \"name\": \"C:\",\n \"read\": {\n \"count\": 241576,\n \"time\": 28651156,\n \"bytes\": 8581850624\n },\n \"write\": {\n \"count\": 197468,\n \"time\": 5647444,\n \"bytes\": 4535636992\n },\n \"io\": {\n \"time\": 0\n }\n }\n },\n \"data_stream\": {\n \"dataset\": \"system.diskio\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"name\": \"Hamid-PC\",\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ]\n },\n \"agent\": {\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\"\n },\n \"event\": {\n \"duration\": 1995700,\n \"dataset\": \"system.diskio\",\n \"module\": \"system\"\n },\n \"metricset\": {\n \"name\": \"diskio\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.099+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:41.097Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.diskio-default\"\n },\n \"system\": {\n \"diskio\": {\n \"name\": \"D:\",\n \"read\": {\n \"count\": 2429,\n \"time\": 47155,\n \"bytes\": 63854592\n },\n \"write\": {\n \"count\": 1577,\n \"time\": 9228,\n \"bytes\": 16106496\n },\n \"io\": {\n \"time\": 0\n }\n }\n },\n \"event\": {\n \"dataset\": \"system.diskio\",\n \"module\": \"system\",\n \"duration\": 1995700\n },\n \"metricset\": {\n \"name\": \"diskio\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.diskio\",\n \"namespace\": \"default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"name\": \"Hamid-PC\",\n \"os\": {\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\"\n },\n \"agent\": {\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.113+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:41.110Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.socket_summary-default\"\n },\n \"host\": {\n \"architecture\": \"x86_64\",\n \"name\": \"Hamid-PC\",\n \"os\": {\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\"\n },\n \"event\": {\n \"module\": \"system\",\n \"duration\": 3003900,\n \"dataset\": \"system.socket_summary\"\n },\n \"metricset\": {\n \"name\": \"socket_summary\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"socket\": {\n \"summary\": {\n \"all\": {\n \"count\": 318,\n \"listening\": 47\n },\n \"tcp\": {\n \"all\": {\n \"listening\": 47,\n \"established\": 75,\n \"close_wait\": 1,\n \"time_wait\": 96,\n \"count\": 223\n }\n },\n \"udp\": {\n \"all\": {\n \"count\": 95\n }\n }\n }\n }\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.socket_summary\",\n \"namespace\": \"default\"\n },\n \"agent\": {\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.139+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:41.138Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.cpu-default\"\n },\n \"system\": {\n \"cpu\": {\n \"steal\": {\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n }\n },\n \"user\": {\n \"pct\": 1.0469,\n \"norm\": {\n \"pct\": 0.2617\n }\n },\n \"softirq\": {\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n }\n },\n \"system\": {\n \"pct\": 0.5375,\n \"norm\": {\n \"pct\": 0.1344\n }\n },\n \"idle\": {\n \"norm\": {\n \"pct\": 0.6039\n },\n \"pct\": 2.4156\n },\n \"iowait\": {\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n }\n },\n \"nice\": {\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n }\n },\n \"total\": {\n \"pct\": 1.5844,\n \"norm\": {\n \"pct\": 0.3961\n }\n },\n \"cores\": 4,\n \"irq\": {\n \"norm\": {\n \"pct\": 0\n },\n \"pct\": 0\n }\n }\n },\n \"data_stream\": {\n \"dataset\": \"system.cpu\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"agent\": {\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"name\": \"Hamid-PC\"\n },\n \"event\": {\n \"module\": \"system\",\n \"dataset\": \"system.cpu\"\n },\n \"metricset\": {\n \"period\": 10000,\n \"name\": \"cpu\"\n },\n \"service\": {\n \"type\": \"system\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.187+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:41.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"name\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\"\n },\n \"agent\": {\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\"\n },\n \"event\": {\n \"dataset\": \"system.network\",\n \"module\": \"system\",\n \"duration\": 35001900\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"out\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 0,\n \"bytes\": 0\n },\n \"name\": \"Local Area Connection\",\n \"in\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0\n }\n }\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.network\",\n \"namespace\": \"default\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.188+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:41.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"host\": {\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"name\": \"Hamid-PC\",\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\"\n },\n \"agent\": {\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\"\n },\n \"event\": {\n \"dataset\": \"system.network\",\n \"module\": \"system\",\n \"duration\": 35001900\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"in\": {\n \"packets\": 0,\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0\n },\n \"out\": {\n \"packets\": 0,\n \"bytes\": 0,\n \"errors\": 0,\n \"dropped\": 0\n },\n \"name\": \"VirtualBox Host-Only Network\"\n }\n },\n \"data_stream\": {\n \"dataset\": \"system.network\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.191+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:41.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"event\": {\n \"dataset\": \"system.network\",\n \"module\": \"system\",\n \"duration\": 35001900\n },\n \"metricset\": {\n \"period\": 10000,\n \"name\": \"network\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"out\": {\n \"dropped\": 0,\n \"packets\": 0,\n \"bytes\": 0,\n \"errors\": 0\n },\n \"name\": \"Local Area Connection* 10\",\n \"in\": {\n \"bytes\": 0,\n \"packets\": 0,\n \"errors\": 0,\n \"dropped\": 0\n }\n }\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"name\": \"Hamid-PC\",\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\"\n },\n \"agent\": {\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.191+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:41.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"event\": {\n \"dataset\": \"system.network\",\n \"module\": \"system\",\n \"duration\": 35001900\n },\n \"metricset\": {\n \"period\": 10000,\n \"name\": \"network\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"in\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0\n },\n \"out\": {\n \"dropped\": 0,\n \"packets\": 0,\n \"bytes\": 0,\n \"errors\": 0\n },\n \"name\": \"Local Area Connection* 13\"\n }\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n },\n \"agent\": {\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"name\": \"Hamid-PC\",\n \"os\": {\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ]\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.191+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:41.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"event\": {\n \"dataset\": \"system.network\",\n \"module\": \"system\",\n \"duration\": 39003100\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"in\": {\n \"packets\": 0,\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0\n },\n \"out\": {\n \"dropped\": 0,\n \"packets\": 0,\n \"bytes\": 0,\n \"errors\": 0\n },\n \"name\": \"Mobile Broadband Connection\"\n }\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n },\n \"host\": {\n \"architecture\": \"x86_64\",\n \"os\": {\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"name\": \"Hamid-PC\",\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\"\n },\n \"agent\": {\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.192+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:41.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"in\": {\n \"bytes\": 0,\n \"packets\": 0,\n \"errors\": 0,\n \"dropped\": 0\n },\n \"out\": {\n \"bytes\": 721,\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 0\n },\n \"name\": \"VMware Network Adapter VMnet1\"\n }\n },\n \"event\": {\n \"dataset\": \"system.network\",\n \"module\": \"system\",\n \"duration\": 39003100\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"name\": \"Hamid-PC\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ]\n },\n \"agent\": {\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.192+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:41.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"event\": {\n \"module\": \"system\",\n \"duration\": 39003100,\n \"dataset\": \"system.network\"\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n },\n \"agent\": {\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"name\": \"Hamid-PC\",\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ]\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"name\": \"VMware Network Adapter VMnet8\",\n \"in\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0\n },\n \"out\": {\n \"dropped\": 0,\n \"packets\": 0,\n \"bytes\": 708,\n \"errors\": 0\n }\n }\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.192+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:41.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"name\": \"Hamid-PC\",\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\"\n },\n \"agent\": {\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\"\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"event\": {\n \"dataset\": \"system.network\",\n \"module\": \"system\",\n \"duration\": 39003100\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"out\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 33947,\n \"bytes\": 7457641\n },\n \"name\": \"Wi-Fi\",\n \"in\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 8792891,\n \"packets\": 14820\n }\n }\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.192+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:41.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"event\": {\n \"dataset\": \"system.network\",\n \"module\": \"system\",\n \"duration\": 39998700\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"name\": \"Loopback Pseudo-Interface 1\",\n \"in\": {\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0,\n \"errors\": 0\n },\n \"out\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 0,\n \"bytes\": 0\n }\n }\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"name\": \"Hamid-PC\",\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\"\n },\n \"agent\": {\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.192+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:41.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"event\": {\n \"dataset\": \"system.network\",\n \"module\": \"system\",\n \"duration\": 39998700\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"name\": \"vEthernet (Default Switch)\",\n \"in\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0\n },\n \"out\": {\n \"bytes\": 1934264,\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 0\n }\n }\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n },\n \"host\": {\n \"hostname\": \"Hamid-PC\",\n \"name\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ]\n },\n \"agent\": {\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.385+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":475},"message":"Skip process pid=0: error getting process state for pid=0: getProcName failed: OpenProcess failed for pid=0: The parameter is incorrect.; getProcStatus failed: OpenProcess failed for pid=0: The parameter is incorrect.; getParentPid failed: OpenProcess failed for pid=0: The parameter is incorrect.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.388+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":475},"message":"Skip process pid=4: error getting process state for pid=4: getProcName failed: GetProcessImageFileName failed for pid=4: GetProcessImageFileName failed: invalid argument","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.389+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":475},"message":"Skip process pid=56: error getting process state for pid=56: getProcName failed: GetProcessImageFileName failed for pid=56: GetProcessImageFileName failed: invalid argument","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.389+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process Registry with pid=100: error getting process mem for pid=100: OpenProcess failed for pid=100: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.402+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process smss.exe with pid=480: error getting process mem for pid=480: OpenProcess failed for pid=480: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.402+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process csrss.exe with pid=700: error getting process mem for pid=700: OpenProcess failed for pid=700: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.402+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process csrss.exe with pid=776: error getting process mem for pid=776: OpenProcess failed for pid=776: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.405+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process wininit.exe with pid=800: error getting process mem for pid=800: OpenProcess failed for pid=800: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.406+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process services.exe with pid=900: error getting process mem for pid=900: OpenProcess failed for pid=900: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.429+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process MemCompression with pid=2060: error getting process mem for pid=2060: OpenProcess failed for pid=2060: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.476+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process MsMpEng.exe with pid=4136: error getting process mem for pid=4136: OpenProcess failed for pid=4136: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.487+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process NisSrv.exe with pid=4004: error getting process mem for pid=4004: OpenProcess failed for pid=4004: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.511+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:41.344Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process_summary-default\"\n },\n \"event\": {\n \"dataset\": \"system.process_summary\",\n \"module\": \"system\",\n \"duration\": 167004400\n },\n \"data_stream\": {\n \"dataset\": \"system.process_summary\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"name\": \"Hamid-PC\",\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\"\n },\n \"agent\": {\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"process\": {\n \"summary\": {\n \"zombie\": 0,\n \"unknown\": 3,\n \"dead\": 0,\n \"total\": 251,\n \"sleeping\": 0,\n \"running\": 248,\n \"idle\": 0,\n \"stopped\": 0\n }\n }\n },\n \"metricset\": {\n \"name\": \"process_summary\",\n \"period\": 10000\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.515+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process SecurityHealthService.exe with pid=4240: error getting process mem for pid=4240: OpenProcess failed for pid=4240: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.539+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process SgrmBroker.exe with pid=7692: error getting process mem for pid=7692: OpenProcess failed for pid=7692: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.553+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process svchost.exe with pid=9264: error getting process mem for pid=9264: OpenProcess failed for pid=9264: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.581+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process svchost.exe with pid=14552: error getting process mem for pid=14552: OpenProcess failed for pid=14552: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.583+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":434},"message":"Filtered top processes down to 9 processes","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.583+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:41.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"system\": {\n \"process\": {\n \"state\": \"running\",\n \"cmdline\": \"C:\\\\Program Files (x86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe --type=renderer --field-trial-handle=1548,14710917769990325656,12595360292849818750,131072 --lang=en-US --enable-auto-reload --origin-trial-disabled-features=MeasureMemory --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1\",\n \"memory\": {\n \"size\": 107393024,\n \"rss\": {\n \"bytes\": 135053312,\n \"pct\": 0.0161\n },\n \"share\": 0\n },\n \"cpu\": {\n \"total\": {\n \"value\": 5452,\n \"pct\": 0.5257,\n \"norm\": {\n \"pct\": 0.1314\n }\n },\n \"start_time\": \"2020-09-02T08:34:37.644Z\"\n }\n }\n },\n \"process\": {\n \"pid\": 6856,\n \"ppid\": 1768,\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\Program Files (x86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe\",\n \"--type=renderer\",\n \"--field-trial-handle=1548,14710917769990325656,12595360292849818750,131072\",\n \"--lang=en-US\",\n \"--enable-auto-reload\",\n \"--origin-trial-disabled-features=MeasureMemory\",\n \"--device-scale-factor=1\",\n \"--num-raster-threads=2\",\n \"--enable-main-frame-before-activation\",\n \"--renderer-client-id=107\",\n \"--no-v8-untrusted-code-mitigations\",\n \"--mojo-platform-channel-handle=4072\",\n \"/prefetch:1\"\n ],\n \"name\": \"chrome.exe\"\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.process\",\n \"namespace\": \"default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"name\": \"Hamid-PC\",\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\"\n },\n \"event\": {\n \"dataset\": \"system.process\",\n \"module\": \"system\",\n \"duration\": 209001000\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"agent\": {\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.584+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:41.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"agent\": {\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"event\": {\n \"dataset\": \"system.process\",\n \"module\": \"system\",\n \"duration\": 209001000\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.process\"\n },\n \"host\": {\n \"os\": {\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"name\": \"Hamid-PC\",\n \"architecture\": \"x86_64\"\n },\n \"system\": {\n \"process\": {\n \"state\": \"running\",\n \"memory\": {\n \"size\": 229142528,\n \"rss\": {\n \"bytes\": 233586688,\n \"pct\": 0.0279\n },\n \"share\": 0\n },\n \"cmdline\": \"C:\\\\Program Files (x86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --origin-trial-disabled-features=MeasureMemory --restore-last-session\",\n \"cpu\": {\n \"total\": {\n \"value\": 292796,\n \"pct\": 0.3417,\n \"norm\": {\n \"pct\": 0.0854\n }\n },\n \"start_time\": \"2020-09-01T11:11:59.970Z\"\n }\n }\n },\n \"process\": {\n \"name\": \"chrome.exe\",\n \"pid\": 1768,\n \"ppid\": 3480,\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\Program Files (x86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe\",\n \"--flag-switches-begin\",\n \"--flag-switches-end\",\n \"--enable-audio-service-sandbox\",\n \"--origin-trial-disabled-features=MeasureMemory\",\n \"--restore-last-session\"\n ]\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.584+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:41.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"process\": {\n \"args\": [\n \"C:\\\\Program Files (x86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe\",\n \"--type=gpu-process\",\n \"--field-trial-handle=1548,14710917769990325656,12595360292849818750,131072\",\n \"--gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA=\",\n \"--mojo-platform-channel-handle=1596\",\n \"/prefetch:2\"\n ],\n \"name\": \"chrome.exe\",\n \"pid\": 5364,\n \"ppid\": 1768,\n \"pgid\": 0\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n },\n \"system\": {\n \"process\": {\n \"cmdline\": \"C:\\\\Program Files (x86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe --type=gpu-process --field-trial-handle=1548,14710917769990325656,12595360292849818750,131072 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1596 /prefetch:2\",\n \"memory\": {\n \"size\": 160567296,\n \"rss\": {\n \"bytes\": 133021696,\n \"pct\": 0.0159\n },\n \"share\": 0\n },\n \"cpu\": {\n \"total\": {\n \"value\": 176953,\n \"pct\": 0.1145,\n \"norm\": {\n \"pct\": 0.0286\n }\n },\n \"start_time\": \"2020-09-01T11:13:15.915Z\"\n },\n \"state\": \"running\"\n }\n },\n \"data_stream\": {\n \"dataset\": \"system.process\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"agent\": {\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"name\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ]\n },\n \"event\": {\n \"dataset\": \"system.process\",\n \"module\": \"system\",\n \"duration\": 209001000\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.584+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:41.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"metricset\": {\n \"period\": 10000,\n \"name\": \"process\"\n },\n \"data_stream\": {\n \"dataset\": \"system.process\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"system\": {\n \"process\": {\n \"memory\": {\n \"size\": 52064256,\n \"rss\": {\n \"pct\": 0.0077,\n \"bytes\": 64192512\n },\n \"share\": 0\n },\n \"cmdline\": \"C:\\\\Program Files (x86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1548,14710917769990325656,12595360292849818750,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1960 /prefetch:8\",\n \"state\": \"running\",\n \"cpu\": {\n \"total\": {\n \"value\": 41640,\n \"pct\": 0.1098,\n \"norm\": {\n \"pct\": 0.0275\n }\n },\n \"start_time\": \"2020-09-01T11:13:17.404Z\"\n }\n }\n },\n \"process\": {\n \"pid\": 9028,\n \"ppid\": 1768,\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\Program Files (x86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe\",\n \"--type=utility\",\n \"--utility-sub-type=network.mojom.NetworkService\",\n \"--field-trial-handle=1548,14710917769990325656,12595360292849818750,131072\",\n \"--lang=en-US\",\n \"--service-sandbox-type=network\",\n \"--enable-audio-service-sandbox\",\n \"--mojo-platform-channel-handle=1960\",\n \"/prefetch:8\"\n ],\n \"name\": \"chrome.exe\"\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n },\n \"host\": {\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"name\": \"Hamid-PC\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ]\n },\n \"agent\": {\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\"\n },\n \"event\": {\n \"module\": \"system\",\n \"duration\": 209001000,\n \"dataset\": \"system.process\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.585+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:41.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"process\": {\n \"ppid\": 1688,\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\WINDOWS\\\\system32\\\\wermgr.exe\",\n \"-upload\"\n ],\n \"name\": \"wermgr.exe\",\n \"pid\": 15268\n },\n \"user\": {\n \"name\": \"NT AUTHORITY\\\\SYSTEM\"\n },\n \"data_stream\": {\n \"dataset\": \"system.process\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"host\": {\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"name\": \"Hamid-PC\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ]\n },\n \"event\": {\n \"module\": \"system\",\n \"duration\": 210002300,\n \"dataset\": \"system.process\"\n },\n \"system\": {\n \"process\": {\n \"state\": \"running\",\n \"memory\": {\n \"size\": 4694016,\n \"rss\": {\n \"bytes\": 13012992,\n \"pct\": 0.0016\n },\n \"share\": 0\n },\n \"cmdline\": \"C:\\\\WINDOWS\\\\system32\\\\wermgr.exe -upload\",\n \"cpu\": {\n \"total\": {\n \"pct\": 0.0956,\n \"norm\": {\n \"pct\": 0.0239\n },\n \"value\": 3781\n },\n \"start_time\": \"2020-09-02T09:29:59.484Z\"\n }\n }\n },\n \"agent\": {\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"service\": {\n \"type\": \"system\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.585+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:41.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"event\": {\n \"dataset\": \"system.process\",\n \"module\": \"system\",\n \"duration\": 210002300\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"data_stream\": {\n \"dataset\": \"system.process\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"name\": \"Hamid-PC\",\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n }\n },\n \"process\": {\n \"name\": \"SearchUI.exe\",\n \"pid\": 3256,\n \"ppid\": 660,\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\Windows\\\\SystemApps\\\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\\\SearchUI.exe\",\n \"-ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca\"\n ]\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"process\": {\n \"memory\": {\n \"size\": 148865024,\n \"rss\": {\n \"pct\": 0.028,\n \"bytes\": 234180608\n },\n \"share\": 0\n },\n \"cpu\": {\n \"total\": {\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n },\n \"value\": 60749\n },\n \"start_time\": \"2020-09-01T11:11:50.306Z\"\n },\n \"state\": \"running\",\n \"cmdline\": \"C:\\\\Windows\\\\SystemApps\\\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\\\SearchUI.exe -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca\"\n }\n },\n \"agent\": {\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.585+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:41.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"host\": {\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"name\": \"Hamid-PC\"\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"process\": {\n \"name\": \"thunderbird.exe\",\n \"pid\": 4824,\n \"ppid\": 3480,\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\Program Files (x86)\\\\Mozilla Thunderbird\\\\thunderbird.exe\"\n ]\n },\n \"data_stream\": {\n \"dataset\": \"system.process\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"event\": {\n \"dataset\": \"system.process\",\n \"module\": \"system\",\n \"duration\": 211002500\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"process\": {\n \"cmdline\": \"C:\\\\Program Files (x86)\\\\Mozilla Thunderbird\\\\thunderbird.exe\",\n \"state\": \"running\",\n \"cpu\": {\n \"total\": {\n \"pct\": 0.0479,\n \"norm\": {\n \"pct\": 0.012\n },\n \"value\": 34625\n },\n \"start_time\": \"2020-09-01T13:36:21.496Z\"\n },\n \"memory\": {\n \"size\": 158445568,\n \"rss\": {\n \"pct\": 0.0216,\n \"bytes\": 180543488\n },\n \"share\": 0\n }\n }\n },\n \"agent\": {\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.586+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:41.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"system\": {\n \"process\": {\n \"cmdline\": \"C:\\\\Program Files (x86)\\\\Dropbox\\\\Client\\\\Dropbox.exe /systemstartup\",\n \"cpu\": {\n \"total\": {\n \"norm\": {\n \"pct\": 0\n },\n \"value\": 185062,\n \"pct\": 0\n },\n \"start_time\": \"2020-09-01T11:12:20.366Z\"\n },\n \"state\": \"running\",\n \"memory\": {\n \"share\": 0,\n \"size\": 225284096,\n \"rss\": {\n \"bytes\": 152563712,\n \"pct\": 0.0182\n }\n }\n }\n },\n \"data_stream\": {\n \"dataset\": \"system.process\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"architecture\": \"x86_64\",\n \"name\": \"Hamid-PC\",\n \"os\": {\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\"\n },\n \"agent\": {\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\"\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n },\n \"event\": {\n \"dataset\": \"system.process\",\n \"module\": \"system\",\n \"duration\": 211002500\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"process\": {\n \"name\": \"Dropbox.exe\",\n \"pid\": 9868,\n \"ppid\": 8548,\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\Program Files (x86)\\\\Dropbox\\\\Client\\\\Dropbox.exe\",\n \"/systemstartup\"\n ]\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.586+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:41.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"process\": {\n \"pid\": 9508,\n \"ppid\": 1768,\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\Program Files (x86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe\",\n \"--type=renderer\",\n \"--field-trial-handle=1548,14710917769990325656,12595360292849818750,131072\",\n \"--lang=en-US\",\n \"--enable-auto-reload\",\n \"--origin-trial-disabled-features=MeasureMemory\",\n \"--device-scale-factor=1\",\n \"--num-raster-threads=2\",\n \"--enable-main-frame-before-activation\",\n \"--renderer-client-id=7\",\n \"--no-v8-untrusted-code-mitigations\",\n \"--mojo-platform-channel-handle=2976\",\n \"/prefetch:1\"\n ],\n \"name\": \"chrome.exe\"\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"agent\": {\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\"\n },\n \"host\": {\n \"name\": \"Hamid-PC\",\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ]\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"event\": {\n \"dataset\": \"system.process\",\n \"module\": \"system\",\n \"duration\": 211002500\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"system\": {\n \"process\": {\n \"memory\": {\n \"rss\": {\n \"bytes\": 135684096,\n \"pct\": 0.0162\n },\n \"share\": 0,\n \"size\": 123908096\n },\n \"cmdline\": \"C:\\\\Program Files (x86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe --type=renderer --field-trial-handle=1548,14710917769990325656,12595360292849818750,131072 --lang=en-US --enable-auto-reload --origin-trial-disabled-features=MeasureMemory --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2976 /prefetch:1\",\n \"cpu\": {\n \"total\": {\n \"pct\": 0.0109,\n \"norm\": {\n \"pct\": 0.0027\n },\n \"value\": 41437\n },\n \"start_time\": \"2020-09-01T11:14:12.015Z\"\n },\n \"state\": \"running\"\n }\n },\n \"data_stream\": {\n \"dataset\": \"system.process\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:41.724+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:41.441Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.memory-default\"\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.memory\",\n \"namespace\": \"default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"name\": \"Hamid-PC\",\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\"\n }\n },\n \"agent\": {\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"memory\": {\n \"used\": {\n \"pct\": 0.6316,\n \"bytes\": 5289709568\n },\n \"free\": 3085963264,\n \"actual\": {\n \"free\": 3085963264,\n \"used\": {\n \"bytes\": 5289709568,\n \"pct\": 0.6316\n }\n },\n \"swap\": {\n \"free\": 9976713216,\n \"total\": 16965607424,\n \"used\": {\n \"bytes\": 6988894208,\n \"pct\": 0.4119\n }\n },\n \"total\": 8375672832\n }\n },\n \"event\": {\n \"dataset\": \"system.memory\",\n \"module\": \"system\",\n \"duration\": 281993000\n },\n \"metricset\": {\n \"name\": \"memory\",\n \"period\": 10000\n }\n}","ecs.version":"1.5.0"}
{"log.level":"error","@timestamp":"2020-09-02T12:57:47.825+0300","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/output.go","file.line":154},"message":"Failed to connect to backoff(elasticsearch(https://45cd934da9d443b187c79007c5bcb586.10.30.30.204.ip.es.io:9243)): Get \"https://45cd934da9d443b187c79007c5bcb586.10.30.30.204.ip.es.io:9243\": x509: certificate signed by unknown authority","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:57:47.825+0300","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/output.go","file.line":145},"message":"Attempting to reconnect to backoff(elasticsearch(https://45cd934da9d443b187c79007c5bcb586.10.30.30.204.ip.es.io:9243)) with 5 reconnect attempt(s)","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:57:47.825+0300","log.logger":"publisher","log.origin":{"file.name":"pipeline/retry.go","file.line":219},"message":"retryer: send unwait signal to consumer","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:47.825+0300","log.logger":"esclientleg","log.origin":{"file.name":"eslegclient/connection.go","file.line":290},"message":"ES Ping(url=https://45cd934da9d443b187c79007c5bcb586.10.30.30.204.ip.es.io:9243)","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:57:47.825+0300","log.logger":"publisher","log.origin":{"file.name":"pipeline/retry.go","file.line":223},"message":" done","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:47.843+0300","log.logger":"esclientleg","log.origin":{"file.name":"eslegclient/connection.go","file.line":294},"message":"Ping request failed with: Get \"https://45cd934da9d443b187c79007c5bcb586.10.30.30.204.ip.es.io:9243\": x509: certificate signed by unknown authority","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.097+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:51.096Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.diskio-default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"event\": {\n \"dataset\": \"system.diskio\",\n \"module\": \"system\"\n },\n \"metricset\": {\n \"period\": 10000,\n \"name\": \"diskio\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"diskio\": {\n \"name\": \"D:\",\n \"read\": {\n \"count\": 2429,\n \"time\": 47155,\n \"bytes\": 63854592\n },\n \"write\": {\n \"count\": 1577,\n \"time\": 9228,\n \"bytes\": 16106496\n },\n \"io\": {\n \"time\": 0\n }\n }\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.diskio\",\n \"namespace\": \"default\"\n },\n \"host\": {\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"name\": \"Hamid-PC\"\n },\n \"agent\": {\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.097+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:51.097Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.uptime-default\"\n },\n \"system\": {\n \"uptime\": {\n \"duration\": {\n \"ms\": 82291906\n }\n }\n },\n \"event\": {\n \"dataset\": \"system.uptime\",\n \"module\": \"system\"\n },\n \"metricset\": {\n \"period\": 10000,\n \"name\": \"uptime\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.uptime\",\n \"namespace\": \"default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"name\": \"Hamid-PC\",\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ]\n },\n \"agent\": {\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.097+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:51.096Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.diskio-default\"\n },\n \"metricset\": {\n \"name\": \"diskio\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"diskio\": {\n \"io\": {\n \"time\": 0\n },\n \"name\": \"C:\",\n \"read\": {\n \"bytes\": 8583079424,\n \"count\": 241618,\n \"time\": 28657857\n },\n \"write\": {\n \"count\": 199830,\n \"time\": 5695810,\n \"bytes\": 4554458112\n }\n }\n },\n \"data_stream\": {\n \"dataset\": \"system.diskio\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"host\": {\n \"os\": {\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"name\": \"Hamid-PC\",\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\"\n },\n \"agent\": {\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"event\": {\n \"dataset\": \"system.diskio\",\n \"module\": \"system\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.112+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:51.110Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.socket_summary-default\"\n },\n \"event\": {\n \"duration\": 1956900,\n \"dataset\": \"system.socket_summary\",\n \"module\": \"system\"\n },\n \"metricset\": {\n \"name\": \"socket_summary\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"socket\": {\n \"summary\": {\n \"udp\": {\n \"all\": {\n \"count\": 96\n }\n },\n \"all\": {\n \"count\": 324,\n \"listening\": 47\n },\n \"tcp\": {\n \"all\": {\n \"close_wait\": 1,\n \"time_wait\": 98,\n \"count\": 228,\n \"listening\": 47,\n \"established\": 82\n }\n }\n }\n }\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.socket_summary\",\n \"namespace\": \"default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"name\": \"Hamid-PC\",\n \"id\": \"99800768-a362-4799-9840-677baad76c96\"\n },\n \"agent\": {\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.138+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:51.138Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.cpu-default\"\n },\n \"metricset\": {\n \"period\": 10000,\n \"name\": \"cpu\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"cpu\": {\n \"cores\": 4,\n \"idle\": {\n \"pct\": 2.7452,\n \"norm\": {\n \"pct\": 0.6863\n }\n },\n \"total\": {\n \"pct\": 1.2548,\n \"norm\": {\n \"pct\": 0.3137\n }\n },\n \"nice\": {\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n }\n },\n \"steal\": {\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n }\n },\n \"user\": {\n \"pct\": 0.8469,\n \"norm\": {\n \"pct\": 0.2117\n }\n },\n \"iowait\": {\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n }\n },\n \"system\": {\n \"norm\": {\n \"pct\": 0.102\n },\n \"pct\": 0.4079\n },\n \"irq\": {\n \"norm\": {\n \"pct\": 0\n },\n \"pct\": 0\n },\n \"softirq\": {\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n }\n }\n }\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.cpu\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\"\n },\n \"name\": \"Hamid-PC\",\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ]\n },\n \"agent\": {\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\"\n },\n \"event\": {\n \"dataset\": \"system.cpu\",\n \"module\": \"system\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.167+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:51.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"system\": {\n \"network\": {\n \"name\": \"Local Area Connection\",\n \"in\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0\n },\n \"out\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 0,\n \"bytes\": 0\n }\n }\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"hostname\": \"Hamid-PC\",\n \"name\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ]\n },\n \"agent\": {\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\"\n },\n \"event\": {\n \"dataset\": \"system.network\",\n \"module\": \"system\",\n \"duration\": 15015800\n },\n \"service\": {\n \"type\": \"system\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.167+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:51.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"data_stream\": {\n \"dataset\": \"system.network\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"name\": \"Hamid-PC\",\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\"\n }\n },\n \"agent\": {\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\"\n },\n \"system\": {\n \"network\": {\n \"name\": \"VirtualBox Host-Only Network\",\n \"in\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0\n },\n \"out\": {\n \"dropped\": 0,\n \"packets\": 0,\n \"bytes\": 0,\n \"errors\": 0\n }\n }\n },\n \"event\": {\n \"dataset\": \"system.network\",\n \"module\": \"system\",\n \"duration\": 15015800\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.168+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:51.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"event\": {\n \"dataset\": \"system.network\",\n \"module\": \"system\",\n \"duration\": 15015800\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"out\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 0,\n \"bytes\": 0\n },\n \"name\": \"Local Area Connection* 10\",\n \"in\": {\n \"bytes\": 0,\n \"packets\": 0,\n \"errors\": 0,\n \"dropped\": 0\n }\n }\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n },\n \"host\": {\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"name\": \"Hamid-PC\",\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\"\n },\n \"agent\": {\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.168+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:51.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"metricset\": {\n \"period\": 10000,\n \"name\": \"network\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"in\": {\n \"bytes\": 0,\n \"packets\": 0,\n \"errors\": 0,\n \"dropped\": 0\n },\n \"out\": {\n \"dropped\": 0,\n \"packets\": 0,\n \"bytes\": 0,\n \"errors\": 0\n },\n \"name\": \"Local Area Connection* 13\"\n }\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.network\",\n \"namespace\": \"default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\"\n },\n \"name\": \"Hamid-PC\",\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ]\n },\n \"agent\": {\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\"\n },\n \"event\": {\n \"module\": \"system\",\n \"duration\": 15015800,\n \"dataset\": \"system.network\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.168+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:51.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"host\": {\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"name\": \"Hamid-PC\"\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"name\": \"Mobile Broadband Connection\",\n \"in\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0\n },\n \"out\": {\n \"dropped\": 0,\n \"packets\": 0,\n \"bytes\": 0,\n \"errors\": 0\n }\n }\n },\n \"event\": {\n \"duration\": 15981700,\n \"dataset\": \"system.network\",\n \"module\": \"system\"\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.network\",\n \"namespace\": \"default\"\n },\n \"agent\": {\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.168+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:51.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"agent\": {\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\"\n },\n \"event\": {\n \"dataset\": \"system.network\",\n \"module\": \"system\",\n \"duration\": 15981700\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"out\": {\n \"dropped\": 0,\n \"packets\": 0,\n \"bytes\": 732,\n \"errors\": 0\n },\n \"name\": \"VMware Network Adapter VMnet1\",\n \"in\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0\n }\n }\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"name\": \"Hamid-PC\",\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.168+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:51.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"name\": \"Hamid-PC\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\"\n },\n \"agent\": {\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"name\": \"VMware Network Adapter VMnet8\",\n \"in\": {\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0,\n \"errors\": 0\n },\n \"out\": {\n \"packets\": 0,\n \"bytes\": 714,\n \"errors\": 0,\n \"dropped\": 0\n }\n }\n },\n \"event\": {\n \"module\": \"system\",\n \"duration\": 15981700,\n \"dataset\": \"system.network\"\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"data_stream\": {\n \"dataset\": \"system.network\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.169+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:51.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"name\": \"Wi-Fi\",\n \"in\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 8899760,\n \"packets\": 15169\n },\n \"out\": {\n \"bytes\": 7520762,\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 34236\n }\n }\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"name\": \"Hamid-PC\",\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ]\n },\n \"agent\": {\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\"\n },\n \"event\": {\n \"duration\": 15981700,\n \"dataset\": \"system.network\",\n \"module\": \"system\"\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.169+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:51.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"metricset\": {\n \"period\": 10000,\n \"name\": \"network\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"name\": \"Loopback Pseudo-Interface 1\",\n \"in\": {\n \"packets\": 0,\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0\n },\n \"out\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 0,\n \"bytes\": 0\n }\n }\n },\n \"data_stream\": {\n \"dataset\": \"system.network\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"name\": \"Hamid-PC\",\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ]\n },\n \"agent\": {\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\"\n },\n \"event\": {\n \"dataset\": \"system.network\",\n \"module\": \"system\",\n \"duration\": 15981700\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.169+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:51.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"host\": {\n \"hostname\": \"Hamid-PC\",\n \"name\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ]\n },\n \"event\": {\n \"duration\": 17015600,\n \"dataset\": \"system.network\",\n \"module\": \"system\"\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"name\": \"vEthernet (Default Switch)\",\n \"in\": {\n \"bytes\": 0,\n \"packets\": 0,\n \"errors\": 0,\n \"dropped\": 0\n },\n \"out\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 0,\n \"bytes\": 1934624\n }\n }\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n },\n \"agent\": {\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.381+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":475},"message":"Skip process pid=0: error getting process state for pid=0: getProcName failed: OpenProcess failed for pid=0: The parameter is incorrect.; getProcStatus failed: OpenProcess failed for pid=0: The parameter is incorrect.; getParentPid failed: OpenProcess failed for pid=0: The parameter is incorrect.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.382+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":475},"message":"Skip process pid=4: error getting process state for pid=4: getProcName failed: GetProcessImageFileName failed for pid=4: GetProcessImageFileName failed: invalid argument","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.382+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":475},"message":"Skip process pid=56: error getting process state for pid=56: getProcName failed: GetProcessImageFileName failed for pid=56: GetProcessImageFileName failed: invalid argument","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.382+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process Registry with pid=100: error getting process mem for pid=100: OpenProcess failed for pid=100: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.382+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process smss.exe with pid=480: error getting process mem for pid=480: OpenProcess failed for pid=480: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.382+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process csrss.exe with pid=700: error getting process mem for pid=700: OpenProcess failed for pid=700: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.383+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process csrss.exe with pid=776: error getting process mem for pid=776: OpenProcess failed for pid=776: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.383+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process wininit.exe with pid=800: error getting process mem for pid=800: OpenProcess failed for pid=800: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.383+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process services.exe with pid=900: error getting process mem for pid=900: OpenProcess failed for pid=900: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.391+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process MemCompression with pid=2060: error getting process mem for pid=2060: OpenProcess failed for pid=2060: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.399+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:51.345Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process_summary-default\"\n },\n \"agent\": {\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\"\n },\n \"event\": {\n \"module\": \"system\",\n \"duration\": 52951100,\n \"dataset\": \"system.process_summary\"\n },\n \"metricset\": {\n \"name\": \"process_summary\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"process\": {\n \"summary\": {\n \"idle\": 0,\n \"stopped\": 0,\n \"zombie\": 0,\n \"unknown\": 3,\n \"dead\": 0,\n \"total\": 251,\n \"sleeping\": 0,\n \"running\": 248\n }\n }\n },\n \"data_stream\": {\n \"dataset\": \"system.process_summary\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"name\": \"Hamid-PC\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.405+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process MsMpEng.exe with pid=4136: error getting process mem for pid=4136: OpenProcess failed for pid=4136: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.409+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process NisSrv.exe with pid=4004: error getting process mem for pid=4004: OpenProcess failed for pid=4004: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.418+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process SecurityHealthService.exe with pid=4240: error getting process mem for pid=4240: OpenProcess failed for pid=4240: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.427+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process SgrmBroker.exe with pid=7692: error getting process mem for pid=7692: OpenProcess failed for pid=7692: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.430+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process svchost.exe with pid=9264: error getting process mem for pid=9264: OpenProcess failed for pid=9264: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.445+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process svchost.exe with pid=14552: error getting process mem for pid=14552: OpenProcess failed for pid=14552: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.447+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":434},"message":"Filtered top processes down to 9 processes","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.448+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:51.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"process\": {\n \"ppid\": 900,\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\WINDOWS\\\\System32\\\\svchost.exe\",\n \"-k\",\n \"LocalServiceNoNetwork\",\n \"-p\",\n \"-s\",\n \"DPS\"\n ],\n \"name\": \"svchost.exe\",\n \"pid\": 5192\n },\n \"user\": {\n \"name\": \"NT AUTHORITY\\\\LOCAL SERVICE\"\n },\n \"host\": {\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"name\": \"Hamid-PC\"\n },\n \"agent\": {\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\"\n },\n \"data_stream\": {\n \"dataset\": \"system.process\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"process\": {\n \"state\": \"running\",\n \"cpu\": {\n \"start_time\": \"2020-09-01T11:07:52.072Z\",\n \"total\": {\n \"value\": 46468,\n \"pct\": 0.2959,\n \"norm\": {\n \"pct\": 0.074\n }\n }\n },\n \"cmdline\": \"C:\\\\WINDOWS\\\\System32\\\\svchost.exe -k LocalServiceNoNetwork -p -s DPS\",\n \"memory\": {\n \"size\": 30150656,\n \"rss\": {\n \"pct\": 0.0047,\n \"bytes\": 39669760\n },\n \"share\": 0\n }\n }\n },\n \"event\": {\n \"dataset\": \"system.process\",\n \"module\": \"system\",\n \"duration\": 72982200\n },\n \"metricset\": {\n \"period\": 10000,\n \"name\": \"process\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.448+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:51.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"data_stream\": {\n \"dataset\": \"system.process\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"process\": {\n \"name\": \"chrome.exe\",\n \"pid\": 6856,\n \"ppid\": 1768,\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\Program Files (x86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe\",\n \"--type=renderer\",\n \"--field-trial-handle=1548,14710917769990325656,12595360292849818750,131072\",\n \"--lang=en-US\",\n \"--enable-auto-reload\",\n \"--origin-trial-disabled-features=MeasureMemory\",\n \"--device-scale-factor=1\",\n \"--num-raster-threads=2\",\n \"--enable-main-frame-before-activation\",\n \"--renderer-client-id=107\",\n \"--no-v8-untrusted-code-mitigations\",\n \"--mojo-platform-channel-handle=4072\",\n \"/prefetch:1\"\n ]\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n },\n \"event\": {\n \"dataset\": \"system.process\",\n \"module\": \"system\",\n \"duration\": 72982200\n },\n \"system\": {\n \"process\": {\n \"cpu\": {\n \"total\": {\n \"value\": 7577,\n \"pct\": 0.2154,\n \"norm\": {\n \"pct\": 0.0539\n }\n },\n \"start_time\": \"2020-09-02T08:34:37.644Z\"\n },\n \"state\": \"running\",\n \"memory\": {\n \"size\": 108367872,\n \"rss\": {\n \"bytes\": 135753728,\n \"pct\": 0.0162\n },\n \"share\": 0\n },\n \"cmdline\": \"C:\\\\Program Files (x86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe --type=renderer --field-trial-handle=1548,14710917769990325656,12595360292849818750,131072 --lang=en-US --enable-auto-reload --origin-trial-disabled-features=MeasureMemory --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1\"\n }\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"name\": \"Hamid-PC\",\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\"\n },\n \"agent\": {\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.448+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:51.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"agent\": {\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\"\n },\n \"process\": {\n \"pid\": 9028,\n \"ppid\": 1768,\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\Program Files (x86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe\",\n \"--type=utility\",\n \"--utility-sub-type=network.mojom.NetworkService\",\n \"--field-trial-handle=1548,14710917769990325656,12595360292849818750,131072\",\n \"--lang=en-US\",\n \"--service-sandbox-type=network\",\n \"--enable-audio-service-sandbox\",\n \"--mojo-platform-channel-handle=1960\",\n \"/prefetch:8\"\n ],\n \"name\": \"chrome.exe\"\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"process\": {\n \"memory\": {\n \"size\": 62722048,\n \"rss\": {\n \"pct\": 0.009,\n \"bytes\": 75087872\n },\n \"share\": 0\n },\n \"cmdline\": \"C:\\\\Program Files (x86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1548,14710917769990325656,12595360292849818750,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1960 /prefetch:8\",\n \"cpu\": {\n \"total\": {\n \"norm\": {\n \"pct\": 0.0359\n },\n \"value\": 43062,\n \"pct\": 0.1438\n },\n \"start_time\": \"2020-09-01T11:13:17.404Z\"\n },\n \"state\": \"running\"\n }\n },\n \"data_stream\": {\n \"dataset\": \"system.process\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"event\": {\n \"dataset\": \"system.process\",\n \"module\": \"system\",\n \"duration\": 72982200\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"name\": \"Hamid-PC\",\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.449+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:51.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n },\n \"metricset\": {\n \"period\": 10000,\n \"name\": \"process\"\n },\n \"system\": {\n \"process\": {\n \"cmdline\": \"C:\\\\Program Files (x86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --origin-trial-disabled-features=MeasureMemory --restore-last-session\",\n \"cpu\": {\n \"start_time\": \"2020-09-01T11:11:59.970Z\",\n \"total\": {\n \"value\": 293609,\n \"pct\": 0.0822,\n \"norm\": {\n \"pct\": 0.0205\n }\n }\n },\n \"state\": \"running\",\n \"memory\": {\n \"size\": 229138432,\n \"rss\": {\n \"bytes\": 234135552,\n \"pct\": 0.028\n },\n \"share\": 0\n }\n }\n },\n \"data_stream\": {\n \"dataset\": \"system.process\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"host\": {\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"name\": \"Hamid-PC\",\n \"os\": {\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\"\n },\n \"event\": {\n \"module\": \"system\",\n \"duration\": 73942000,\n \"dataset\": \"system.process\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"process\": {\n \"ppid\": 3480,\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\Program Files (x86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe\",\n \"--flag-switches-begin\",\n \"--flag-switches-end\",\n \"--enable-audio-service-sandbox\",\n \"--origin-trial-disabled-features=MeasureMemory\",\n \"--restore-last-session\"\n ],\n \"name\": \"chrome.exe\",\n \"pid\": 1768\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"agent\": {\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.449+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:51.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"process\": {\n \"pid\": 15268,\n \"ppid\": 1688,\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\WINDOWS\\\\system32\\\\wermgr.exe\",\n \"-upload\"\n ],\n \"name\": \"wermgr.exe\"\n },\n \"event\": {\n \"dataset\": \"system.process\",\n \"module\": \"system\",\n \"duration\": 73942000\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.process\",\n \"namespace\": \"default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"user\": {\n \"name\": \"NT AUTHORITY\\\\SYSTEM\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"process\": {\n \"cmdline\": \"C:\\\\WINDOWS\\\\system32\\\\wermgr.exe -upload\",\n \"memory\": {\n \"size\": 4976640,\n \"rss\": {\n \"bytes\": 12804096,\n \"pct\": 0.0015\n },\n \"share\": 0\n },\n \"state\": \"running\",\n \"cpu\": {\n \"start_time\": \"2020-09-02T09:29:59.484Z\",\n \"total\": {\n \"value\": 4327,\n \"pct\": 0.0554,\n \"norm\": {\n \"pct\": 0.0138\n }\n }\n }\n }\n },\n \"host\": {\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"name\": \"Hamid-PC\",\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\"\n }\n },\n \"agent\": {\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.449+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:51.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"event\": {\n \"duration\": 74982400,\n \"dataset\": \"system.process\",\n \"module\": \"system\"\n },\n \"host\": {\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\"\n },\n \"name\": \"Hamid-PC\",\n \"id\": \"99800768-a362-4799-9840-677baad76c96\"\n },\n \"agent\": {\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\"\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.process\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"process\": {\n \"memory\": {\n \"size\": 148865024,\n \"rss\": {\n \"pct\": 0.028,\n \"bytes\": 234180608\n },\n \"share\": 0\n },\n \"cmdline\": \"C:\\\\Windows\\\\SystemApps\\\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\\\SearchUI.exe -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca\",\n \"cpu\": {\n \"total\": {\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n },\n \"value\": 60749\n },\n \"start_time\": \"2020-09-01T11:11:50.306Z\"\n },\n \"state\": \"running\"\n }\n },\n \"process\": {\n \"name\": \"SearchUI.exe\",\n \"pid\": 3256,\n \"ppid\": 660,\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\Windows\\\\SystemApps\\\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\\\SearchUI.exe\",\n \"-ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca\"\n ]\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.450+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:51.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"process\": {\n \"args\": [\n \"C:\\\\Program Files (x86)\\\\Mozilla Thunderbird\\\\thunderbird.exe\"\n ],\n \"name\": \"thunderbird.exe\",\n \"pid\": 4824,\n \"ppid\": 3480,\n \"pgid\": 0\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n },\n \"event\": {\n \"dataset\": \"system.process\",\n \"module\": \"system\",\n \"duration\": 74982400\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"process\": {\n \"cpu\": {\n \"total\": {\n \"value\": 35031,\n \"pct\": 0.0412,\n \"norm\": {\n \"pct\": 0.0103\n }\n },\n \"start_time\": \"2020-09-01T13:36:21.496Z\"\n },\n \"state\": \"running\",\n \"memory\": {\n \"share\": 0,\n \"size\": 162873344,\n \"rss\": {\n \"pct\": 0.0219,\n \"bytes\": 183836672\n }\n },\n \"cmdline\": \"C:\\\\Program Files (x86)\\\\Mozilla Thunderbird\\\\thunderbird.exe\"\n }\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"metricset\": {\n \"period\": 10000,\n \"name\": \"process\"\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.process\"\n },\n \"host\": {\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"name\": \"Hamid-PC\",\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ]\n },\n \"agent\": {\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.450+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:51.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"host\": {\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"name\": \"Hamid-PC\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ]\n },\n \"system\": {\n \"process\": {\n \"state\": \"running\",\n \"cmdline\": \"C:\\\\Program Files (x86)\\\\Dropbox\\\\Client\\\\Dropbox.exe /systemstartup\",\n \"memory\": {\n \"size\": 226177024,\n \"rss\": {\n \"bytes\": 153128960,\n \"pct\": 0.0183\n },\n \"share\": 0\n },\n \"cpu\": {\n \"total\": {\n \"pct\": 0.0064,\n \"norm\": {\n \"pct\": 0.0016\n },\n \"value\": 185125\n },\n \"start_time\": \"2020-09-01T11:12:20.366Z\"\n }\n }\n },\n \"process\": {\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\Program Files (x86)\\\\Dropbox\\\\Client\\\\Dropbox.exe\",\n \"/systemstartup\"\n ],\n \"name\": \"Dropbox.exe\",\n \"pid\": 9868,\n \"ppid\": 8548\n },\n \"event\": {\n \"dataset\": \"system.process\",\n \"module\": \"system\",\n \"duration\": 74982400\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"agent\": {\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\"\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"data_stream\": {\n \"dataset\": \"system.process\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.451+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:51.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"host\": {\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"name\": \"Hamid-PC\",\n \"os\": {\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ]\n },\n \"agent\": {\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\"\n },\n \"process\": {\n \"ppid\": 1768,\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\Program Files (x86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe\",\n \"--type=renderer\",\n \"--field-trial-handle=1548,14710917769990325656,12595360292849818750,131072\",\n \"--lang=en-US\",\n \"--enable-auto-reload\",\n \"--origin-trial-disabled-features=MeasureMemory\",\n \"--device-scale-factor=1\",\n \"--num-raster-threads=2\",\n \"--enable-main-frame-before-activation\",\n \"--renderer-client-id=7\",\n \"--no-v8-untrusted-code-mitigations\",\n \"--mojo-platform-channel-handle=2976\",\n \"/prefetch:1\"\n ],\n \"name\": \"chrome.exe\",\n \"pid\": 9508\n },\n \"event\": {\n \"duration\": 75980900,\n \"dataset\": \"system.process\",\n \"module\": \"system\"\n },\n \"metricset\": {\n \"period\": 10000,\n \"name\": \"process\"\n },\n \"system\": {\n \"process\": {\n \"memory\": {\n \"size\": 126668800,\n \"rss\": {\n \"pct\": 0.0165,\n \"bytes\": 138428416\n },\n \"share\": 0\n },\n \"cpu\": {\n \"total\": {\n \"value\": 41452,\n \"pct\": 0.0015,\n \"norm\": {\n \"pct\": 0.0004\n }\n },\n \"start_time\": \"2020-09-01T11:14:12.015Z\"\n },\n \"state\": \"running\",\n \"cmdline\": \"C:\\\\Program Files (x86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe --type=renderer --field-trial-handle=1548,14710917769990325656,12595360292849818750,131072 --lang=en-US --enable-auto-reload --origin-trial-disabled-features=MeasureMemory --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2976 /prefetch:1\"\n }\n },\n \"data_stream\": {\n \"dataset\": \"system.process\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:57:51.618+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:57:51.439Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.memory-default\"\n },\n \"metricset\": {\n \"name\": \"memory\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"memory\": {\n \"total\": 8375672832,\n \"used\": {\n \"bytes\": 5279748096,\n \"pct\": 0.6304\n },\n \"free\": 3095924736,\n \"actual\": {\n \"used\": {\n \"pct\": 0.6304,\n \"bytes\": 5279748096\n },\n \"free\": 3095924736\n },\n \"swap\": {\n \"used\": {\n \"bytes\": 6982021120,\n \"pct\": 0.4115\n },\n \"free\": 9983586304,\n \"total\": 16965607424\n }\n }\n },\n \"event\": {\n \"duration\": 178963700,\n \"dataset\": \"system.memory\",\n \"module\": \"system\"\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.memory\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"os\": {\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\"\n },\n \"name\": \"Hamid-PC\",\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\"\n },\n \"agent\": {\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-09-02T12:58:00.029+0300","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":1406,"time":{"ms":453}},"total":{"ticks":2296,"time":{"ms":718},"value":2296},"user":{"ticks":890,"time":{"ms":265}}},"handles":{"open":390},"info":{"ephemeral_id":"41aad6a1-ed1e-4ddf-885b-8ce2690911a1","uptime":{"ms":65089}},"memstats":{"gc_next":19349856,"memory_alloc":13893408,"memory_total":48847768,"rss":1859584},"runtime":{"goroutines":69}},"libbeat":{"config":{"module":{"running":8}},"pipeline":{"clients":8,"events":{"active":154,"published":77,"total":77}}},"metricbeat":{"system":{"cpu":{"events":3,"success":3},"diskio":{"events":6,"success":6},"memory":{"events":3,"success":3},"network":{"events":30,"success":30},"process":{"events":26,"success":26},"process_summary":{"events":3,"success":3},"socket_summary":{"events":3,"success":3},"uptime":{"events":3,"success":3}}}},"ecs.version":"1.5.0"}}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:01.097+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:58:01.097Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.uptime-default\"\n },\n \"host\": {\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"name\": \"Hamid-PC\",\n \"os\": {\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ]\n },\n \"agent\": {\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\"\n },\n \"system\": {\n \"uptime\": {\n \"duration\": {\n \"ms\": 82301906\n }\n }\n },\n \"event\": {\n \"dataset\": \"system.uptime\",\n \"module\": \"system\"\n },\n \"metricset\": {\n \"name\": \"uptime\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.uptime\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:01.098+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:58:01.097Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.diskio-default\"\n },\n \"agent\": {\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"metricset\": {\n \"name\": \"diskio\",\n \"period\": 10000\n },\n \"event\": {\n \"dataset\": \"system.diskio\",\n \"module\": \"system\",\n \"duration\": 940900\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"diskio\": {\n \"read\": {\n \"count\": 241634,\n \"time\": 28658366,\n \"bytes\": 8583357440\n },\n \"write\": {\n \"bytes\": 4561189376,\n \"count\": 200604,\n \"time\": 5696445\n },\n \"io\": {\n \"time\": 0\n },\n \"name\": \"C:\"\n }\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.diskio\",\n \"namespace\": \"default\"\n },\n \"host\": {\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"name\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:01.098+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:58:01.097Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.diskio-default\"\n },\n \"host\": {\n \"name\": \"Hamid-PC\",\n \"os\": {\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\"\n },\n \"agent\": {\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\"\n },\n \"system\": {\n \"diskio\": {\n \"name\": \"D:\",\n \"read\": {\n \"count\": 2429,\n \"time\": 47155,\n \"bytes\": 63854592\n },\n \"write\": {\n \"count\": 1577,\n \"time\": 9228,\n \"bytes\": 16106496\n },\n \"io\": {\n \"time\": 0\n }\n }\n },\n \"event\": {\n \"dataset\": \"system.diskio\",\n \"module\": \"system\",\n \"duration\": 940900\n },\n \"metricset\": {\n \"period\": 10000,\n \"name\": \"diskio\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.diskio\",\n \"namespace\": \"default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:01.113+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:58:01.110Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.socket_summary-default\"\n },\n \"event\": {\n \"dataset\": \"system.socket_summary\",\n \"module\": \"system\",\n \"duration\": 2003700\n },\n \"metricset\": {\n \"name\": \"socket_summary\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"socket\": {\n \"summary\": {\n \"all\": {\n \"count\": 327,\n \"listening\": 47\n },\n \"tcp\": {\n \"all\": {\n \"time_wait\": 99,\n \"count\": 233,\n \"listening\": 47,\n \"established\": 84,\n \"close_wait\": 2\n }\n },\n \"udp\": {\n \"all\": {\n \"count\": 94\n }\n }\n }\n }\n },\n \"data_stream\": {\n \"dataset\": \"system.socket_summary\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"host\": {\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"name\": \"Hamid-PC\",\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ]\n },\n \"agent\": {\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:01.138+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:58:01.138Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.cpu-default\"\n },\n \"metricset\": {\n \"period\": 10000,\n \"name\": \"cpu\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"cpu\": {\n \"nice\": {\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n }\n },\n \"user\": {\n \"norm\": {\n \"pct\": 0.0891\n },\n \"pct\": 0.3562\n },\n \"steal\": {\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n }\n },\n \"iowait\": {\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n }\n },\n \"irq\": {\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n }\n },\n \"total\": {\n \"norm\": {\n \"pct\": 0.1617\n },\n \"pct\": 0.6468\n },\n \"cores\": 4,\n \"system\": {\n \"norm\": {\n \"pct\": 0.0727\n },\n \"pct\": 0.2906\n },\n \"idle\": {\n \"pct\": 3.3532,\n \"norm\": {\n \"pct\": 0.8383\n }\n },\n \"softirq\": {\n \"pct\": 0,\n \"norm\": {\n \"pct\": 0\n }\n }\n }\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.cpu\",\n \"namespace\": \"default\"\n },\n \"agent\": {\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"name\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\"\n },\n \"event\": {\n \"dataset\": \"system.cpu\",\n \"module\": \"system\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:01.168+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:58:01.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"system\": {\n \"network\": {\n \"out\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 0,\n \"bytes\": 0\n },\n \"name\": \"Local Area Connection\",\n \"in\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0\n }\n }\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\"\n },\n \"name\": \"Hamid-PC\",\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ]\n },\n \"agent\": {\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\"\n },\n \"event\": {\n \"dataset\": \"system.network\",\n \"module\": \"system\",\n \"duration\": 16004400\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:01.169+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:58:01.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"in\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0\n },\n \"out\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 0,\n \"bytes\": 0\n },\n \"name\": \"VirtualBox Host-Only Network\"\n }\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"name\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\"\n },\n \"agent\": {\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\"\n },\n \"event\": {\n \"module\": \"system\",\n \"duration\": 16004400,\n \"dataset\": \"system.network\"\n },\n \"metricset\": {\n \"period\": 10000,\n \"name\": \"network\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:01.169+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:58:01.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"name\": \"Local Area Connection* 10\",\n \"in\": {\n \"packets\": 0,\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0\n },\n \"out\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 0,\n \"bytes\": 0\n }\n }\n },\n \"event\": {\n \"dataset\": \"system.network\",\n \"module\": \"system\",\n \"duration\": 16004400\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n },\n \"agent\": {\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"name\": \"Hamid-PC\",\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ]\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:01.169+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:58:01.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"agent\": {\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"name\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\"\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"event\": {\n \"dataset\": \"system.network\",\n \"module\": \"system\",\n \"duration\": 16965700\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"in\": {\n \"bytes\": 0,\n \"packets\": 0,\n \"errors\": 0,\n \"dropped\": 0\n },\n \"out\": {\n \"bytes\": 0,\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 0\n },\n \"name\": \"Local Area Connection* 13\"\n }\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.network\",\n \"namespace\": \"default\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:01.169+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:58:01.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.network\",\n \"namespace\": \"default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"os\": {\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\"\n },\n \"name\": \"Hamid-PC\",\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\"\n },\n \"agent\": {\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\"\n },\n \"system\": {\n \"network\": {\n \"out\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 0,\n \"bytes\": 0\n },\n \"name\": \"Mobile Broadband Connection\",\n \"in\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0\n }\n }\n },\n \"event\": {\n \"dataset\": \"system.network\",\n \"module\": \"system\",\n \"duration\": 16965700\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:01.169+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:58:01.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"name\": \"VMware Network Adapter VMnet1\",\n \"in\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0\n },\n \"out\": {\n \"packets\": 0,\n \"bytes\": 748,\n \"errors\": 0,\n \"dropped\": 0\n }\n }\n },\n \"event\": {\n \"module\": \"system\",\n \"duration\": 16965700,\n \"dataset\": \"system.network\"\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.network\",\n \"namespace\": \"default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"name\": \"Hamid-PC\",\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\"\n }\n },\n \"agent\": {\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:01.170+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:58:01.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"name\": \"Hamid-PC\",\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ]\n },\n \"agent\": {\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\"\n },\n \"system\": {\n \"network\": {\n \"name\": \"VMware Network Adapter VMnet8\",\n \"in\": {\n \"errors\": 0,\n \"dropped\": 0,\n \"bytes\": 0,\n \"packets\": 0\n },\n \"out\": {\n \"bytes\": 741,\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 0\n }\n }\n },\n \"event\": {\n \"dataset\": \"system.network\",\n \"module\": \"system\",\n \"duration\": 16965700\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:01.170+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:58:01.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\"\n },\n \"name\": \"Hamid-PC\",\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ]\n },\n \"event\": {\n \"module\": \"system\",\n \"duration\": 16965700,\n \"dataset\": \"system.network\"\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"in\": {\n \"bytes\": 8986530,\n \"packets\": 15392,\n \"errors\": 0,\n \"dropped\": 0\n },\n \"out\": {\n \"bytes\": 7590404,\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 34452\n },\n \"name\": \"Wi-Fi\"\n }\n },\n \"data_stream\": {\n \"type\": \"metrics\",\n \"dataset\": \"system.network\",\n \"namespace\": \"default\"\n },\n \"agent\": {\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:01.170+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:58:01.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"event\": {\n \"duration\": 18021600,\n \"dataset\": \"system.network\",\n \"module\": \"system\"\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"name\": \"Hamid-PC\",\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ]\n },\n \"agent\": {\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\"\n },\n \"metricset\": {\n \"name\": \"network\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"in\": {\n \"bytes\": 0,\n \"packets\": 0,\n \"errors\": 0,\n \"dropped\": 0\n },\n \"out\": {\n \"bytes\": 0,\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 0\n },\n \"name\": \"Loopback Pseudo-Interface 1\"\n }\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:01.170+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:58:01.152Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.network-default\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"host\": {\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"name\": \"Hamid-PC\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ]\n },\n \"agent\": {\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\"\n },\n \"event\": {\n \"module\": \"system\",\n \"duration\": 18021600,\n \"dataset\": \"system.network\"\n },\n \"metricset\": {\n \"period\": 10000,\n \"name\": \"network\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"network\": {\n \"name\": \"vEthernet (Default Switch)\",\n \"in\": {\n \"bytes\": 0,\n \"packets\": 0,\n \"errors\": 0,\n \"dropped\": 0\n },\n \"out\": {\n \"bytes\": 1935674,\n \"errors\": 0,\n \"dropped\": 0,\n \"packets\": 0\n }\n }\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.network\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:01.381+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":475},"message":"Skip process pid=0: error getting process state for pid=0: getProcName failed: OpenProcess failed for pid=0: The parameter is incorrect.; getProcStatus failed: OpenProcess failed for pid=0: The parameter is incorrect.; getParentPid failed: OpenProcess failed for pid=0: The parameter is incorrect.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:01.381+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":475},"message":"Skip process pid=4: error getting process state for pid=4: getProcName failed: GetProcessImageFileName failed for pid=4: GetProcessImageFileName failed: invalid argument","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:01.381+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":475},"message":"Skip process pid=56: error getting process state for pid=56: getProcName failed: GetProcessImageFileName failed for pid=56: GetProcessImageFileName failed: invalid argument","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:01.381+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process Registry with pid=100: error getting process mem for pid=100: OpenProcess failed for pid=100: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:01.382+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process smss.exe with pid=480: error getting process mem for pid=480: OpenProcess failed for pid=480: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:01.382+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process csrss.exe with pid=700: error getting process mem for pid=700: OpenProcess failed for pid=700: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:01.382+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process csrss.exe with pid=776: error getting process mem for pid=776: OpenProcess failed for pid=776: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:01.382+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process wininit.exe with pid=800: error getting process mem for pid=800: OpenProcess failed for pid=800: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:01.383+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process services.exe with pid=900: error getting process mem for pid=900: OpenProcess failed for pid=900: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:01.392+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process MemCompression with pid=2060: error getting process mem for pid=2060: OpenProcess failed for pid=2060: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:01.404+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:58:01.344Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process_summary-default\"\n },\n \"host\": {\n \"name\": \"Hamid-PC\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\"\n },\n \"event\": {\n \"module\": \"system\",\n \"duration\": 60000900,\n \"dataset\": \"system.process_summary\"\n },\n \"metricset\": {\n \"name\": \"process_summary\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"process\": {\n \"summary\": {\n \"unknown\": 3,\n \"dead\": 0,\n \"total\": 250,\n \"sleeping\": 0,\n \"running\": 247,\n \"idle\": 0,\n \"stopped\": 0,\n \"zombie\": 0\n }\n }\n },\n \"data_stream\": {\n \"dataset\": \"system.process_summary\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"agent\": {\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:01.409+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process MsMpEng.exe with pid=4136: error getting process mem for pid=4136: OpenProcess failed for pid=4136: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:01.415+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process NisSrv.exe with pid=4004: error getting process mem for pid=4004: OpenProcess failed for pid=4004: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:01.424+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process SecurityHealthService.exe with pid=4240: error getting process mem for pid=4240: OpenProcess failed for pid=4240: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:01.434+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process SgrmBroker.exe with pid=7692: error getting process mem for pid=7692: OpenProcess failed for pid=7692: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:01.437+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process svchost.exe with pid=9264: error getting process mem for pid=9264: OpenProcess failed for pid=9264: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:01.451+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":486},"message":"Error getting details for process svchost.exe with pid=14552: error getting process mem for pid=14552: OpenProcess failed for pid=14552: Access is denied.","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:01.453+0300","log.logger":"processes","log.origin":{"file.name":"process/process.go","file.line":434},"message":"Filtered top processes down to 9 processes","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:01.454+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:58:01.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"process\": {\n \"args\": [\n \"C:\\\\Program Files (x86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe\",\n \"--type=renderer\",\n \"--field-trial-handle=1548,14710917769990325656,12595360292849818750,131072\",\n \"--lang=en-US\",\n \"--enable-auto-reload\",\n \"--origin-trial-disabled-features=MeasureMemory\",\n \"--device-scale-factor=1\",\n \"--num-raster-threads=2\",\n \"--enable-main-frame-before-activation\",\n \"--renderer-client-id=107\",\n \"--no-v8-untrusted-code-mitigations\",\n \"--mojo-platform-channel-handle=4072\",\n \"/prefetch:1\"\n ],\n \"name\": \"chrome.exe\",\n \"pid\": 6856,\n \"ppid\": 1768,\n \"pgid\": 0\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"process\": {\n \"state\": \"running\",\n \"cpu\": {\n \"total\": {\n \"value\": 9375,\n \"pct\": 0.1797,\n \"norm\": {\n \"pct\": 0.0449\n }\n },\n \"start_time\": \"2020-09-02T08:34:37.644Z\"\n },\n \"memory\": {\n \"size\": 97964032,\n \"rss\": {\n \"bytes\": 133074944,\n \"pct\": 0.0159\n },\n \"share\": 0\n },\n \"cmdline\": \"C:\\\\Program Files (x86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe --type=renderer --field-trial-handle=1548,14710917769990325656,12595360292849818750,131072 --lang=en-US --enable-auto-reload --origin-trial-disabled-features=MeasureMemory --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1\"\n }\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n },\n \"event\": {\n \"dataset\": \"system.process\",\n \"module\": \"system\",\n \"duration\": 79000900\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.process\"\n },\n \"host\": {\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"name\": \"Hamid-PC\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ]\n },\n \"agent\": {\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:01.454+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:58:01.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"process\": {\n \"name\": \"wermgr.exe\",\n \"pid\": 15268,\n \"ppid\": 1688,\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\WINDOWS\\\\system32\\\\wermgr.exe\",\n \"-upload\"\n ]\n },\n \"data_stream\": {\n \"namespace\": \"default\",\n \"type\": \"metrics\",\n \"dataset\": \"system.process\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"user\": {\n \"name\": \"NT AUTHORITY\\\\SYSTEM\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"process\": {\n \"cmdline\": \"C:\\\\WINDOWS\\\\system32\\\\wermgr.exe -upload\",\n \"state\": \"running\",\n \"memory\": {\n \"share\": 0,\n \"size\": 4964352,\n \"rss\": {\n \"bytes\": 12513280,\n \"pct\": 0.0015\n }\n },\n \"cpu\": {\n \"total\": {\n \"pct\": 0.139,\n \"norm\": {\n \"pct\": 0.0348\n },\n \"value\": 5718\n },\n \"start_time\": \"2020-09-02T09:29:59.484Z\"\n }\n }\n },\n \"host\": {\n \"os\": {\n \"build\": \"18363.1016\",\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"name\": \"Hamid-PC\",\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\"\n },\n \"agent\": {\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\"\n },\n \"event\": {\n \"dataset\": \"system.process\",\n \"module\": \"system\",\n \"duration\": 79000900\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:01.454+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:58:01.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"process\": {\n \"args\": [\n \"C:\\\\Program Files (x86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe\",\n \"--type=gpu-process\",\n \"--field-trial-handle=1548,14710917769990325656,12595360292849818750,131072\",\n \"--gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA=\",\n \"--mojo-platform-channel-handle=1596\",\n \"/prefetch:2\"\n ],\n \"name\": \"chrome.exe\",\n \"pid\": 5364,\n \"ppid\": 1768,\n \"pgid\": 0\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n },\n \"event\": {\n \"module\": \"system\",\n \"duration\": 79000900,\n \"dataset\": \"system.process\"\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"system\": {\n \"process\": {\n \"state\": \"running\",\n \"cpu\": {\n \"total\": {\n \"pct\": 0.064,\n \"norm\": {\n \"pct\": 0.016\n },\n \"value\": 178124\n },\n \"start_time\": \"2020-09-01T11:13:15.915Z\"\n },\n \"memory\": {\n \"rss\": {\n \"bytes\": 124387328,\n \"pct\": 0.0149\n },\n \"share\": 0,\n \"size\": 153354240\n },\n \"cmdline\": \"C:\\\\Program Files (x86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe --type=gpu-process --field-trial-handle=1548,14710917769990325656,12595360292849818750,131072 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1596 /prefetch:2\"\n }\n },\n \"data_stream\": {\n \"dataset\": \"system.process\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"host\": {\n \"name\": \"Hamid-PC\",\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\"\n },\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ]\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"agent\": {\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\",\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:01.455+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:58:01.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"process\": {\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\Program Files (x86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe\",\n \"--flag-switches-begin\",\n \"--flag-switches-end\",\n \"--enable-audio-service-sandbox\",\n \"--origin-trial-disabled-features=MeasureMemory\",\n \"--restore-last-session\"\n ],\n \"name\": \"chrome.exe\",\n \"pid\": 1768,\n \"ppid\": 3480\n },\n \"user\": {\n \"name\": \"Hamid-PC\\\\Hamid\"\n },\n \"event\": {\n \"dataset\": \"system.process\",\n \"module\": \"system\",\n \"duration\": 80001500\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"system\": {\n \"process\": {\n \"state\": \"running\",\n \"cmdline\": \"C:\\\\Program Files (x86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --origin-trial-disabled-features=MeasureMemory --restore-last-session\",\n \"memory\": {\n \"size\": 229138432,\n \"rss\": {\n \"bytes\": 234303488,\n \"pct\": 0.028\n },\n \"share\": 0\n },\n \"cpu\": {\n \"start_time\": \"2020-09-01T11:11:59.970Z\",\n \"total\": {\n \"value\": 294140,\n \"pct\": 0.0531,\n \"norm\": {\n \"pct\": 0.0133\n }\n }\n }\n }\n },\n \"metricset\": {\n \"name\": \"process\",\n \"period\": 10000\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"data_stream\": {\n \"dataset\": \"system.process\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n },\n \"host\": {\n \"architecture\": \"x86_64\",\n \"os\": {\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\",\n \"platform\": \"windows\"\n },\n \"name\": \"Hamid-PC\",\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ],\n \"hostname\": \"Hamid-PC\"\n },\n \"agent\": {\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\"\n }\n}","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-09-02T12:58:01.455+0300","log.logger":"processors","log.origin":{"file.name":"processing/processors.go","file.line":187},"message":"Publish event: {\n \"@timestamp\": \"2020-09-02T09:58:01.374Z\",\n \"@metadata\": {\n \"beat\": \"metricbeat\",\n \"type\": \"_doc\",\n \"version\": \"7.9.0\",\n \"raw_index\": \"metrics-system.process-default\"\n },\n \"host\": {\n \"hostname\": \"Hamid-PC\",\n \"architecture\": \"x86_64\",\n \"os\": {\n \"platform\": \"windows\",\n \"version\": \"10.0\",\n \"family\": \"windows\",\n \"name\": \"Windows 10 Pro\",\n \"kernel\": \"10.0.18362.1016 (WinBuild.160101.0800)\",\n \"build\": \"18363.1016\"\n },\n \"name\": \"Hamid-PC\",\n \"id\": \"99800768-a362-4799-9840-677baad76c96\",\n \"ip\": [\n \"fe80::29ce:d576:7bf7:6f17\",\n \"192.168.0.40\",\n \"fe80::5d9e:14a9:f711:2688\",\n \"192.168.56.1\",\n \"fe80::6916:2c0f:d5b7:e3dc\",\n \"169.254.227.220\",\n \"fe80::886e:6edc:cb00:f42\",\n \"169.254.15.66\",\n \"fe80::6463:a1d1:beb5:8061\",\n \"192.168.188.1\",\n \"fe80::98e0:fc9a:de73:45cc\",\n \"192.168.108.1\",\n \"fe80::21ed:d7bf:86e:131\",\n \"10.30.30.131\",\n \"fe80::c4db:8ca7:7b84:1e80\",\n \"172.18.111.113\"\n ],\n \"mac\": [\n \"5c:ff:35:06:57:f3\",\n \"0a:00:27:00:00:11\",\n \"00:24:d7:9b:29:6d\",\n \"02:24:d7:9b:29:6c\",\n \"00:50:56:c0:00:01\",\n \"00:50:56:c0:00:08\",\n \"00:24:d7:9b:29:6c\",\n \"00:15:5d:38:42:6d\"\n ]\n },\n \"agent\": {\n \"ephemeral_id\": \"41aad6a1-ed1e-4ddf-885b-8ce2690911a1\",\n \"id\": \"864913ac-c66b-45c8-ba7e-89feb383d023\",\n \"name\": \"Hamid-PC\",\n \"type\": \"metricbeat\",\n \"version\": \"7.9.0\",\n \"hostname\": \"Hamid-PC\"\n },\n \"process\": {\n \"ppid\": 900,\n \"pgid\": 0,\n \"args\": [\n \"C:\\\\WINDOWS\\\\System32\\\\svchost.exe\",\n \"-k\",\n \"LocalServiceNoNetwork\",\n \"-p\",\n \"-s\",\n \"DPS\"\n ],\n \"name\": \"svchost.exe\",\n \"pid\": 5192\n },\n \"user\": {\n \"name\": \"NT AUTHORITY\\\\LOCAL SERVICE\"\n },\n \"event\": {\n \"duration\": 80001500,\n \"dataset\": \"system.process\",\n \"module\": \"system\"\n },\n \"metricset\": {\n \"period\": 10000,\n \"name\": \"process\"\n },\n \"ecs\": {\n \"version\": \"1.5.0\"\n },\n \"service\": {\n \"type\": \"system\"\n },\n \"system\": {\n \"process\": {\n \"state\": \"running\",\n \"cpu\": {\n \"total\": {\n \"value\": 46811,\n \"pct\": 0.0343,\n \"norm\": {\n \"pct\": 0.0086\n }\n },\n \"start_time\": \"2020-09-01T11:07:52.072Z\"\n },\n \"memory\": {\n \"size\": 29618176,\n \"rss\": {\n \"bytes\": 39206912,\n \"pct\": 0.0047\n },\n \"share\": 0\n },\n \"cmdline\": \"C:\\\\WINDOWS\\\\System32\\\\svchost.exe -k LocalServiceNoNetwork -p -s DPS\"\n }\n },\n \"data_stream\": {\n \"dataset\": \"system.process\",\n \"namespace\": \"default\",\n \"type\": \"metrics\"\n }\n}","ecs.version":"1.5.0"}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment