diff --git a/.buildkite/heartbeat/heartbeat-pipeline.yml b/.buildkite/heartbeat/heartbeat-pipeline.yml index dc27b45f1ac1..0d4e455e41b5 100644 --- a/.buildkite/heartbeat/heartbeat-pipeline.yml +++ b/.buildkite/heartbeat/heartbeat-pipeline.yml @@ -46,7 +46,7 @@ steps: - "heartbeat/build/*.json" notify: - github_commit_status: - context: "Heartbeat: Ubuntu Unit Tests" + context: "heartbeat: Ubuntu Unit Tests" - label: ":rhel: Heartbeat Rhel9 Unit Tests" command: | @@ -64,9 +64,9 @@ steps: - "heartbeat/build/*.json" notify: - github_commit_status: - context: "Heartbeat: Rhel9 Unit Tests" + context: "heartbeat: Rhel9 Unit Tests" - - label: ":windows: Heartbeat Win-2016 Unit Tests" + - label: ":windows: Win-2016 Unit Tests" key: "windows-2016" command: | Set-Location -Path heartbeat @@ -84,7 +84,7 @@ steps: - "heartbeat/build/*.json" notify: - github_commit_status: - context: "Heartbeat: Win-2016 Unit Tests" + context: "heartbeat: Win-2016 Unit Tests" - label: ":windows: Heartbeat Win-2022 Unit Test" key: "windows-2022" @@ -104,10 +104,19 @@ steps: - "heartbeat/build/*.json" notify: - github_commit_status: - context: "Heartbeat: Win-2022 Unit Tests" + context: "heartbeat: Win-2022 Unit Tests" - - label: ":ubuntu: Heartbeat Go Integration Tests" + - label: ":ubuntu: Heartbeat Go (Module) Integration Tests" command: | + set -euo pipefail + echo "~~~ Installing @elastic/synthetics" + npm install -g @elastic/synthetics + + # defines the MODULE env var based on what's changed in a PR + source .buildkite/scripts/changesets.sh + defineModuleFromTheChangeSet heartbeat + + echo "~~~ Running tests" cd heartbeat mage goIntegTest retry: @@ -122,10 +131,16 @@ steps: - "heartbeat/build/*.json" notify: - github_commit_status: - context: "Heartbeat: Go Integration Tests" + context: "heartbeat: Go Integration Tests" - - label: ":ubuntu: Heartbeat Python Integration Tests" + - label: ":ubuntu: Heartbeat Python (Module) Integration Tests" command: | + set -euo pipefail + # defines the MODULE env var based on what's changed in a PR + source .buildkite/scripts/changesets.sh + defineModuleFromTheChangeSet heartbeat + + echo "~~~ Running tests" cd heartbeat mage pythonIntegTest retry: @@ -140,15 +155,16 @@ steps: - "heartbeat/build/*.json" notify: - github_commit_status: - context: "Heartbeat: Python Integration Tests" + context: "heartbeat: Python Integration Tests" - - group: "Heartbeat ARM Tests" - key: "heartbeat-extended-tests-arm" - if: build.env("BUILDKITE_PULL_REQUEST") == "false" || build.env("GITHUB_PR_LABELS") =~ /.*arm.*/ + - group: "Heartbeat Extended Tests" + key: "heartbeat-extended-tests" + if: build.env("BUILDKITE_PULL_REQUEST") == "false" || build.env("GITHUB_PR_LABELS") =~ /.*(macOS|arm).*/ steps: - - label: ":linux: Heartbeat ARM64 Unit Tests" + - label: ":linux: Heartbeat arm64 Unit Tests" key: "arm-extended" + if: build.env("BUILDKITE_PULL_REQUEST") == "false" || build.env("GITHUB_PR_LABELS") =~ /.*arm.*/ command: | cd heartbeat mage build unitTest @@ -162,14 +178,11 @@ steps: artifact_paths: "heartbeat/build/*.xml" notify: - github_commit_status: - context: "Heartbeat: Ubuntu ARM64 Unit Tests" + context: "heartbeat: Linux arm64 Unit Tests" - - group: "Heartbeat Extended Testing MacOS" - key: "heartbeat-extended-tests-macos" - if: build.env("BUILDKITE_PULL_REQUEST") == "false" || build.env("GITHUB_PR_LABELS") =~ /.*macOS.*/ - steps: - - label: ":mac: Heartbeat MacOS Unit Tests" + - label: ":mac: macOS x86_64 Unit Tests" key: "macos-extended" + if: build.env("BUILDKITE_PULL_REQUEST") == "false" || build.env("GITHUB_PR_LABELS") =~ /.*macOS.*/ command: | set -euo pipefail source .buildkite/scripts/install_macos_tools.sh @@ -186,10 +199,11 @@ steps: - "metricbeat/build/*.json" notify: - github_commit_status: - context: "Heartbeat: MacOS Unit Tests" + context: "heartbeat: macOS x86_64 Unit Tests" - - label: ":mac: Heartbeat MacOS ARM Unit Tests" + - label: ":mac: macOS arm64 Unit Tests" key: "macos-arm-extended" + if: build.env("BUILDKITE_PULL_REQUEST") == "false" || build.env("GITHUB_PR_LABELS") =~ /.*macOS.*/ command: | set -euo pipefail source .buildkite/scripts/install_macos_tools.sh @@ -206,14 +220,14 @@ steps: - "metricbeat/build/*.json" notify: - github_commit_status: - context: "Heartbeat: MacOS ARM Unit Tests" + context: "heartbeat: macOS arm64 Unit Tests" - group: "Heartbeat Windows Extended Testing" key: "heartbeat-extended-tests-win" if: build.env("BUILDKITE_PULL_REQUEST") == "false" || build.env("GITHUB_PR_LABELS") =~ /.*[Ww]indows.*/ steps: - - label: ":windows: Heartbeat Win-2019 Unit Tests" + - label: ":windows: Win-2019 Unit Tests" key: "heartbeat-win-extended-2019" command: | Set-Location -Path heartbeat @@ -231,9 +245,9 @@ steps: - "heartbeat/build/*.json" notify: - github_commit_status: - context: "Heartbeat: Win-2019 Unit Tests" + context: "heartbeat: Win-2019 Unit Tests" - - label: ":windows: Heartbeat Win-11 Unit Tests" + - label: ":windows: Win-11 Unit Tests" key: "heartbeat-windows-extended-11" command: | Set-Location -Path heartbeat @@ -251,9 +265,9 @@ steps: - "heartbeat/build/*.json" notify: - github_commit_status: - context: "Heartbeat: Win-11 Unit Tests" + context: "heartbeat: Win-11 Unit Tests" - - label: ":windows: Heartbeat Win-10 Unit Tests" + - label: ":windows: Win-10 Unit Tests" key: "heartbeat-windows-extended-10" command: | Set-Location -Path heartbeat @@ -271,17 +285,20 @@ steps: - "heartbeat/build/*.json" notify: - github_commit_status: - context: "Heartbeat: Win-10 Unit Tests" + context: "heartbeat: Win-10 Unit Tests" - wait: ~ + # with PRs, we want to run packaging only if mandatory tests succeed + # for other cases, e.g. merge commits, we want to run packaging (and publish) independently of other tests + # this allows building DRA artifacts even if there is flakiness in mandatory tests if: build.env("BUILDKITE_PULL_REQUEST") != "false" depends_on: "heartbeat-mandatory-tests" - group: "Heartbeat Packaging" key: "heartbeat-packaging" steps: - - label: ":ubuntu: Heartbeat Packaging Linux X86" - key: "heartbeat-package-linux-x86" + - label: ":ubuntu: Heartbeat Packaging Linux" + key: "heartbeat-package-linux" env: PLATFORMS: "+all linux/amd64 linux/arm64 windows/amd64 darwin/amd64 darwin/arm64" SNAPSHOT: true @@ -298,9 +315,9 @@ steps: machineType: "${GCP_HI_PERF_MACHINE_TYPE}" notify: - github_commit_status: - context: "Heartbeat: Packaging Ubuntu x86_64" + context: "heartbeat: Packaging Linux" - - label: ":linux: Heartbeat Packaging Linux ARM" + - label: ":linux: Heartbeat Packaging Linux arm64" key: "heartbeat-package-linux-arm" env: PLATFORMS: "linux/arm64" @@ -319,4 +336,4 @@ steps: instanceType: "${AWS_ARM_INSTANCE_TYPE}" notify: - github_commit_status: - context: "Heartbeat: Packaging Ubuntu ARM" + context: "heartbeat: Packaging Linux arm64" diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml index 66fca45bbff3..52768481bff9 100644 --- a/.buildkite/pipeline.yml +++ b/.buildkite/pipeline.yml @@ -250,7 +250,7 @@ steps: watch: - path: - x-pack/osquerybeat/** - - .buildkite/x-pack/pipeline.xpack.metricbeat.yml + - .buildkite/x-pack/pipeline.xpack.osquerybeat.yml - .buildkite/scripts/** - .buildkite/hooks/** # x-pack @@ -279,7 +279,7 @@ steps: commit: "${BUILDKITE_COMMIT}" branch: "${BUILDKITE_BRANCH}" - - label: "Trigger Xpack/Winlogbeat" + - label: "Trigger x-pack/winlogbeat" if: build.pull_request.id != null plugins: - monorepo-diff#v1.0.1: @@ -306,7 +306,7 @@ steps: - BUILDKITE_PULL_REQUEST_BASE_BRANCH=${BUILDKITE_PULL_REQUEST_BASE_BRANCH} - GITHUB_PR_LABELS=${GITHUB_PR_LABELS} - - label: "Triggering Build for Xpack/Winlogbeat" + - label: "Triggering Build for x-pack/winlogbeat" if: build.pull_request.id == null trigger: "beats-xpack-winlogbeat" build: diff --git a/.buildkite/scripts/changesets.sh b/.buildkite/scripts/changesets.sh index 5c6fd6c7b0d8..7e79d2d31647 100644 --- a/.buildkite/scripts/changesets.sh +++ b/.buildkite/scripts/changesets.sh @@ -1,77 +1,66 @@ #!/usr/bin/env bash - # This script contains helper functions related to what should be run depending on Git changes +set -euo pipefail + OSS_MODULE_PATTERN="^[a-z0-9]+beat\\/module\\/([^\\/]+)\\/.*" XPACK_MODULE_PATTERN="^x-pack\\/[a-z0-9]+beat\\/module\\/([^\\/]+)\\/.*" -are_paths_changed() { - local patterns=("${@}") - local changelist=() - for pattern in "${patterns[@]}"; do - changed_files=($(git diff --name-only HEAD@{1} HEAD | grep -E "$pattern")) - if [ "${#changed_files[@]}" -gt 0 ]; then - changelist+=("${changed_files[@]}") - fi - done +definePattern() { + pattern="${OSS_MODULE_PATTERN}" - if [ "${#changelist[@]}" -gt 0 ]; then - echo "Files changed:" - echo "${changelist[*]}" - return 0 - else - echo "No files changed within specified changeset:" - echo "${patterns[*]}" - return 1 + if [[ "$beatPath" == *"x-pack/"* ]]; then + pattern="${XPACK_MODULE_PATTERN}" fi } -are_changed_only_paths() { - local patterns=("${@}") - local changed_files=($(git diff --name-only HEAD@{1} HEAD)) - local matched_files=() - for pattern in "${patterns[@]}"; do - local matched=($(grep -E "${pattern}" <<< "${changed_files[@]}")) - if [ "${#matched[@]}" -gt 0 ]; then - matched_files+=("${matched[@]}") - fi - done - if [ "${#matched_files[@]}" -eq "${#changed_files[@]}" ] || [ "${#changed_files[@]}" -eq 0 ]; then - return 0 - fi - return 1 +defineExclusions() { + exclude="^$beatPath\/module\/(.*(?" env: diff --git a/.github/workflows/bump-golang.yml b/.github/workflows/bump-golang.yml index 393c57f89a07..751b8612571e 100644 --- a/.github/workflows/bump-golang.yml +++ b/.github/workflows/bump-golang.yml @@ -9,34 +9,35 @@ on: permissions: contents: read -env: - JOB_URL: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" - jobs: bump-main: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: elastic/apm-pipeline-library/.github/actions/updatecli@current with: vaultUrl: ${{ secrets.VAULT_ADDR }} vaultRoleId: ${{ secrets.VAULT_ROLE_ID }} vaultSecretId: ${{ secrets.VAULT_SECRET_ID }} - pipeline: ./.ci/bump-golang.yml + pipeline: .github/workflows/updatecli.d/bump-golang.yml + values: .github/workflows/updatecli.d/scm.yml + command: '--experimental apply' notifySlackChannel: "#ingest-notifications" messageIfFailure: ":traffic_cone: updatecli failed for `${{ github.repository }}@${{ github.ref_name }}`, `@update-me-with-the-slack-team-to-be-poked` please look what's going on <${{ env.JOB_URL }}|here>" bump-7-17: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: elastic/apm-pipeline-library/.github/actions/updatecli@current with: vaultUrl: ${{ secrets.VAULT_ADDR }} vaultRoleId: ${{ secrets.VAULT_ROLE_ID }} vaultSecretId: ${{ secrets.VAULT_SECRET_ID }} - pipeline: ./.ci/bump-golang-7.17.yml + pipeline: .github/workflows/updatecli.d/bump-golang-7.17.yml + values: .github/workflows/updatecli.d/scm.yml + command: '--experimental apply' notifySlackChannel: "#ingest-notifications" messageIfFailure: ":traffic_cone: updatecli failed for `${{ github.repository }}@${{ github.ref_name }}`, `@update-me-with-the-slack-team-to-be-poked` please look what's going on <${{ env.JOB_URL }}|here>" diff --git a/.ci/bump-elastic-stack-snapshot.yml b/.github/workflows/updatecli.d/bump-elastic-stack-snapshot.yml similarity index 80% rename from .ci/bump-elastic-stack-snapshot.yml rename to .github/workflows/updatecli.d/bump-elastic-stack-snapshot.yml index f9060400c3ff..f679e7924f39 100644 --- a/.ci/bump-elastic-stack-snapshot.yml +++ b/.github/workflows/updatecli.d/bump-elastic-stack-snapshot.yml @@ -6,6 +6,7 @@ actions: default: title: '[updatecli] update elastic stack version for testing {{ source "latestVersion" }}' kind: github/pullrequest + scmid: default spec: labels: - automation @@ -13,21 +14,17 @@ actions: - backport-skip - build-monitoring - Team:Beats-On-Call - description: | - Generated automatically with {{ requiredEnv "JOB_URL" }} - scmid: default scms: default: kind: github spec: - user: '{{ requiredEnv "GIT_USER" }}' - email: '{{ requiredEnv "GIT_EMAIL" }}' - owner: elastic - repository: beats + owner: '{{ .scm.owner }}' + repository: '{{ .scm.repository }}' + user: '{{ requiredEnv "GITHUB_ACTOR" }}' token: '{{ requiredEnv "GITHUB_TOKEN" }}' - username: '{{ requiredEnv "GIT_USER" }}' branch: '{{ requiredEnv "BRANCH" }}' + commitusingapi: true sources: latestVersion: diff --git a/.ci/bump-golang-7.17.yml b/.github/workflows/updatecli.d/bump-golang-7.17.yml similarity index 96% rename from .ci/bump-golang-7.17.yml rename to .github/workflows/updatecli.d/bump-golang-7.17.yml index 5b6619bc453f..d6405aa1a8de 100644 --- a/.ci/bump-golang-7.17.yml +++ b/.github/workflows/updatecli.d/bump-golang-7.17.yml @@ -6,13 +6,12 @@ scms: githubConfig: kind: github spec: - user: '{{ requiredEnv "GIT_USER" }}' - email: '{{ requiredEnv "GIT_EMAIL" }}' - owner: elastic - repository: beats + owner: '{{ .scm.owner }}' + repository: '{{ .scm.repository }}' + user: '{{ requiredEnv "GITHUB_ACTOR" }}' token: '{{ requiredEnv "GITHUB_TOKEN" }}' - username: '{{ requiredEnv "GIT_USER" }}' branch: "7.17" + commitusingapi: true actions: beats: @@ -21,12 +20,9 @@ actions: sourceid: latestGoVersion title: '[Automation][7.17] Bump Golang version to {{ source "latestGoVersion" }}' spec: - automerge: false labels: - dependencies - backport-skip - description: | - Generated automatically with {{ requiredEnv "JOB_URL" }} sources: minor: diff --git a/.ci/bump-golang.yml b/.github/workflows/updatecli.d/bump-golang.yml similarity index 95% rename from .ci/bump-golang.yml rename to .github/workflows/updatecli.d/bump-golang.yml index 2957acd62236..9c30136f4445 100644 --- a/.ci/bump-golang.yml +++ b/.github/workflows/updatecli.d/bump-golang.yml @@ -6,13 +6,12 @@ scms: githubConfig: kind: github spec: - user: '{{ requiredEnv "GIT_USER" }}' - email: '{{ requiredEnv "GIT_EMAIL" }}' - owner: elastic - repository: beats + owner: '{{ .scm.owner }}' + repository: '{{ .scm.repository }}' + user: '{{ requiredEnv "GITHUB_ACTOR" }}' token: '{{ requiredEnv "GITHUB_TOKEN" }}' - username: '{{ requiredEnv "GIT_USER" }}' branch: main + commitusingapi: true actions: beats: @@ -21,12 +20,9 @@ actions: sourceid: latestGoVersion title: '[Automation] Bump Golang version to {{ source "latestGoVersion" }}' spec: - automerge: false labels: - dependencies - backport-skip - description: | - Generated automatically with {{ requiredEnv "JOB_URL" }} sources: minor: diff --git a/.github/workflows/updatecli.d/scm.yml b/.github/workflows/updatecli.d/scm.yml new file mode 100644 index 000000000000..fd532f00f616 --- /dev/null +++ b/.github/workflows/updatecli.d/scm.yml @@ -0,0 +1,4 @@ +--- +scm: + owner: elastic + repository: beats diff --git a/CHANGELOG-developer.next.asciidoc b/CHANGELOG-developer.next.asciidoc index 8875b834e66a..73b53e370dc6 100644 --- a/CHANGELOG-developer.next.asciidoc +++ b/CHANGELOG-developer.next.asciidoc @@ -67,6 +67,7 @@ The list below covers the major changes between 7.0.0-rc2 and main only. - `queue.ACKListener` has been removed. Queue configurations now accept an explicit callback function for ACK handling. {pull}35078[35078] - Split split httpmon out of x-pack/filebeat/input/internal/httplog. {pull}36385[36385] - Beats publishing pipeline does not propagate the close signal to its clients any more. It's responsibility of the user to close the pipeline client. {issue}38197[38197] {pull}38556[38556] +- Debug log entries from the acker (`stateful ack ...` or `stateless ack ...`) removed. {pull}39672[39672] ==== Bugfixes @@ -95,6 +96,7 @@ The list below covers the major changes between 7.0.0-rc2 and main only. - Cleaned up documentation errors & fixed a minor bug in Filebeat Azure blob storage input. {pull}36714[36714] - Fix copy arguments for strict aligned architectures. {pull}36976[36976] - Fix panic when more than 32767 pipeline clients are active. {issue}38197[38197] {pull}38556[38556] +- Skip flakey metrics test on windows in filebeat httpjson input. {issue}39676[39676] {pull}39678[39678] ==== Added diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc index 6718437a76ab..d6b9a0f6297c 100644 --- a/CHANGELOG.asciidoc +++ b/CHANGELOG.asciidoc @@ -3,6 +3,65 @@ :issue: https://github.com/elastic/beats/issues/ :pull: https://github.com/elastic/beats/pull/ +[[release-notes-8.13.4]] +=== Beats version 8.13.4 +https://github.com/elastic/beats/compare/v8.13.3\...v8.13.4[View commits] + +==== Bugfixes + +*Auditbeat* + +- Prevent scenario of losing children-related file events in a directory for recursive fsnotify backend of auditbeat file integrity module. {pull}39133[39133] +- Allow extra syscalls by auditbeat required in FIM with kprobes back-end. {pull}39361[39361] +- Fix losing events in FIM for MacOS X by allowing always to walk an added directory to monitor. {pull}39362[39362] + +*Metricbeat* + +- Fix Azure Monitor support for multiple aggregation types. {issue}39192[39192] {pull}39204[39204] + + +[[release-notes-8.13.3]] +=== Beats version 8.13.3 +https://github.com/elastic/beats/compare/v8.13.2\...v8.13.3[View commits] + +==== Breaking changes + +*Metricbeat* +- Setting period for counter cache for Prometheus `remote_write` to at least to 60 seconds. {pull}38553[38553] + +==== Bugfixes + +*Affecting all Beats* +- Change cache processor documentation from `write_period` to `write_interval`. {pull}38561[38561] +- Fix cache processor expiries heap cleanup on partial file writes. {pull}38561[38561] +- Fix cache processor expiries infinite growth when large a large TTL is used and recurring keys are cached. {pull}38561[38561] +- Fix parsing of RFC 3164 process IDs in syslog processor. {issue}38947[38947] {pull}38982[38982] + +*Filebeat* + +- Fix indexing failures by re-enabling event normalisation in netflow input. {issue}38703[38703] {pull}38780[38780] +- Fix config validation for CEL and HTTPJSON inputs when using password grant authentication and `client.id` or `client.secret` are not present. {pull}38962[38962] +- Updated Websocket input title to align with existing inputs. {pull}39006[39006] +- [threatintel] MISP splitting fix for empty responses. {issue}38739[38739] {pull}38917[38917] +- Restore netflow input on Windows. {pull}39024[39024] + +==== Added + +*Affecting all Beats* + +- Update Go version to 1.21.9. {pulk}38727[38727] +- The environment variable `BEATS_ADD_CLOUD_METADATA_PROVIDERS` overrides configured/default `add_cloud_metadata` providers. {pull}38669[38669] + +*Auditbeat* + +- Add process data to file events (Linux only, eBPF backend). {pull}38199[38199] +- Add container id to file events (Linux only, eBPF backend). {pull}38328[38328] + +*Metricbeat* + +- Add new fields to configure the lease duration, retry and renew when using leader elector with Kubernetes autodiscover.{pull}38471[38471] + + [[release-notes-8.13.2]] === Beats version 8.13.2 https://github.com/elastic/beats/compare/v8.13.1\...v8.13.2[View commits] diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index bd1770d198ca..18103854614c 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -44,9 +44,10 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff] - Introduce input/netmetrics and refactor netflow input metrics {pull}38055[38055] - Update Salesforce module to use new Salesforce input. {pull}37509[37509] - *Heartbeat* +- Fix monitor state loader to not wait extra seconds for the last attempt {pull}39621[39621] + *Metricbeat* - Setting period for counter cache for Prometheus remote_write at least to 60sec {pull}38553[38553] @@ -99,11 +100,12 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff] - Prevent scenario of losing children-related file events in a directory for recursive fsnotify backend of auditbeat file integrity module {pull}39133[39133] - Allow extra syscalls by auditbeat required in FIM with kprobes back-end {pull}39361[39361] - Fix losing events in FIM for OS X by allowing always to walk an added directory to monitor {pull}39362[39362] +- Fix seccomp policy of FIM kprobes backend on arm64 {pull}39759[39759] *Filebeat* - +- Fix handling of endpoint for custom domains and ensure region, default_region, and region parsed from queue_url are applied in the order specified in the documentation for the awss3 input {pull}39709[39709] - [Gcs Input] - Added missing locks for safe concurrency {pull}34914[34914] - Fix the ignore_inactive option being ignored in Filebeat's filestream input {pull}34770[34770] - Fix TestMultiEventForEOFRetryHandlerInput unit test of CometD input {pull}34903[34903] @@ -147,6 +149,7 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff] - Upgrade azure-event-hubs-go and azure-storage-blob-go dependencies. {pull}38861[38861] - Fix concurrency/error handling bugs in the AWS S3 input that could drop data and prevent ingestion of large buckets. {pull}39131[39131] - Fix EntraID query handling. {issue}39419[39419] {pull}39420[39420] +- Expand ID patterns in request trace logger for HTTP Endpoint. {pull}39656[39656] *Heartbeat* @@ -388,6 +391,12 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff] + + + + + + diff --git a/auditbeat/module/file_integrity/kprobes/seccomp_linux.go b/auditbeat/module/file_integrity/kprobes/seccomp_linux_amd64.go similarity index 54% rename from auditbeat/module/file_integrity/kprobes/seccomp_linux.go rename to auditbeat/module/file_integrity/kprobes/seccomp_linux_amd64.go index 90336f66795c..ee281831b251 100644 --- a/auditbeat/module/file_integrity/kprobes/seccomp_linux.go +++ b/auditbeat/module/file_integrity/kprobes/seccomp_linux_amd64.go @@ -18,27 +18,21 @@ package kprobes import ( - "runtime" - "github.com/elastic/beats/v7/libbeat/common/seccomp" ) func init() { - switch runtime.GOARCH { - case "amd64", "386", "arm64": - // The module/file_integrity with kprobes BE uses additional syscalls - if err := seccomp.ModifyDefaultPolicy(seccomp.AddSyscall, - "eventfd2", // required by auditbeat/tracing - "mount", // required by auditbeat/tracing - "perf_event_open", // required by auditbeat/tracing - "ppoll", // required by auditbeat/tracing - "umount2", // required by auditbeat/tracing - "truncate", // required during kprobes verification - "utime", // required during kprobes verification - "utimensat", // required during kprobes verification - "setxattr", // required during kprobes verification - ); err != nil { - panic(err) - } + if err := seccomp.ModifyDefaultPolicy(seccomp.AddSyscall, + "eventfd2", // required by auditbeat/tracing + "mount", // required by auditbeat/tracing + "perf_event_open", // required by auditbeat/tracing + "ppoll", // required by auditbeat/tracing + "umount2", // required by auditbeat/tracing + "truncate", // required during kprobes verification + "utime", // required during kprobes verification + "utimensat", // required during kprobes verification + "setxattr", // required during kprobes verification + ); err != nil { + panic(err) } } diff --git a/catalog-info.yaml b/catalog-info.yaml index 89ef7a216f9c..f75ae30fd8f1 100644 --- a/catalog-info.yaml +++ b/catalog-info.yaml @@ -57,6 +57,10 @@ spec: env: # TODO set to true once https://github.com/elastic/ingest-dev/issues/3001 has been resolved ELASTIC_PR_COMMENTS_ENABLED: "false" + ELASTIC_SLACK_NOTIFICATIONS_ENABLED: 'true' + SLACK_NOTIFICATIONS_CHANNEL: '#ingest-notifications' + SLACK_NOTIFICATIONS_ON_SUCCESS: 'false' + SLACK_NOTIFICATIONS_ALL_BRANCHES: "false" # only notify for failures on `main` or \d+.\d+ (release) branches teams: ingest-fp: access_level: MANAGE_BUILD_AND_READ diff --git a/filebeat/beater/acker.go b/filebeat/beater/acker.go index 00da2762b1d6..9c7df1f202cf 100644 --- a/filebeat/beater/acker.go +++ b/filebeat/beater/acker.go @@ -21,7 +21,6 @@ import ( "github.com/elastic/beats/v7/filebeat/input/file" "github.com/elastic/beats/v7/libbeat/beat" "github.com/elastic/beats/v7/libbeat/common/acker" - "github.com/elastic/elastic-agent-libs/logp" ) type statefulLogger interface { @@ -35,8 +34,6 @@ type statelessLogger interface { // eventAcker handles publisher pipeline ACKs and forwards // them to the registrar or directly to the stateless logger. func eventACKer(statelessOut statelessLogger, statefulOut statefulLogger) beat.EventListener { - log := logp.NewLogger("acker") - return acker.EventPrivateReporter(func(_ int, data []interface{}) { stateless := 0 states := make([]file.State, 0, len(data)) @@ -56,12 +53,10 @@ func eventACKer(statelessOut statelessLogger, statefulOut statefulLogger) beat.E } if len(states) > 0 { - log.Debugw("stateful ack", "count", len(states)) statefulOut.Published(states) } if stateless > 0 { - log.Debugw("stateless ack", "count", stateless) statelessOut.Published(stateless) } }) diff --git a/filebeat/docs/images/filebeat-salesforce-login-dashboard.png b/filebeat/docs/images/filebeat-salesforce-login-dashboard.png deleted file mode 100644 index dc862bddc011..000000000000 Binary files a/filebeat/docs/images/filebeat-salesforce-login-dashboard.png and /dev/null differ diff --git a/filebeat/docs/images/filebeat-salesforce-logout-dashboard.png b/filebeat/docs/images/filebeat-salesforce-logout-dashboard.png deleted file mode 100644 index aeff9a04ee49..000000000000 Binary files a/filebeat/docs/images/filebeat-salesforce-logout-dashboard.png and /dev/null differ diff --git a/filebeat/docs/images/filebeat-salesforce-setupaudittrail-dashboard.png b/filebeat/docs/images/filebeat-salesforce-setupaudittrail-dashboard.png deleted file mode 100644 index 2d0c6674bd4a..000000000000 Binary files a/filebeat/docs/images/filebeat-salesforce-setupaudittrail-dashboard.png and /dev/null differ diff --git a/filebeat/docs/modules/salesforce.asciidoc b/filebeat/docs/modules/salesforce.asciidoc index 8e431e8d97e8..e082d0bbc8c1 100644 --- a/filebeat/docs/modules/salesforce.asciidoc +++ b/filebeat/docs/modules/salesforce.asciidoc @@ -8,7 +8,6 @@ This file is generated! See scripts/docs_collector.py [role="xpack"] :modulename: salesforce -:has-dashboards: true == Salesforce module @@ -54,7 +53,7 @@ The Salesforce module contains the following filesets for collecting different t The default interval for collecting logs (`var.real_time_interval` or `var.elf_interval`) is 5m/1h. Exercise caution when reducing this interval, as it directly impacts the Salesforce API rate limit of ~1000 calls per hour. Exceeding the limit will result in errors from the Salesforce API. Refer to the https://developer.salesforce.com/docs/atlas.en-us.salesforce_app_limits_cheatsheet.meta/salesforce_app_limits_cheatsheet/salesforce_app_limits_platform_api.htm[Salesforce API Rate Limit] documentation for more details. ==== -== Set up the OAuth App in the Salesforce +=== Set up the OAuth App in the Salesforce In order to use this integration, users need to create a new Salesforce Application using OAuth. Follow the steps below to create a connected application in Salesforce: @@ -545,24 +544,6 @@ Interval for collecting EventLogFile logs, e.g. 1h or 5m. Either "Hourly" or "Daily". The time interval of each log file from EventLogFile. -[float] -=== Example dashboards - -The Salesforce module includes several predefined dashboards: - -- Login Dashboard: Visualizes login activity and trends. -- Logout Dashboard: Visualizes logout activity and trends. -- Apex Dashboard: Visualizes Apex executions and errors. -- Setup Audit Trail Dashboard: Shows changes made in the Setup area. - -image::./images/filebeat-salesforce-login-dashboard.png[] - -image::./images/filebeat-salesforce-logout-dashboard.png[] - -image::./images/filebeat-salesforce-setupaudittrail-dashboard.png[] - -Access these dashboards in Kibana by going to Management -> Kibana -> Dashboards and searching for "Salesforce". - [float] === Troubleshooting @@ -577,8 +558,6 @@ Verify the `var.url` is correct. Check that the user credentials are valid and h *Not seeing any data*:: Check the Elastic Agent logs for errors. Verify the module configuration is correct, the filesets are enabled, and the intervals are reasonable. Confirm there is log activity in Salesforce for the log types being collected. -:has-dashboards!: - :fileset_ex!: :modulename!: diff --git a/heartbeat/monitors/wrappers/monitorstate/tracker.go b/heartbeat/monitors/wrappers/monitorstate/tracker.go index 40a4e8f2ded1..18a3b88753f3 100644 --- a/heartbeat/monitors/wrappers/monitorstate/tracker.go +++ b/heartbeat/monitors/wrappers/monitorstate/tracker.go @@ -101,7 +101,7 @@ func (t *Tracker) GetCurrentState(sf stdfields.StdMonitorFields, rc RetryConfig) var loadedState *State var err error var i int - for i = 0; i < attempts; i++ { + for i = 1; i <= attempts; i++ { loadedState, err = t.stateLoader(sf) if err == nil { if loadedState != nil { @@ -111,7 +111,13 @@ func (t *Tracker) GetCurrentState(sf stdfields.StdMonitorFields, rc RetryConfig) } var loaderError LoaderError if errors.As(err, &loaderError) && !loaderError.Retry { - logp.L().Warnf("could not load last externally recorded state: %v", loaderError) + logp.L().Warnf("failed to load previous monitor state: %v", loaderError) + break + } + + // last attempt, exit and log error without sleeping + if i == attempts { + logp.L().Warnf("failed to load previous monitor state: %s after %d attempts: %v", sf.ID, i, err) break } @@ -120,17 +126,13 @@ func (t *Tracker) GetCurrentState(sf stdfields.StdMonitorFields, rc RetryConfig) if rc.waitFn != nil { sleepFor = rc.waitFn() } - logp.L().Warnf("could not load last externally recorded state, will retry again in %d milliseconds: %v", sleepFor.Milliseconds(), err) + logp.L().Warnf("could not load previous monitor state, retrying in %d milliseconds: %v", sleepFor.Milliseconds(), err) time.Sleep(sleepFor) } - if err != nil { - logp.L().Warnf("could not load prior state from elasticsearch after %d attempts, will create new state for monitor: %s", i+1, sf.ID) - } if loadedState != nil { t.states[sf.ID] = loadedState } - // Return what we found, even if nil return loadedState } diff --git a/heartbeat/security/policy_linux_386.go b/heartbeat/security/policy_linux_386.go deleted file mode 100644 index b868891db68d..000000000000 --- a/heartbeat/security/policy_linux_386.go +++ /dev/null @@ -1,133 +0,0 @@ -// Licensed to Elasticsearch B.V. under one or more contributor -// license agreements. See the NOTICE file distributed with -// this work for additional information regarding copyright -// ownership. Elasticsearch B.V. licenses this file to you under -// the Apache License, Version 2.0 (the "License"); you may -// not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -package security - -import "github.com/elastic/beats/v7/libbeat/common/seccomp" - -func init() { - var syscalls = []string{ - "access", - "arch_prctl", - "bind", - "brk", - "capget", - "capset", - "chdir", - "chmod", - "chown", - "clone", - "close", - "connect", - "creat", - "dup", - "dup2", - "dup3", - "epoll_ctl", - "epoll_pwait", - "eventfd2", - "execve", - "exit", - "faccessat", - "fadvise64", - "fallocate", - "fcntl", - "flock", - "fstat", - "fsync", - "futex", - "capget", - "getcwd", - "getdents64", - "getegid", - "geteuid", - "getgroups", - "getgid", - "getpeername", - "getpgrp", - "getpid", - "getppid", - "getpriority", - "getrandom", - "getresuid", - "getresgid", - "getrusage", - "getsockname", - "gettid", - "getuid", - "ioctl", - "inotify_init", - "lchown", - "link", - "lseek", - "madvise", - "memfd_create", - "mkdir", - "mkdirat", - "mlock", - "mmap", - "mprotect", - "munmap", - "nanosleep", - "name_to_handle_at", - "newfstatat", - "openat", - "pipe", - "pipe2", - "poll", - "prctl", - "pread64", - "prlimit64", - "pwrite64", - "read", - "readlink", - "readlinkat", - "recvfrom", - "rename", - "rmdir", - "rt_sigaction", - "rt_sigprocmask", - "rt_sigreturn", - "sched_getaffinity", - "sched_getparam", - "sched_getscheduler", - "select", - "sendto", - "set_robust_list", - "set_tid_address", - "setgid", - "setgroups", - "setpriority", - "setsid", - "setuid", - "sigaltstack", - "socket", - "socketpair", - "stat", - "statx", - "symlink", - "umask", - "uname", - "unlink", - "utimensat", - "write", - } - err := seccomp.ModifyDefaultPolicy(seccomp.AddSyscall, syscalls...) - if err != nil { - panic(err) - } -} diff --git a/heartbeat/security/policy_linux_amd64.go b/heartbeat/security/policy_linux_amd64.go deleted file mode 100644 index 9d9f0033a9a1..000000000000 --- a/heartbeat/security/policy_linux_amd64.go +++ /dev/null @@ -1,134 +0,0 @@ -// Licensed to Elasticsearch B.V. under one or more contributor -// license agreements. See the NOTICE file distributed with -// this work for additional information regarding copyright -// ownership. Elasticsearch B.V. licenses this file to you under -// the Apache License, Version 2.0 (the "License"); you may -// not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -package security - -import "github.com/elastic/beats/v7/libbeat/common/seccomp" - -func init() { - var syscalls = []string{ - "access", - "arch_prctl", - "bind", - "brk", - "capget", - "capset", - "chdir", - "chmod", - "chown", - "clone", - "close", - "connect", - "creat", - "dup", - "dup2", - "dup3", - "epoll_ctl", - "epoll_pwait", - "eventfd2", - "execve", - "exit", - "faccessat", - "fadvise64", - "fallocate", - "fcntl", - "flock", - "fstat", - "fsync", - "futex", - "capget", - "getcwd", - "getdents64", - "getegid", - "geteuid", - "getgroups", - "getgid", - "getpeername", - "getpgrp", - "getpid", - "getppid", - "getpriority", - "getrandom", - "getresuid", - "getresgid", - "getrusage", - "getsockname", - "gettid", - "getuid", - "ioctl", - "inotify_init", - "lchown", - "link", - "lseek", - "madvise", - "memfd_create", - "mkdir", - "mkdirat", - "mlock", - "mmap", - "mprotect", - "munmap", - "nanosleep", - "name_to_handle_at", - "newfstatat", - "openat", - "pipe", - "pipe2", - "poll", - "prctl", - "pread64", - "prlimit64", - "pwrite64", - "read", - "readlink", - "readlinkat", - "recvfrom", - "rename", - "rmdir", - "rt_sigaction", - "rt_sigprocmask", - "rt_sigreturn", - "sched_getaffinity", - "sched_getparam", - "sched_getscheduler", - "select", - "sendto", - "set_robust_list", - "set_tid_address", - "setgid", - "setgroups", - "setpriority", - "setsid", - "setuid", - "sigaltstack", - "socket", - "socketpair", - "stat", - "statx", - "symlink", - "umask", - "uname", - "unlink", - "utimensat", - "write", - } - - err := seccomp.ModifyDefaultPolicy(seccomp.AddSyscall, syscalls...) - if err != nil { - panic(err) - } -} diff --git a/heartbeat/security/policy_linux_arm64.go b/heartbeat/security/policy_linux_arm64.go deleted file mode 100644 index e198819dbb94..000000000000 --- a/heartbeat/security/policy_linux_arm64.go +++ /dev/null @@ -1,174 +0,0 @@ -// Licensed to Elasticsearch B.V. under one or more contributor -// license agreements. See the NOTICE file distributed with -// this work for additional information regarding copyright -// ownership. Elasticsearch B.V. licenses this file to you under -// the Apache License, Version 2.0 (the "License"); you may -// not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -package security - -import ( - "github.com/elastic/beats/v7/libbeat/common/seccomp" - seccomp_types "github.com/elastic/go-seccomp-bpf" -) - -func init() { - // Register deny-by-default based policy for ARM platforms - defaultPolicy := &seccomp_types.Policy{ - DefaultAction: seccomp_types.ActionErrno, - Syscalls: []seccomp_types.SyscallGroup{ - { - Action: seccomp_types.ActionAllow, - Names: []string{ - "accept", - "accept4", - "bind", - "brk", - "capget", - "capset", - "chdir", - "clock_gettime", - "clone", - "clone3", - "close", - "connect", - "dup", - "dup3", - "epoll_create1", - "epoll_ctl", - "epoll_pwait", - "eventfd2", - "execve", - "exit", - "exit_group", - "faccessat", - "fadvise64", - "fallocate", - "fchdir", - "fchmod", - "fchmodat", - "fchown", - "fchownat", - "fcntl", - "fdatasync", - "flock", - "fstat", - "fstatat", // or newfstatat - "fstatfs", - "fsync", - "ftruncate", - "futex", - "getcwd", - "getdents64", - "getegid", - "geteuid", - "getgid", - "getgroups", - "getpeername", - "getpgid", - "getpid", - "getppid", - "getpriority", - "getrandom", - "getresgid", - "getresuid", - "getrlimit", - "getrusage", - "getsockname", - "getsockopt", - "gettid", - "gettimeofday", - "getuid", - "inotify_add_watch", - "inotify_init1", - "inotify_rm_watch", - "ioctl", - "kill", - "linkat", - "listen", - "lseek", - "madvise", - "memfd_create", - "mincore", - "mkdirat", - "mlock", - "mmap", - "mprotect", - "munmap", - "name_to_handle_at", - "nanosleep", - "openat", - "pipe2", - "ppoll", - "prctl", - "pread64", - "prlimit64", - "pselect6", - "pwrite64", - "read", - "readlinkat", - "recvfrom", - "recvmmsg", - "recvmsg", - "renameat", - "rseq", - "rt_sigaction", - "rt_sigprocmask", - "rt_sigreturn", - "sched_getaffinity", - "sched_getattr", - "sched_getparam", - "sched_getscheduler", - "sched_setaffinity", - "sched_setattr", - "sched_yield", - "seccomp", - "sendfile", - "sendmmsg", - "sendmsg", - "sendto", - "set_robust_list", - "set_tid_address", - "setgid", - "setgroups", - "setitimer", - "setpriority", - "setsid", - "setsockopt", - "setuid", - "shutdown", - "sigaltstack", - "socket", - "socketpair", - "splice", - "statfs", - "statx", - "symlinkat", - "sysinfo", - "tgkill", - "tkill", - "umask", - "uname", - "unlinkat", - "utimensat", - "wait4", - "waitid", - "write", - "writev", - }, - }, - }, - } - - seccomp.MustRegisterPolicy(defaultPolicy) -} diff --git a/heartbeat/security/seccomp.go b/heartbeat/security/seccomp.go new file mode 100644 index 000000000000..2d076b6b260e --- /dev/null +++ b/heartbeat/security/seccomp.go @@ -0,0 +1,292 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package security + +import ( + "runtime" + + "github.com/elastic/beats/v7/libbeat/common/seccomp" + seccomptypes "github.com/elastic/go-seccomp-bpf" +) + +func mustConfigureSeccompPolicy() { + if runtime.GOOS != "linux" { + return + } + + switch runtime.GOARCH { + case "amd64", "386": + if err := seccomp.ModifyDefaultPolicy(seccomp.AddSyscall, + "access", + "arch_prctl", + "bind", + "brk", + "capget", + "capset", + "chdir", + "chmod", + "chown", + "clone", + "close", + "connect", + "creat", + "dup", + "dup2", + "dup3", + "epoll_ctl", + "epoll_pwait", + "eventfd2", + "execve", + "exit", + "faccessat", + "fadvise64", + "fallocate", + "fcntl", + "flock", + "fstat", + "fsync", + "futex", + "capget", + "getcwd", + "getdents64", + "getegid", + "geteuid", + "getgroups", + "getgid", + "getpeername", + "getpgrp", + "getpid", + "getppid", + "getpriority", + "getrandom", + "getresuid", + "getresgid", + "getrusage", + "getsockname", + "gettid", + "getuid", + "ioctl", + "inotify_init", + "lchown", + "link", + "lseek", + "madvise", + "memfd_create", + "mkdir", + "mkdirat", + "mlock", + "mmap", + "mprotect", + "munmap", + "nanosleep", + "name_to_handle_at", + "newfstatat", + "openat", + "pipe", + "pipe2", + "poll", + "prctl", + "pread64", + "prlimit64", + "pwrite64", + "read", + "readlink", + "readlinkat", + "recvfrom", + "rename", + "rmdir", + "rt_sigaction", + "rt_sigprocmask", + "rt_sigreturn", + "sched_getaffinity", + "sched_getparam", + "sched_getscheduler", + "select", + "sendto", + "set_robust_list", + "set_tid_address", + "setgid", + "setgroups", + "setpriority", + "setsid", + "setuid", + "sigaltstack", + "socket", + "socketpair", + "stat", + "statx", + "symlink", + "umask", + "uname", + "unlink", + "utimensat", + "write", + ); err != nil { + panic(err) + } + case "arm64": + // Register deny-by-default based policy for arm64. + arm64Policy := &seccomptypes.Policy{ + DefaultAction: seccomptypes.ActionErrno, + Syscalls: []seccomptypes.SyscallGroup{ + { + Action: seccomptypes.ActionAllow, + Names: []string{ + "accept", + "accept4", + "bind", + "brk", + "capget", + "capset", + "chdir", + "clock_gettime", + "clone", + "clone3", + "close", + "connect", + "dup", + "dup3", + "epoll_create1", + "epoll_ctl", + "epoll_pwait", + "eventfd2", + "execve", + "exit", + "exit_group", + "faccessat", + "fadvise64", + "fallocate", + "fchdir", + "fchmod", + "fchmodat", + "fchown", + "fchownat", + "fcntl", + "fdatasync", + "flock", + "fstat", + "fstatat", // or newfstatat + "fstatfs", + "fsync", + "ftruncate", + "futex", + "getcwd", + "getdents64", + "getegid", + "geteuid", + "getgid", + "getgroups", + "getpeername", + "getpgid", + "getpid", + "getppid", + "getpriority", + "getrandom", + "getresgid", + "getresuid", + "getrlimit", + "getrusage", + "getsockname", + "getsockopt", + "gettid", + "gettimeofday", + "getuid", + "inotify_add_watch", + "inotify_init1", + "inotify_rm_watch", + "ioctl", + "kill", + "linkat", + "listen", + "lseek", + "madvise", + "memfd_create", + "mincore", + "mkdirat", + "mlock", + "mmap", + "mprotect", + "munmap", + "name_to_handle_at", + "nanosleep", + "openat", + "pipe2", + "ppoll", + "prctl", + "pread64", + "prlimit64", + "pselect6", + "pwrite64", + "read", + "readlinkat", + "recvfrom", + "recvmmsg", + "recvmsg", + "renameat", + "rseq", + "rt_sigaction", + "rt_sigprocmask", + "rt_sigreturn", + "sched_getaffinity", + "sched_getattr", + "sched_getparam", + "sched_getscheduler", + "sched_setaffinity", + "sched_setattr", + "sched_yield", + "seccomp", + "sendfile", + "sendmmsg", + "sendmsg", + "sendto", + "set_robust_list", + "set_tid_address", + "setgid", + "setgroups", + "setitimer", + "setpriority", + "setsid", + "setsockopt", + "setuid", + "shutdown", + "sigaltstack", + "socket", + "socketpair", + "splice", + "statfs", + "statx", + "symlinkat", + "sysinfo", + "tgkill", + "tkill", + "umask", + "uname", + "unlinkat", + "utimensat", + "wait4", + "waitid", + "write", + "writev", + }, + }, + }, + } + + seccomp.MustRegisterPolicy(arm64Policy) + } +} diff --git a/heartbeat/security/security.go b/heartbeat/security/security.go index 75c57ae405cf..b26b114b08f9 100644 --- a/heartbeat/security/security.go +++ b/heartbeat/security/security.go @@ -51,6 +51,9 @@ func InitializeModule() { // Make heartbeat dumpable so elastic-agent can access process metrics. _ = setDumpable() + + // Customize the seccomp policy that will be loaded when the Heartbeat is initialized. + mustConfigureSeccompPolicy() } func setNodeProcAttr(localUserName string) error { diff --git a/libbeat/docs/release.asciidoc b/libbeat/docs/release.asciidoc index 69cb6b5925fa..7c0f20789fd6 100644 --- a/libbeat/docs/release.asciidoc +++ b/libbeat/docs/release.asciidoc @@ -8,6 +8,8 @@ This section summarizes the changes in each release. Also read <> for more detail about changes that affect upgrade. +* <> +* <> * <> * <> * <> diff --git a/packetbeat/route/route_test.go b/packetbeat/route/route_test.go index 3e848bb56ab0..2858d8521da9 100644 --- a/packetbeat/route/route_test.go +++ b/packetbeat/route/route_test.go @@ -32,6 +32,7 @@ import ( ) func TestDefault(t *testing.T) { + t.Skip("Flaky test: https://github.com/elastic/beats/issues/39698") for _, family := range []int{syscall.AF_INET, syscall.AF_INET6} { wantIface, wantIndex, wantErr := defaultRoute(family) if wantErr != nil && wantErr != ErrNotFound { diff --git a/testing/environments/snapshot.yml b/testing/environments/snapshot.yml index 50d0fbdc813c..f93f1d3c055d 100644 --- a/testing/environments/snapshot.yml +++ b/testing/environments/snapshot.yml @@ -3,7 +3,7 @@ version: '2.3' services: elasticsearch: - image: docker.elastic.co/elasticsearch/elasticsearch:8.14.0-526ba7a5-SNAPSHOT + image: docker.elastic.co/elasticsearch/elasticsearch:8.14.0-ede8ab2b-SNAPSHOT # When extend is used it merges healthcheck.tests, see: # https://github.com/docker/compose/issues/8962 # healthcheck: @@ -31,7 +31,7 @@ services: - "./docker/elasticsearch/users_roles:/usr/share/elasticsearch/config/users_roles" logstash: - image: docker.elastic.co/logstash/logstash:8.14.0-526ba7a5-SNAPSHOT + image: docker.elastic.co/logstash/logstash:8.14.0-ede8ab2b-SNAPSHOT healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9600/_node/stats"] retries: 600 @@ -44,7 +44,7 @@ services: - 5055:5055 kibana: - image: docker.elastic.co/kibana/kibana:8.14.0-526ba7a5-SNAPSHOT + image: docker.elastic.co/kibana/kibana:8.14.0-ede8ab2b-SNAPSHOT environment: - "ELASTICSEARCH_USERNAME=kibana_system_user" - "ELASTICSEARCH_PASSWORD=testing" diff --git a/x-pack/agentbeat/agentbeat.spec.yml b/x-pack/agentbeat/agentbeat.spec.yml index 045188513b09..69d6b17b79cb 100644 --- a/x-pack/agentbeat/agentbeat.spec.yml +++ b/x-pack/agentbeat/agentbeat.spec.yml @@ -194,6 +194,11 @@ inputs: platforms: *platforms outputs: *outputs command: *filebeat_command + - name: salesforce + description: "Salesforce input" + platforms: *platforms + outputs: *outputs + command: *filebeat_command - name: syslog aliases: - log/syslog diff --git a/x-pack/filebeat/input/awss3/input.go b/x-pack/filebeat/input/awss3/input.go index 2c0372fe5616..b62f816fc3b7 100644 --- a/x-pack/filebeat/input/awss3/input.go +++ b/x-pack/filebeat/input/awss3/input.go @@ -69,20 +69,38 @@ type s3Input struct { func newInput(config config, store beater.StateStore) (*s3Input, error) { awsConfig, err := awscommon.InitializeAWSConfig(config.AWSConfig) + if err != nil { + return nil, fmt.Errorf("failed to initialize AWS credentials: %w", err) + } - if config.AWSConfig.Endpoint != "" { - // Add a custom endpointResolver to the awsConfig so that all the requests are routed to this endpoint - awsConfig.EndpointResolverWithOptions = awssdk.EndpointResolverWithOptionsFunc(func(service, region string, options ...interface{}) (awssdk.Endpoint, error) { - return awssdk.Endpoint{ - PartitionID: "aws", - URL: config.AWSConfig.Endpoint, - SigningRegion: awsConfig.Region, - }, nil - }) + // The awsConfig now contains the region from the credential profile or default region + // if the region is explicitly set in the config, then it wins + if config.RegionName != "" { + awsConfig.Region = config.RegionName } - if err != nil { - return nil, fmt.Errorf("failed to initialize AWS credentials: %w", err) + // A custom endpoint has been specified! + if config.AWSConfig.Endpoint != "" { + + // Parse a URL for the host regardless of it missing the scheme + endpointUri, err := url.Parse(config.AWSConfig.Endpoint) + if err != nil { + return nil, fmt.Errorf("failed to parse endpoint: %w", err) + } + + // For backwards compat: + // If the endpoint does not start with S3, we will use the endpoint resolver to make all SDK requests use the specified endpoint + // If the endpoint does start with S3, we will use the default resolver uses the endpoint field but can replace s3 with the desired service name like sqs + if !strings.HasPrefix(endpointUri.Hostname(), "s3") { + awsConfig.EndpointResolverWithOptions = awssdk.EndpointResolverWithOptionsFunc(func(service, region string, options ...interface{}) (awssdk.Endpoint, error) { + return awssdk.Endpoint{ + PartitionID: "aws", + Source: awssdk.EndpointSourceCustom, + URL: config.AWSConfig.Endpoint, + SigningRegion: awsConfig.Region, + }, nil + }) + } } return &s3Input{ @@ -112,16 +130,23 @@ func (in *s3Input) Run(inputContext v2.Context, pipeline beat.Pipeline) error { defer cancelInputCtx() if in.config.QueueURL != "" { - regionName, err := getRegionFromQueueURL(in.config.QueueURL, in.config.AWSConfig.Endpoint, in.config.RegionName) - if err != nil && in.config.RegionName == "" { - return fmt.Errorf("failed to get AWS region from queue_url: %w", err) + regionName, err := getRegionFromQueueURL(in.config.QueueURL, in.config.AWSConfig.Endpoint, in.config.AWSConfig.DefaultRegion) + + // If we can't get a region from anywhere, error out + if err != nil && regionName == "" && in.config.RegionName == "" { + return fmt.Errorf("region not specified and failed to get AWS region from queue_url: %w", err) } var warn regionMismatchError if errors.As(err, &warn) { // Warn of mismatch, but go ahead with configured region name. inputContext.Logger.Warnf("%v: using %q", err, regionName) } - in.awsConfig.Region = regionName + + // Ensure we don't overwrite region when getRegionFromURL fails + // Ensure we don't overwrite a user-specified region with a parsed region. + if regionName != "" && in.config.RegionName == "" { + in.awsConfig.Region = regionName + } // Create SQS receiver and S3 notification processor. receiver, err := in.createSQSReceiver(inputContext, pipeline) @@ -186,7 +211,11 @@ func (in *s3Input) createSQSReceiver(ctx v2.Context, pipeline beat.Pipeline) (*s if in.config.AWSConfig.FIPSEnabled { o.EndpointOptions.UseFIPSEndpoint = awssdk.FIPSEndpointStateEnabled } + if in.config.AWSConfig.Endpoint != "" { + o.EndpointResolver = sqs.EndpointResolverFromURL(in.config.AWSConfig.Endpoint) + } }), + queueURL: in.config.QueueURL, apiTimeout: in.config.APITimeout, visibilityTimeout: in.config.VisibilityTimeout, @@ -198,6 +227,9 @@ func (in *s3Input) createSQSReceiver(ctx v2.Context, pipeline beat.Pipeline) (*s if in.config.AWSConfig.FIPSEnabled { o.EndpointOptions.UseFIPSEndpoint = awssdk.FIPSEndpointStateEnabled } + if in.config.AWSConfig.Endpoint != "" { + o.EndpointResolver = s3.EndpointResolverFromURL(in.config.AWSConfig.Endpoint) + } o.UsePathStyle = in.config.PathStyle }), } @@ -322,17 +354,45 @@ var errBadQueueURL = errors.New("QueueURL is not in format: https://sqs.{REGION_ func getRegionFromQueueURL(queueURL string, endpoint, defaultRegion string) (region string, err error) { // get region from queueURL + // Example for custom domain queue: https://sqs.us-east-1.abc.xyz/12345678912/test-s3-logs // Example for sqs queue: https://sqs.us-east-1.amazonaws.com/12345678912/test-s3-logs // Example for vpce: https://vpce-test.sqs.us-east-1.vpce.amazonaws.com/12345678912/sqs-queue u, err := url.Parse(queueURL) if err != nil { return "", fmt.Errorf(queueURL + " is not a valid URL") } + + e, err := url.Parse(endpoint) + if err != nil { + return "", fmt.Errorf(endpoint + " is not a valid URL") + } + if (u.Scheme == "https" || u.Scheme == "http") && u.Host != "" { queueHostSplit := strings.SplitN(u.Host, ".", 3) + endpointSplit := strings.SplitN(e.Host, ".", 3) // check for sqs queue url + + // Parse a user-provided custom endpoint + if endpoint != "" && queueHostSplit[0] == "sqs" && len(queueHostSplit) == 3 && len(endpointSplit) == 3 { + // Check if everything after the second dot in the queue url matches everything after the second dot in the endpoint + endpointMatchesQueueUrl := strings.SplitN(u.Hostname(), ".", 3)[2] == strings.SplitN(e.Hostname(), ".", 3)[2] + if !endpointMatchesQueueUrl { + // We couldn't resolve the URL + // We cannot infer the region by matching the endpoint and queue url, return the default region with a region mismatch warning + return defaultRegion, regionMismatchError{queueURLRegion: queueHostSplit[1], defaultRegion: endpointSplit[1]} + } + + region = queueHostSplit[1] + if defaultRegion != "" && region != defaultRegion { + return region, regionMismatchError{queueURLRegion: region, defaultRegion: defaultRegion} + } + return region, nil + } + + // Parse a standard SQS url if len(queueHostSplit) == 3 && queueHostSplit[0] == "sqs" { - if queueHostSplit[2] == endpoint || (endpoint == "" && strings.HasPrefix(queueHostSplit[2], "amazonaws.")) { + // handle endpoint with no scheme, handle endpoint with scheme + if queueHostSplit[2] == endpoint || queueHostSplit[2] == e.Host || (endpoint == "" && strings.HasPrefix(queueHostSplit[2], "amazonaws.")) { region = queueHostSplit[1] if defaultRegion != "" && region != defaultRegion { return defaultRegion, regionMismatchError{queueURLRegion: region, defaultRegion: defaultRegion} diff --git a/x-pack/filebeat/input/awss3/input_integration_test.go b/x-pack/filebeat/input/awss3/input_integration_test.go index 62cbc8350113..aa6874b9216a 100644 --- a/x-pack/filebeat/input/awss3/input_integration_test.go +++ b/x-pack/filebeat/input/awss3/input_integration_test.go @@ -262,6 +262,174 @@ func TestInputRunSQSOnLocalstack(t *testing.T) { assert.EqualValues(t, s3Input.metrics.sqsWorkerUtilization.Get(), 0.0) // Workers are reset after processing and hence utilization should be 0 at the end } +func TestInputRunSQSWithConfig(t *testing.T) { + tests := []struct { + name string + queue_url string + endpoint string + region string + default_region string + want string + wantErr error + }{ + { + name: "no region", + queue_url: "https://sqs.us-east-1.amazonaws.com/627959692251/test-s3-logs", + want: "us-east-1", + }, + { + name: "no region but with long endpoint", + queue_url: "https://sqs.us-east-1.abc.xyz/627959692251/test-s3-logs", + endpoint: "https://s3.us-east-1.abc.xyz", + want: "us-east-1", + }, + { + name: "no region but with short endpoint", + queue_url: "https://sqs.us-east-1.abc.xyz/627959692251/test-s3-logs", + endpoint: "https://abc.xyz", + want: "us-east-1", + }, + { + name: "no region custom queue domain", + queue_url: "https://sqs.us-east-1.xyz.abc/627959692251/test-s3-logs", + wantErr: errBadQueueURL, + }, + { + name: "region", + queue_url: "https://sqs.us-east-1.amazonaws.com/627959692251/test-s3-logs", + region: "us-west-2", + want: "us-west-2", + }, + { + name: "default_region", + queue_url: "https://sqs.us-east-1.amazonaws.com/627959692251/test-s3-logs", + default_region: "us-west-2", + want: "us-west-2", + }, + { + name: "region and default_region", + queue_url: "https://sqs.us-east-1.amazonaws.com/627959692251/test-s3-logs", + region: "us-east-2", + default_region: "us-east-3", + want: "us-east-2", + }, + { + name: "short_endpoint", + queue_url: "https://sqs.us-east-1.amazonaws.com/627959692251/test-s3-logs", + endpoint: "https://amazonaws.com", + want: "us-east-1", + }, + { + name: "long_endpoint", + queue_url: "https://sqs.us-east-1.amazonaws.com/627959692251/test-s3-logs", + endpoint: "https://s3.us-east-1.amazonaws.com", + want: "us-east-1", + }, + { + name: "region and custom short_endpoint", + queue_url: "https://sqs.us-east-1.amazonaws.com/627959692251/test-s3-logs", + region: "us-west-2", + endpoint: "https://.elastic.co", + want: "us-west-2", + }, + { + name: "region and custom long_endpoint", + queue_url: "https://sqs.us-east-1.amazonaws.com/627959692251/test-s3-logs", + region: "us-west-2", + endpoint: "https://s3.us-east-1.elastic.co", + want: "us-west-2", + }, + { + name: "region and short_endpoint", + queue_url: "https://sqs.us-east-1.amazonaws.com/627959692251/test-s3-logs", + region: "us-west-2", + endpoint: "https://amazonaws.com", + want: "us-west-2", + }, + { + name: "region and long_endpoint", + queue_url: "https://sqs.us-east-1.amazonaws.com/627959692251/test-s3-logs", + region: "us-west-2", + endpoint: "https://s3.us-east-1.amazonaws.com", + want: "us-west-2", + }, + { + name: "region and default region and short_endpoint", + queue_url: "https://sqs.us-east-1.amazonaws.com/627959692251/test-s3-logs", + region: "us-west-2", + default_region: "us-east-1", + endpoint: "https://amazonaws.com", + want: "us-west-2", + }, + { + name: "region and default region and long_endpoint", + queue_url: "https://sqs.us-east-1.amazonaws.com/627959692251/test-s3-logs", + region: "us-west-2", + default_region: "us-east-1", + endpoint: "https://s3.us-east-1.amazonaws.com", + want: "us-west-2", + }, + } + + for _, test := range tests { + logp.TestingSetup() + + // Create a filebeat config using the provided test parameters + config := "" + if test.queue_url != "" { + config += fmt.Sprintf("queue_url: %s \n", test.queue_url) + } + if test.region != "" { + config += fmt.Sprintf("region: %s \n", test.region) + } + if test.default_region != "" { + config += fmt.Sprintf("default_region: %s \n", test.default_region) + } + if test.endpoint != "" { + config += fmt.Sprintf("endpoint: %s \n", test.endpoint) + } + + s3Input := createInput(t, conf.MustNewConfigFrom(config)) + + inputCtx, cancel := newV2Context() + t.Cleanup(cancel) + time.AfterFunc(5*time.Second, func() { + cancel() + }) + + var errGroup errgroup.Group + errGroup.Go(func() error { + return s3Input.Run(inputCtx, &fakePipeline{}) + }) + + if err := errGroup.Wait(); err != nil { + // assert that err == test.wantErr + if test.wantErr != nil { + continue + } + // Print the test name to help identify the failing test + t.Fatal(test.name, err) + } + + // If the endpoint starts with s3, the endpoint resolver should be null at this point + // If the endpoint does not start with s3, the endpointresolverwithoptions should be set + // If the endpoint is not set, the endpoint resolver should be null + if test.endpoint == "" { + assert.Nil(t, s3Input.awsConfig.EndpointResolver, test.name) + assert.Nil(t, s3Input.awsConfig.EndpointResolverWithOptions, test.name) + } else if strings.HasPrefix(test.endpoint, "https://s3") { + // S3 resolvers are added later in the code than this integration test covers + assert.Nil(t, s3Input.awsConfig.EndpointResolver, test.name) + assert.Nil(t, s3Input.awsConfig.EndpointResolverWithOptions, test.name) + } else { // If the endpoint is specified but is not s3 + assert.Nil(t, s3Input.awsConfig.EndpointResolver, test.name) + assert.NotNil(t, s3Input.awsConfig.EndpointResolverWithOptions, test.name) + } + + assert.EqualValues(t, test.want, s3Input.awsConfig.Region, test.name) + } +} + func TestInputRunSQS(t *testing.T) { logp.TestingSetup() @@ -353,7 +521,7 @@ func TestInputRunS3(t *testing.T) { assert.EqualValues(t, s3Input.metrics.s3ObjectsRequestedTotal.Get(), 7) assert.EqualValues(t, s3Input.metrics.s3ObjectsListedTotal.Get(), 8) assert.EqualValues(t, s3Input.metrics.s3ObjectsProcessedTotal.Get(), 7) - assert.EqualValues(t, s3Input.metrics.s3ObjectsAckedTotal.Get(), 6) + assert.EqualValues(t, s3Input.metrics.s3ObjectsAckedTotal.Get(), 7) assert.EqualValues(t, s3Input.metrics.s3EventsCreatedTotal.Get(), 12) } diff --git a/x-pack/filebeat/input/awss3/input_test.go b/x-pack/filebeat/input/awss3/input_test.go index abc9f5c9a6a6..fdd9d691a188 100644 --- a/x-pack/filebeat/input/awss3/input_test.go +++ b/x-pack/filebeat/input/awss3/input_test.go @@ -69,6 +69,18 @@ func TestGetRegionFromQueueURL(t *testing.T) { endpoint: "abc.xyz", want: "us-east-1", }, + { + name: "abc.xyz_and_domain_with_matching_endpoint_and_scheme", + queueURL: "https://sqs.us-east-1.abc.xyz/627959692251/test-s3-logs", + endpoint: "https://abc.xyz", + want: "us-east-1", + }, + { + name: "abc.xyz_and_domain_with_matching_url_endpoint", + queueURL: "https://sqs.us-east-1.abc.xyz/627959692251/test-s3-logs", + endpoint: "https://s3.us-east-1.abc.xyz", + want: "us-east-1", + }, { name: "abc.xyz_and_domain_with_blank_endpoint", queueURL: "https://sqs.us-east-1.abc.xyz/627959692251/test-s3-logs", diff --git a/x-pack/filebeat/input/cel/input_test.go b/x-pack/filebeat/input/cel/input_test.go index 1ee7704f8263..7cb73fe2cea0 100644 --- a/x-pack/filebeat/input/cel/input_test.go +++ b/x-pack/filebeat/input/cel/input_test.go @@ -1434,7 +1434,7 @@ func TestInput(t *testing.T) { t.Fatalf("unexpected error running test: %v", err) } - ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() v2Ctx := v2.Context{ diff --git a/x-pack/filebeat/input/http_endpoint/input.go b/x-pack/filebeat/input/http_endpoint/input.go index 6bb79ea72bec..c0b995efcd0e 100644 --- a/x-pack/filebeat/input/http_endpoint/input.go +++ b/x-pack/filebeat/input/http_endpoint/input.go @@ -14,7 +14,9 @@ import ( "net" "net/http" "net/url" + "path/filepath" "reflect" + "strings" "sync" "time" @@ -101,6 +103,12 @@ func (e *httpEndpoint) Test(_ v2.TestContext) error { func (e *httpEndpoint) Run(ctx v2.Context, publisher stateless.Publisher) error { metrics := newInputMetrics(ctx.ID) defer metrics.Close() + + if e.config.Tracer != nil { + id := sanitizeFileName(ctx.ID) + e.config.Tracer.Filename = strings.ReplaceAll(e.config.Tracer.Filename, "*", id) + } + err := servers.serve(ctx, e, publisher, metrics) if err != nil && !errors.Is(err, http.ErrServerClosed) { return fmt.Errorf("unable to start server due to error: %w", err) @@ -108,6 +116,15 @@ func (e *httpEndpoint) Run(ctx v2.Context, publisher stateless.Publisher) error return nil } +// sanitizeFileName returns name with ":" and "/" replaced with "_", removing repeated instances. +// The request.tracer.filename may have ":" when a http_endpoint input has cursor config and +// the macOS Finder will treat this as path-separator and causes to show up strange filepaths. +func sanitizeFileName(name string) string { + name = strings.ReplaceAll(name, ":", string(filepath.Separator)) + name = filepath.Clean(name) + return strings.ReplaceAll(name, string(filepath.Separator), "_") +} + // servers is the package-level server pool. var servers = pool{servers: make(map[string]*server)} diff --git a/x-pack/filebeat/input/httpjson/metrics_test.go b/x-pack/filebeat/input/httpjson/metrics_test.go index 653523ec5a2c..aed9b23c3f80 100644 --- a/x-pack/filebeat/input/httpjson/metrics_test.go +++ b/x-pack/filebeat/input/httpjson/metrics_test.go @@ -8,6 +8,9 @@ import ( "fmt" "net/http" "net/http/httptest" + "runtime" + "slices" + "strings" "testing" "time" @@ -28,8 +31,12 @@ func TestMetrics(t *testing.T) { handler http.HandlerFunc expectedEvents []string assertMetrics func(reg *monitoring.Registry) error + + skipReason string // GOOS:reason or GOOS,GOOS,...:reason. }{ { + skipReason: "windows:flakey test on windows - see https://github.com/elastic/beats/issues/39676", + name: "Test pagination metrics", setupServer: func(t *testing.T, h http.HandlerFunc, config map[string]interface{}) { server := httptest.NewServer(h) @@ -102,6 +109,9 @@ func TestMetrics(t *testing.T) { for _, testCase := range testCases { tc := testCase t.Run(tc.name, func(t *testing.T) { + if reason := skipReason(tc.skipReason); reason != "" { + t.Skipf("skipping %s", reason) + } tc.setupServer(t, tc.handler, tc.baseConfig) cfg := conf.MustNewConfigFrom(tc.baseConfig) @@ -163,3 +173,17 @@ func TestMetrics(t *testing.T) { }) } } + +func skipReason(s string) string { + if s == "" { + return "" + } + goos, reason, ok := strings.Cut(s, ":") + if !ok { + return s + } + if slices.Contains(strings.Split(goos, ","), runtime.GOOS) { + return reason + } + return "" +} diff --git a/x-pack/filebeat/module/salesforce/_meta/docs.asciidoc b/x-pack/filebeat/module/salesforce/_meta/docs.asciidoc index 7d189fc69841..02be3492837d 100644 --- a/x-pack/filebeat/module/salesforce/_meta/docs.asciidoc +++ b/x-pack/filebeat/module/salesforce/_meta/docs.asciidoc @@ -1,7 +1,6 @@ [role="xpack"] :modulename: salesforce -:has-dashboards: true == Salesforce module @@ -47,7 +46,7 @@ The Salesforce module contains the following filesets for collecting different t The default interval for collecting logs (`var.real_time_interval` or `var.elf_interval`) is 5m/1h. Exercise caution when reducing this interval, as it directly impacts the Salesforce API rate limit of ~1000 calls per hour. Exceeding the limit will result in errors from the Salesforce API. Refer to the https://developer.salesforce.com/docs/atlas.en-us.salesforce_app_limits_cheatsheet.meta/salesforce_app_limits_cheatsheet/salesforce_app_limits_platform_api.htm[Salesforce API Rate Limit] documentation for more details. ==== -== Set up the OAuth App in the Salesforce +=== Set up the OAuth App in the Salesforce In order to use this integration, users need to create a new Salesforce Application using OAuth. Follow the steps below to create a connected application in Salesforce: @@ -538,24 +537,6 @@ Interval for collecting EventLogFile logs, e.g. 1h or 5m. Either "Hourly" or "Daily". The time interval of each log file from EventLogFile. -[float] -=== Example dashboards - -The Salesforce module includes several predefined dashboards: - -- Login Dashboard: Visualizes login activity and trends. -- Logout Dashboard: Visualizes logout activity and trends. -- Apex Dashboard: Visualizes Apex executions and errors. -- Setup Audit Trail Dashboard: Shows changes made in the Setup area. - -image::./images/filebeat-salesforce-login-dashboard.png[] - -image::./images/filebeat-salesforce-logout-dashboard.png[] - -image::./images/filebeat-salesforce-setupaudittrail-dashboard.png[] - -Access these dashboards in Kibana by going to Management -> Kibana -> Dashboards and searching for "Salesforce". - [float] === Troubleshooting @@ -570,8 +551,6 @@ Verify the `var.url` is correct. Check that the user credentials are valid and h *Not seeing any data*:: Check the Elastic Agent logs for errors. Verify the module configuration is correct, the filesets are enabled, and the intervals are reasonable. Confirm there is log activity in Salesforce for the log types being collected. -:has-dashboards!: - :fileset_ex!: :modulename!: \ No newline at end of file diff --git a/x-pack/filebeat/module/salesforce/_meta/kibana/7/dashboard/243e40b0-f891-11ee-9088-0f36517484ce.json b/x-pack/filebeat/module/salesforce/_meta/kibana/7/dashboard/243e40b0-f891-11ee-9088-0f36517484ce.json deleted file mode 100644 index 1c0b58da7aea..000000000000 --- a/x-pack/filebeat/module/salesforce/_meta/kibana/7/dashboard/243e40b0-f891-11ee-9088-0f36517484ce.json +++ /dev/null @@ -1,763 +0,0 @@ -{ - "attributes": { - "description": "Salesforce Logout Data", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.dataset", - "negate": false, - "params": { - "query": "salesforce.logout" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.dataset": "salesforce.logout" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": true, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "controls": [ - { - "fieldName": "salesforce.instance_url", - "id": "1712900437314", - "indexPatternRefName": "control_e04d7dbe-82fb-438b-8097-594262a141ec_0_index_pattern", - "label": "Instance URL", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - } - ], - "pinFilters": false, - "updateFiltersOnChange": false, - "useTimeFilter": false - }, - "title": "", - "type": "input_control_vis", - "uiState": {} - } - }, - "gridData": { - "h": 5, - "i": "e04d7dbe-82fb-438b-8097-594262a141ec", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "e04d7dbe-82fb-438b-8097-594262a141ec", - "type": "visualization", - "version": "7.15.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "filebeat-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "indexpattern-datasource-layer-7f107c7d-34fd-481a-b6ac-6e0037488d00", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "7f107c7d-34fd-481a-b6ac-6e0037488d00": { - "columnOrder": [ - "d0a8f0be-bff5-4156-b797-4ce54c84c2ad", - "d0a8f0be-bff5-4156-b797-4ce54c84c2adX0", - "d0a8f0be-bff5-4156-b797-4ce54c84c2adX1", - "d0a8f0be-bff5-4156-b797-4ce54c84c2adX2" - ], - "columns": { - "d0a8f0be-bff5-4156-b797-4ce54c84c2ad": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "User initiated logout", - "operationType": "formula", - "params": { - "format": { - "id": "percent", - "params": { - "decimals": 2 - } - }, - "formula": "count(kql='salesforce.logout.user_initiated_logout : \"1\" ')/count()", - "isFormulaBroken": false - }, - "references": [ - "d0a8f0be-bff5-4156-b797-4ce54c84c2adX2" - ], - "scale": "ratio" - }, - "d0a8f0be-bff5-4156-b797-4ce54c84c2adX0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "salesforce.logout.user_initiated_logout : \"1\" " - }, - "isBucketed": false, - "label": "Part of count(kql='salesforce.logout.user_initiated_logout : \"1\" ')/count()", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "d0a8f0be-bff5-4156-b797-4ce54c84c2adX1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of count(kql='salesforce.logout.user_initiated_logout : \"1\" ')/count()", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "d0a8f0be-bff5-4156-b797-4ce54c84c2adX2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of count(kql='salesforce.logout.user_initiated_logout : \"1\" ')/count()", - "operationType": "math", - "params": { - "tinymathAst": { - "args": [ - "d0a8f0be-bff5-4156-b797-4ce54c84c2adX0", - "d0a8f0be-bff5-4156-b797-4ce54c84c2adX1" - ], - "location": { - "max": 67, - "min": 0 - }, - "name": "divide", - "text": "count(kql='salesforce.logout.user_initiated_logout : \"1\" ')/count()", - "type": "function" - } - }, - "references": [ - "d0a8f0be-bff5-4156-b797-4ce54c84c2adX0", - "d0a8f0be-bff5-4156-b797-4ce54c84c2adX1" - ], - "scale": "ratio" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "d0a8f0be-bff5-4156-b797-4ce54c84c2ad", - "layerId": "7f107c7d-34fd-481a-b6ac-6e0037488d00", - "layerType": "data" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsMetric" - }, - "enhancements": {}, - "hidePanelTitles": true - }, - "gridData": { - "h": 12, - "i": "eaf7f094-92f3-46ca-84eb-ef2126f220bd", - "w": 24, - "x": 0, - "y": 5 - }, - "panelIndex": "eaf7f094-92f3-46ca-84eb-ef2126f220bd", - "title": "Percentage of user initiated logout [Filebeat Salesforce]", - "type": "lens", - "version": "7.15.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "filebeat-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "indexpattern-datasource-layer-f3cc3792-a28a-4847-bd7d-bf08156d7def", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "f3cc3792-a28a-4847-bd7d-bf08156d7def": { - "columnOrder": [ - "3134a608-006c-4bfc-b42c-0c1ad3c4315f", - "8e4f70e3-db21-4183-bd70-b1b56fe816b4" - ], - "columns": { - "3134a608-006c-4bfc-b42c-0c1ad3c4315f": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Top 5 values of salesforce.logout.session.level", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "8e4f70e3-db21-4183-bd70-b1b56fe816b4", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "salesforce.logout.session.level" - }, - "8e4f70e3-db21-4183-bd70-b1b56fe816b4": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "3134a608-006c-4bfc-b42c-0c1ad3c4315f" - ], - "layerId": "f3cc3792-a28a-4847-bd7d-bf08156d7def", - "layerType": "data", - "legendDisplay": "default", - "metric": "8e4f70e3-db21-4183-bd70-b1b56fe816b4", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 12, - "i": "698cb161-2847-4fe2-b8b0-29047d20472e", - "w": 24, - "x": 24, - "y": 5 - }, - "panelIndex": "698cb161-2847-4fe2-b8b0-29047d20472e", - "title": "Session levels used while logging out [Filebeat Salesforce]", - "type": "lens", - "version": "7.15.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "filebeat-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "indexpattern-datasource-layer-07bd6025-fb9b-4980-94b7-4be1f9948220", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "07bd6025-fb9b-4980-94b7-4be1f9948220": { - "columnOrder": [ - "265a7158-90ba-4ba7-acb6-e8c1f700dd2c", - "3fe1c36a-768e-43c0-93fe-77fc2465f19a" - ], - "columns": { - "265a7158-90ba-4ba7-acb6-e8c1f700dd2c": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "3fe1c36a-768e-43c0-93fe-77fc2465f19a": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "3fe1c36a-768e-43c0-93fe-77fc2465f19a" - ], - "layerId": "07bd6025-fb9b-4980-94b7-4be1f9948220", - "layerType": "data", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "xAccessor": "265a7158-90ba-4ba7-acb6-e8c1f700dd2c" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "line", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 12, - "i": "9f2a2ef4-ba17-4d76-8a0a-76517f1c0936", - "w": 48, - "x": 0, - "y": 17 - }, - "panelIndex": "9f2a2ef4-ba17-4d76-8a0a-76517f1c0936", - "title": "Logout over time [Filebeat Salesforce]", - "type": "lens", - "version": "7.15.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "filebeat-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "indexpattern-datasource-layer-aed1858a-a560-41f8-a5ca-58e917d3f0f6", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "aed1858a-a560-41f8-a5ca-58e917d3f0f6": { - "columnOrder": [ - "0d1ba1cc-f436-4f99-bab4-80da94ab8377", - "e3f18ea3-e3c9-4dcb-8617-0998a34460a2" - ], - "columns": { - "0d1ba1cc-f436-4f99-bab4-80da94ab8377": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Top 5 values of salesforce.logout.session.type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e3f18ea3-e3c9-4dcb-8617-0998a34460a2", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "salesforce.logout.session.type" - }, - "e3f18ea3-e3c9-4dcb-8617-0998a34460a2": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "0d1ba1cc-f436-4f99-bab4-80da94ab8377" - ], - "layerId": "aed1858a-a560-41f8-a5ca-58e917d3f0f6", - "layerType": "data", - "legendDisplay": "default", - "metric": "e3f18ea3-e3c9-4dcb-8617-0998a34460a2", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "treemap" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "ff455525-355f-49cd-a503-159a03ada387", - "w": 24, - "x": 0, - "y": 29 - }, - "panelIndex": "ff455525-355f-49cd-a503-159a03ada387", - "title": "Distribution of session types [Filebeat Salesforce]", - "type": "lens", - "version": "7.15.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "filebeat-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "indexpattern-datasource-layer-6cd4c92e-cef0-46cf-937a-5123ddc95e7b", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "6cd4c92e-cef0-46cf-937a-5123ddc95e7b": { - "columnOrder": [ - "26b08e8c-5391-4f11-9955-c414ba872de8", - "63d839ef-dad8-43bf-b6e3-4f162e8354ce" - ], - "columns": { - "26b08e8c-5391-4f11-9955-c414ba872de8": { - "customLabel": true, - "dataType": "ip", - "isBucketed": true, - "label": "IP Addresses", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "63d839ef-dad8-43bf-b6e3-4f162e8354ce", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "source.ip" - }, - "63d839ef-dad8-43bf-b6e3-4f162e8354ce": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Request count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "63d839ef-dad8-43bf-b6e3-4f162e8354ce" - ], - "layerId": "6cd4c92e-cef0-46cf-937a-5123ddc95e7b", - "layerType": "data", - "position": "top", - "seriesType": "bar_horizontal", - "showGridlines": false, - "xAccessor": "26b08e8c-5391-4f11-9955-c414ba872de8" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_horizontal", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "69095005-0182-4363-b606-263449739e20", - "w": 24, - "x": 24, - "y": 29 - }, - "panelIndex": "69095005-0182-4363-b606-263449739e20", - "title": "Top 10 IP addresses by Logout request count [Filebeat Salesforce]", - "type": "lens", - "version": "7.15.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hiddenLayers": [], - "hidePanelTitles": false, - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 85.05113, - "maxLon": 270, - "minLat": -66.51326, - "minLon": -270 - }, - "mapCenter": { - "lat": 24.87922, - "lon": -0.42602, - "zoom": 1.77 - }, - "openTOCDetails": [] - }, - "gridData": { - "h": 25, - "i": "6e4e4f8a-da6a-482e-81a6-ae3a26ad10ef", - "w": 48, - "x": 0, - "y": 44 - }, - "panelIndex": "6e4e4f8a-da6a-482e-81a6-ae3a26ad10ef", - "panelRefName": "panel_6e4e4f8a-da6a-482e-81a6-ae3a26ad10ef", - "title": "Logout activity by region [Filebeat Salesforce]", - "type": "map", - "version": "7.15.0" - } - ], - "refreshInterval": { - "pause": true, - "value": 0 - }, - "timeFrom": "now-7d/d", - "timeRestore": true, - "timeTo": "now", - "title": "[Filebeat Salesforce] Logout Dashboard", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "243e40b0-f891-11ee-9088-0f36517484ce", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "references": [ - { - "id": "filebeat-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "e04d7dbe-82fb-438b-8097-594262a141ec:control_e04d7dbe-82fb-438b-8097-594262a141ec_0_index_pattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "eaf7f094-92f3-46ca-84eb-ef2126f220bd:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "eaf7f094-92f3-46ca-84eb-ef2126f220bd:indexpattern-datasource-layer-7f107c7d-34fd-481a-b6ac-6e0037488d00", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "698cb161-2847-4fe2-b8b0-29047d20472e:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "698cb161-2847-4fe2-b8b0-29047d20472e:indexpattern-datasource-layer-f3cc3792-a28a-4847-bd7d-bf08156d7def", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "9f2a2ef4-ba17-4d76-8a0a-76517f1c0936:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "9f2a2ef4-ba17-4d76-8a0a-76517f1c0936:indexpattern-datasource-layer-07bd6025-fb9b-4980-94b7-4be1f9948220", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "ff455525-355f-49cd-a503-159a03ada387:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "ff455525-355f-49cd-a503-159a03ada387:indexpattern-datasource-layer-aed1858a-a560-41f8-a5ca-58e917d3f0f6", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "69095005-0182-4363-b606-263449739e20:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "69095005-0182-4363-b606-263449739e20:indexpattern-datasource-layer-6cd4c92e-cef0-46cf-937a-5123ddc95e7b", - "type": "index-pattern" - }, - { - "id": "15bcb8a0-f891-11ee-9088-0f36517484ce", - "name": "6e4e4f8a-da6a-482e-81a6-ae3a26ad10ef:panel_6e4e4f8a-da6a-482e-81a6-ae3a26ad10ef", - "type": "map" - } - ], - "type": "dashboard", - "updated_at": "2024-04-12T11:40:07.036Z", - "version": "WzExMzc5LDFd" -} \ No newline at end of file diff --git a/x-pack/filebeat/module/salesforce/_meta/kibana/7/dashboard/6e6bee90-f7e6-11ee-9088-0f36517484ce.json b/x-pack/filebeat/module/salesforce/_meta/kibana/7/dashboard/6e6bee90-f7e6-11ee-9088-0f36517484ce.json deleted file mode 100644 index 8e7ef6c831bc..000000000000 --- a/x-pack/filebeat/module/salesforce/_meta/kibana/7/dashboard/6e6bee90-f7e6-11ee-9088-0f36517484ce.json +++ /dev/null @@ -1,1770 +0,0 @@ -{ - "attributes": { - "description": "Salesforce Apex Data", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.dataset", - "negate": false, - "params": { - "query": "salesforce.apex" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.dataset": "salesforce.apex" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": true, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "controls": [ - { - "fieldName": "salesforce.instance_url", - "id": "1712824865887", - "indexPatternRefName": "control_2e30f60b-d451-4b0d-89eb-6ba01e94c2aa_0_index_pattern", - "label": "Instance URL", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - } - ], - "pinFilters": false, - "updateFiltersOnChange": false, - "useTimeFilter": false - }, - "title": "", - "type": "input_control_vis", - "uiState": {} - } - }, - "gridData": { - "h": 5, - "i": "2e30f60b-d451-4b0d-89eb-6ba01e94c2aa", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "2e30f60b-d451-4b0d-89eb-6ba01e94c2aa", - "type": "visualization", - "version": "7.15.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "filebeat-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "indexpattern-datasource-layer-f7a3c405-487c-4473-aeb5-c6f5e63de3db", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "f7a3c405-487c-4473-aeb5-c6f5e63de3db": { - "columnOrder": [ - "c8b7de64-e628-4200-8520-1699a69f49af" - ], - "columns": { - "c8b7de64-e628-4200-8520-1699a69f49af": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Calls against the organization limit", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "salesforce.apex.is_long_running_request", - "negate": true, - "params": { - "query": "0" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "salesforce.apex.is_long_running_request": "0" - } - } - }, - { - "$state": { - "store": "appState" - }, - "exists": { - "field": "salesforce.apex.is_long_running_request" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "salesforce.apex.is_long_running_request", - "negate": false, - "type": "exists" - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "c8b7de64-e628-4200-8520-1699a69f49af", - "layerId": "f7a3c405-487c-4473-aeb5-c6f5e63de3db", - "layerType": "data" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsMetric" - }, - "enhancements": {}, - "hidePanelTitles": true - }, - "gridData": { - "h": 15, - "i": "7decef13-13b6-4eb2-bb2b-cd657951e930", - "w": 14, - "x": 0, - "y": 5 - }, - "panelIndex": "7decef13-13b6-4eb2-bb2b-cd657951e930", - "title": "Calls against the organization limit [Filebeat Salesforce]]", - "type": "lens", - "version": "7.15.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "filebeat-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "indexpattern-datasource-layer-83c3e25a-134f-43bf-bca7-cd3c3d33eff3", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "83c3e25a-134f-43bf-bca7-cd3c3d33eff3": { - "columnOrder": [ - "c55333c9-aa79-4829-8e41-34029ca8e56a", - "099c35b2-0b10-4026-8883-274a3bd24c10" - ], - "columns": { - "099c35b2-0b10-4026-8883-274a3bd24c10": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "c55333c9-aa79-4829-8e41-34029ca8e56a": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Top 5 values of event.outcome", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "099c35b2-0b10-4026-8883-274a3bd24c10", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "event.outcome" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "c55333c9-aa79-4829-8e41-34029ca8e56a" - ], - "layerId": "83c3e25a-134f-43bf-bca7-cd3c3d33eff3", - "layerType": "data", - "legendDisplay": "default", - "metric": "099c35b2-0b10-4026-8883-274a3bd24c10", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "7154e44a-c51d-4881-8d23-6d822a0bd77d", - "w": 17, - "x": 14, - "y": 5 - }, - "panelIndex": "7154e44a-c51d-4881-8d23-6d822a0bd77d", - "title": "Distribution of request status [Filebeat Salesforce]", - "type": "lens", - "version": "7.15.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "filebeat-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "indexpattern-datasource-layer-23547c7a-8041-4b0a-856d-ffc03d80fbc0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "23547c7a-8041-4b0a-856d-ffc03d80fbc0": { - "columnOrder": [ - "55861941-7ec4-480b-800a-bae54e679ceb", - "ffcee30c-ac14-49a3-a634-04205ecc7788" - ], - "columns": { - "55861941-7ec4-480b-800a-bae54e679ceb": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Apex media type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ffcee30c-ac14-49a3-a634-04205ecc7788", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "salesforce.apex.media_type" - }, - "ffcee30c-ac14-49a3-a634-04205ecc7788": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "55861941-7ec4-480b-800a-bae54e679ceb" - ], - "layerId": "23547c7a-8041-4b0a-856d-ffc03d80fbc0", - "layerType": "data", - "legendDisplay": "default", - "metric": "ffcee30c-ac14-49a3-a634-04205ecc7788", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "73688f67-7274-4172-bc72-81581d1b1dc2", - "w": 17, - "x": 31, - "y": 5 - }, - "panelIndex": "73688f67-7274-4172-bc72-81581d1b1dc2", - "title": "Responses by media type [Filebeat Salesforce]", - "type": "lens", - "version": "7.15.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "filebeat-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "indexpattern-datasource-layer-2ea8d938-401b-4b61-92c4-c476e7d3e4bc", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "2ea8d938-401b-4b61-92c4-c476e7d3e4bc": { - "columnOrder": [ - "5ca49fa3-e0db-4c3f-9116-b0cdba13b3fb", - "d665ca71-d578-4fc0-a7eb-b6c4ea8b31d9", - "69ea92d8-1db1-4dd6-b01f-8ed3937c9ab8" - ], - "columns": { - "5ca49fa3-e0db-4c3f-9116-b0cdba13b3fb": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Top 10 values of salesforce.apex.trigger_name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "69ea92d8-1db1-4dd6-b01f-8ed3937c9ab8", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "salesforce.apex.trigger_name" - }, - "69ea92d8-1db1-4dd6-b01f-8ed3937c9ab8": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Apex Trigger", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "d665ca71-d578-4fc0-a7eb-b6c4ea8b31d9": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "69ea92d8-1db1-4dd6-b01f-8ed3937c9ab8" - ], - "layerId": "2ea8d938-401b-4b61-92c4-c476e7d3e4bc", - "layerType": "data", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "5ca49fa3-e0db-4c3f-9116-b0cdba13b3fb", - "xAccessor": "d665ca71-d578-4fc0-a7eb-b6c4ea8b31d9" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "line", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "be541fae-8b1f-40e5-9fcc-e552b3544773", - "w": 48, - "x": 0, - "y": 20 - }, - "panelIndex": "be541fae-8b1f-40e5-9fcc-e552b3544773", - "title": "Top 10 apex triggers over time [Filebeat Salesforce]", - "type": "lens", - "version": "7.15.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "filebeat-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "indexpattern-datasource-layer-395b6aa2-d6cd-406e-9559-a0ed2b833854", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "indexpattern-datasource-layer-dbfc2649-500a-4d9e-8035-f2094fc75c86", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "395b6aa2-d6cd-406e-9559-a0ed2b833854": { - "columnOrder": [ - "7d694982-04a5-4e47-9aa9-eea47b40f505", - "7ac0b6dc-60e0-46b8-81f9-519459e354b3" - ], - "columns": { - "7ac0b6dc-60e0-46b8-81f9-519459e354b3": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Average run time", - "operationType": "average", - "scale": "ratio", - "sourceField": "salesforce.apex.run_time" - }, - "7d694982-04a5-4e47-9aa9-eea47b40f505": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - }, - "incompleteColumns": {} - }, - "dbfc2649-500a-4d9e-8035-f2094fc75c86": { - "columnOrder": [ - "ba09599b-cc6f-420b-bd27-e9126e585c0f", - "f6bac9bb-7015-41d6-8c02-ffede3aeba7e" - ], - "columns": { - "ba09599b-cc6f-420b-bd27-e9126e585c0f": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "f6bac9bb-7015-41d6-8c02-ffede3aeba7e": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Request count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "exists": { - "field": "salesforce.apex.run_time" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "salesforce.apex.run_time", - "negate": false, - "type": "exists" - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "f6bac9bb-7015-41d6-8c02-ffede3aeba7e" - ], - "layerId": "dbfc2649-500a-4d9e-8035-f2094fc75c86", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "ba09599b-cc6f-420b-bd27-e9126e585c0f", - "yConfig": [ - { - "color": "#00e499", - "forAccessor": "f6bac9bb-7015-41d6-8c02-ffede3aeba7e" - } - ] - }, - { - "accessors": [ - "7ac0b6dc-60e0-46b8-81f9-519459e354b3" - ], - "layerId": "395b6aa2-d6cd-406e-9559-a0ed2b833854", - "layerType": "data", - "seriesType": "line", - "xAccessor": "7d694982-04a5-4e47-9aa9-eea47b40f505", - "yConfig": [ - { - "color": "#ff3a66", - "forAccessor": "7ac0b6dc-60e0-46b8-81f9-519459e354b3" - } - ] - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 16, - "i": "fe66cbe2-e564-49ae-a724-6440517ceb3b", - "w": 48, - "x": 0, - "y": 35 - }, - "panelIndex": "fe66cbe2-e564-49ae-a724-6440517ceb3b", - "title": "Apex performance over time [Filebeat Salesforce]", - "type": "lens", - "version": "7.15.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "filebeat-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "indexpattern-datasource-layer-f73f968b-392e-4f0e-8c9b-351ad7370ddd", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "f73f968b-392e-4f0e-8c9b-351ad7370ddd": { - "columnOrder": [ - "e50a7586-31dd-47bd-8b42-2a02dd27aec9", - "148d81bd-6204-41a1-99d7-26580ab2a3e7" - ], - "columns": { - "148d81bd-6204-41a1-99d7-26580ab2a3e7": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "SOQL queries", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "e50a7586-31dd-47bd-8b42-2a02dd27aec9": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Entry point", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "148d81bd-6204-41a1-99d7-26580ab2a3e7", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "salesforce.apex.entry_point" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "event.action", - "negate": false, - "params": { - "query": "apex-execution" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.action": "apex-execution" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "148d81bd-6204-41a1-99d7-26580ab2a3e7" - ], - "layerId": "f73f968b-392e-4f0e-8c9b-351ad7370ddd", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "e50a7586-31dd-47bd-8b42-2a02dd27aec9" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 16, - "i": "574ede56-2b30-49a5-8888-8ae368c856af", - "w": 48, - "x": 0, - "y": 51 - }, - "panelIndex": "574ede56-2b30-49a5-8888-8ae368c856af", - "title": "Top 10 SOQL queries per entry point [Filebeat Salesforce]", - "type": "lens", - "version": "7.15.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "filebeat-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "indexpattern-datasource-layer-b53e356e-52be-419c-bf3d-282ec655706d", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "b53e356e-52be-419c-bf3d-282ec655706d": { - "columnOrder": [ - "86ab6d3f-99be-44a8-9050-1a79992a7948", - "f3682f79-73a9-4bd4-aff4-d1be1c81f7dd", - "c231ae4b-9cb7-4bc1-96f2-06870e504081" - ], - "columns": { - "86ab6d3f-99be-44a8-9050-1a79992a7948": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Top 10 values of salesforce.apex.trigger_type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "c231ae4b-9cb7-4bc1-96f2-06870e504081", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "salesforce.apex.trigger_type" - }, - "c231ae4b-9cb7-4bc1-96f2-06870e504081": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Trigger count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "f3682f79-73a9-4bd4-aff4-d1be1c81f7dd": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "c231ae4b-9cb7-4bc1-96f2-06870e504081" - ], - "layerId": "b53e356e-52be-419c-bf3d-282ec655706d", - "layerType": "data", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "86ab6d3f-99be-44a8-9050-1a79992a7948", - "xAccessor": "f3682f79-73a9-4bd4-aff4-d1be1c81f7dd" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "line", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "f8ecb623-ff3c-4422-9f91-2676fe2e58e0", - "w": 24, - "x": 0, - "y": 67 - }, - "panelIndex": "f8ecb623-ff3c-4422-9f91-2676fe2e58e0", - "title": "Trigger trends over time [Filebeat Salesforce]", - "type": "lens", - "version": "7.15.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "filebeat-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "indexpattern-datasource-layer-b2559ffe-87f5-4f0e-a041-671ae182cad2", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "b2559ffe-87f5-4f0e-a041-671ae182cad2": { - "columnOrder": [ - "b3a46082-815b-44d5-a8ab-77b1f4aa3e39", - "bf492b8e-efdf-423a-a3c2-33b59eee9cc2" - ], - "columns": { - "b3a46082-815b-44d5-a8ab-77b1f4aa3e39": { - "dataType": "string", - "isBucketed": true, - "label": "Filters", - "operationType": "filters", - "params": { - "filters": [ - { - "input": { - "language": "kuery", - "query": "salesforce.apex.trigger_type : *Update*" - }, - "label": "Updates" - }, - { - "input": { - "language": "kuery", - "query": "salesforce.apex.trigger_type : *Insert*" - }, - "label": "Inserts" - }, - { - "input": { - "language": "kuery", - "query": "salesforce.apex.trigger_type : *Delete*" - }, - "label": "Deletes" - } - ] - }, - "scale": "ordinal" - }, - "bf492b8e-efdf-423a-a3c2-33b59eee9cc2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Trigger count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "bf492b8e-efdf-423a-a3c2-33b59eee9cc2" - ], - "layerId": "b2559ffe-87f5-4f0e-a041-671ae182cad2", - "layerType": "data", - "position": "top", - "seriesType": "bar_horizontal", - "showGridlines": false, - "xAccessor": "b3a46082-815b-44d5-a8ab-77b1f4aa3e39" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_horizontal", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "xTitle": "Trigger type", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "c713f492-059e-48c9-bddb-bfa5dff4379a", - "w": 24, - "x": 24, - "y": 67 - }, - "panelIndex": "c713f492-059e-48c9-bddb-bfa5dff4379a", - "title": "Number of triggers by type [Filebeat Salesforce]", - "type": "lens", - "version": "7.15.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "filebeat-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "indexpattern-datasource-layer-f2b00fda-234b-44d4-9ce5-7cd8c28efce3", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "f2b00fda-234b-44d4-9ce5-7cd8c28efce3": { - "columnOrder": [ - "844908c9-57a6-4468-b7bd-d7261afdc379", - "c20cc0fc-5742-405c-86e9-f535058df2b2" - ], - "columns": { - "844908c9-57a6-4468-b7bd-d7261afdc379": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "User type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "c20cc0fc-5742-405c-86e9-f535058df2b2", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "user.roles" - }, - "c20cc0fc-5742-405c-86e9-f535058df2b2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Requests count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "c20cc0fc-5742-405c-86e9-f535058df2b2" - ], - "layerId": "f2b00fda-234b-44d4-9ce5-7cd8c28efce3", - "layerType": "data", - "position": "top", - "seriesType": "bar", - "showGridlines": false, - "xAccessor": "844908c9-57a6-4468-b7bd-d7261afdc379" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "9d4bd40c-a3b5-4668-a58a-118e352c3ad2", - "w": 24, - "x": 0, - "y": 82 - }, - "panelIndex": "9d4bd40c-a3b5-4668-a58a-118e352c3ad2", - "title": "Requests per user type [Filebeat Salesforce]", - "type": "lens", - "version": "7.15.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "filebeat-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "indexpattern-datasource-layer-7b43a22c-ad61-444d-a002-8cc4116b4854", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "7b43a22c-ad61-444d-a002-8cc4116b4854": { - "columnOrder": [ - "6619dbcd-313a-4a14-8991-8f4110656b5d", - "829d388d-4c2b-4e04-a26b-1a1ac2bdb434" - ], - "columns": { - "6619dbcd-313a-4a14-8991-8f4110656b5d": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "User agent", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "829d388d-4c2b-4e04-a26b-1a1ac2bdb434", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "salesforce.apex.user_agent" - }, - "829d388d-4c2b-4e04-a26b-1a1ac2bdb434": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Response count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "829d388d-4c2b-4e04-a26b-1a1ac2bdb434" - ], - "layerId": "7b43a22c-ad61-444d-a002-8cc4116b4854", - "layerType": "data", - "position": "top", - "seriesType": "bar", - "showGridlines": false, - "xAccessor": "6619dbcd-313a-4a14-8991-8f4110656b5d" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "f26b8459-e1af-4cee-92ac-9e91348c2c16", - "w": 24, - "x": 24, - "y": 82 - }, - "panelIndex": "f26b8459-e1af-4cee-92ac-9e91348c2c16", - "title": "Responses per user agent [Filebeat Salesforce]", - "type": "lens", - "version": "7.15.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "filebeat-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "indexpattern-datasource-layer-92994644-eb5e-41a8-871b-b0911dcbf481", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "92994644-eb5e-41a8-871b-b0911dcbf481": { - "columnOrder": [ - "04755ce2-d91a-4fe9-8384-3247ccdb2980", - "5ba3835a-9391-4298-8cc6-3c6fa0678e5b", - "452aad19-1d09-4cc3-9e86-b6a84a6d0b6c" - ], - "columns": { - "04755ce2-d91a-4fe9-8384-3247ccdb2980": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Entity name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "452aad19-1d09-4cc3-9e86-b6a84a6d0b6c", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "salesforce.apex.entity_name" - }, - "452aad19-1d09-4cc3-9e86-b6a84a6d0b6c": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Apex trigger name", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "salesforce.apex.trigger_name" - }, - "5ba3835a-9391-4298-8cc6-3c6fa0678e5b": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "452aad19-1d09-4cc3-9e86-b6a84a6d0b6c" - ], - "layerId": "92994644-eb5e-41a8-871b-b0911dcbf481", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "splitAccessor": "04755ce2-d91a-4fe9-8384-3247ccdb2980", - "xAccessor": "5ba3835a-9391-4298-8cc6-3c6fa0678e5b" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "cc5bf3a1-5a33-4204-8efc-32b2b1629e63", - "w": 24, - "x": 0, - "y": 97 - }, - "panelIndex": "cc5bf3a1-5a33-4204-8efc-32b2b1629e63", - "title": "Triggers by entity categorization [Filebeat Salesforce]", - "type": "lens", - "version": "7.15.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "filebeat-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "indexpattern-datasource-layer-84a0be7e-5127-485b-9ce2-9a9ba033a74c", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "84a0be7e-5127-485b-9ce2-9a9ba033a74c": { - "columnOrder": [ - "4282f56c-5d7a-49e2-aa89-8533831afb6b", - "270e21c6-f213-4df6-bbcc-a4735f99028d" - ], - "columns": { - "270e21c6-f213-4df6-bbcc-a4735f99028d": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Request count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "4282f56c-5d7a-49e2-aa89-8533831afb6b": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of salesforce.apex.entry_point", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "270e21c6-f213-4df6-bbcc-a4735f99028d", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "salesforce.apex.entry_point" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "4282f56c-5d7a-49e2-aa89-8533831afb6b" - }, - { - "columnId": "270e21c6-f213-4df6-bbcc-a4735f99028d", - "isTransposed": false - } - ], - "layerId": "84a0be7e-5127-485b-9ce2-9a9ba033a74c", - "layerType": "data" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "5904bcb3-1616-422d-855e-a86e6a69f802", - "w": 24, - "x": 24, - "y": 97 - }, - "panelIndex": "5904bcb3-1616-422d-855e-a86e6a69f802", - "title": "Top 10 entry points by request count [Filebeat Salesforce]", - "type": "lens", - "version": "7.15.0" - } - ], - "refreshInterval": { - "pause": true, - "value": 0 - }, - "timeFrom": "now-7d/d", - "timeRestore": true, - "timeTo": "now", - "title": "[Filebeat Salesforce] Apex Dashboard", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "6e6bee90-f7e6-11ee-9088-0f36517484ce", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "references": [ - { - "id": "filebeat-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "2e30f60b-d451-4b0d-89eb-6ba01e94c2aa:control_2e30f60b-d451-4b0d-89eb-6ba01e94c2aa_0_index_pattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "7decef13-13b6-4eb2-bb2b-cd657951e930:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "7decef13-13b6-4eb2-bb2b-cd657951e930:indexpattern-datasource-layer-f7a3c405-487c-4473-aeb5-c6f5e63de3db", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "7decef13-13b6-4eb2-bb2b-cd657951e930:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "7decef13-13b6-4eb2-bb2b-cd657951e930:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "7154e44a-c51d-4881-8d23-6d822a0bd77d:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "7154e44a-c51d-4881-8d23-6d822a0bd77d:indexpattern-datasource-layer-83c3e25a-134f-43bf-bca7-cd3c3d33eff3", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "73688f67-7274-4172-bc72-81581d1b1dc2:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "73688f67-7274-4172-bc72-81581d1b1dc2:indexpattern-datasource-layer-23547c7a-8041-4b0a-856d-ffc03d80fbc0", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "be541fae-8b1f-40e5-9fcc-e552b3544773:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "be541fae-8b1f-40e5-9fcc-e552b3544773:indexpattern-datasource-layer-2ea8d938-401b-4b61-92c4-c476e7d3e4bc", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "fe66cbe2-e564-49ae-a724-6440517ceb3b:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "fe66cbe2-e564-49ae-a724-6440517ceb3b:indexpattern-datasource-layer-395b6aa2-d6cd-406e-9559-a0ed2b833854", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "fe66cbe2-e564-49ae-a724-6440517ceb3b:indexpattern-datasource-layer-dbfc2649-500a-4d9e-8035-f2094fc75c86", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "fe66cbe2-e564-49ae-a724-6440517ceb3b:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "574ede56-2b30-49a5-8888-8ae368c856af:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "574ede56-2b30-49a5-8888-8ae368c856af:indexpattern-datasource-layer-f73f968b-392e-4f0e-8c9b-351ad7370ddd", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "574ede56-2b30-49a5-8888-8ae368c856af:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "f8ecb623-ff3c-4422-9f91-2676fe2e58e0:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "f8ecb623-ff3c-4422-9f91-2676fe2e58e0:indexpattern-datasource-layer-b53e356e-52be-419c-bf3d-282ec655706d", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "c713f492-059e-48c9-bddb-bfa5dff4379a:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "c713f492-059e-48c9-bddb-bfa5dff4379a:indexpattern-datasource-layer-b2559ffe-87f5-4f0e-a041-671ae182cad2", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "9d4bd40c-a3b5-4668-a58a-118e352c3ad2:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "9d4bd40c-a3b5-4668-a58a-118e352c3ad2:indexpattern-datasource-layer-f2b00fda-234b-44d4-9ce5-7cd8c28efce3", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "f26b8459-e1af-4cee-92ac-9e91348c2c16:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "f26b8459-e1af-4cee-92ac-9e91348c2c16:indexpattern-datasource-layer-7b43a22c-ad61-444d-a002-8cc4116b4854", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "cc5bf3a1-5a33-4204-8efc-32b2b1629e63:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "cc5bf3a1-5a33-4204-8efc-32b2b1629e63:indexpattern-datasource-layer-92994644-eb5e-41a8-871b-b0911dcbf481", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "5904bcb3-1616-422d-855e-a86e6a69f802:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "5904bcb3-1616-422d-855e-a86e6a69f802:indexpattern-datasource-layer-84a0be7e-5127-485b-9ce2-9a9ba033a74c", - "type": "index-pattern" - } - ], - "type": "dashboard", - "updated_at": "2024-04-12T11:46:15.739Z", - "version": "WzExODE1LDFd" -} \ No newline at end of file diff --git a/x-pack/filebeat/module/salesforce/_meta/kibana/7/dashboard/c66be450-f891-11ee-9088-0f36517484ce.json b/x-pack/filebeat/module/salesforce/_meta/kibana/7/dashboard/c66be450-f891-11ee-9088-0f36517484ce.json deleted file mode 100644 index f373c866471c..000000000000 --- a/x-pack/filebeat/module/salesforce/_meta/kibana/7/dashboard/c66be450-f891-11ee-9088-0f36517484ce.json +++ /dev/null @@ -1,548 +0,0 @@ -{ - "attributes": { - "description": "Salesforce SetupAuditTrail Data", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.dataset", - "negate": false, - "params": { - "query": "salesforce.setupaudittrail" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.dataset": "salesforce.setupaudittrail" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": true, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "controls": [ - { - "fieldName": "salesforce.instance_url", - "id": "1712901482300", - "indexPatternRefName": "control_198189b3-48f3-4fc4-ae69-5ac5ee520d24_0_index_pattern", - "label": "Instance URL", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - } - ], - "pinFilters": false, - "updateFiltersOnChange": false, - "useTimeFilter": false - }, - "title": "", - "type": "input_control_vis", - "uiState": {} - } - }, - "gridData": { - "h": 5, - "i": "198189b3-48f3-4fc4-ae69-5ac5ee520d24", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "198189b3-48f3-4fc4-ae69-5ac5ee520d24", - "type": "visualization", - "version": "7.15.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "filebeat-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "indexpattern-datasource-layer-5ca48d62-7341-48b7-a2c0-5f2410c2d045", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "5ca48d62-7341-48b7-a2c0-5f2410c2d045": { - "columnOrder": [ - "81a88837-0d15-4349-8e0f-d75ba72a95bc", - "57312742-f268-4f68-bdd9-40461aeb51ec", - "06369992-979e-421a-928b-03d026695908" - ], - "columns": { - "06369992-979e-421a-928b-03d026695908": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Request count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "@timestamp" - }, - "57312742-f268-4f68-bdd9-40461aeb51ec": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Top 10 values of salesforce.setup_audit_trail.delegate_user", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "06369992-979e-421a-928b-03d026695908", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "salesforce.setup_audit_trail.delegate_user" - }, - "81a88837-0d15-4349-8e0f-d75ba72a95bc": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Actions", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "06369992-979e-421a-928b-03d026695908", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "event.action" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "06369992-979e-421a-928b-03d026695908" - ], - "layerId": "5ca48d62-7341-48b7-a2c0-5f2410c2d045", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "splitAccessor": "57312742-f268-4f68-bdd9-40461aeb51ec", - "xAccessor": "81a88837-0d15-4349-8e0f-d75ba72a95bc" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "fc8067aa-c39c-4547-adfb-b618b9cbe4e8", - "w": 24, - "x": 0, - "y": 5 - }, - "panelIndex": "fc8067aa-c39c-4547-adfb-b618b9cbe4e8", - "title": "Top 10 actions performed by delegated users [Filebeat Salesforce]", - "type": "lens", - "version": "7.15.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "filebeat-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "indexpattern-datasource-layer-72ce303a-9d98-4bab-856e-a67eb8605bfb", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "72ce303a-9d98-4bab-856e-a67eb8605bfb": { - "columnOrder": [ - "46424fdd-77b9-4f4b-bd63-beda1a1fafe4", - "184aa36c-5bf5-4d94-8c2d-7199a208d5f9" - ], - "columns": { - "184aa36c-5bf5-4d94-8c2d-7199a208d5f9": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Request count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "46424fdd-77b9-4f4b-bd63-beda1a1fafe4": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Sections affected", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "184aa36c-5bf5-4d94-8c2d-7199a208d5f9", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "salesforce.setup_audit_trail.section" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "184aa36c-5bf5-4d94-8c2d-7199a208d5f9" - ], - "layerId": "72ce303a-9d98-4bab-856e-a67eb8605bfb", - "layerType": "data", - "position": "top", - "seriesType": "bar", - "showGridlines": false, - "xAccessor": "46424fdd-77b9-4f4b-bd63-beda1a1fafe4" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "6d50ae65-0cff-4b59-b347-ee6ea82d637e", - "w": 24, - "x": 24, - "y": 5 - }, - "panelIndex": "6d50ae65-0cff-4b59-b347-ee6ea82d637e", - "title": "Top 10 sections affected [Filebeat Salesforce]", - "type": "lens", - "version": "7.15.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "filebeat-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "indexpattern-datasource-layer-3ac7ca64-bfb5-471c-8a8a-2cb5837ee004", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "3ac7ca64-bfb5-471c-8a8a-2cb5837ee004": { - "columnOrder": [ - "b3792010-1e80-401f-a6fc-54cbedf9720a", - "9056c574-d371-4c77-9f6b-04326402c8d1", - "a547e7f8-6d39-4b6a-a4fe-329c901d368c" - ], - "columns": { - "9056c574-d371-4c77-9f6b-04326402c8d1": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "a547e7f8-6d39-4b6a-a4fe-329c901d368c": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Actions", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "b3792010-1e80-401f-a6fc-54cbedf9720a": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Top 10 values of event.action", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "a547e7f8-6d39-4b6a-a4fe-329c901d368c", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "event.action" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "a547e7f8-6d39-4b6a-a4fe-329c901d368c" - ], - "layerId": "3ac7ca64-bfb5-471c-8a8a-2cb5837ee004", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "splitAccessor": "b3792010-1e80-401f-a6fc-54cbedf9720a", - "xAccessor": "9056c574-d371-4c77-9f6b-04326402c8d1" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "33acb8b4-5e5c-4ba2-8089-2554aaff7f23", - "w": 48, - "x": 0, - "y": 20 - }, - "panelIndex": "33acb8b4-5e5c-4ba2-8089-2554aaff7f23", - "title": "Top 10 actions over time [Filebeat Salesforce]", - "type": "lens", - "version": "7.15.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 19, - "i": "7c636e26-d3f1-4aa9-b263-683d6b75f2ab", - "w": 48, - "x": 0, - "y": 35 - }, - "panelIndex": "7c636e26-d3f1-4aa9-b263-683d6b75f2ab", - "panelRefName": "panel_7c636e26-d3f1-4aa9-b263-683d6b75f2ab", - "type": "search", - "version": "7.15.0" - } - ], - "refreshInterval": { - "pause": true, - "value": 0 - }, - "timeFrom": "now-7d/d", - "timeRestore": true, - "timeTo": "now", - "title": "[Filebeat Salesforce] Setup Audit Trail Dashboard", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "c66be450-f891-11ee-9088-0f36517484ce", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "references": [ - { - "id": "filebeat-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "198189b3-48f3-4fc4-ae69-5ac5ee520d24:control_198189b3-48f3-4fc4-ae69-5ac5ee520d24_0_index_pattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "fc8067aa-c39c-4547-adfb-b618b9cbe4e8:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "fc8067aa-c39c-4547-adfb-b618b9cbe4e8:indexpattern-datasource-layer-5ca48d62-7341-48b7-a2c0-5f2410c2d045", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "6d50ae65-0cff-4b59-b347-ee6ea82d637e:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "6d50ae65-0cff-4b59-b347-ee6ea82d637e:indexpattern-datasource-layer-72ce303a-9d98-4bab-856e-a67eb8605bfb", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "33acb8b4-5e5c-4ba2-8089-2554aaff7f23:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "33acb8b4-5e5c-4ba2-8089-2554aaff7f23:indexpattern-datasource-layer-3ac7ca64-bfb5-471c-8a8a-2cb5837ee004", - "type": "index-pattern" - }, - { - "id": "3e7187a0-f894-11ee-9088-0f36517484ce", - "name": "7c636e26-d3f1-4aa9-b263-683d6b75f2ab:panel_7c636e26-d3f1-4aa9-b263-683d6b75f2ab", - "type": "search" - } - ], - "type": "dashboard", - "updated_at": "2024-04-12T11:38:19.817Z", - "version": "WzExMjcyLDFd" -} \ No newline at end of file diff --git a/x-pack/filebeat/module/salesforce/_meta/kibana/7/dashboard/cb7b4a40-f7ff-11ee-9088-0f36517484ce.json b/x-pack/filebeat/module/salesforce/_meta/kibana/7/dashboard/cb7b4a40-f7ff-11ee-9088-0f36517484ce.json deleted file mode 100644 index bd95b31e3a97..000000000000 --- a/x-pack/filebeat/module/salesforce/_meta/kibana/7/dashboard/cb7b4a40-f7ff-11ee-9088-0f36517484ce.json +++ /dev/null @@ -1,1552 +0,0 @@ -{ - "attributes": { - "description": "Salesforce Login Data", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.dataset", - "negate": false, - "params": { - "query": "salesforce.login" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.dataset": "salesforce.login" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": true, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "controls": [ - { - "fieldName": "salesforce.instance_url", - "id": "1712835656630", - "indexPatternRefName": "control_9788dc28-4697-4ec7-8953-e70fabbdb620_0_index_pattern", - "label": "Instance URL", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - } - ], - "pinFilters": false, - "updateFiltersOnChange": false, - "useTimeFilter": false - }, - "title": "", - "type": "input_control_vis", - "uiState": {} - } - }, - "gridData": { - "h": 5, - "i": "9788dc28-4697-4ec7-8953-e70fabbdb620", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "9788dc28-4697-4ec7-8953-e70fabbdb620", - "type": "visualization", - "version": "7.15.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "filebeat-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "indexpattern-datasource-layer-e601c823-8f3a-4656-ad12-402588f0f425", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "e601c823-8f3a-4656-ad12-402588f0f425": { - "columnOrder": [ - "eda440c2-47d3-4779-a238-48cedf1e1dab", - "eda440c2-47d3-4779-a238-48cedf1e1dabX0", - "eda440c2-47d3-4779-a238-48cedf1e1dabX1", - "eda440c2-47d3-4779-a238-48cedf1e1dabX2" - ], - "columns": { - "eda440c2-47d3-4779-a238-48cedf1e1dab": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Login success rate", - "operationType": "formula", - "params": { - "format": { - "id": "percent", - "params": { - "decimals": 2 - } - }, - "formula": "(count(kql='event.outcome : \"success\"')/count())", - "isFormulaBroken": false - }, - "references": [ - "eda440c2-47d3-4779-a238-48cedf1e1dabX2" - ], - "scale": "ratio" - }, - "eda440c2-47d3-4779-a238-48cedf1e1dabX0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "event.outcome : \"success\"" - }, - "isBucketed": false, - "label": "Part of Login success rate", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "eda440c2-47d3-4779-a238-48cedf1e1dabX1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Login success rate", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "eda440c2-47d3-4779-a238-48cedf1e1dabX2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Login success rate", - "operationType": "math", - "params": { - "tinymathAst": { - "args": [ - "eda440c2-47d3-4779-a238-48cedf1e1dabX0", - "eda440c2-47d3-4779-a238-48cedf1e1dabX1" - ], - "location": { - "max": 48, - "min": 0 - }, - "name": "divide", - "text": "(count(kql='event.outcome : \"success\"')/count())", - "type": "function" - } - }, - "references": [ - "eda440c2-47d3-4779-a238-48cedf1e1dabX0", - "eda440c2-47d3-4779-a238-48cedf1e1dabX1" - ], - "scale": "ratio" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "event.action", - "negate": false, - "params": { - "query": "login-attempt" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.action": "login-attempt" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "eda440c2-47d3-4779-a238-48cedf1e1dab", - "layerId": "e601c823-8f3a-4656-ad12-402588f0f425", - "layerType": "data" - } - }, - "title": "Login success rate [Filebeat Salesforce]", - "type": "lens", - "visualizationType": "lnsMetric" - }, - "enhancements": {}, - "hidePanelTitles": true - }, - "gridData": { - "h": 10, - "i": "ccd0f44d-f761-4a75-8fe1-f01955f30077", - "w": 24, - "x": 0, - "y": 5 - }, - "panelIndex": "ccd0f44d-f761-4a75-8fe1-f01955f30077", - "type": "lens", - "version": "7.15.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "filebeat-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "indexpattern-datasource-layer-16d40659-3f98-477a-8c51-69ff60874d70", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "16d40659-3f98-477a-8c51-69ff60874d70": { - "columnOrder": [ - "5ef8874b-edac-4144-9d56-f3cdc02988ba", - "5ef8874b-edac-4144-9d56-f3cdc02988baX0" - ], - "columns": { - "5ef8874b-edac-4144-9d56-f3cdc02988ba": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Failed login attempts", - "operationType": "formula", - "params": { - "formula": "count()", - "isFormulaBroken": false - }, - "references": [ - "5ef8874b-edac-4144-9d56-f3cdc02988baX0" - ], - "scale": "ratio" - }, - "5ef8874b-edac-4144-9d56-f3cdc02988baX0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of count()", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "event.outcome", - "negate": false, - "params": { - "query": "failure" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.outcome": "failure" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "event.action", - "negate": false, - "params": { - "query": "login-attempt" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.action": "login-attempt" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "5ef8874b-edac-4144-9d56-f3cdc02988ba", - "layerId": "16d40659-3f98-477a-8c51-69ff60874d70", - "layerType": "data" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsMetric" - }, - "enhancements": {}, - "hidePanelTitles": true - }, - "gridData": { - "h": 10, - "i": "da637943-7e6d-41a2-a9db-2d0fedc58956", - "w": 24, - "x": 24, - "y": 5 - }, - "panelIndex": "da637943-7e6d-41a2-a9db-2d0fedc58956", - "title": "Failed login attempts [Filebeat Salesforce]", - "type": "lens", - "version": "7.15.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "filebeat-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "indexpattern-datasource-layer-eb6954c3-d7f8-4561-953b-bb7a85328904", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "eb6954c3-d7f8-4561-953b-bb7a85328904": { - "columnOrder": [ - "633c1004-485f-4933-a814-4002992a1f8c", - "cac7726d-d7fc-4ab3-af4f-2d96c1fd5b17", - "543b37da-f2c5-49e2-b125-d877d7447c10" - ], - "columns": { - "543b37da-f2c5-49e2-b125-d877d7447c10": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "event.outcome : \"failure\"" - }, - "isBucketed": false, - "label": "Failure", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "633c1004-485f-4933-a814-4002992a1f8c": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "cac7726d-d7fc-4ab3-af4f-2d96c1fd5b17": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "event.outcome : \"success\"" - }, - "isBucketed": false, - "label": "Success", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "event.action", - "negate": false, - "params": { - "query": "login-attempt" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.action": "login-attempt" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "cac7726d-d7fc-4ab3-af4f-2d96c1fd5b17", - "543b37da-f2c5-49e2-b125-d877d7447c10" - ], - "layerId": "eb6954c3-d7f8-4561-953b-bb7a85328904", - "layerType": "data", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "xAccessor": "633c1004-485f-4933-a814-4002992a1f8c", - "yConfig": [ - { - "color": "#68bc00", - "forAccessor": "cac7726d-d7fc-4ab3-af4f-2d96c1fd5b17" - }, - { - "color": "#e7664c", - "forAccessor": "543b37da-f2c5-49e2-b125-d877d7447c10" - } - ] - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "line", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "71807bd3-d0ed-4328-93cc-6d9f3c93ea2c", - "w": 48, - "x": 0, - "y": 15 - }, - "panelIndex": "71807bd3-d0ed-4328-93cc-6d9f3c93ea2c", - "title": "Login over time [Filebeat Salesforce]", - "type": "lens", - "version": "7.15.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "filebeat-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "indexpattern-datasource-layer-94dd5ffa-7be5-4655-b1a2-2556e9ad835b", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "94dd5ffa-7be5-4655-b1a2-2556e9ad835b": { - "columnOrder": [ - "5747b6b2-a7ee-4835-bbef-ef41299cf88a", - "5cef11ff-915a-46ed-b3b3-40d2111d429f" - ], - "columns": { - "5747b6b2-a7ee-4835-bbef-ef41299cf88a": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "5cef11ff-915a-46ed-b3b3-40d2111d429f": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Login Events", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "event.action", - "negate": false, - "params": { - "query": "login-attempt" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.action": "login-attempt" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "5cef11ff-915a-46ed-b3b3-40d2111d429f" - ], - "layerId": "94dd5ffa-7be5-4655-b1a2-2556e9ad835b", - "layerType": "data", - "position": "top", - "seriesType": "bar", - "showGridlines": false, - "xAccessor": "5747b6b2-a7ee-4835-bbef-ef41299cf88a" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "e988774b-2311-49ce-90d2-89c11abcdb07", - "w": 48, - "x": 0, - "y": 30 - }, - "panelIndex": "e988774b-2311-49ce-90d2-89c11abcdb07", - "title": "Total login events over time [Filebeat Salesforce]", - "type": "lens", - "version": "7.15.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "filebeat-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "indexpattern-datasource-layer-77dc6ae7-66ae-4403-861c-86e10c2920b7", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "77dc6ae7-66ae-4403-861c-86e10c2920b7": { - "columnOrder": [ - "8912e35b-2fd5-493f-94bd-f8f6b5494819", - "f8b67a30-098a-4474-9b3e-8bbdc7fb223f" - ], - "columns": { - "8912e35b-2fd5-493f-94bd-f8f6b5494819": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Top 10 values of user.roles", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "f8b67a30-098a-4474-9b3e-8bbdc7fb223f", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "user.roles" - }, - "f8b67a30-098a-4474-9b3e-8bbdc7fb223f": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "event.action", - "negate": false, - "params": { - "query": "login-attempt" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.action": "login-attempt" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "8912e35b-2fd5-493f-94bd-f8f6b5494819" - ], - "layerId": "77dc6ae7-66ae-4403-861c-86e10c2920b7", - "layerType": "data", - "legendDisplay": "default", - "metric": "f8b67a30-098a-4474-9b3e-8bbdc7fb223f", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "89cc0806-06c0-44ff-a439-302308134141", - "w": 24, - "x": 0, - "y": 45 - }, - "panelIndex": "89cc0806-06c0-44ff-a439-302308134141", - "title": "Distribution of type of users [Filebeat Salesforce]", - "type": "lens", - "version": "7.15.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "filebeat-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "indexpattern-datasource-layer-0c41d5d1-1ecc-4583-bf02-f403fd062f57", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "0c41d5d1-1ecc-4583-bf02-f403fd062f57": { - "columnOrder": [ - "03378057-e779-4d5b-9529-bb74a6b69613", - "b328aa99-56ed-443d-aaa0-fcab852e9d2f" - ], - "columns": { - "03378057-e779-4d5b-9529-bb74a6b69613": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "User Agent", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "b328aa99-56ed-443d-aaa0-fcab852e9d2f", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "user_agent.name" - }, - "b328aa99-56ed-443d-aaa0-fcab852e9d2f": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "event.action", - "negate": false, - "params": { - "query": "login-attempt" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.action": "login-attempt" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "03378057-e779-4d5b-9529-bb74a6b69613" - ], - "layerId": "0c41d5d1-1ecc-4583-bf02-f403fd062f57", - "layerType": "data", - "legendDisplay": "default", - "metric": "b328aa99-56ed-443d-aaa0-fcab852e9d2f", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "donut" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "47159791-40d6-4728-a005-79ddba90c433", - "w": 24, - "x": 24, - "y": 45 - }, - "panelIndex": "47159791-40d6-4728-a005-79ddba90c433", - "title": "Activity by browser/client [Filebeat Salesforce]", - "type": "lens", - "version": "7.15.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "filebeat-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "indexpattern-datasource-layer-e6917172-0cfc-45d0-8761-9d151ca8c6d8", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "e6917172-0cfc-45d0-8761-9d151ca8c6d8": { - "columnOrder": [ - "12c45419-8c36-42d5-a61f-0134974a7917", - "8eb21603-1016-4a57-8f72-f2cbcd046732" - ], - "columns": { - "12c45419-8c36-42d5-a61f-0134974a7917": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Postal code", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "8eb21603-1016-4a57-8f72-f2cbcd046732", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "source.geo.postal_code" - }, - "8eb21603-1016-4a57-8f72-f2cbcd046732": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "User count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "user.email" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "8eb21603-1016-4a57-8f72-f2cbcd046732" - ], - "layerId": "e6917172-0cfc-45d0-8761-9d151ca8c6d8", - "layerType": "data", - "position": "top", - "seriesType": "bar_horizontal", - "showGridlines": false, - "xAccessor": "12c45419-8c36-42d5-a61f-0134974a7917" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_horizontal", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "062d36b1-7b48-4942-8dc6-bc6c9da71ca4", - "w": 24, - "x": 0, - "y": 60 - }, - "panelIndex": "062d36b1-7b48-4942-8dc6-bc6c9da71ca4", - "title": "Top 10 postal code by user count [Filebeat Salesforce]", - "type": "lens", - "version": "7.15.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "filebeat-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "indexpattern-datasource-layer-57bddf43-9edc-455c-a430-1905126337ab", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "57bddf43-9edc-455c-a430-1905126337ab": { - "columnOrder": [ - "898c6e89-40ea-41ed-83bb-db2b34fbe59d", - "fbdd3f62-f9f8-4830-a06d-f1b04ae314d5" - ], - "columns": { - "898c6e89-40ea-41ed-83bb-db2b34fbe59d": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Application type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "fbdd3f62-f9f8-4830-a06d-f1b04ae314d5", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "salesforce.login.application" - }, - "fbdd3f62-f9f8-4830-a06d-f1b04ae314d5": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "User count", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "user.email" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "event.action", - "negate": false, - "params": { - "query": "login-attempt" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.action": "login-attempt" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "fbdd3f62-f9f8-4830-a06d-f1b04ae314d5" - ], - "layerId": "57bddf43-9edc-455c-a430-1905126337ab", - "layerType": "data", - "position": "top", - "seriesType": "bar_horizontal", - "showGridlines": false, - "xAccessor": "898c6e89-40ea-41ed-83bb-db2b34fbe59d" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_horizontal", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "2f13c9f8-868c-420e-9243-4edc3bf8a52f", - "w": 24, - "x": 24, - "y": 60 - }, - "panelIndex": "2f13c9f8-868c-420e-9243-4edc3bf8a52f", - "title": "Top 10 application type by user count [Filebeat Salesforce]", - "type": "lens", - "version": "7.15.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "cae6ad06-6134-468e-aeeb-7a1755e143e7", - "w": 24, - "x": 0, - "y": 75 - }, - "panelIndex": "cae6ad06-6134-468e-aeeb-7a1755e143e7", - "panelRefName": "panel_cae6ad06-6134-468e-aeeb-7a1755e143e7", - "type": "search", - "version": "7.15.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "filebeat-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "indexpattern-datasource-layer-b2fe9547-0320-4300-9384-8e44fb4739cb", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "b2fe9547-0320-4300-9384-8e44fb4739cb": { - "columnOrder": [ - "94fa32bf-c0b2-453b-abae-ba8d7552adb1", - "65726718-5a2e-4c53-9cdd-773ece695cda" - ], - "columns": { - "65726718-5a2e-4c53-9cdd-773ece695cda": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Request count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "94fa32bf-c0b2-453b-abae-ba8d7552adb1": { - "customLabel": true, - "dataType": "ip", - "isBucketed": true, - "label": "IP Addresses", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "65726718-5a2e-4c53-9cdd-773ece695cda", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "source.ip" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "event.action", - "negate": false, - "params": { - "query": "login-attempt" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.action": "login-attempt" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "65726718-5a2e-4c53-9cdd-773ece695cda" - ], - "layerId": "b2fe9547-0320-4300-9384-8e44fb4739cb", - "layerType": "data", - "position": "top", - "seriesType": "bar_horizontal", - "showGridlines": false, - "xAccessor": "94fa32bf-c0b2-453b-abae-ba8d7552adb1" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_horizontal", - "title": "Empty XY chart", - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "02f53527-4721-4341-9d76-05d9075eef17", - "w": 24, - "x": 24, - "y": 75 - }, - "panelIndex": "02f53527-4721-4341-9d76-05d9075eef17", - "title": "Top 10 IP addresses by request count [Filebeat Salesforce]", - "type": "lens", - "version": "7.15.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hiddenLayers": [], - "hidePanelTitles": false, - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 85.05113, - "maxLon": 270, - "minLat": -66.51326, - "minLon": -270 - }, - "mapCenter": { - "lat": 15.07469, - "lon": -0.10396, - "zoom": 1.38 - }, - "openTOCDetails": [] - }, - "gridData": { - "h": 25, - "i": "d860f236-a75a-4fde-81ce-f3de40ef7c19", - "w": 48, - "x": 0, - "y": 90 - }, - "panelIndex": "d860f236-a75a-4fde-81ce-f3de40ef7c19", - "panelRefName": "panel_d860f236-a75a-4fde-81ce-f3de40ef7c19", - "title": "Login activity by region [Filebeat Salesforce]", - "type": "map", - "version": "7.15.0" - } - ], - "refreshInterval": { - "pause": true, - "value": 0 - }, - "timeFrom": "now-7d/d", - "timeRestore": true, - "timeTo": "now", - "title": "[Filebeat Salesforce] Login Dashboard", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "cb7b4a40-f7ff-11ee-9088-0f36517484ce", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "references": [ - { - "id": "filebeat-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "9788dc28-4697-4ec7-8953-e70fabbdb620:control_9788dc28-4697-4ec7-8953-e70fabbdb620_0_index_pattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "ccd0f44d-f761-4a75-8fe1-f01955f30077:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "ccd0f44d-f761-4a75-8fe1-f01955f30077:indexpattern-datasource-layer-e601c823-8f3a-4656-ad12-402588f0f425", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "ccd0f44d-f761-4a75-8fe1-f01955f30077:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "da637943-7e6d-41a2-a9db-2d0fedc58956:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "da637943-7e6d-41a2-a9db-2d0fedc58956:indexpattern-datasource-layer-16d40659-3f98-477a-8c51-69ff60874d70", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "da637943-7e6d-41a2-a9db-2d0fedc58956:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "da637943-7e6d-41a2-a9db-2d0fedc58956:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "71807bd3-d0ed-4328-93cc-6d9f3c93ea2c:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "71807bd3-d0ed-4328-93cc-6d9f3c93ea2c:indexpattern-datasource-layer-eb6954c3-d7f8-4561-953b-bb7a85328904", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "71807bd3-d0ed-4328-93cc-6d9f3c93ea2c:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "e988774b-2311-49ce-90d2-89c11abcdb07:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "e988774b-2311-49ce-90d2-89c11abcdb07:indexpattern-datasource-layer-94dd5ffa-7be5-4655-b1a2-2556e9ad835b", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "e988774b-2311-49ce-90d2-89c11abcdb07:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "89cc0806-06c0-44ff-a439-302308134141:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "89cc0806-06c0-44ff-a439-302308134141:indexpattern-datasource-layer-77dc6ae7-66ae-4403-861c-86e10c2920b7", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "89cc0806-06c0-44ff-a439-302308134141:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "47159791-40d6-4728-a005-79ddba90c433:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "47159791-40d6-4728-a005-79ddba90c433:indexpattern-datasource-layer-0c41d5d1-1ecc-4583-bf02-f403fd062f57", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "47159791-40d6-4728-a005-79ddba90c433:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "062d36b1-7b48-4942-8dc6-bc6c9da71ca4:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "062d36b1-7b48-4942-8dc6-bc6c9da71ca4:indexpattern-datasource-layer-e6917172-0cfc-45d0-8761-9d151ca8c6d8", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "2f13c9f8-868c-420e-9243-4edc3bf8a52f:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "2f13c9f8-868c-420e-9243-4edc3bf8a52f:indexpattern-datasource-layer-57bddf43-9edc-455c-a430-1905126337ab", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "2f13c9f8-868c-420e-9243-4edc3bf8a52f:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "2752cec0-f804-11ee-9088-0f36517484ce", - "name": "cae6ad06-6134-468e-aeeb-7a1755e143e7:panel_cae6ad06-6134-468e-aeeb-7a1755e143e7", - "type": "search" - }, - { - "id": "filebeat-*", - "name": "02f53527-4721-4341-9d76-05d9075eef17:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "02f53527-4721-4341-9d76-05d9075eef17:indexpattern-datasource-layer-b2fe9547-0320-4300-9384-8e44fb4739cb", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "02f53527-4721-4341-9d76-05d9075eef17:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "c9668e10-f88e-11ee-9088-0f36517484ce", - "name": "d860f236-a75a-4fde-81ce-f3de40ef7c19:panel_d860f236-a75a-4fde-81ce-f3de40ef7c19", - "type": "map" - } - ], - "type": "dashboard", - "updated_at": "2024-04-12T11:42:57.059Z", - "version": "WzExNjA3LDFd" -} \ No newline at end of file diff --git a/x-pack/filebeat/module/salesforce/_meta/kibana/7/map/15bcb8a0-f891-11ee-9088-0f36517484ce.json b/x-pack/filebeat/module/salesforce/_meta/kibana/7/map/15bcb8a0-f891-11ee-9088-0f36517484ce.json deleted file mode 100644 index 736dd52ddaf9..000000000000 --- a/x-pack/filebeat/module/salesforce/_meta/kibana/7/map/15bcb8a0-f891-11ee-9088-0f36517484ce.json +++ /dev/null @@ -1,192 +0,0 @@ -{ - "attributes": { - "description": "", - "layerListJSON": [ - { - "alpha": 1, - "id": "fc011f77-7c53-4a98-afef-f7d89244f0cf", - "includeInFitToBounds": true, - "label": null, - "maxZoom": 24, - "minZoom": 0, - "sourceDescriptor": { - "isAutoSelect": true, - "type": "EMS_TMS" - }, - "style": { - "type": "TILE" - }, - "type": "VECTOR_TILE", - "visible": true - }, - { - "alpha": 0.75, - "id": "4f907c5b-67e7-45c3-8c4c-7cb80170de03", - "includeInFitToBounds": true, - "joins": [], - "label": "Logout Activity", - "maxZoom": 24, - "minZoom": 0, - "sourceDescriptor": { - "applyGlobalQuery": true, - "applyGlobalTime": true, - "filterByMapBounds": true, - "geoField": "source.geo.location", - "id": "58e3c77d-15bd-4516-a81f-56f35cbe66ed", - "indexPatternRefName": "layer_1_source_index_pattern", - "scalingType": "MVT", - "sortField": "", - "sortOrder": "desc", - "tooltipProperties": [], - "topHitsSize": 1, - "topHitsSplitField": "", - "type": "ES_SEARCH" - }, - "style": { - "isTimeAware": true, - "properties": { - "fillColor": { - "options": { - "color": "#54B399" - }, - "type": "STATIC" - }, - "icon": { - "options": { - "value": "marker" - }, - "type": "STATIC" - }, - "iconOrientation": { - "options": { - "orientation": 0 - }, - "type": "STATIC" - }, - "iconSize": { - "options": { - "size": 6 - }, - "type": "STATIC" - }, - "labelBorderColor": { - "options": { - "color": "#FFFFFF" - }, - "type": "STATIC" - }, - "labelBorderSize": { - "options": { - "size": "SMALL" - } - }, - "labelColor": { - "options": { - "color": "#000000" - }, - "type": "STATIC" - }, - "labelSize": { - "options": { - "size": 14 - }, - "type": "STATIC" - }, - "labelText": { - "options": { - "value": "" - }, - "type": "STATIC" - }, - "lineColor": { - "options": { - "color": "#41937c" - }, - "type": "STATIC" - }, - "lineWidth": { - "options": { - "size": 1 - }, - "type": "STATIC" - }, - "symbolizeAs": { - "options": { - "value": "circle" - } - } - }, - "type": "VECTOR" - }, - "type": "TILED_VECTOR", - "visible": true - } - ], - "mapStateJSON": { - "center": { - "lat": 19.94277, - "lon": 0 - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "refreshConfig": { - "interval": 0, - "isPaused": true - }, - "settings": { - "autoFitToDataBounds": false, - "backgroundColor": "#ffffff", - "browserLocation": { - "zoom": 2 - }, - "disableInteractive": false, - "disableTooltipControl": false, - "fixedLocation": { - "lat": 0, - "lon": 0, - "zoom": 2 - }, - "hideLayerControl": false, - "hideToolbarOverlay": false, - "hideViewControl": false, - "initialLocation": "LAST_SAVED_LOCATION", - "maxZoom": 24, - "minZoom": 0, - "showScaleControl": false, - "showSpatialFilters": true, - "showTimesliderToggleButton": true, - "spatialFiltersAlpa": 0.3, - "spatialFiltersFillColor": "#DA8B45", - "spatialFiltersLineColor": "#DA8B45" - }, - "timeFilters": { - "from": "now-7d/d", - "to": "now" - }, - "zoom": 1.77 - }, - "title": "Logout activity by region [Filebeat Salesforce]", - "uiStateJSON": { - "isLayerTOCOpen": true, - "openTOCDetails": [] - } - }, - "coreMigrationVersion": "7.15.0", - "id": "15bcb8a0-f891-11ee-9088-0f36517484ce", - "migrationVersion": { - "map": "7.14.0" - }, - "references": [ - { - "id": "filebeat-*", - "name": "layer_1_source_index_pattern", - "type": "index-pattern" - } - ], - "type": "map", - "updated_at": "2024-04-15T13:14:55.200Z", - "version": "WzEyNTI5LDFd" -} \ No newline at end of file diff --git a/x-pack/filebeat/module/salesforce/_meta/kibana/7/map/c9668e10-f88e-11ee-9088-0f36517484ce.json b/x-pack/filebeat/module/salesforce/_meta/kibana/7/map/c9668e10-f88e-11ee-9088-0f36517484ce.json deleted file mode 100644 index 1bbb4d88397a..000000000000 --- a/x-pack/filebeat/module/salesforce/_meta/kibana/7/map/c9668e10-f88e-11ee-9088-0f36517484ce.json +++ /dev/null @@ -1,192 +0,0 @@ -{ - "attributes": { - "description": "", - "layerListJSON": [ - { - "alpha": 1, - "id": "e14b9f6c-b5bc-44c3-a76d-cd3ce4416837", - "includeInFitToBounds": true, - "label": null, - "maxZoom": 24, - "minZoom": 0, - "sourceDescriptor": { - "isAutoSelect": true, - "type": "EMS_TMS" - }, - "style": { - "type": "TILE" - }, - "type": "VECTOR_TILE", - "visible": true - }, - { - "alpha": 0.75, - "id": "b7f862e8-d875-4a1a-a922-63f5c2f6d06a", - "includeInFitToBounds": true, - "joins": [], - "label": "Login Activity", - "maxZoom": 24, - "minZoom": 0, - "sourceDescriptor": { - "applyGlobalQuery": true, - "applyGlobalTime": true, - "filterByMapBounds": true, - "geoField": "source.geo.location", - "id": "97b373bc-81dc-42de-9d90-f7970d5c3a73", - "indexPatternRefName": "layer_1_source_index_pattern", - "scalingType": "MVT", - "sortField": "", - "sortOrder": "desc", - "tooltipProperties": [], - "topHitsSize": 1, - "topHitsSplitField": "", - "type": "ES_SEARCH" - }, - "style": { - "isTimeAware": true, - "properties": { - "fillColor": { - "options": { - "color": "#54B399" - }, - "type": "STATIC" - }, - "icon": { - "options": { - "value": "marker" - }, - "type": "STATIC" - }, - "iconOrientation": { - "options": { - "orientation": 0 - }, - "type": "STATIC" - }, - "iconSize": { - "options": { - "size": 6 - }, - "type": "STATIC" - }, - "labelBorderColor": { - "options": { - "color": "#FFFFFF" - }, - "type": "STATIC" - }, - "labelBorderSize": { - "options": { - "size": "SMALL" - } - }, - "labelColor": { - "options": { - "color": "#000000" - }, - "type": "STATIC" - }, - "labelSize": { - "options": { - "size": 14 - }, - "type": "STATIC" - }, - "labelText": { - "options": { - "value": "" - }, - "type": "STATIC" - }, - "lineColor": { - "options": { - "color": "#41937c" - }, - "type": "STATIC" - }, - "lineWidth": { - "options": { - "size": 1 - }, - "type": "STATIC" - }, - "symbolizeAs": { - "options": { - "value": "circle" - } - } - }, - "type": "VECTOR" - }, - "type": "TILED_VECTOR", - "visible": true - } - ], - "mapStateJSON": { - "center": { - "lat": 15.07469, - "lon": -0.10396 - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "refreshConfig": { - "interval": 0, - "isPaused": true - }, - "settings": { - "autoFitToDataBounds": false, - "backgroundColor": "#ffffff", - "browserLocation": { - "zoom": 2 - }, - "disableInteractive": false, - "disableTooltipControl": false, - "fixedLocation": { - "lat": 0, - "lon": 0, - "zoom": 2 - }, - "hideLayerControl": false, - "hideToolbarOverlay": false, - "hideViewControl": false, - "initialLocation": "LAST_SAVED_LOCATION", - "maxZoom": 24, - "minZoom": 0, - "showScaleControl": false, - "showSpatialFilters": true, - "showTimesliderToggleButton": true, - "spatialFiltersAlpa": 0.3, - "spatialFiltersFillColor": "#DA8B45", - "spatialFiltersLineColor": "#DA8B45" - }, - "timeFilters": { - "from": "now-7d/d", - "to": "now" - }, - "zoom": 1.38 - }, - "title": "Login activity by region [Filebeat Salesforce]", - "uiStateJSON": { - "isLayerTOCOpen": true, - "openTOCDetails": [] - } - }, - "coreMigrationVersion": "7.15.0", - "id": "c9668e10-f88e-11ee-9088-0f36517484ce", - "migrationVersion": { - "map": "7.14.0" - }, - "references": [ - { - "id": "filebeat-*", - "name": "layer_1_source_index_pattern", - "type": "index-pattern" - } - ], - "type": "map", - "updated_at": "2024-04-15T13:15:17.835Z", - "version": "WzEyNTQ4LDFd" -} \ No newline at end of file diff --git a/x-pack/filebeat/module/salesforce/_meta/kibana/7/search/2752cec0-f804-11ee-9088-0f36517484ce.json b/x-pack/filebeat/module/salesforce/_meta/kibana/7/search/2752cec0-f804-11ee-9088-0f36517484ce.json deleted file mode 100644 index 201b3ab6dc47..000000000000 --- a/x-pack/filebeat/module/salesforce/_meta/kibana/7/search/2752cec0-f804-11ee-9088-0f36517484ce.json +++ /dev/null @@ -1,93 +0,0 @@ -{ - "attributes": { - "columns": [ - "event.outcome", - "salesforce.login.run_time", - "salesforce.login.db_time.total" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.action", - "negate": false, - "params": { - "query": "login-attempt" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.action": "login-attempt" - } - } - }, - { - "$state": { - "store": "appState" - }, - "exists": { - "field": "event.outcome" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "event.outcome", - "negate": false, - "type": "exists", - "value": "exists" - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "sort": [ - [ - "@timestamp", - "desc" - ] - ], - "title": "Login events table [Filebeat Salesforce]", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "2752cec0-f804-11ee-9088-0f36517484ce", - "migrationVersion": { - "search": "7.9.3" - }, - "references": [ - { - "id": "filebeat-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "filebeat-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "search", - "updated_at": "2024-04-12T11:42:31.623Z", - "version": "WzExNTc0LDFd" -} \ No newline at end of file diff --git a/x-pack/filebeat/module/salesforce/_meta/kibana/7/search/3e7187a0-f894-11ee-9088-0f36517484ce.json b/x-pack/filebeat/module/salesforce/_meta/kibana/7/search/3e7187a0-f894-11ee-9088-0f36517484ce.json deleted file mode 100644 index 3d952741e883..000000000000 --- a/x-pack/filebeat/module/salesforce/_meta/kibana/7/search/3e7187a0-f894-11ee-9088-0f36517484ce.json +++ /dev/null @@ -1,44 +0,0 @@ -{ - "attributes": { - "columns": [ - "salesforce.setup_audit_trail.section", - "event.action", - "salesforce.setup_audit_trail.display" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "salesforce.setup_audit_trail.section : * or event.action : * or salesforce.setup_audit_trail.display : *" - } - } - }, - "sort": [ - [ - "@timestamp", - "desc" - ] - ], - "title": "Changes made in the setup [Filebeat Salesforce]", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "3e7187a0-f894-11ee-9088-0f36517484ce", - "migrationVersion": { - "search": "7.9.3" - }, - "references": [ - { - "id": "filebeat-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "search", - "updated_at": "2024-04-12T11:37:55.498Z", - "version": "WzExMjQ3LDFd" -} \ No newline at end of file diff --git a/x-pack/filebeat/module/salesforce/module.yml b/x-pack/filebeat/module/salesforce/module.yml deleted file mode 100644 index 71e1ee551239..000000000000 --- a/x-pack/filebeat/module/salesforce/module.yml +++ /dev/null @@ -1,9 +0,0 @@ -dashboards: -- id: 6e6bee90-f7e6-11ee-9088-0f36517484ce - file: 6e6bee90-f7e6-11ee-9088-0f36517484ce.json -- id: cb7b4a40-f7ff-11ee-9088-0f36517484ce - file: cb7b4a40-f7ff-11ee-9088-0f36517484ce.json -- id: 243e40b0-f891-11ee-9088-0f36517484ce - file: 243e40b0-f891-11ee-9088-0f36517484ce.json -- id: c66be450-f891-11ee-9088-0f36517484ce - file: c66be450-f891-11ee-9088-0f36517484ce.json diff --git a/x-pack/metricbeat/module/aws/terraform.tf b/x-pack/metricbeat/module/aws/terraform.tf index 991650b1433c..7f27bda98f65 100644 --- a/x-pack/metricbeat/module/aws/terraform.tf +++ b/x-pack/metricbeat/module/aws/terraform.tf @@ -1,5 +1,6 @@ provider "aws" { version = "~> 3.33" + region = "us-east-1" default_tags { tags = { environment = var.ENVIRONMENT @@ -32,7 +33,7 @@ resource "aws_db_instance" "test" { identifier = "metricbeat-test-${random_id.suffix.hex}" allocated_storage = 20 // Gigabytes engine = "mysql" - instance_class = "db.t2.micro" + instance_class = "db.t3.micro" name = "metricbeattest" username = "foo" password = random_password.db.result