osztrovszkyzs-ahrt/elastic-sample-logline.json Secret

## elastic-sample-logline.json
{
  "_index": ".ds-logs-jira_audit_logs-jira-2024.09.19-000001",
  "_id": "M2ayI5IB8FUCCTZtW7KL",
  "_version": 1,
  "_score": 0,
  "_source": {
    "agent": {
      "name": "test-v01",
      "id": "5b8f4dd8-989f-4bfd-87bd-cac8a5a32b14",
      "type": "filebeat",
      "ephemeral_id": "c885a345-5d97-48bf-bac9-4bb765869873",
      "version": "8.15.1"
    },
    "log": {
      "file": {
        "path": "/var/atlassian/application-data/jira/log/audit/20240924.00000.audit.log"
      },
      "offset": 6979
    },
    "elastic_agent": {
      "id": "5b8f4dd8-989f-4bfd-87bd-cac8a5a32b14",
      "version": "8.15.1",
      "snapshot": false
    },
    "message": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"10100\",\"name\":\"osz\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=osz\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2024-09-17T08:56:47.655Z - 2024-09-24T10:59:48.895Z\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"100\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"28062 - 28161\"}],\"method\":\"Browser\",\"node\":\"node1\",\"source\":\"10.0.94.70\",\"system\":\"https://jira\",\"timestamp\":{\"epochSecond\":1727175728,\"nano\":350000000},\"version\":\"1.0\"}",
    "afterjson": "true",
    "tags": [
      "jira",
      "audit"
    ],
    "input": {
      "type": "log"
    },
    "@timestamp": "2024-09-24T11:02:14.360Z",
    "ecs": {
      "version": "8.0.0"
    },
    "beforejson": "true",
    "testjson": "{\"name\":\"John\", \"age\":30, \"car\":null}",
    "data_stream": {
      "namespace": "jira",
      "type": "logs",
      "dataset": "jira_audit_logs"
    },
    "host": {
      "hostname": "test-v01",
      "os": {
        "kernel": "6.1.0-11-amd64",
        "codename": "bookworm",
        "name": "Debian GNU/Linux",
        "type": "linux",
        "family": "debian",
        "version": "12 (bookworm)",
        "platform": "debian"
      },
      "containerized": false,
      "ip": [
        "10.4.0.25"
      ],
      "name": "test-v01",
      "id": "e656b6b57b91491bac3d359fe2e0165f",
      "mac": [
        "00-15-5D-3F-CF-1F"
      ],
      "architecture": "x86_64"
    },
    "testjson2": {
      "car": null,
      "name": "John",
      "age": 30
    },
    "event": {
      "agent_id_status": "verified",
      "ingested": "2024-09-24T11:02:24Z",
      "dataset": "jira_audit_logs"
    }
  },
  "fields": {
    "elastic_agent.version": [
      "8.15.1"
    ],
    "host.os.name.text": [
      "Debian GNU/Linux"
    ],
    "host.hostname": [
      "test-v01"
    ],
    "host.mac": [
      "00-00"
    ],
    "afterjson": [
      "true"
    ],
    "host.ip": [
      "10.4.0.25"
    ],
    "agent.type": [
      "filebeat"
    ],
    "beforejson": [
      "true"
    ],
    "host.os.version": [
      "12 (bookworm)"
    ],
    "testjson": [
      "{\"name\":\"John\", \"age\":30, \"car\":null}"
    ],
    "host.os.kernel": [
      "6.1.0-11-amd64"
    ],
    "host.os.name": [
      "Debian GNU/Linux"
    ],
    "log.file.path.text": [
      "/var/atlassian/application-data/jira/log/audit/20240924.00000.audit.log"
    ],
    "agent.name": [
      "test-v01"
    ],
    "elastic_agent.snapshot": [
      false
    ],
    "host.name": [
      "test-v01"
    ],
    "event.agent_id_status": [
      "verified"
    ],
    "testjson2.age": [
      30
    ],
    "host.id": [
      "e656b6b57b91491bac3d359fe2e0165f"
    ],
    "testjson2.name": [
      "John"
    ],
    "host.os.type": [
      "linux"
    ],
    "elastic_agent.id": [
      "5b8f4dd8-989f-4bfd-87bd-cac8a5a32b14"
    ],
    "data_stream.namespace": [
      "jira"
    ],
    "host.os.codename": [
      "bookworm"
    ],
    "input.type": [
      "log"
    ],
    "log.offset": [
      6979
    ],
    "message": [
      "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"10100\",\"name\":\"osztrovszkyzs\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=osztrovszkyzs\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2024-09-17T08:56:47.655Z - 2024-09-24T10:59:48.895Z\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"100\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"28062 - 28161\"}],\"method\":\"Browser\",\"node\":\"node1\",\"source\":\"10.0.94.70\",\"system\":\"https://jira\",\"timestamp\":{\"epochSecond\":1727175728,\"nano\":350000000},\"version\":\"1.0\"}"
    ],
    "data_stream.type": [
      "logs"
    ],
    "tags": [
      "jira",
      "audit"
    ],
    "host.architecture": [
      "x86_64"
    ],
    "event.ingested": [
      "2024-09-24T11:02:24.000Z"
    ],
    "@timestamp": [
      "2024-09-24T11:02:14.360Z"
    ],
    "agent.id": [
      "5b8f4dd8-989f-4bfd-87bd-cac8a5a32b14"
    ],
    "ecs.version": [
      "8.0.0"
    ],
    "host.containerized": [
      false
    ],
    "host.os.platform": [
      "debian"
    ],
    "data_stream.dataset": [
      "jira_audit_logs"
    ],
    "log.file.path": [
      "/var/atlassian/application-data/jira/log/audit/20240924.00000.audit.log"
    ],
    "agent.ephemeral_id": [
      "c885a345-5d97-48bf-bac9-4bb765869873"
    ],
    "agent.version": [
      "8.15.1"
    ],
    "testjson2.name.text": [
      "John"
    ],
    "host.os.family": [
      "debian"
    ],
    "event.dataset": [
      "jira_audit_logs"
    ]
  }
}

## fleet-policy.json
id: 13a0784c-9271-4cd2-8afe-4b080cf94a46
revision: 14
outputs:
  default:
    type: elasticsearch
    hosts:
      - 'https://10.4.0.57:9200'
    ssl.ca_trusted_fingerprint: xxxx
    preset: balanced
fleet:
  hosts:
    - 'https://10.4.0.57:8220'
output_permissions:
  default:
    _elastic_agent_monitoring:
      indices:
        - names:
            - logs-elastic_agent.apm_server-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-elastic_agent.apm_server-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - logs-elastic_agent.auditbeat-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-elastic_agent.auditbeat-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - logs-elastic_agent.cloud_defend-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - logs-elastic_agent.cloudbeat-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-elastic_agent.cloudbeat-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - logs-elastic_agent-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-elastic_agent.elastic_agent-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-elastic_agent.endpoint_security-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - logs-elastic_agent.endpoint_security-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - logs-elastic_agent.filebeat_input-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-elastic_agent.filebeat_input-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - logs-elastic_agent.filebeat-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-elastic_agent.filebeat-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - logs-elastic_agent.fleet_server-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-elastic_agent.fleet_server-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - logs-elastic_agent.heartbeat-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-elastic_agent.heartbeat-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - logs-elastic_agent.metricbeat-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-elastic_agent.metricbeat-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - logs-elastic_agent.osquerybeat-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-elastic_agent.osquerybeat-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - logs-elastic_agent.packetbeat-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-elastic_agent.packetbeat-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - logs-elastic_agent.pf_elastic_collector-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - logs-elastic_agent.pf_elastic_symbolizer-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - logs-elastic_agent.pf_host_agent-default
          privileges:
            - auto_configure
            - create_doc
    _elastic_agent_checks:
      cluster:
        - monitor
    fa440b37-b448-4657-9a51-19de9337f846:
      indices:
        - names:
            - logs-system.auth-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - logs-system.syslog-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - logs-system.application-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - logs-system.security-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - logs-system.system-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-system.cpu-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-system.diskio-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-system.filesystem-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-system.fsstat-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-system.load-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-system.memory-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-system.network-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-system.process-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-system.process.summary-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-system.socket_summary-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-system.uptime-default
          privileges:
            - auto_configure
            - create_doc
    05f81fd4-58b3-48c1-ac95-32ffd2109e5c:
      indices:
        - names:
            - logs-*-*
          privileges:
            - auto_configure
            - create_doc
agent:
  download:
    sourceURI: 'https://artifacts.elastic.co/downloads/'
  monitoring:
    enabled: true
    use_output: default
    namespace: default
    logs: true
    metrics: true
  features: {}
  protection:
    enabled: false
    uninstall_token_hash: xxxxx
    signing_key: >-
      xxxxx==
inputs:
  - id: logfile-system-fa440b37-b448-4657-9a51-19de9337f846
    name: system-2
    revision: 1
    type: logfile
    use_output: default
    meta:
      package:
        name: system
        version: 1.60.4
    data_stream:
      namespace: default
    package_policy_id: fa440b37-b448-4657-9a51-19de9337f846
    streams:
      - id: logfile-system.auth-fa440b37-b448-4657-9a51-19de9337f846
        data_stream:
          dataset: system.auth
          type: logs
        ignore_older: 72h
        paths:
          - /var/log/auth.log*
          - /var/log/secure*
        exclude_files:
          - \.gz$
        multiline:
          pattern: ^\s
          match: after
        tags:
          - system-auth
        processors:
          - add_locale: null
          - rename:
              fields:
                - from: message
                  to: event.original
              ignore_missing: true
              fail_on_error: false
          - syslog:
              field: event.original
              ignore_missing: true
              ignore_failure: true
      - id: logfile-system.syslog-fa440b37-b448-4657-9a51-19de9337f846
        data_stream:
          dataset: system.syslog
          type: logs
        paths:
          - /var/log/messages*
          - /var/log/syslog*
          - /var/log/system*
        exclude_files:
          - \.gz$
        multiline:
          pattern: ^\s
          match: after
        processors:
          - add_locale: null
        tags: null
        ignore_older: 72h
  - id: winlog-system-fa440b37-b448-4657-9a51-19de9337f846
    name: system-2
    revision: 1
    type: winlog
    use_output: default
    meta:
      package:
        name: system
        version: 1.60.4
    data_stream:
      namespace: default
    package_policy_id: fa440b37-b448-4657-9a51-19de9337f846
    streams:
      - id: winlog-system.application-fa440b37-b448-4657-9a51-19de9337f846
        name: Application
        data_stream:
          dataset: system.application
          type: logs
        condition: '${host.platform} == ''windows'''
        ignore_older: 72h
      - id: winlog-system.security-fa440b37-b448-4657-9a51-19de9337f846
        name: Security
        data_stream:
          dataset: system.security
          type: logs
        condition: '${host.platform} == ''windows'''
        ignore_older: 72h
      - id: winlog-system.system-fa440b37-b448-4657-9a51-19de9337f846
        name: System
        data_stream:
          dataset: system.system
          type: logs
        condition: '${host.platform} == ''windows'''
        ignore_older: 72h
  - id: system/metrics-system-fa440b37-b448-4657-9a51-19de9337f846
    name: system-2
    revision: 1
    type: system/metrics
    use_output: default
    meta:
      package:
        name: system
        version: 1.60.4
    data_stream:
      namespace: default
    package_policy_id: fa440b37-b448-4657-9a51-19de9337f846
    streams:
      - id: system/metrics-system.cpu-fa440b37-b448-4657-9a51-19de9337f846
        data_stream:
          dataset: system.cpu
          type: metrics
        metricsets:
          - cpu
        cpu.metrics:
          - percentages
          - normalized_percentages
        period: 10s
      - id: system/metrics-system.diskio-fa440b37-b448-4657-9a51-19de9337f846
        data_stream:
          dataset: system.diskio
          type: metrics
        metricsets:
          - diskio
        diskio.include_devices: null
        period: 10s
      - id: system/metrics-system.filesystem-fa440b37-b448-4657-9a51-19de9337f846
        data_stream:
          dataset: system.filesystem
          type: metrics
        metricsets:
          - filesystem
        period: 1m
        processors:
          - drop_event.when.regexp:
              system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)
      - id: system/metrics-system.fsstat-fa440b37-b448-4657-9a51-19de9337f846
        data_stream:
          dataset: system.fsstat
          type: metrics
        metricsets:
          - fsstat
        period: 1m
        processors:
          - drop_event.when.regexp:
              system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)
      - id: system/metrics-system.load-fa440b37-b448-4657-9a51-19de9337f846
        data_stream:
          dataset: system.load
          type: metrics
        metricsets:
          - load
        condition: '${host.platform} != ''windows'''
        period: 10s
      - id: system/metrics-system.memory-fa440b37-b448-4657-9a51-19de9337f846
        data_stream:
          dataset: system.memory
          type: metrics
        metricsets:
          - memory
        period: 10s
      - id: system/metrics-system.network-fa440b37-b448-4657-9a51-19de9337f846
        data_stream:
          dataset: system.network
          type: metrics
        metricsets:
          - network
        period: 10s
        network.interfaces: null
      - id: system/metrics-system.process-fa440b37-b448-4657-9a51-19de9337f846
        data_stream:
          dataset: system.process
          type: metrics
        metricsets:
          - process
        period: 10s
        process.include_top_n.by_cpu: 5
        process.include_top_n.by_memory: 5
        process.cmdline.cache.enabled: true
        process.cgroups.enabled: false
        process.include_cpu_ticks: false
        processes:
          - .*
      - id: >-
          system/metrics-system.process.summary-fa440b37-b448-4657-9a51-19de9337f846
        data_stream:
          dataset: system.process.summary
          type: metrics
        metricsets:
          - process_summary
        period: 10s
      - id: >-
          system/metrics-system.socket_summary-fa440b37-b448-4657-9a51-19de9337f846
        data_stream:
          dataset: system.socket_summary
          type: metrics
        metricsets:
          - socket_summary
        period: 10s
      - id: system/metrics-system.uptime-fa440b37-b448-4657-9a51-19de9337f846
        data_stream:
          dataset: system.uptime
          type: metrics
        metricsets:
          - uptime
        period: 10s
  - id: logfile-logs-05f81fd4-58b3-48c1-ac95-32ffd2109e5c
    name: jiratest-audit-logs
    revision: 2
    type: logfile
    use_output: default
    meta:
      package:
        name: log
        version: 2.3.1
    data_stream:
      namespace: jira
    package_policy_id: 05f81fd4-58b3-48c1-ac95-32ffd2109e5c
    streams:
      - id: logfile-log.logs-05f81fd4-58b3-48c1-ac95-32ffd2109e5c
        data_stream:
          dataset: jira_audit_logs
        paths:
          - /var/atlassian/application-data/jira/log/audit/*
        ignore_older: 72h
        tags:
          - jira
          - audit
signed:
  data: >-
    xxxx=
  signature: >-
    xxxx
secret_references: []

## pipeline_logs-jira_audit_logs-2.3.1.json
[
  {
    "pipeline": {
      "name": "global@custom",
      "ignore_missing_pipeline": true,
      "description": "[Fleet] Global pipeline for all data streams"
    }
  },
  {
    "pipeline": {
      "name": "logs@custom",
      "ignore_missing_pipeline": true,
      "description": "[Fleet] Pipeline for all data streams of type `logs`"
    }
  },
  {
    "pipeline": {
      "name": "logs-log.integration@custom",
      "ignore_missing_pipeline": true,
      "description": "[Fleet] Pipeline for all data streams of type `logs` defined by the `log` integration"
    }
  },
  {
    "pipeline": {
      "name": "logs-jira_audit_logs@custom",
      "ignore_missing_pipeline": true,
      "description": "[Fleet] Pipeline for the `jira_audit_logs` dataset"
    }
  }
]

## pipeline_logs-jira_audit_logs@custom.json
[
  {
    "json": {
      "field": "message",
      "target_field": "messagejson"
    }
  }
]
	{
	"_index": ".ds-logs-jira_audit_logs-jira-2024.09.19-000001",
	"_id": "M2ayI5IB8FUCCTZtW7KL",
	"_version": 1,
	"_score": 0,
	"_source": {
	"agent": {
	"name": "test-v01",
	"id": "5b8f4dd8-989f-4bfd-87bd-cac8a5a32b14",
	"type": "filebeat",
	"ephemeral_id": "c885a345-5d97-48bf-bac9-4bb765869873",
	"version": "8.15.1"
	},
	"log": {
	"file": {
	"path": "/var/atlassian/application-data/jira/log/audit/20240924.00000.audit.log"
	},
	"offset": 6979
	},
	"elastic_agent": {
	"id": "5b8f4dd8-989f-4bfd-87bd-cac8a5a32b14",
	"version": "8.15.1",
	"snapshot": false
	},
	"message": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"10100\",\"name\":\"osz\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=osz\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2024-09-17T08:56:47.655Z - 2024-09-24T10:59:48.895Z\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"100\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"28062 - 28161\"}],\"method\":\"Browser\",\"node\":\"node1\",\"source\":\"10.0.94.70\",\"system\":\"https://jira\",\"timestamp\":{\"epochSecond\":1727175728,\"nano\":350000000},\"version\":\"1.0\"}",
	"afterjson": "true",
	"tags": [
	"jira",
	"audit"
	],
	"input": {
	"type": "log"
	},
	"@timestamp": "2024-09-24T11:02:14.360Z",
	"ecs": {
	"version": "8.0.0"
	},
	"beforejson": "true",
	"testjson": "{\"name\":\"John\", \"age\":30, \"car\":null}",
	"data_stream": {
	"namespace": "jira",
	"type": "logs",
	"dataset": "jira_audit_logs"
	},
	"host": {
	"hostname": "test-v01",
	"os": {
	"kernel": "6.1.0-11-amd64",
	"codename": "bookworm",
	"name": "Debian GNU/Linux",
	"type": "linux",
	"family": "debian",
	"version": "12 (bookworm)",
	"platform": "debian"
	},
	"containerized": false,
	"ip": [
	"10.4.0.25"
	],
	"name": "test-v01",
	"id": "e656b6b57b91491bac3d359fe2e0165f",
	"mac": [
	"00-15-5D-3F-CF-1F"
	],
	"architecture": "x86_64"
	},
	"testjson2": {
	"car": null,
	"name": "John",
	"age": 30
	},
	"event": {
	"agent_id_status": "verified",
	"ingested": "2024-09-24T11:02:24Z",
	"dataset": "jira_audit_logs"
	}
	},
	"fields": {
	"elastic_agent.version": [
	"8.15.1"
	],
	"host.os.name.text": [
	"Debian GNU/Linux"
	],
	"host.hostname": [
	"test-v01"
	],
	"host.mac": [
	"00-00"
	],
	"afterjson": [
	"true"
	],
	"host.ip": [
	"10.4.0.25"
	],
	"agent.type": [
	"filebeat"
	],
	"beforejson": [
	"true"
	],
	"host.os.version": [
	"12 (bookworm)"
	],
	"testjson": [
	"{\"name\":\"John\", \"age\":30, \"car\":null}"
	],
	"host.os.kernel": [
	"6.1.0-11-amd64"
	],
	"host.os.name": [
	"Debian GNU/Linux"
	],
	"log.file.path.text": [
	"/var/atlassian/application-data/jira/log/audit/20240924.00000.audit.log"
	],
	"agent.name": [
	"test-v01"
	],
	"elastic_agent.snapshot": [
	false
	],
	"host.name": [
	"test-v01"
	],
	"event.agent_id_status": [
	"verified"
	],
	"testjson2.age": [
	30
	],
	"host.id": [
	"e656b6b57b91491bac3d359fe2e0165f"
	],
	"testjson2.name": [
	"John"
	],
	"host.os.type": [
	"linux"
	],
	"elastic_agent.id": [
	"5b8f4dd8-989f-4bfd-87bd-cac8a5a32b14"
	],
	"data_stream.namespace": [
	"jira"
	],
	"host.os.codename": [
	"bookworm"
	],
	"input.type": [
	"log"
	],
	"log.offset": [
	6979
	],
	"message": [
	"{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"10100\",\"name\":\"osztrovszkyzs\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=osztrovszkyzs\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2024-09-17T08:56:47.655Z - 2024-09-24T10:59:48.895Z\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"100\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"28062 - 28161\"}],\"method\":\"Browser\",\"node\":\"node1\",\"source\":\"10.0.94.70\",\"system\":\"https://jira\",\"timestamp\":{\"epochSecond\":1727175728,\"nano\":350000000},\"version\":\"1.0\"}"
	],
	"data_stream.type": [
	"logs"
	],
	"tags": [
	"jira",
	"audit"
	],
	"host.architecture": [
	"x86_64"
	],
	"event.ingested": [
	"2024-09-24T11:02:24.000Z"
	],
	"@timestamp": [
	"2024-09-24T11:02:14.360Z"
	],
	"agent.id": [
	"5b8f4dd8-989f-4bfd-87bd-cac8a5a32b14"
	],
	"ecs.version": [
	"8.0.0"
	],
	"host.containerized": [
	false
	],
	"host.os.platform": [
	"debian"
	],
	"data_stream.dataset": [
	"jira_audit_logs"
	],
	"log.file.path": [
	"/var/atlassian/application-data/jira/log/audit/20240924.00000.audit.log"
	],
	"agent.ephemeral_id": [
	"c885a345-5d97-48bf-bac9-4bb765869873"
	],
	"agent.version": [
	"8.15.1"
	],
	"testjson2.name.text": [
	"John"
	],
	"host.os.family": [
	"debian"
	],
	"event.dataset": [
	"jira_audit_logs"
	]
	}
	}
	id: 13a0784c-9271-4cd2-8afe-4b080cf94a46
	revision: 14
	outputs:
	default:
	type: elasticsearch
	hosts:
	- 'https://10.4.0.57:9200'
	ssl.ca_trusted_fingerprint: xxxx
	preset: balanced
	fleet:
	hosts:
	- 'https://10.4.0.57:8220'
	output_permissions:
	default:
	_elastic_agent_monitoring:
	indices:
	- names:
	- logs-elastic_agent.apm_server-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- metrics-elastic_agent.apm_server-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- logs-elastic_agent.auditbeat-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- metrics-elastic_agent.auditbeat-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- logs-elastic_agent.cloud_defend-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- logs-elastic_agent.cloudbeat-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- metrics-elastic_agent.cloudbeat-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- logs-elastic_agent-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- metrics-elastic_agent.elastic_agent-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- metrics-elastic_agent.endpoint_security-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- logs-elastic_agent.endpoint_security-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- logs-elastic_agent.filebeat_input-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- metrics-elastic_agent.filebeat_input-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- logs-elastic_agent.filebeat-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- metrics-elastic_agent.filebeat-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- logs-elastic_agent.fleet_server-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- metrics-elastic_agent.fleet_server-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- logs-elastic_agent.heartbeat-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- metrics-elastic_agent.heartbeat-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- logs-elastic_agent.metricbeat-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- metrics-elastic_agent.metricbeat-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- logs-elastic_agent.osquerybeat-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- metrics-elastic_agent.osquerybeat-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- logs-elastic_agent.packetbeat-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- metrics-elastic_agent.packetbeat-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- logs-elastic_agent.pf_elastic_collector-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- logs-elastic_agent.pf_elastic_symbolizer-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- logs-elastic_agent.pf_host_agent-default
	privileges:
	- auto_configure
	- create_doc
	_elastic_agent_checks:
	cluster:
	- monitor
	fa440b37-b448-4657-9a51-19de9337f846:
	indices:
	- names:
	- logs-system.auth-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- logs-system.syslog-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- logs-system.application-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- logs-system.security-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- logs-system.system-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- metrics-system.cpu-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- metrics-system.diskio-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- metrics-system.filesystem-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- metrics-system.fsstat-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- metrics-system.load-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- metrics-system.memory-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- metrics-system.network-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- metrics-system.process-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- metrics-system.process.summary-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- metrics-system.socket_summary-default
	privileges:
	- auto_configure
	- create_doc
	- names:
	- metrics-system.uptime-default
	privileges:
	- auto_configure
	- create_doc
	05f81fd4-58b3-48c1-ac95-32ffd2109e5c:
	indices:
	- names:
	- logs--
	privileges:
	- auto_configure
	- create_doc
	agent:
	download:
	sourceURI: 'https://artifacts.elastic.co/downloads/'
	monitoring:
	enabled: true
	use_output: default
	namespace: default
	logs: true
	metrics: true
	features: {}
	protection:
	enabled: false
	uninstall_token_hash: xxxxx
	signing_key: >-
	xxxxx==
	inputs:
	- id: logfile-system-fa440b37-b448-4657-9a51-19de9337f846
	name: system-2
	revision: 1
	type: logfile
	use_output: default
	meta:
	package:
	name: system
	version: 1.60.4
	data_stream:
	namespace: default
	package_policy_id: fa440b37-b448-4657-9a51-19de9337f846
	streams:
	- id: logfile-system.auth-fa440b37-b448-4657-9a51-19de9337f846
	data_stream:
	dataset: system.auth
	type: logs
	ignore_older: 72h
	paths:
	- /var/log/auth.log*
	- /var/log/secure*
	exclude_files:
	- \.gz$
	multiline:
	pattern: ^\s
	match: after
	tags:
	- system-auth
	processors:
	- add_locale: null
	- rename:
	fields:
	- from: message
	to: event.original
	ignore_missing: true
	fail_on_error: false
	- syslog:
	field: event.original
	ignore_missing: true
	ignore_failure: true
	- id: logfile-system.syslog-fa440b37-b448-4657-9a51-19de9337f846
	data_stream:
	dataset: system.syslog
	type: logs
	paths:
	- /var/log/messages*
	- /var/log/syslog*
	- /var/log/system*
	exclude_files:
	- \.gz$
	multiline:
	pattern: ^\s
	match: after
	processors:
	- add_locale: null
	tags: null
	ignore_older: 72h
	- id: winlog-system-fa440b37-b448-4657-9a51-19de9337f846
	name: system-2
	revision: 1
	type: winlog
	use_output: default
	meta:
	package:
	name: system
	version: 1.60.4
	data_stream:
	namespace: default
	package_policy_id: fa440b37-b448-4657-9a51-19de9337f846
	streams:
	- id: winlog-system.application-fa440b37-b448-4657-9a51-19de9337f846
	name: Application
	data_stream:
	dataset: system.application
	type: logs
	condition: '${host.platform} == ''windows'''
	ignore_older: 72h
	- id: winlog-system.security-fa440b37-b448-4657-9a51-19de9337f846
	name: Security
	data_stream:
	dataset: system.security
	type: logs
	condition: '${host.platform} == ''windows'''
	ignore_older: 72h
	- id: winlog-system.system-fa440b37-b448-4657-9a51-19de9337f846
	name: System
	data_stream:
	dataset: system.system
	type: logs
	condition: '${host.platform} == ''windows'''
	ignore_older: 72h
	- id: system/metrics-system-fa440b37-b448-4657-9a51-19de9337f846
	name: system-2
	revision: 1
	type: system/metrics
	use_output: default
	meta:
	package:
	name: system
	version: 1.60.4
	data_stream:
	namespace: default
	package_policy_id: fa440b37-b448-4657-9a51-19de9337f846
	streams:
	- id: system/metrics-system.cpu-fa440b37-b448-4657-9a51-19de9337f846
	data_stream:
	dataset: system.cpu
	type: metrics
	metricsets:
	- cpu
	cpu.metrics:
	- percentages
	- normalized_percentages
	period: 10s
	- id: system/metrics-system.diskio-fa440b37-b448-4657-9a51-19de9337f846
	data_stream:
	dataset: system.diskio
	type: metrics
	metricsets:
	- diskio
	diskio.include_devices: null
	period: 10s
	- id: system/metrics-system.filesystem-fa440b37-b448-4657-9a51-19de9337f846
	data_stream:
	dataset: system.filesystem
	type: metrics
	metricsets:
	- filesystem
	period: 1m
	processors:
	- drop_event.when.regexp:
	system.filesystem.mount_point: ^/(sys\|cgroup\|proc\|dev\|etc\|host\|lib\|snap)($\|/)
	- id: system/metrics-system.fsstat-fa440b37-b448-4657-9a51-19de9337f846
	data_stream:
	dataset: system.fsstat
	type: metrics
	metricsets:
	- fsstat
	period: 1m
	processors:
	- drop_event.when.regexp:
	system.fsstat.mount_point: ^/(sys\|cgroup\|proc\|dev\|etc\|host\|lib\|snap)($\|/)
	- id: system/metrics-system.load-fa440b37-b448-4657-9a51-19de9337f846
	data_stream:
	dataset: system.load
	type: metrics
	metricsets:
	- load
	condition: '${host.platform} != ''windows'''
	period: 10s
	- id: system/metrics-system.memory-fa440b37-b448-4657-9a51-19de9337f846
	data_stream:
	dataset: system.memory
	type: metrics
	metricsets:
	- memory
	period: 10s
	- id: system/metrics-system.network-fa440b37-b448-4657-9a51-19de9337f846
	data_stream:
	dataset: system.network
	type: metrics
	metricsets:
	- network
	period: 10s
	network.interfaces: null
	- id: system/metrics-system.process-fa440b37-b448-4657-9a51-19de9337f846
	data_stream:
	dataset: system.process
	type: metrics
	metricsets:
	- process
	period: 10s
	process.include_top_n.by_cpu: 5
	process.include_top_n.by_memory: 5
	process.cmdline.cache.enabled: true
	process.cgroups.enabled: false
	process.include_cpu_ticks: false
	processes:
	- .*
	- id: >-
	system/metrics-system.process.summary-fa440b37-b448-4657-9a51-19de9337f846
	data_stream:
	dataset: system.process.summary
	type: metrics
	metricsets:
	- process_summary
	period: 10s
	- id: >-
	system/metrics-system.socket_summary-fa440b37-b448-4657-9a51-19de9337f846
	data_stream:
	dataset: system.socket_summary
	type: metrics
	metricsets:
	- socket_summary
	period: 10s
	- id: system/metrics-system.uptime-fa440b37-b448-4657-9a51-19de9337f846
	data_stream:
	dataset: system.uptime
	type: metrics
	metricsets:
	- uptime
	period: 10s
	- id: logfile-logs-05f81fd4-58b3-48c1-ac95-32ffd2109e5c
	name: jiratest-audit-logs
	revision: 2
	type: logfile
	use_output: default
	meta:
	package:
	name: log
	version: 2.3.1
	data_stream:
	namespace: jira
	package_policy_id: 05f81fd4-58b3-48c1-ac95-32ffd2109e5c
	streams:
	- id: logfile-log.logs-05f81fd4-58b3-48c1-ac95-32ffd2109e5c
	data_stream:
	dataset: jira_audit_logs
	paths:
	- /var/atlassian/application-data/jira/log/audit/*
	ignore_older: 72h
	tags:
	- jira
	- audit
	signed:
	data: >-
	xxxx=
	signature: >-
	xxxx
	secret_references: []
	[
	{
	"pipeline": {
	"name": "global@custom",
	"ignore_missing_pipeline": true,
	"description": "[Fleet] Global pipeline for all data streams"
	}
	},
	{
	"pipeline": {
	"name": "logs@custom",
	"ignore_missing_pipeline": true,
	"description": "[Fleet] Pipeline for all data streams of type `logs`"
	}
	},
	{
	"pipeline": {
	"name": "logs-log.integration@custom",
	"ignore_missing_pipeline": true,
	"description": "[Fleet] Pipeline for all data streams of type `logs` defined by the `log` integration"
	}
	},
	{
	"pipeline": {
	"name": "logs-jira_audit_logs@custom",
	"ignore_missing_pipeline": true,
	"description": "[Fleet] Pipeline for the `jira_audit_logs` dataset"
	}
	}
	]
	[
	{
	"json": {
	"field": "message",
	"target_field": "messagejson"
	}
	}
	]