#! this request accesses system indices: [.fleet-policies-7], but in a future ma

1. #! this request accesses system indices: [.fleet-policies-7], but in a future major version, direct access to system indices will be prevented by default
2. {
3. "took": 97,
4. "timed_out": false,
5. "_shards": {
6. "total": 1,
7. "successful": 1,
8. "skipped": 0,
9. "failed": 0
10. },
11. "hits": {
12. "total": {
13. "value": 19,
14. "relation": "eq"
15. },
16. "max_score": 0.7907857,
17. "hits": [
18. {
19. "_index": ".fleet-policies-7",
20. "_id": "812474c4-8530-4af6-bf84-5dc154308a8e",
21. "_score": 0.7907857,
22. "_source": {
23. "@timestamp": "2022-11-16T15:58:55.260Z",
24. "revision_idx": 4,
25. "coordinator_idx": 0,
26. "data": {
27. "id": "fleet-server-policy",
28. "outputs": {
29. "default": {
30. "type": "elasticsearch",
31. "hosts": [
32. "https://****:9200"
33. ]
34. }
35. },
36. "inputs": [
37. {
38. "id": "fleet-server-fleet_server-13bcfd99-a40a-4b46-9bd9-395f76a0f0fa",
39. "revision": 1,
40. "name": "fleet_server-1",
41. "type": "fleet-server",
42. "data_stream": {
43. "namespace": "default"
44. },
45. "use_output": "default",
46. "server": {
47. "port": 8220,
48. "host": "172.24.54.23"
49. },
50. "meta": {
51. "package": {
52. "name": "fleet_server",
53. "version": "1.2.0"
54. }
55. }
56. }
57. ],
58. "revision": 4,
59. "agent": {
60. "download": {
61. "source_uri": "https://artifacts.elastic.co/downloads/"
62. },
63. "monitoring": {
64. "namespace": "default",
65. "use_output": "default",
66. "enabled": true,
67. "logs": true,
68. "metrics": true
69. }
70. },
71. "output_permissions": {
72. "default": {
73. "_elastic_agent_monitoring": {
74. "indices": [
75. {
76. "names": [
77. "logs-elastic_agent.apm_server-default"
78. ],
79. "privileges": [
80. "auto_configure",
81. "create_doc"
82. ]
83. },
84. {
85. "names": [
86. "metrics-elastic_agent.apm_server-default"
87. ],
88. "privileges": [
89. "auto_configure",
90. "create_doc"
91. ]
92. },
93. {
94. "names": [
95. "logs-elastic_agent.auditbeat-default"
96. ],
97. "privileges": [
98. "auto_configure",
99. "create_doc"
100. ]
101. },
102. {
103. "names": [
104. "metrics-elastic_agent.auditbeat-default"
105. ],
106. "privileges": [
107. "auto_configure",
108. "create_doc"
109. ]
110. },
111. {
112. "names": [
113. "logs-elastic_agent.cloudbeat-default"
114. ],
115. "privileges": [
116. "auto_configure",
117. "create_doc"
118. ]
119. },
120. {
121. "names": [
122. "metrics-elastic_agent.cloudbeat-default"
123. ],
124. "privileges": [
125. "auto_configure",
126. "create_doc"
127. ]
128. },
129. {
130. "names": [
131. "logs-elastic_agent-default"
132. ],
133. "privileges": [
134. "auto_configure",
135. "create_doc"
136. ]
137. },
138. {
139. "names": [
140. "metrics-elastic_agent.elastic_agent-default"
141. ],
142. "privileges": [
143. "auto_configure",
144. "create_doc"
145. ]
146. },
147. {
148. "names": [
149. "metrics-elastic_agent.endpoint_security-default"
150. ],
151. "privileges": [
152. "auto_configure",
153. "create_doc"
154. ]
155. },
156. {
157. "names": [
158. "logs-elastic_agent.endpoint_security-default"
159. ],
160. "privileges": [
161. "auto_configure",
162. "create_doc"
163. ]
164. },
165. {
166. "names": [
167. "logs-elastic_agent.filebeat-default"
168. ],
169. "privileges": [
170. "auto_configure",
171. "create_doc"
172. ]
173. },
174. {
175. "names": [
176. "metrics-elastic_agent.filebeat-default"
177. ],
178. "privileges": [
179. "auto_configure",
180. "create_doc"
181. ]
182. },
183. {
184. "names": [
185. "logs-elastic_agent.fleet_server-default"
186. ],
187. "privileges": [
188. "auto_configure",
189. "create_doc"
190. ]
191. },
192. {
193. "names": [
194. "metrics-elastic_agent.fleet_server-default"
195. ],
196. "privileges": [
197. "auto_configure",
198. "create_doc"
199. ]
200. },
201. {
202. "names": [
203. "logs-elastic_agent.heartbeat-default"
204. ],
205. "privileges": [
206. "auto_configure",
207. "create_doc"
208. ]
209. },
210. {
211. "names": [
212. "metrics-elastic_agent.heartbeat-default"
213. ],
214. "privileges": [
215. "auto_configure",
216. "create_doc"
217. ]
218. },
219. {
220. "names": [
221. "logs-elastic_agent.metricbeat-default"
222. ],
223. "privileges": [
224. "auto_configure",
225. "create_doc"
226. ]
227. },
228. {
229. "names": [
230. "metrics-elastic_agent.metricbeat-default"
231. ],
232. "privileges": [
233. "auto_configure",
234. "create_doc"
235. ]
236. },
237. {
238. "names": [
239. "logs-elastic_agent.osquerybeat-default"
240. ],
241. "privileges": [
242. "auto_configure",
243. "create_doc"
244. ]
245. },
246. {
247. "names": [
248. "metrics-elastic_agent.osquerybeat-default"
249. ],
250. "privileges": [
251. "auto_configure",
252. "create_doc"
253. ]
254. },
255. {
256. "names": [
257. "logs-elastic_agent.packetbeat-default"
258. ],
259. "privileges": [
260. "auto_configure",
261. "create_doc"
262. ]
263. },
264. {
265. "names": [
266. "metrics-elastic_agent.packetbeat-default"
267. ],
268. "privileges": [
269. "auto_configure",
270. "create_doc"
271. ]
272. }
273. ]
274. },
275. "_elastic_agent_checks": {
276. "cluster": [
277. "monitor"
278. ]
279. }
280. }
281. },
282. "fleet": {
283. "hosts": [
284. "https://172.24.54.23:8220"
285. ]
286. }
287. },
288. "policy_id": "fleet-server-policy",
289. "default_fleet_server": true
290. }
291. },
292. {
293. "_index": ".fleet-policies-7",
294. "_id": "9d934285-27c2-42af-9938-904f294f47af",
295. "_score": 0.7907857,
296. "_source": {
297. "@timestamp": "2022-11-16T15:57:54.791Z",
298. "revision_idx": 3,
299. "coordinator_idx": 0,
300. "data": {
301. "id": "fleet-server-policy",
302. "outputs": {
303. "default": {
304. "type": "elasticsearch",
305. "hosts": [
306. "https://****:9200"
307. ]
308. }
309. },
310. "inputs": [],
311. "revision": 3,
312. "agent": {
313. "download": {
314. "source_uri": "https://artifacts.elastic.co/downloads/"
315. },
316. "monitoring": {
317. "namespace": "default",
318. "use_output": "default",
319. "enabled": true,
320. "logs": true,
321. "metrics": true
322. }
323. },
324. "output_permissions": {
325. "default": {
326. "_elastic_agent_monitoring": {
327. "indices": [
328. {
329. "names": [
330. "metrics-elastic_agent.elastic_agent-default"
331. ],
332. "privileges": [
333. "auto_configure",
334. "create_doc"
335. ]
336. },
337. {
338. "names": [
339. "logs-elastic_agent.auditbeat-default"
340. ],
341. "privileges": [
342. "auto_configure",
343. "create_doc"
344. ]
345. },
346. {
347. "names": [
348. "metrics-elastic_agent.apm_server-default"
349. ],
350. "privileges": [
351. "auto_configure",
352. "create_doc"
353. ]
354. },
355. {
356. "names": [
357. "logs-elastic_agent.cloudbeat-default"
358. ],
359. "privileges": [
360. "auto_configure",
361. "create_doc"
362. ]
363. },
364. {
365. "names": [
366. "logs-elastic_agent.apm_server-default"
367. ],
368. "privileges": [
369. "auto_configure",
370. "create_doc"
371. ]
372. },
373. {
374. "names": [
375. "metrics-elastic_agent.fleet_server-default"
376. ],
377. "privileges": [
378. "auto_configure",
379. "create_doc"
380. ]
381. },
382. {
383. "names": [
384. "metrics-elastic_agent.osquerybeat-default"
385. ],
386. "privileges": [
387. "auto_configure",
388. "create_doc"
389. ]
390. },
391. {
392. "names": [
393. "metrics-elastic_agent.cloudbeat-default"
394. ],
395. "privileges": [
396. "auto_configure",
397. "create_doc"
398. ]
399. },
400. {
401. "names": [
402. "logs-elastic_agent.filebeat-default"
403. ],
404. "privileges": [
405. "auto_configure",
406. "create_doc"
407. ]
408. },
409. {
410. "names": [
411. "metrics-elastic_agent.auditbeat-default"
412. ],
413. "privileges": [
414. "auto_configure",
415. "create_doc"
416. ]
417. },
418. {
419. "names": [
420. "logs-elastic_agent.endpoint_security-default"
421. ],
422. "privileges": [
423. "auto_configure",
424. "create_doc"
425. ]
426. },
427. {
428. "names": [
429. "metrics-elastic_agent.packetbeat-default"
430. ],
431. "privileges": [
432. "auto_configure",
433. "create_doc"
434. ]
435. },
436. {
437. "names": [
438. "metrics-elastic_agent.filebeat-default"
439. ],
440. "privileges": [
441. "auto_configure",
442. "create_doc"
443. ]
444. },
445. {
446. "names": [
447. "metrics-elastic_agent.endpoint_security-default"
448. ],
449. "privileges": [
450. "auto_configure",
451. "create_doc"
452. ]
453. },
454. {
455. "names": [
456. "logs-elastic_agent.packetbeat-default"
457. ],
458. "privileges": [
459. "auto_configure",
460. "create_doc"
461. ]
462. },
463. {
464. "names": [
465. "logs-elastic_agent.metricbeat-default"
466. ],
467. "privileges": [
468. "auto_configure",
469. "create_doc"
470. ]
471. },
472. {
473. "names": [
474. "logs-elastic_agent.heartbeat-default"
475. ],
476. "privileges": [
477. "auto_configure",
478. "create_doc"
479. ]
480. },
481. {
482. "names": [
483. "logs-elastic_agent-default"
484. ],
485. "privileges": [
486. "auto_configure",
487. "create_doc"
488. ]
489. },
490. {
491. "names": [
492. "logs-elastic_agent.fleet_server-default"
493. ],
494. "privileges": [
495. "auto_configure",
496. "create_doc"
497. ]
498. },
499. {
500. "names": [
501. "metrics-elastic_agent.heartbeat-default"
502. ],
503. "privileges": [
504. "auto_configure",
505. "create_doc"
506. ]
507. },
508. {
509. "names": [
510. "metrics-elastic_agent.metricbeat-default"
511. ],
512. "privileges": [
513. "auto_configure",
514. "create_doc"
515. ]
516. },
517. {
518. "names": [
519. "logs-elastic_agent.osquerybeat-default"
520. ],
521. "privileges": [
522. "auto_configure",
523. "create_doc"
524. ]
525. }
526. ]
527. },
528. "_elastic_agent_checks": {
529. "cluster": [
530. "monitor"
531. ]
532. }
533. }
534. },
535. "fleet": {
536. "hosts": [
537. "https://172.24.54.23:8220"
538. ]
539. }
540. },
541. "policy_id": "fleet-server-policy",
542. "default_fleet_server": true
543. }
544. },
545. {
546. "_index": ".fleet-policies-7",
547. "_id": "06769482-d075-4a88-bbe3-f0baf2df2adb",
548. "_score": 0.7907857,
549. "_source": {
550. "@timestamp": "2022-11-16T15:57:32.374Z",
551. "revision_idx": 2,
552. "coordinator_idx": 0,
553. "data": {
554. "id": "fleet-server-policy",
555. "outputs": {
556. "default": {
557. "type": "elasticsearch",
558. "hosts": [
559. "https://****9200"
560. ]
561. }
562. },
563. "inputs": [
564. {
565. "id": "fleet-server-fleet_server-7baac62d-e019-4ea3-b23f-7b741cb6fd7f",
566. "revision": 1,
567. "name": "fleet_server-1",
568. "type": "fleet-server",
569. "data_stream": {
570. "namespace": "default"
571. },
572. "use_output": "default",
573. "server": {
574. "port": 8220,
575. "host": "0.0.0.0"
576. },
577. "meta": {
578. "package": {
579. "name": "fleet_server",
580. "version": "1.2.0"
581. }
582. }
583. }
584. ],
585. "revision": 2,
586. "agent": {
587. "download": {
588. "source_uri": "https://artifacts.elastic.co/downloads/"
589. },
590. "monitoring": {
591. "namespace": "default",
592. "use_output": "default",
593. "enabled": true,
594. "logs": true,
595. "metrics": true
596. }
597. },
598. "output_permissions": {
599. "default": {
600. "_elastic_agent_monitoring": {
601. "indices": [
602. {
603. "names": [
604. "logs-elastic_agent.apm_server-default"
605. ],
606. "privileges": [
607. "auto_configure",
608. "create_doc"
609. ]
610. },
611. {
612. "names": [
613. "metrics-elastic_agent.apm_server-default"
614. ],
615. "privileges": [
616. "auto_configure",
617. "create_doc"
618. ]
619. },
620. {
621. "names": [
622. "logs-elastic_agent.auditbeat-default"
623. ],
624. "privileges": [
625. "auto_configure",
626. "create_doc"
627. ]
628. },
629. {
630. "names": [
631. "metrics-elastic_agent.auditbeat-default"
632. ],
633. "privileges": [
634. "auto_configure",
635. "create_doc"
636. ]
637. },
638. {
639. "names": [
640. "logs-elastic_agent.cloudbeat-default"
641. ],
642. "privileges": [
643. "auto_configure",
644. "create_doc"
645. ]
646. },
647. {
648. "names": [
649. "metrics-elastic_agent.cloudbeat-default"
650. ],
651. "privileges": [
652. "auto_configure",
653. "create_doc"
654. ]
655. },
656. {
657. "names": [
658. "logs-elastic_agent-default"
659. ],
660. "privileges": [
661. "auto_configure",
662. "create_doc"
663. ]
664. },
665. {
666. "names": [
667. "metrics-elastic_agent.elastic_agent-default"
668. ],
669. "privileges": [
670. "auto_configure",
671. "create_doc"
672. ]
673. },
674. {
675. "names": [
676. "metrics-elastic_agent.endpoint_security-default"
677. ],
678. "privileges": [
679. "auto_configure",
680. "create_doc"
681. ]
682. },
683. {
684. "names": [
685. "logs-elastic_agent.endpoint_security-default"
686. ],
687. "privileges": [
688. "auto_configure",
689. "create_doc"
690. ]
691. },
692. {
693. "names": [
694. "logs-elastic_agent.filebeat-default"
695. ],
696. "privileges": [
697. "auto_configure",
698. "create_doc"
699. ]
700. },
701. {
702. "names": [
703. "metrics-elastic_agent.filebeat-default"
704. ],
705. "privileges": [
706. "auto_configure",
707. "create_doc"
708. ]
709. },
710. {
711. "names": [
712. "logs-elastic_agent.fleet_server-default"
713. ],
714. "privileges": [
715. "auto_configure",
716. "create_doc"
717. ]
718. },
719. {
720. "names": [
721. "metrics-elastic_agent.fleet_server-default"
722. ],
723. "privileges": [
724. "auto_configure",
725. "create_doc"
726. ]
727. },
728. {
729. "names": [
730. "logs-elastic_agent.heartbeat-default"
731. ],
732. "privileges": [
733. "auto_configure",
734. "create_doc"
735. ]
736. },
737. {
738. "names": [
739. "metrics-elastic_agent.heartbeat-default"
740. ],
741. "privileges": [
742. "auto_configure",
743. "create_doc"
744. ]
745. },
746. {
747. "names": [
748. "logs-elastic_agent.metricbeat-default"
749. ],
750. "privileges": [
751. "auto_configure",
752. "create_doc"
753. ]
754. },
755. {
756. "names": [
757. "metrics-elastic_agent.metricbeat-default"
758. ],
759. "privileges": [
760. "auto_configure",
761. "create_doc"
762. ]
763. },
764. {
765. "names": [
766. "logs-elastic_agent.osquerybeat-default"
767. ],
768. "privileges": [
769. "auto_configure",
770. "create_doc"
771. ]
772. },
773. {
774. "names": [
775. "metrics-elastic_agent.osquerybeat-default"
776. ],
777. "privileges": [
778. "auto_configure",
779. "create_doc"
780. ]
781. },
782. {
783. "names": [
784. "logs-elastic_agent.packetbeat-default"
785. ],
786. "privileges": [
787. "auto_configure",
788. "create_doc"
789. ]
790. },
791. {
792. "names": [
793. "metrics-elastic_agent.packetbeat-default"
794. ],
795. "privileges": [
796. "auto_configure",
797. "create_doc"
798. ]
799. }
800. ]
801. },
802. "_elastic_agent_checks": {
803. "cluster": [
804. "monitor"
805. ]
806. }
807. }
808. },
809. "fleet": {
810. "hosts": [
811. "https://172.24.54.23:8220"
812. ]
813. }
814. },
815. "policy_id": "fleet-server-policy",
816. "default_fleet_server": true
817. }
818. },
819. {
820. "_index": ".fleet-policies-7",
821. "_id": "55792ad3-36f3-4592-b1dc-a311fde2a1df",
822. "_score": 0.7907857,
823. "_source": {
824. "@timestamp": "2022-11-15T12:41:14.552Z",
825. "revision_idx": 1,
826. "coordinator_idx": 0,
827. "data": {
828. "id": "fleet-server-policy",
829. "outputs": {
830. "default": {
831. "type": "elasticsearch",
832. "hosts": [
833. "http://localhost:9200"
834. ]
835. }
836. },
837. "inputs": [
838. {
839. "id": "fleet-server-fleet_server-ea8e9eb8-234c-475b-b8ea-08335ab5057e",
840. "revision": 1,
841. "name": "fleet_server-2",
842. "type": "fleet-server",
843. "data_stream": {
844. "namespace": "default"
845. },
846. "use_output": "default",
847. "server": {
848. "port": 8220,
849. "host": "0.0.0.0"
850. },
851. "meta": {
852. "package": {
853. "name": "fleet_server",
854. "version": "1.2.0"
855. }
856. }
857. },
858. {
859. "id": "logfile-system-a45c03f4-aac3-4314-941a-5d61bba5e610",
860. "revision": 1,
861. "name": "system-2",
862. "type": "logfile",
863. "data_stream": {
864. "namespace": "default"
865. },
866. "use_output": "default",
867. "streams": [
868. {
869. "id": "logfile-system.auth-a45c03f4-aac3-4314-941a-5d61bba5e610",
870. "data_stream": {
871. "type": "logs",
872. "dataset": "system.auth"
873. },
874. "paths": [
875. "/var/log/auth.log*",
876. "/var/log/secure*"
877. ],
878. "exclude_files": [
879. ".gz$"
880. ],
881. "multiline": {
882. "pattern": """^\s""",
883. "match": "after"
884. },
885. "processors": [
886. {
887. "add_locale": null
888. }
889. ]
890. },
891. {
892. "id": "logfile-system.syslog-a45c03f4-aac3-4314-941a-5d61bba5e610",
893. "data_stream": {
894. "type": "logs",
895. "dataset": "system.syslog"
896. },
897. "paths": [
898. "/var/log/messages*",
899. "/var/log/syslog*"
900. ],
901. "exclude_files": [
902. ".gz$"
903. ],
904. "multiline": {
905. "pattern": """^\s""",
906. "match": "after"
907. },
908. "processors": [
909. {
910. "add_locale": null
911. }
912. ]
913. }
914. ],
915. "meta": {
916. "package": {
917. "name": "system",
918. "version": "1.6.4"
919. }
920. }
921. },
922. {
923. "id": "winlog-system-a45c03f4-aac3-4314-941a-5d61bba5e610",
924. "revision": 1,
925. "name": "system-2",
926. "type": "winlog",
927. "data_stream": {
928. "namespace": "default"
929. },
930. "use_output": "default",
931. "streams": [
932. {
933. "id": "winlog-system.application-a45c03f4-aac3-4314-941a-5d61bba5e610",
934. "data_stream": {
935. "type": "logs",
936. "dataset": "system.application"
937. },
938. "name": "Application",
939. "condition": "${host.platform} == 'windows'",
940. "ignore_older": "72h",
941. "tags": null
942. },
943. {
944. "id": "winlog-system.security-a45c03f4-aac3-4314-941a-5d61bba5e610",
945. "data_stream": {
946. "type": "logs",
947. "dataset": "system.security"
948. },
949. "name": "Security",
950. "condition": "${host.platform} == 'windows'",
951. "tags": null
952. },
953. {
954. "id": "winlog-system.system-a45c03f4-aac3-4314-941a-5d61bba5e610",
955. "data_stream": {
956. "type": "logs",
957. "dataset": "system.system"
958. },
959. "name": "System",
960. "condition": "${host.platform} == 'windows'",
961. "tags": null
962. }
963. ],
964. "meta": {
965. "package": {
966. "name": "system",
967. "version": "1.6.4"
968. }
969. }
970. },
971. {
972. "id": "system/metrics-system-a45c03f4-aac3-4314-941a-5d61bba5e610",
973. "revision": 1,
974. "name": "system-2",
975. "type": "system/metrics",
976. "data_stream": {
977. "namespace": "default"
978. },
979. "use_output": "default",
980. "streams": [
981. {
982. "id": "system/metrics-system.filesystem-a45c03f4-aac3-4314-941a-5d61bba5e610",
983. "data_stream": {
984. "type": "metrics",
985. "dataset": "system.filesystem"
986. },
987. "metricsets": [
988. "filesystem"
989. ],
990. "period": "1m",
991. "processors": [
992. {
993. "drop_event.when.regexp": {
994. "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"
995. }
996. }
997. ]
998. },
999. {
1000. "id": "system/metrics-system.cpu-a45c03f4-aac3-4314-941a-5d61bba5e610",
1001. "data_stream": {
1002. "type": "metrics",
1003. "dataset": "system.cpu"
1004. },
1005. "metricsets": [
1006. "cpu"
1007. ],
1008. "cpu.metrics": [
1009. "percentages",
1010. "normalized_percentages"
1011. ],
1012. "period": "10s"
1013. },
1014. {
1015. "id": "system/metrics-system.process-a45c03f4-aac3-4314-941a-5d61bba5e610",
1016. "data_stream": {
1017. "type": "metrics",
1018. "dataset": "system.process"
1019. },
1020. "metricsets": [
1021. "process"
1022. ],
1023. "period": "10s",
1024. "process.include_top_n.by_cpu": 5,
1025. "process.include_top_n.by_memory": 5,
1026. "process.cmdline.cache.enabled": true,
1027. "process.cgroups.enabled": false,
1028. "process.include_cpu_ticks": false,
1029. "processes": [
1030. ".*"
1031. ]
1032. },
1033. {
1034. "id": "system/metrics-system.fsstat-a45c03f4-aac3-4314-941a-5d61bba5e610",
1035. "data_stream": {
1036. "type": "metrics",
1037. "dataset": "system.fsstat"
1038. },
1039. "metricsets": [
1040. "fsstat"
1041. ],
1042. "period": "1m",
1043. "processors": [
1044. {
1045. "drop_event.when.regexp": {
1046. "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"
1047. }
1048. }
1049. ]
1050. },
1051. {
1052. "id": "system/metrics-system.socket_summary-a45c03f4-aac3-4314-941a-5d61bba5e610",
1053. "data_stream": {
1054. "type": "metrics",
1055. "dataset": "system.socket_summary"
1056. },
1057. "metricsets": [
1058. "socket_summary"
1059. ],
1060. "period": "10s"
1061. },
1062. {
1063. "id": "system/metrics-system.network-a45c03f4-aac3-4314-941a-5d61bba5e610",
1064. "data_stream": {
1065. "type": "metrics",
1066. "dataset": "system.network"
1067. },
1068. "metricsets": [
1069. "network"
1070. ],
1071. "period": "10s",
1072. "network.interfaces": null
1073. },
1074. {
1075. "id": "system/metrics-system.memory-a45c03f4-aac3-4314-941a-5d61bba5e610",
1076. "data_stream": {
1077. "type": "metrics",
1078. "dataset": "system.memory"
1079. },
1080. "metricsets": [
1081. "memory"
1082. ],
1083. "period": "10s"
1084. },
1085. {
1086. "id": "system/metrics-system.load-a45c03f4-aac3-4314-941a-5d61bba5e610",
1087. "data_stream": {
1088. "type": "metrics",
1089. "dataset": "system.load"
1090. },
1091. "metricsets": [
1092. "load"
1093. ],
1094. "condition": "${host.platform} != 'windows'",
1095. "period": "10s"
1096. },
1097. {
1098. "id": "system/metrics-system.process.summary-a45c03f4-aac3-4314-941a-5d61bba5e610",
1099. "data_stream": {
1100. "type": "metrics",
1101. "dataset": "system.process.summary"
1102. },
1103. "metricsets": [
1104. "process_summary"
1105. ],
1106. "period": "10s"
1107. },
1108. {
1109. "id": "system/metrics-system.diskio-a45c03f4-aac3-4314-941a-5d61bba5e610",
1110. "data_stream": {
1111. "type": "metrics",
1112. "dataset": "system.diskio"
1113. },
1114. "metricsets": [
1115. "diskio"
1116. ],
1117. "diskio.include_devices": null,
1118. "period": "10s"
1119. },
1120. {
1121. "id": "system/metrics-system.uptime-a45c03f4-aac3-4314-941a-5d61bba5e610",
1122. "data_stream": {
1123. "type": "metrics",
1124. "dataset": "system.uptime"
1125. },
1126. "metricsets": [
1127. "uptime"
1128. ],
1129. "period": "10s"
1130. }
1131. ],
1132. "meta": {
1133. "package": {
1134. "name": "system",
1135. "version": "1.6.4"
1136. }
1137. }
1138. }
1139. ],
1140. "revision": 1,
1141. "agent": {
1142. "download": {
1143. "source_uri": "https://artifacts.elastic.co/downloads/"
1144. },
1145. "monitoring": {
1146. "namespace": "default",
1147. "use_output": "default",
1148. "enabled": true,
1149. "logs": true,
1150. "metrics": true
1151. }
1152. },
1153. "output_permissions": {
1154. "default": {
1155. "_elastic_agent_monitoring": {
1156. "indices": [
1157. {
1158. "names": [
1159. "logs-elastic_agent.apm_server-default"
1160. ],
1161. "privileges": [
1162. "auto_configure",
1163. "create_doc"
1164. ]
1165. },
1166. {
1167. "names": [
1168. "metrics-elastic_agent.apm_server-default"
1169. ],
1170. "privileges": [
1171. "auto_configure",
1172. "create_doc"
1173. ]
1174. },
1175. {
1176. "names": [
1177. "logs-elastic_agent.auditbeat-default"
1178. ],
1179. "privileges": [
1180. "auto_configure",
1181. "create_doc"
1182. ]
1183. },
1184. {
1185. "names": [
1186. "metrics-elastic_agent.auditbeat-default"
1187. ],
1188. "privileges": [
1189. "auto_configure",
1190. "create_doc"
1191. ]
1192. },
1193. {
1194. "names": [
1195. "logs-elastic_agent.cloudbeat-default"
1196. ],
1197. "privileges": [
1198. "auto_configure",
1199. "create_doc"
1200. ]
1201. },
1202. {
1203. "names": [
1204. "metrics-elastic_agent.cloudbeat-default"
1205. ],
1206. "privileges": [
1207. "auto_configure",
1208. "create_doc"
1209. ]
1210. },
1211. {
1212. "names": [
1213. "logs-elastic_agent-default"
1214. ],
1215. "privileges": [
1216. "auto_configure",
1217. "create_doc"
1218. ]
1219. },
1220. {
1221. "names": [
1222. "metrics-elastic_agent.elastic_agent-default"
1223. ],
1224. "privileges": [
1225. "auto_configure",
1226. "create_doc"
1227. ]
1228. },
1229. {
1230. "names": [
1231. "metrics-elastic_agent.endpoint_security-default"
1232. ],
1233. "privileges": [
1234. "auto_configure",
1235. "create_doc"
1236. ]
1237. },
1238. {
1239. "names": [
1240. "logs-elastic_agent.endpoint_security-default"
1241. ],
1242. "privileges": [
1243. "auto_configure",
1244. "create_doc"
1245. ]
1246. },
1247. {
1248. "names": [
1249. "logs-elastic_agent.filebeat-default"
1250. ],
1251. "privileges": [
1252. "auto_configure",
1253. "create_doc"
1254. ]
1255. },
1256. {
1257. "names": [
1258. "metrics-elastic_agent.filebeat-default"
1259. ],
1260. "privileges": [
1261. "auto_configure",
1262. "create_doc"
1263. ]
1264. },
1265. {
1266. "names": [
1267. "logs-elastic_agent.fleet_server-default"
1268. ],
1269. "privileges": [
1270. "auto_configure",
1271. "create_doc"
1272. ]
1273. },
1274. {
1275. "names": [
1276. "metrics-elastic_agent.fleet_server-default"
1277. ],
1278. "privileges": [
1279. "auto_configure",
1280. "create_doc"
1281. ]
1282. },
1283. {
1284. "names": [
1285. "logs-elastic_agent.heartbeat-default"
1286. ],
1287. "privileges": [
1288. "auto_configure",
1289. "create_doc"
1290. ]
1291. },
1292. {
1293. "names": [
1294. "metrics-elastic_agent.heartbeat-default"
1295. ],
1296. "privileges": [
1297. "auto_configure",
1298. "create_doc"
1299. ]
1300. },
1301. {
1302. "names": [
1303. "logs-elastic_agent.metricbeat-default"
1304. ],
1305. "privileges": [
1306. "auto_configure",
1307. "create_doc"
1308. ]
1309. },
1310. {
1311. "names": [
1312. "metrics-elastic_agent.metricbeat-default"
1313. ],
1314. "privileges": [
1315. "auto_configure",
1316. "create_doc"
1317. ]
1318. },
1319. {
1320. "names": [
1321. "logs-elastic_agent.osquerybeat-default"
1322. ],
1323. "privileges": [
1324. "auto_configure",
1325. "create_doc"
1326. ]
1327. },
1328. {
1329. "names": [
1330. "metrics-elastic_agent.osquerybeat-default"
1331. ],
1332. "privileges": [
1333. "auto_configure",
1334. "create_doc"
1335. ]
1336. },
1337. {
1338. "names": [
1339. "logs-elastic_agent.packetbeat-default"
1340. ],
1341. "privileges": [
1342. "auto_configure",
1343. "create_doc"
1344. ]
1345. },
1346. {
1347. "names": [
1348. "metrics-elastic_agent.packetbeat-default"
1349. ],
1350. "privileges": [
1351. "auto_configure",
1352. "create_doc"
1353. ]
1354. }
1355. ]
1356. },
1357. "_elastic_agent_checks": {
1358. "cluster": [
1359. "monitor"
1360. ]
1361. },
1362. "a45c03f4-aac3-4314-941a-5d61bba5e610": {
1363. "indices": [
1364. {
1365. "names": [
1366. "logs-system.auth-default"
1367. ],
1368. "privileges": [
1369. "auto_configure",
1370. "create_doc"
1371. ]
1372. },
1373. {
1374. "names": [
1375. "logs-system.syslog-default"
1376. ],
1377. "privileges": [
1378. "auto_configure",
1379. "create_doc"
1380. ]
1381. },
1382. {
1383. "names": [
1384. "logs-system.application-default"
1385. ],
1386. "privileges": [
1387. "auto_configure",
1388. "create_doc"
1389. ]
1390. },
1391. {
1392. "names": [
1393. "logs-system.security-default"
1394. ],
1395. "privileges": [
1396. "auto_configure",
1397. "create_doc"
1398. ]
1399. },
1400. {
1401. "names": [
1402. "logs-system.system-default"
1403. ],
1404. "privileges": [
1405. "auto_configure",
1406. "create_doc"
1407. ]
1408. },
1409. {
1410. "names": [
1411. "metrics-system.filesystem-default"
1412. ],
1413. "privileges": [
1414. "auto_configure",
1415. "create_doc"
1416. ]
1417. },
1418. {
1419. "names": [
1420. "metrics-system.cpu-default"
1421. ],
1422. "privileges": [
1423. "auto_configure",
1424. "create_doc"
1425. ]
1426. },
1427. {
1428. "names": [
1429. "metrics-system.process-default"
1430. ],
1431. "privileges": [
1432. "auto_configure",
1433. "create_doc"
1434. ]
1435. },
1436. {
1437. "names": [
1438. "metrics-system.fsstat-default"
1439. ],
1440. "privileges": [
1441. "auto_configure",
1442. "create_doc"
1443. ]
1444. },
1445. {
1446. "names": [
1447. "metrics-system.socket_summary-default"
1448. ],
1449. "privileges": [
1450. "auto_configure",
1451. "create_doc"
1452. ]
1453. },
1454. {
1455. "names": [
1456. "metrics-system.network-default"
1457. ],
1458. "privileges": [
1459. "auto_configure",
1460. "create_doc"
1461. ]
1462. },
1463. {
1464. "names": [
1465. "metrics-system.memory-default"
1466. ],
1467. "privileges": [
1468. "auto_configure",
1469. "create_doc"
1470. ]
1471. },
1472. {
1473. "names": [
1474. "metrics-system.load-default"
1475. ],
1476. "privileges": [
1477. "auto_configure",
1478. "create_doc"
1479. ]
1480. },
1481. {
1482. "names": [
1483. "metrics-system.process.summary-default"
1484. ],
1485. "privileges": [
1486. "auto_configure",
1487. "create_doc"
1488. ]
1489. },
1490. {
1491. "names": [
1492. "metrics-system.diskio-default"
1493. ],
1494. "privileges": [
1495. "auto_configure",
1496. "create_doc"
1497. ]
1498. },
1499. {
1500. "names": [
1501. "metrics-system.uptime-default"
1502. ],
1503. "privileges": [
1504. "auto_configure",
1505. "create_doc"
1506. ]
1507. }
1508. ]
1509. }
1510. }
1511. }
1512. },
1513. "policy_id": "fleet-server-policy",
1514. "default_fleet_server": true
1515. }
1516. },
1517. {
1518. "_index": ".fleet-policies-7",
1519. "_id": "8ccc109b-a0a8-4bef-882e-5e278f3ea500",
1520. "_score": 0.7907857,
1521. "_source": {
1522. "@timestamp": "2022-11-15T12:41:07.771Z",
1523. "revision_idx": 1,
1524. "coordinator_idx": 0,
1525. "data": {
1526. "id": "fleet-server-policy",
1527. "outputs": {
1528. "default": {
1529. "type": "elasticsearch",
1530. "hosts": [
1531. "http://localhost:9200"
1532. ]
1533. }
1534. },
1535. "inputs": [],
1536. "revision": 1,
1537. "agent": {
1538. "download": {
1539. "source_uri": "https://artifacts.elastic.co/downloads/"
1540. },
1541. "monitoring": {
1542. "namespace": "default",
1543. "use_output": "default",
1544. "enabled": true,
1545. "logs": true,
1546. "metrics": true
1547. }
1548. },
1549. "output_permissions": {
1550. "default": {
1551. "_elastic_agent_monitoring": {
1552. "indices": [
1553. {
1554. "names": [
1555. "logs-elastic_agent.apm_server-default"
1556. ],
1557. "privileges": [
1558. "auto_configure",
1559. "create_doc"
1560. ]
1561. },
1562. {
1563. "names": [
1564. "metrics-elastic_agent.apm_server-default"
1565. ],
1566. "privileges": [
1567. "auto_configure",
1568. "create_doc"
1569. ]
1570. },
1571. {
1572. "names": [
1573. "logs-elastic_agent.auditbeat-default"
1574. ],
1575. "privileges": [
1576. "auto_configure",
1577. "create_doc"
1578. ]
1579. },
1580. {
1581. "names": [
1582. "metrics-elastic_agent.auditbeat-default"
1583. ],
1584. "privileges": [
1585. "auto_configure",
1586. "create_doc"
1587. ]
1588. },
1589. {
1590. "names": [
1591. "logs-elastic_agent.cloudbeat-default"
1592. ],
1593. "privileges": [
1594. "auto_configure",
1595. "create_doc"
1596. ]
1597. },
1598. {
1599. "names": [
1600. "metrics-elastic_agent.cloudbeat-default"
1601. ],
1602. "privileges": [
1603. "auto_configure",
1604. "create_doc"
1605. ]
1606. },
1607. {
1608. "names": [
1609. "logs-elastic_agent-default"
1610. ],
1611. "privileges": [
1612. "auto_configure",
1613. "create_doc"
1614. ]
1615. },
1616. {
1617. "names": [
1618. "metrics-elastic_agent.elastic_agent-default"
1619. ],
1620. "privileges": [
1621. "auto_configure",
1622. "create_doc"
1623. ]
1624. },
1625. {
1626. "names": [
1627. "metrics-elastic_agent.endpoint_security-default"
1628. ],
1629. "privileges": [
1630. "auto_configure",
1631. "create_doc"
1632. ]
1633. },
1634. {
1635. "names": [
1636. "logs-elastic_agent.endpoint_security-default"
1637. ],
1638. "privileges": [
1639. "auto_configure",
1640. "create_doc"
1641. ]
1642. },
1643. {
1644. "names": [
1645. "logs-elastic_agent.filebeat-default"
1646. ],
1647. "privileges": [
1648. "auto_configure",
1649. "create_doc"
1650. ]
1651. },
1652. {
1653. "names": [
1654. "metrics-elastic_agent.filebeat-default"
1655. ],
1656. "privileges": [
1657. "auto_configure",
1658. "create_doc"
1659. ]
1660. },
1661. {
1662. "names": [
1663. "logs-elastic_agent.fleet_server-default"
1664. ],
1665. "privileges": [
1666. "auto_configure",
1667. "create_doc"
1668. ]
1669. },
1670. {
1671. "names": [
1672. "metrics-elastic_agent.fleet_server-default"
1673. ],
1674. "privileges": [
1675. "auto_configure",
1676. "create_doc"
1677. ]
1678. },
1679. {
1680. "names": [
1681. "logs-elastic_agent.heartbeat-default"
1682. ],
1683. "privileges": [
1684. "auto_configure",
1685. "create_doc"
1686. ]
1687. },
1688. {
1689. "names": [
1690. "metrics-elastic_agent.heartbeat-default"
1691. ],
1692. "privileges": [
1693. "auto_configure",
1694. "create_doc"
1695. ]
1696. },
1697. {
1698. "names": [
1699. "logs-elastic_agent.metricbeat-default"
1700. ],
1701. "privileges": [
1702. "auto_configure",
1703. "create_doc"
1704. ]
1705. },
1706. {
1707. "names": [
1708. "metrics-elastic_agent.metricbeat-default"
1709. ],
1710. "privileges": [
1711. "auto_configure",
1712. "create_doc"
1713. ]
1714. },
1715. {
1716. "names": [
1717. "logs-elastic_agent.osquerybeat-default"
1718. ],
1719. "privileges": [
1720. "auto_configure",
1721. "create_doc"
1722. ]
1723. },
1724. {
1725. "names": [
1726. "metrics-elastic_agent.osquerybeat-default"
1727. ],
1728. "privileges": [
1729. "auto_configure",
1730. "create_doc"
1731. ]
1732. },
1733. {
1734. "names": [
1735. "logs-elastic_agent.packetbeat-default"
1736. ],
1737. "privileges": [
1738. "auto_configure",
1739. "create_doc"
1740. ]
1741. },
1742. {
1743. "names": [
1744. "metrics-elastic_agent.packetbeat-default"
1745. ],
1746. "privileges": [
1747. "auto_configure",
1748. "create_doc"
1749. ]
1750. }
1751. ]
1752. },
1753. "_elastic_agent_checks": {
1754. "cluster": [
1755. "monitor"
1756. ]
1757. }
1758. }
1759. }
1760. },
1761. "policy_id": "fleet-server-policy",
1762. "default_fleet_server": true
1763. }
1764. },
1765. {
1766. "_index": ".fleet-policies-7",
1767. "_id": "d2356447-f51f-4817-83fb-d56f5a00dd67",
1768. "_score": 0.7907857,
1769. "_source": {
1770. "@timestamp": "2022-11-16T15:38:45.894Z",
1771. "revision_idx": 2,
1772. "coordinator_idx": 0,
1773. "data": {
1774. "id": "fleet-server-policy",
1775. "outputs": {
1776. "default": {
1777. "type": "elasticsearch",
1778. "hosts": [
1779. "http://****:9200"
1780. ]
1781. }
1782. },
1783. "inputs": [
1784. {
1785. "id": "fleet-server-fleet_server-fa8e0d60-8e68-4dab-84f1-faff3f2a12c5",
1786. "revision": 1,
1787. "name": "fleet_server-1",
1788. "type": "fleet-server",
1789. "data_stream": {
1790. "namespace": "default"
1791. },
1792. "use_output": "default",
1793. "server": {
1794. "port": 8220,
1795. "host": "0.0.0.0"
1796. },
1797. "meta": {
1798. "package": {
1799. "name": "fleet_server",
1800. "version": "1.2.0"
1801. }
1802. }
1803. },
1804. {
1805. "id": "logfile-system-c7c94db7-48d8-4ccb-935c-e13f6d166860",
1806. "revision": 1,
1807. "name": "system-1",
1808. "type": "logfile",
1809. "data_stream": {
1810. "namespace": "default"
1811. },
1812. "use_output": "default",
1813. "streams": [
1814. {
1815. "id": "logfile-system.auth-c7c94db7-48d8-4ccb-935c-e13f6d166860",
1816. "data_stream": {
1817. "type": "logs",
1818. "dataset": "system.auth"
1819. },
1820. "paths": [
1821. "/var/log/auth.log*",
1822. "/var/log/secure*"
1823. ],
1824. "exclude_files": [
1825. ".gz$"
1826. ],
1827. "multiline": {
1828. "pattern": """^\s""",
1829. "match": "after"
1830. },
1831. "processors": [
1832. {
1833. "add_locale": null
1834. }
1835. ]
1836. },
1837. {
1838. "id": "logfile-system.syslog-c7c94db7-48d8-4ccb-935c-e13f6d166860",
1839. "data_stream": {
1840. "type": "logs",
1841. "dataset": "system.syslog"
1842. },
1843. "paths": [
1844. "/var/log/messages*",
1845. "/var/log/syslog*"
1846. ],
1847. "exclude_files": [
1848. ".gz$"
1849. ],
1850. "multiline": {
1851. "pattern": """^\s""",
1852. "match": "after"
1853. },
1854. "processors": [
1855. {
1856. "add_locale": null
1857. }
1858. ]
1859. }
1860. ],
1861. "meta": {
1862. "package": {
1863. "name": "system",
1864. "version": "1.6.4"
1865. }
1866. }
1867. },
1868. {
1869. "id": "winlog-system-c7c94db7-48d8-4ccb-935c-e13f6d166860",
1870. "revision": 1,
1871. "name": "system-1",
1872. "type": "winlog",
1873. "data_stream": {
1874. "namespace": "default"
1875. },
1876. "use_output": "default",
1877. "streams": [
1878. {
1879. "id": "winlog-system.security-c7c94db7-48d8-4ccb-935c-e13f6d166860",
1880. "data_stream": {
1881. "type": "logs",
1882. "dataset": "system.security"
1883. },
1884. "name": "Security",
1885. "condition": "${host.platform} == 'windows'",
1886. "tags": null
1887. },
1888. {
1889. "id": "winlog-system.application-c7c94db7-48d8-4ccb-935c-e13f6d166860",
1890. "data_stream": {
1891. "type": "logs",
1892. "dataset": "system.application"
1893. },
1894. "name": "Application",
1895. "condition": "${host.platform} == 'windows'",
1896. "ignore_older": "72h",
1897. "tags": null
1898. },
1899. {
1900. "id": "winlog-system.system-c7c94db7-48d8-4ccb-935c-e13f6d166860",
1901. "data_stream": {
1902. "type": "logs",
1903. "dataset": "system.system"
1904. },
1905. "name": "System",
1906. "condition": "${host.platform} == 'windows'",
1907. "tags": null
1908. }
1909. ],
1910. "meta": {
1911. "package": {
1912. "name": "system",
1913. "version": "1.6.4"
1914. }
1915. }
1916. },
1917. {
1918. "id": "system/metrics-system-c7c94db7-48d8-4ccb-935c-e13f6d166860",
1919. "revision": 1,
1920. "name": "system-1",
1921. "type": "system/metrics",
1922. "data_stream": {
1923. "namespace": "default"
1924. },
1925. "use_output": "default",
1926. "streams": [
1927. {
1928. "id": "system/metrics-system.cpu-c7c94db7-48d8-4ccb-935c-e13f6d166860",
1929. "data_stream": {
1930. "type": "metrics",
1931. "dataset": "system.cpu"
1932. },
1933. "metricsets": [
1934. "cpu"
1935. ],
1936. "cpu.metrics": [
1937. "percentages",
1938. "normalized_percentages"
1939. ],
1940. "period": "10s"
1941. },
1942. {
1943. "id": "system/metrics-system.network-c7c94db7-48d8-4ccb-935c-e13f6d166860",
1944. "data_stream": {
1945. "type": "metrics",
1946. "dataset": "system.network"
1947. },
1948. "metricsets": [
1949. "network"
1950. ],
1951. "period": "10s",
1952. "network.interfaces": null
1953. },
1954. {
1955. "id": "system/metrics-system.socket_summary-c7c94db7-48d8-4ccb-935c-e13f6d166860",
1956. "data_stream": {
1957. "type": "metrics",
1958. "dataset": "system.socket_summary"
1959. },
1960. "metricsets": [
1961. "socket_summary"
1962. ],
1963. "period": "10s"
1964. },
1965. {
1966. "id": "system/metrics-system.uptime-c7c94db7-48d8-4ccb-935c-e13f6d166860",
1967. "data_stream": {
1968. "type": "metrics",
1969. "dataset": "system.uptime"
1970. },
1971. "metricsets": [
1972. "uptime"
1973. ],
1974. "period": "10s"
1975. },
1976. {
1977. "id": "system/metrics-system.diskio-c7c94db7-48d8-4ccb-935c-e13f6d166860",
1978. "data_stream": {
1979. "type": "metrics",
1980. "dataset": "system.diskio"
1981. },
1982. "metricsets": [
1983. "diskio"
1984. ],
1985. "diskio.include_devices": null,
1986. "period": "10s"
1987. },
1988. {
1989. "id": "system/metrics-system.memory-c7c94db7-48d8-4ccb-935c-e13f6d166860",
1990. "data_stream": {
1991. "type": "metrics",
1992. "dataset": "system.memory"
1993. },
1994. "metricsets": [
1995. "memory"
1996. ],
1997. "period": "10s"
1998. },
1999. {
2000. "id": "system/metrics-system.fsstat-c7c94db7-48d8-4ccb-935c-e13f6d166860",
2001. "data_stream": {
2002. "type": "metrics",
2003. "dataset": "system.fsstat"
2004. },
2005. "metricsets": [
2006. "fsstat"
2007. ],
2008. "period": "1m",
2009. "processors": [
2010. {
2011. "drop_event.when.regexp": {
2012. "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"
2013. }
2014. }
2015. ]
2016. },
2017. {
2018. "id": "system/metrics-system.filesystem-c7c94db7-48d8-4ccb-935c-e13f6d166860",
2019. "data_stream": {
2020. "type": "metrics",
2021. "dataset": "system.filesystem"
2022. },
2023. "metricsets": [
2024. "filesystem"
2025. ],
2026. "period": "1m",
2027. "processors": [
2028. {
2029. "drop_event.when.regexp": {
2030. "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"
2031. }
2032. }
2033. ]
2034. },
2035. {
2036. "id": "system/metrics-system.process.summary-c7c94db7-48d8-4ccb-935c-e13f6d166860",
2037. "data_stream": {
2038. "type": "metrics",
2039. "dataset": "system.process.summary"
2040. },
2041. "metricsets": [
2042. "process_summary"
2043. ],
2044. "period": "10s"
2045. },
2046. {
2047. "id": "system/metrics-system.process-c7c94db7-48d8-4ccb-935c-e13f6d166860",
2048. "data_stream": {
2049. "type": "metrics",
2050. "dataset": "system.process"
2051. },
2052. "metricsets": [
2053. "process"
2054. ],
2055. "period": "10s",
2056. "process.include_top_n.by_cpu": 5,
2057. "process.include_top_n.by_memory": 5,
2058. "process.cmdline.cache.enabled": true,
2059. "process.cgroups.enabled": false,
2060. "process.include_cpu_ticks": false,
2061. "processes": [
2062. ".*"
2063. ]
2064. },
2065. {
2066. "id": "system/metrics-system.load-c7c94db7-48d8-4ccb-935c-e13f6d166860",
2067. "data_stream": {
2068. "type": "metrics",
2069. "dataset": "system.load"
2070. },
2071. "metricsets": [
2072. "load"
2073. ],
2074. "condition": "${host.platform} != 'windows'",
2075. "period": "10s"
2076. }
2077. ],
2078. "meta": {
2079. "package": {
2080. "name": "system",
2081. "version": "1.6.4"
2082. }
2083. }
2084. }
2085. ],
2086. "revision": 2,
2087. "agent": {
2088. "download": {
2089. "source_uri": "https://artifacts.elastic.co/downloads/"
2090. },
2091. "monitoring": {
2092. "namespace": "default",
2093. "use_output": "default",
2094. "enabled": true,
2095. "logs": true,
2096. "metrics": true
2097. }
2098. },
2099. "output_permissions": {
2100. "default": {
2101. "_elastic_agent_monitoring": {
2102. "indices": [
2103. {
2104. "names": [
2105. "metrics-elastic_agent.filebeat-default"
2106. ],
2107. "privileges": [
2108. "auto_configure",
2109. "create_doc"
2110. ]
2111. },
2112. {
2113. "names": [
2114. "logs-elastic_agent.endpoint_security-default"
2115. ],
2116. "privileges": [
2117. "auto_configure",
2118. "create_doc"
2119. ]
2120. },
2121. {
2122. "names": [
2123. "logs-elastic_agent.cloudbeat-default"
2124. ],
2125. "privileges": [
2126. "auto_configure",
2127. "create_doc"
2128. ]
2129. },
2130. {
2131. "names": [
2132. "metrics-elastic_agent.apm_server-default"
2133. ],
2134. "privileges": [
2135. "auto_configure",
2136. "create_doc"
2137. ]
2138. },
2139. {
2140. "names": [
2141. "logs-elastic_agent.apm_server-default"
2142. ],
2143. "privileges": [
2144. "auto_configure",
2145. "create_doc"
2146. ]
2147. },
2148. {
2149. "names": [
2150. "logs-elastic_agent.fleet_server-default"
2151. ],
2152. "privileges": [
2153. "auto_configure",
2154. "create_doc"
2155. ]
2156. },
2157. {
2158. "names": [
2159. "metrics-elastic_agent.auditbeat-default"
2160. ],
2161. "privileges": [
2162. "auto_configure",
2163. "create_doc"
2164. ]
2165. },
2166. {
2167. "names": [
2168. "logs-elastic_agent.auditbeat-default"
2169. ],
2170. "privileges": [
2171. "auto_configure",
2172. "create_doc"
2173. ]
2174. },
2175. {
2176. "names": [
2177. "logs-elastic_agent.packetbeat-default"
2178. ],
2179. "privileges": [
2180. "auto_configure",
2181. "create_doc"
2182. ]
2183. },
2184. {
2185. "names": [
2186. "logs-elastic_agent-default"
2187. ],
2188. "privileges": [
2189. "auto_configure",
2190. "create_doc"
2191. ]
2192. },
2193. {
2194. "names": [
2195. "logs-elastic_agent.metricbeat-default"
2196. ],
2197. "privileges": [
2198. "auto_configure",
2199. "create_doc"
2200. ]
2201. },
2202. {
2203. "names": [
2204. "logs-elastic_agent.filebeat-default"
2205. ],
2206. "privileges": [
2207. "auto_configure",
2208. "create_doc"
2209. ]
2210. },
2211. {
2212. "names": [
2213. "metrics-elastic_agent.cloudbeat-default"
2214. ],
2215. "privileges": [
2216. "auto_configure",
2217. "create_doc"
2218. ]
2219. },
2220. {
2221. "names": [
2222. "metrics-elastic_agent.metricbeat-default"
2223. ],
2224. "privileges": [
2225. "auto_configure",
2226. "create_doc"
2227. ]
2228. },
2229. {
2230. "names": [
2231. "metrics-elastic_agent.heartbeat-default"
2232. ],
2233. "privileges": [
2234. "auto_configure",
2235. "create_doc"
2236. ]
2237. },
2238. {
2239. "names": [
2240. "metrics-elastic_agent.packetbeat-default"
2241. ],
2242. "privileges": [
2243. "auto_configure",
2244. "create_doc"
2245. ]
2246. },
2247. {
2248. "names": [
2249. "metrics-elastic_agent.fleet_server-default"
2250. ],
2251. "privileges": [
2252. "auto_configure",
2253. "create_doc"
2254. ]
2255. },
2256. {
2257. "names": [
2258. "logs-elastic_agent.heartbeat-default"
2259. ],
2260. "privileges": [
2261. "auto_configure",
2262. "create_doc"
2263. ]
2264. },
2265. {
2266. "names": [
2267. "logs-elastic_agent.osquerybeat-default"
2268. ],
2269. "privileges": [
2270. "auto_configure",
2271. "create_doc"
2272. ]
2273. },
2274. {
2275. "names": [
2276. "metrics-elastic_agent.osquerybeat-default"
2277. ],
2278. "privileges": [
2279. "auto_configure",
2280. "create_doc"
2281. ]
2282. },
2283. {
2284. "names": [
2285. "metrics-elastic_agent.elastic_agent-default"
2286. ],
2287. "privileges": [
2288. "auto_configure",
2289. "create_doc"
2290. ]
2291. },
2292. {
2293. "names": [
2294. "metrics-elastic_agent.endpoint_security-default"
2295. ],
2296. "privileges": [
2297. "auto_configure",
2298. "create_doc"
2299. ]
2300. }
2301. ]
2302. },
2303. "_elastic_agent_checks": {
2304. "cluster": [
2305. "monitor"
2306. ]
2307. },
2308. "c7c94db7-48d8-4ccb-935c-e13f6d166860": {
2309. "indices": [
2310. {
2311. "names": [
2312. "logs-system.auth-default"
2313. ],
2314. "privileges": [
2315. "auto_configure",
2316. "create_doc"
2317. ]
2318. },
2319. {
2320. "names": [
2321. "logs-system.syslog-default"
2322. ],
2323. "privileges": [
2324. "auto_configure",
2325. "create_doc"
2326. ]
2327. },
2328. {
2329. "names": [
2330. "logs-system.security-default"
2331. ],
2332. "privileges": [
2333. "auto_configure",
2334. "create_doc"
2335. ]
2336. },
2337. {
2338. "names": [
2339. "logs-system.application-default"
2340. ],
2341. "privileges": [
2342. "auto_configure",
2343. "create_doc"
2344. ]
2345. },
2346. {
2347. "names": [
2348. "logs-system.system-default"
2349. ],
2350. "privileges": [
2351. "auto_configure",
2352. "create_doc"
2353. ]
2354. },
2355. {
2356. "names": [
2357. "metrics-system.cpu-default"
2358. ],
2359. "privileges": [
2360. "auto_configure",
2361. "create_doc"
2362. ]
2363. },
2364. {
2365. "names": [
2366. "metrics-system.network-default"
2367. ],
2368. "privileges": [
2369. "auto_configure",
2370. "create_doc"
2371. ]
2372. },
2373. {
2374. "names": [
2375. "metrics-system.socket_summary-default"
2376. ],
2377. "privileges": [
2378. "auto_configure",
2379. "create_doc"
2380. ]
2381. },
2382. {
2383. "names": [
2384. "metrics-system.uptime-default"
2385. ],
2386. "privileges": [
2387. "auto_configure",
2388. "create_doc"
2389. ]
2390. },
2391. {
2392. "names": [
2393. "metrics-system.diskio-default"
2394. ],
2395. "privileges": [
2396. "auto_configure",
2397. "create_doc"
2398. ]
2399. },
2400. {
2401. "names": [
2402. "metrics-system.memory-default"
2403. ],
2404. "privileges": [
2405. "auto_configure",
2406. "create_doc"
2407. ]
2408. },
2409. {
2410. "names": [
2411. "metrics-system.fsstat-default"
2412. ],
2413. "privileges": [
2414. "auto_configure",
2415. "create_doc"
2416. ]
2417. },
2418. {
2419. "names": [
2420. "metrics-system.filesystem-default"
2421. ],
2422. "privileges": [
2423. "auto_configure",
2424. "create_doc"
2425. ]
2426. },
2427. {
2428. "names": [
2429. "metrics-system.process.summary-default"
2430. ],
2431. "privileges": [
2432. "auto_configure",
2433. "create_doc"
2434. ]
2435. },
2436. {
2437. "names": [
2438. "metrics-system.process-default"
2439. ],
2440. "privileges": [
2441. "auto_configure",
2442. "create_doc"
2443. ]
2444. },
2445. {
2446. "names": [
2447. "metrics-system.load-default"
2448. ],
2449. "privileges": [
2450. "auto_configure",
2451. "create_doc"
2452. ]
2453. }
2454. ]
2455. }
2456. }
2457. },
2458. "fleet": {
2459. "hosts": [
2460. "https://172.24.54.23:8220"
2461. ]
2462. }
2463. },
2464. "policy_id": "fleet-server-policy",
2465. "default_fleet_server": true
2466. }
2467. },
2468. {
2469. "_index": ".fleet-policies-7",
2470. "_id": "3fb600c8-e541-411e-af61-fe2032360ba8",
2471. "_score": 0.7907857,
2472. "_source": {
2473. "@timestamp": "2022-11-16T15:51:48.767Z",
2474. "revision_idx": 1,
2475. "coordinator_idx": 0,
2476. "data": {
2477. "id": "fleet-server-policy",
2478. "outputs": {
2479. "default": {
2480. "type": "elasticsearch",
2481. "hosts": [
2482. "https://****:9200"
2483. ]
2484. }
2485. },
2486. "inputs": [
2487. {
2488. "id": "fleet-server-fleet_server-7baac62d-e019-4ea3-b23f-7b741cb6fd7f",
2489. "revision": 1,
2490. "name": "fleet_server-1",
2491. "type": "fleet-server",
2492. "data_stream": {
2493. "namespace": "default"
2494. },
2495. "use_output": "default",
2496. "server": {
2497. "port": 8220,
2498. "host": "0.0.0.0"
2499. },
2500. "meta": {
2501. "package": {
2502. "name": "fleet_server",
2503. "version": "1.2.0"
2504. }
2505. }
2506. },
2507. {
2508. "id": "logfile-system-c75cb103-8b4a-453c-9a57-ca351fa69141",
2509. "revision": 1,
2510. "name": "system-1",
2511. "type": "logfile",
2512. "data_stream": {
2513. "namespace": "default"
2514. },
2515. "use_output": "default",
2516. "streams": [
2517. {
2518. "id": "logfile-system.auth-c75cb103-8b4a-453c-9a57-ca351fa69141",
2519. "data_stream": {
2520. "type": "logs",
2521. "dataset": "system.auth"
2522. },
2523. "paths": [
2524. "/var/log/auth.log*",
2525. "/var/log/secure*"
2526. ],
2527. "exclude_files": [
2528. ".gz$"
2529. ],
2530. "multiline": {
2531. "pattern": """^\s""",
2532. "match": "after"
2533. },
2534. "processors": [
2535. {
2536. "add_locale": null
2537. }
2538. ]
2539. },
2540. {
2541. "id": "logfile-system.syslog-c75cb103-8b4a-453c-9a57-ca351fa69141",
2542. "data_stream": {
2543. "type": "logs",
2544. "dataset": "system.syslog"
2545. },
2546. "paths": [
2547. "/var/log/messages*",
2548. "/var/log/syslog*"
2549. ],
2550. "exclude_files": [
2551. ".gz$"
2552. ],
2553. "multiline": {
2554. "pattern": """^\s""",
2555. "match": "after"
2556. },
2557. "processors": [
2558. {
2559. "add_locale": null
2560. }
2561. ]
2562. }
2563. ],
2564. "meta": {
2565. "package": {
2566. "name": "system",
2567. "version": "1.6.4"
2568. }
2569. }
2570. },
2571. {
2572. "id": "winlog-system-c75cb103-8b4a-453c-9a57-ca351fa69141",
2573. "revision": 1,
2574. "name": "system-1",
2575. "type": "winlog",
2576. "data_stream": {
2577. "namespace": "default"
2578. },
2579. "use_output": "default",
2580. "streams": [
2581. {
2582. "id": "winlog-system.security-c75cb103-8b4a-453c-9a57-ca351fa69141",
2583. "data_stream": {
2584. "type": "logs",
2585. "dataset": "system.security"
2586. },
2587. "name": "Security",
2588. "condition": "${host.platform} == 'windows'",
2589. "tags": null
2590. },
2591. {
2592. "id": "winlog-system.application-c75cb103-8b4a-453c-9a57-ca351fa69141",
2593. "data_stream": {
2594. "type": "logs",
2595. "dataset": "system.application"
2596. },
2597. "name": "Application",
2598. "condition": "${host.platform} == 'windows'",
2599. "ignore_older": "72h",
2600. "tags": null
2601. },
2602. {
2603. "id": "winlog-system.system-c75cb103-8b4a-453c-9a57-ca351fa69141",
2604. "data_stream": {
2605. "type": "logs",
2606. "dataset": "system.system"
2607. },
2608. "name": "System",
2609. "condition": "${host.platform} == 'windows'",
2610. "tags": null
2611. }
2612. ],
2613. "meta": {
2614. "package": {
2615. "name": "system",
2616. "version": "1.6.4"
2617. }
2618. }
2619. },
2620. {
2621. "id": "system/metrics-system-c75cb103-8b4a-453c-9a57-ca351fa69141",
2622. "revision": 1,
2623. "name": "system-1",
2624. "type": "system/metrics",
2625. "data_stream": {
2626. "namespace": "default"
2627. },
2628. "use_output": "default",
2629. "streams": [
2630. {
2631. "id": "system/metrics-system.cpu-c75cb103-8b4a-453c-9a57-ca351fa69141",
2632. "data_stream": {
2633. "type": "metrics",
2634. "dataset": "system.cpu"
2635. },
2636. "metricsets": [
2637. "cpu"
2638. ],
2639. "cpu.metrics": [
2640. "percentages",
2641. "normalized_percentages"
2642. ],
2643. "period": "10s"
2644. },
2645. {
2646. "id": "system/metrics-system.network-c75cb103-8b4a-453c-9a57-ca351fa69141",
2647. "data_stream": {
2648. "type": "metrics",
2649. "dataset": "system.network"
2650. },
2651. "metricsets": [
2652. "network"
2653. ],
2654. "period": "10s",
2655. "network.interfaces": null
2656. },
2657. {
2658. "id": "system/metrics-system.socket_summary-c75cb103-8b4a-453c-9a57-ca351fa69141",
2659. "data_stream": {
2660. "type": "metrics",
2661. "dataset": "system.socket_summary"
2662. },
2663. "metricsets": [
2664. "socket_summary"
2665. ],
2666. "period": "10s"
2667. },
2668. {
2669. "id": "system/metrics-system.uptime-c75cb103-8b4a-453c-9a57-ca351fa69141",
2670. "data_stream": {
2671. "type": "metrics",
2672. "dataset": "system.uptime"
2673. },
2674. "metricsets": [
2675. "uptime"
2676. ],
2677. "period": "10s"
2678. },
2679. {
2680. "id": "system/metrics-system.diskio-c75cb103-8b4a-453c-9a57-ca351fa69141",
2681. "data_stream": {
2682. "type": "metrics",
2683. "dataset": "system.diskio"
2684. },
2685. "metricsets": [
2686. "diskio"
2687. ],
2688. "diskio.include_devices": null,
2689. "period": "10s"
2690. },
2691. {
2692. "id": "system/metrics-system.memory-c75cb103-8b4a-453c-9a57-ca351fa69141",
2693. "data_stream": {
2694. "type": "metrics",
2695. "dataset": "system.memory"
2696. },
2697. "metricsets": [
2698. "memory"
2699. ],
2700. "period": "10s"
2701. },
2702. {
2703. "id": "system/metrics-system.fsstat-c75cb103-8b4a-453c-9a57-ca351fa69141",
2704. "data_stream": {
2705. "type": "metrics",
2706. "dataset": "system.fsstat"
2707. },
2708. "metricsets": [
2709. "fsstat"
2710. ],
2711. "period": "1m",
2712. "processors": [
2713. {
2714. "drop_event.when.regexp": {
2715. "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"
2716. }
2717. }
2718. ]
2719. },
2720. {
2721. "id": "system/metrics-system.filesystem-c75cb103-8b4a-453c-9a57-ca351fa69141",
2722. "data_stream": {
2723. "type": "metrics",
2724. "dataset": "system.filesystem"
2725. },
2726. "metricsets": [
2727. "filesystem"
2728. ],
2729. "period": "1m",
2730. "processors": [
2731. {
2732. "drop_event.when.regexp": {
2733. "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"
2734. }
2735. }
2736. ]
2737. },
2738. {
2739. "id": "system/metrics-system.process.summary-c75cb103-8b4a-453c-9a57-ca351fa69141",
2740. "data_stream": {
2741. "type": "metrics",
2742. "dataset": "system.process.summary"
2743. },
2744. "metricsets": [
2745. "process_summary"
2746. ],
2747. "period": "10s"
2748. },
2749. {
2750. "id": "system/metrics-system.process-c75cb103-8b4a-453c-9a57-ca351fa69141",
2751. "data_stream": {
2752. "type": "metrics",
2753. "dataset": "system.process"
2754. },
2755. "metricsets": [
2756. "process"
2757. ],
2758. "period": "10s",
2759. "process.include_top_n.by_cpu": 5,
2760. "process.include_top_n.by_memory": 5,
2761. "process.cmdline.cache.enabled": true,
2762. "process.cgroups.enabled": false,
2763. "process.include_cpu_ticks": false,
2764. "processes": [
2765. ".*"
2766. ]
2767. },
2768. {
2769. "id": "system/metrics-system.load-c75cb103-8b4a-453c-9a57-ca351fa69141",
2770. "data_stream": {
2771. "type": "metrics",
2772. "dataset": "system.load"
2773. },
2774. "metricsets": [
2775. "load"
2776. ],
2777. "condition": "${host.platform} != 'windows'",
2778. "period": "10s"
2779. }
2780. ],
2781. "meta": {
2782. "package": {
2783. "name": "system",
2784. "version": "1.6.4"
2785. }
2786. }
2787. }
2788. ],
2789. "revision": 1,
2790. "agent": {
2791. "download": {
2792. "source_uri": "https://artifacts.elastic.co/downloads/"
2793. },
2794. "monitoring": {
2795. "namespace": "default",
2796. "use_output": "default",
2797. "enabled": true,
2798. "logs": true,
2799. "metrics": true
2800. }
2801. },
2802. "output_permissions": {
2803. "default": {
2804. "_elastic_agent_monitoring": {
2805. "indices": [
2806. {
2807. "names": [
2808. "metrics-elastic_agent.elastic_agent-default"
2809. ],
2810. "privileges": [
2811. "auto_configure",
2812. "create_doc"
2813. ]
2814. },
2815. {
2816. "names": [
2817. "logs-elastic_agent.auditbeat-default"
2818. ],
2819. "privileges": [
2820. "auto_configure",
2821. "create_doc"
2822. ]
2823. },
2824. {
2825. "names": [
2826. "metrics-elastic_agent.apm_server-default"
2827. ],
2828. "privileges": [
2829. "auto_configure",
2830. "create_doc"
2831. ]
2832. },
2833. {
2834. "names": [
2835. "logs-elastic_agent.cloudbeat-default"
2836. ],
2837. "privileges": [
2838. "auto_configure",
2839. "create_doc"
2840. ]
2841. },
2842. {
2843. "names": [
2844. "logs-elastic_agent.apm_server-default"
2845. ],
2846. "privileges": [
2847. "auto_configure",
2848. "create_doc"
2849. ]
2850. },
2851. {
2852. "names": [
2853. "metrics-elastic_agent.fleet_server-default"
2854. ],
2855. "privileges": [
2856. "auto_configure",
2857. "create_doc"
2858. ]
2859. },
2860. {
2861. "names": [
2862. "metrics-elastic_agent.osquerybeat-default"
2863. ],
2864. "privileges": [
2865. "auto_configure",
2866. "create_doc"
2867. ]
2868. },
2869. {
2870. "names": [
2871. "metrics-elastic_agent.cloudbeat-default"
2872. ],
2873. "privileges": [
2874. "auto_configure",
2875. "create_doc"
2876. ]
2877. },
2878. {
2879. "names": [
2880. "logs-elastic_agent.filebeat-default"
2881. ],
2882. "privileges": [
2883. "auto_configure",
2884. "create_doc"
2885. ]
2886. },
2887. {
2888. "names": [
2889. "metrics-elastic_agent.auditbeat-default"
2890. ],
2891. "privileges": [
2892. "auto_configure",
2893. "create_doc"
2894. ]
2895. },
2896. {
2897. "names": [
2898. "logs-elastic_agent.endpoint_security-default"
2899. ],
2900. "privileges": [
2901. "auto_configure",
2902. "create_doc"
2903. ]
2904. },
2905. {
2906. "names": [
2907. "metrics-elastic_agent.packetbeat-default"
2908. ],
2909. "privileges": [
2910. "auto_configure",
2911. "create_doc"
2912. ]
2913. },
2914. {
2915. "names": [
2916. "metrics-elastic_agent.filebeat-default"
2917. ],
2918. "privileges": [
2919. "auto_configure",
2920. "create_doc"
2921. ]
2922. },
2923. {
2924. "names": [
2925. "metrics-elastic_agent.endpoint_security-default"
2926. ],
2927. "privileges": [
2928. "auto_configure",
2929. "create_doc"
2930. ]
2931. },
2932. {
2933. "names": [
2934. "logs-elastic_agent.packetbeat-default"
2935. ],
2936. "privileges": [
2937. "auto_configure",
2938. "create_doc"
2939. ]
2940. },
2941. {
2942. "names": [
2943. "logs-elastic_agent.metricbeat-default"
2944. ],
2945. "privileges": [
2946. "auto_configure",
2947. "create_doc"
2948. ]
2949. },
2950. {
2951. "names": [
2952. "logs-elastic_agent.heartbeat-default"
2953. ],
2954. "privileges": [
2955. "auto_configure",
2956. "create_doc"
2957. ]
2958. },
2959. {
2960. "names": [
2961. "logs-elastic_agent-default"
2962. ],
2963. "privileges": [
2964. "auto_configure",
2965. "create_doc"
2966. ]
2967. },
2968. {
2969. "names": [
2970. "logs-elastic_agent.fleet_server-default"
2971. ],
2972. "privileges": [
2973. "auto_configure",
2974. "create_doc"
2975. ]
2976. },
2977. {
2978. "names": [
2979. "metrics-elastic_agent.heartbeat-default"
2980. ],
2981. "privileges": [
2982. "auto_configure",
2983. "create_doc"
2984. ]
2985. },
2986. {
2987. "names": [
2988. "metrics-elastic_agent.metricbeat-default"
2989. ],
2990. "privileges": [
2991. "auto_configure",
2992. "create_doc"
2993. ]
2994. },
2995. {
2996. "names": [
2997. "logs-elastic_agent.osquerybeat-default"
2998. ],
2999. "privileges": [
3000. "auto_configure",
3001. "create_doc"
3002. ]
3003. }
3004. ]
3005. },
3006. "_elastic_agent_checks": {
3007. "cluster": [
3008. "monitor"
3009. ]
3010. },
3011. "c75cb103-8b4a-453c-9a57-ca351fa69141": {
3012. "indices": [
3013. {
3014. "names": [
3015. "logs-system.auth-default"
3016. ],
3017. "privileges": [
3018. "auto_configure",
3019. "create_doc"
3020. ]
3021. },
3022. {
3023. "names": [
3024. "logs-system.syslog-default"
3025. ],
3026. "privileges": [
3027. "auto_configure",
3028. "create_doc"
3029. ]
3030. },
3031. {
3032. "names": [
3033. "logs-system.security-default"
3034. ],
3035. "privileges": [
3036. "auto_configure",
3037. "create_doc"
3038. ]
3039. },
3040. {
3041. "names": [
3042. "logs-system.application-default"
3043. ],
3044. "privileges": [
3045. "auto_configure",
3046. "create_doc"
3047. ]
3048. },
3049. {
3050. "names": [
3051. "logs-system.system-default"
3052. ],
3053. "privileges": [
3054. "auto_configure",
3055. "create_doc"
3056. ]
3057. },
3058. {
3059. "names": [
3060. "metrics-system.cpu-default"
3061. ],
3062. "privileges": [
3063. "auto_configure",
3064. "create_doc"
3065. ]
3066. },
3067. {
3068. "names": [
3069. "metrics-system.network-default"
3070. ],
3071. "privileges": [
3072. "auto_configure",
3073. "create_doc"
3074. ]
3075. },
3076. {
3077. "names": [
3078. "metrics-system.socket_summary-default"
3079. ],
3080. "privileges": [
3081. "auto_configure",
3082. "create_doc"
3083. ]
3084. },
3085. {
3086. "names": [
3087. "metrics-system.uptime-default"
3088. ],
3089. "privileges": [
3090. "auto_configure",
3091. "create_doc"
3092. ]
3093. },
3094. {
3095. "names": [
3096. "metrics-system.diskio-default"
3097. ],
3098. "privileges": [
3099. "auto_configure",
3100. "create_doc"
3101. ]
3102. },
3103. {
3104. "names": [
3105. "metrics-system.memory-default"
3106. ],
3107. "privileges": [
3108. "auto_configure",
3109. "create_doc"
3110. ]
3111. },
3112. {
3113. "names": [
3114. "metrics-system.fsstat-default"
3115. ],
3116. "privileges": [
3117. "auto_configure",
3118. "create_doc"
3119. ]
3120. },
3121. {
3122. "names": [
3123. "metrics-system.filesystem-default"
3124. ],
3125. "privileges": [
3126. "auto_configure",
3127. "create_doc"
3128. ]
3129. },
3130. {
3131. "names": [
3132. "metrics-system.process.summary-default"
3133. ],
3134. "privileges": [
3135. "auto_configure",
3136. "create_doc"
3137. ]
3138. },
3139. {
3140. "names": [
3141. "metrics-system.process-default"
3142. ],
3143. "privileges": [
3144. "auto_configure",
3145. "create_doc"
3146. ]
3147. },
3148. {
3149. "names": [
3150. "metrics-system.load-default"
3151. ],
3152. "privileges": [
3153. "auto_configure",
3154. "create_doc"
3155. ]
3156. }
3157. ]
3158. }
3159. }
3160. },
3161. "fleet": {
3162. "hosts": [
3163. "https://172.24.54.23:8220"
3164. ]
3165. }
3166. },
3167. "policy_id": "fleet-server-policy",
3168. "default_fleet_server": true
3169. }
3170. },
3171. {
3172. "_index": ".fleet-policies-7",
3173. "_id": "bf8b4145-ee98-415e-8579-7afdb1fa37f0",
3174. "_score": 0.7907857,
3175. "_source": {
3176. "@timestamp": "2022-11-16T15:17:29.142Z",
3177. "revision_idx": 1,
3178. "coordinator_idx": 0,
3179. "data": {
3180. "id": "fleet-server-policy",
3181. "outputs": {
3182. "default": {
3183. "type": "elasticsearch",
3184. "hosts": [
3185. "http://localhost:9200"
3186. ]
3187. }
3188. },
3189. "inputs": [
3190. {
3191. "id": "fleet-server-fleet_server-fa8e0d60-8e68-4dab-84f1-faff3f2a12c5",
3192. "revision": 1,
3193. "name": "fleet_server-1",
3194. "type": "fleet-server",
3195. "data_stream": {
3196. "namespace": "default"
3197. },
3198. "use_output": "default",
3199. "server": {
3200. "port": 8220,
3201. "host": "0.0.0.0"
3202. },
3203. "meta": {
3204. "package": {
3205. "name": "fleet_server",
3206. "version": "1.2.0"
3207. }
3208. }
3209. },
3210. {
3211. "id": "logfile-system-c7c94db7-48d8-4ccb-935c-e13f6d166860",
3212. "revision": 1,
3213. "name": "system-1",
3214. "type": "logfile",
3215. "data_stream": {
3216. "namespace": "default"
3217. },
3218. "use_output": "default",
3219. "streams": [
3220. {
3221. "id": "logfile-system.auth-c7c94db7-48d8-4ccb-935c-e13f6d166860",
3222. "data_stream": {
3223. "type": "logs",
3224. "dataset": "system.auth"
3225. },
3226. "paths": [
3227. "/var/log/auth.log*",
3228. "/var/log/secure*"
3229. ],
3230. "exclude_files": [
3231. ".gz$"
3232. ],
3233. "multiline": {
3234. "pattern": """^\s""",
3235. "match": "after"
3236. },
3237. "processors": [
3238. {
3239. "add_locale": null
3240. }
3241. ]
3242. },
3243. {
3244. "id": "logfile-system.syslog-c7c94db7-48d8-4ccb-935c-e13f6d166860",
3245. "data_stream": {
3246. "type": "logs",
3247. "dataset": "system.syslog"
3248. },
3249. "paths": [
3250. "/var/log/messages*",
3251. "/var/log/syslog*"
3252. ],
3253. "exclude_files": [
3254. ".gz$"
3255. ],
3256. "multiline": {
3257. "pattern": """^\s""",
3258. "match": "after"
3259. },
3260. "processors": [
3261. {
3262. "add_locale": null
3263. }
3264. ]
3265. }
3266. ],
3267. "meta": {
3268. "package": {
3269. "name": "system",
3270. "version": "1.6.4"
3271. }
3272. }
3273. },
3274. {
3275. "id": "winlog-system-c7c94db7-48d8-4ccb-935c-e13f6d166860",
3276. "revision": 1,
3277. "name": "system-1",
3278. "type": "winlog",
3279. "data_stream": {
3280. "namespace": "default"
3281. },
3282. "use_output": "default",
3283. "streams": [
3284. {
3285. "id": "winlog-system.security-c7c94db7-48d8-4ccb-935c-e13f6d166860",
3286. "data_stream": {
3287. "type": "logs",
3288. "dataset": "system.security"
3289. },
3290. "name": "Security",
3291. "condition": "${host.platform} == 'windows'",
3292. "tags": null
3293. },
3294. {
3295. "id": "winlog-system.application-c7c94db7-48d8-4ccb-935c-e13f6d166860",
3296. "data_stream": {
3297. "type": "logs",
3298. "dataset": "system.application"
3299. },
3300. "name": "Application",
3301. "condition": "${host.platform} == 'windows'",
3302. "ignore_older": "72h",
3303. "tags": null
3304. },
3305. {
3306. "id": "winlog-system.system-c7c94db7-48d8-4ccb-935c-e13f6d166860",
3307. "data_stream": {
3308. "type": "logs",
3309. "dataset": "system.system"
3310. },
3311. "name": "System",
3312. "condition": "${host.platform} == 'windows'",
3313. "tags": null
3314. }
3315. ],
3316. "meta": {
3317. "package": {
3318. "name": "system",
3319. "version": "1.6.4"
3320. }
3321. }
3322. },
3323. {
3324. "id": "system/metrics-system-c7c94db7-48d8-4ccb-935c-e13f6d166860",
3325. "revision": 1,
3326. "name": "system-1",
3327. "type": "system/metrics",
3328. "data_stream": {
3329. "namespace": "default"
3330. },
3331. "use_output": "default",
3332. "streams": [
3333. {
3334. "id": "system/metrics-system.cpu-c7c94db7-48d8-4ccb-935c-e13f6d166860",
3335. "data_stream": {
3336. "type": "metrics",
3337. "dataset": "system.cpu"
3338. },
3339. "metricsets": [
3340. "cpu"
3341. ],
3342. "cpu.metrics": [
3343. "percentages",
3344. "normalized_percentages"
3345. ],
3346. "period": "10s"
3347. },
3348. {
3349. "id": "system/metrics-system.network-c7c94db7-48d8-4ccb-935c-e13f6d166860",
3350. "data_stream": {
3351. "type": "metrics",
3352. "dataset": "system.network"
3353. },
3354. "metricsets": [
3355. "network"
3356. ],
3357. "period": "10s",
3358. "network.interfaces": null
3359. },
3360. {
3361. "id": "system/metrics-system.socket_summary-c7c94db7-48d8-4ccb-935c-e13f6d166860",
3362. "data_stream": {
3363. "type": "metrics",
3364. "dataset": "system.socket_summary"
3365. },
3366. "metricsets": [
3367. "socket_summary"
3368. ],
3369. "period": "10s"
3370. },
3371. {
3372. "id": "system/metrics-system.uptime-c7c94db7-48d8-4ccb-935c-e13f6d166860",
3373. "data_stream": {
3374. "type": "metrics",
3375. "dataset": "system.uptime"
3376. },
3377. "metricsets": [
3378. "uptime"
3379. ],
3380. "period": "10s"
3381. },
3382. {
3383. "id": "system/metrics-system.diskio-c7c94db7-48d8-4ccb-935c-e13f6d166860",
3384. "data_stream": {
3385. "type": "metrics",
3386. "dataset": "system.diskio"
3387. },
3388. "metricsets": [
3389. "diskio"
3390. ],
3391. "diskio.include_devices": null,
3392. "period": "10s"
3393. },
3394. {
3395. "id": "system/metrics-system.memory-c7c94db7-48d8-4ccb-935c-e13f6d166860",
3396. "data_stream": {
3397. "type": "metrics",
3398. "dataset": "system.memory"
3399. },
3400. "metricsets": [
3401. "memory"
3402. ],
3403. "period": "10s"
3404. },
3405. {
3406. "id": "system/metrics-system.fsstat-c7c94db7-48d8-4ccb-935c-e13f6d166860",
3407. "data_stream": {
3408. "type": "metrics",
3409. "dataset": "system.fsstat"
3410. },
3411. "metricsets": [
3412. "fsstat"
3413. ],
3414. "period": "1m",
3415. "processors": [
3416. {
3417. "drop_event.when.regexp": {
3418. "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"
3419. }
3420. }
3421. ]
3422. },
3423. {
3424. "id": "system/metrics-system.filesystem-c7c94db7-48d8-4ccb-935c-e13f6d166860",
3425. "data_stream": {
3426. "type": "metrics",
3427. "dataset": "system.filesystem"
3428. },
3429. "metricsets": [
3430. "filesystem"
3431. ],
3432. "period": "1m",
3433. "processors": [
3434. {
3435. "drop_event.when.regexp": {
3436. "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"
3437. }
3438. }
3439. ]
3440. },
3441. {
3442. "id": "system/metrics-system.process.summary-c7c94db7-48d8-4ccb-935c-e13f6d166860",
3443. "data_stream": {
3444. "type": "metrics",
3445. "dataset": "system.process.summary"
3446. },
3447. "metricsets": [
3448. "process_summary"
3449. ],
3450. "period": "10s"
3451. },
3452. {
3453. "id": "system/metrics-system.process-c7c94db7-48d8-4ccb-935c-e13f6d166860",
3454. "data_stream": {
3455. "type": "metrics",
3456. "dataset": "system.process"
3457. },
3458. "metricsets": [
3459. "process"
3460. ],
3461. "period": "10s",
3462. "process.include_top_n.by_cpu": 5,
3463. "process.include_top_n.by_memory": 5,
3464. "process.cmdline.cache.enabled": true,
3465. "process.cgroups.enabled": false,
3466. "process.include_cpu_ticks": false,
3467. "processes": [
3468. ".*"
3469. ]
3470. },
3471. {
3472. "id": "system/metrics-system.load-c7c94db7-48d8-4ccb-935c-e13f6d166860",
3473. "data_stream": {
3474. "type": "metrics",
3475. "dataset": "system.load"
3476. },
3477. "metricsets": [
3478. "load"
3479. ],
3480. "condition": "${host.platform} != 'windows'",
3481. "period": "10s"
3482. }
3483. ],
3484. "meta": {
3485. "package": {
3486. "name": "system",
3487. "version": "1.6.4"
3488. }
3489. }
3490. }
3491. ],
3492. "revision": 1,
3493. "agent": {
3494. "download": {
3495. "source_uri": "https://artifacts.elastic.co/downloads/"
3496. },
3497. "monitoring": {
3498. "namespace": "default",
3499. "use_output": "default",
3500. "enabled": true,
3501. "logs": true,
3502. "metrics": true
3503. }
3504. },
3505. "output_permissions": {
3506. "default": {
3507. "_elastic_agent_monitoring": {
3508. "indices": [
3509. {
3510. "names": [
3511. "metrics-elastic_agent.elastic_agent-default"
3512. ],
3513. "privileges": [
3514. "auto_configure",
3515. "create_doc"
3516. ]
3517. },
3518. {
3519. "names": [
3520. "logs-elastic_agent.auditbeat-default"
3521. ],
3522. "privileges": [
3523. "auto_configure",
3524. "create_doc"
3525. ]
3526. },
3527. {
3528. "names": [
3529. "metrics-elastic_agent.apm_server-default"
3530. ],
3531. "privileges": [
3532. "auto_configure",
3533. "create_doc"
3534. ]
3535. },
3536. {
3537. "names": [
3538. "logs-elastic_agent.cloudbeat-default"
3539. ],
3540. "privileges": [
3541. "auto_configure",
3542. "create_doc"
3543. ]
3544. },
3545. {
3546. "names": [
3547. "logs-elastic_agent.apm_server-default"
3548. ],
3549. "privileges": [
3550. "auto_configure",
3551. "create_doc"
3552. ]
3553. },
3554. {
3555. "names": [
3556. "metrics-elastic_agent.fleet_server-default"
3557. ],
3558. "privileges": [
3559. "auto_configure",
3560. "create_doc"
3561. ]
3562. },
3563. {
3564. "names": [
3565. "metrics-elastic_agent.osquerybeat-default"
3566. ],
3567. "privileges": [
3568. "auto_configure",
3569. "create_doc"
3570. ]
3571. },
3572. {
3573. "names": [
3574. "metrics-elastic_agent.cloudbeat-default"
3575. ],
3576. "privileges": [
3577. "auto_configure",
3578. "create_doc"
3579. ]
3580. },
3581. {
3582. "names": [
3583. "logs-elastic_agent.filebeat-default"
3584. ],
3585. "privileges": [
3586. "auto_configure",
3587. "create_doc"
3588. ]
3589. },
3590. {
3591. "names": [
3592. "metrics-elastic_agent.auditbeat-default"
3593. ],
3594. "privileges": [
3595. "auto_configure",
3596. "create_doc"
3597. ]
3598. },
3599. {
3600. "names": [
3601. "logs-elastic_agent.endpoint_security-default"
3602. ],
3603. "privileges": [
3604. "auto_configure",
3605. "create_doc"
3606. ]
3607. },
3608. {
3609. "names": [
3610. "metrics-elastic_agent.packetbeat-default"
3611. ],
3612. "privileges": [
3613. "auto_configure",
3614. "create_doc"
3615. ]
3616. },
3617. {
3618. "names": [
3619. "metrics-elastic_agent.filebeat-default"
3620. ],
3621. "privileges": [
3622. "auto_configure",
3623. "create_doc"
3624. ]
3625. },
3626. {
3627. "names": [
3628. "metrics-elastic_agent.endpoint_security-default"
3629. ],
3630. "privileges": [
3631. "auto_configure",
3632. "create_doc"
3633. ]
3634. },
3635. {
3636. "names": [
3637. "logs-elastic_agent.packetbeat-default"
3638. ],
3639. "privileges": [
3640. "auto_configure",
3641. "create_doc"
3642. ]
3643. },
3644. {
3645. "names": [
3646. "logs-elastic_agent.metricbeat-default"
3647. ],
3648. "privileges": [
3649. "auto_configure",
3650. "create_doc"
3651. ]
3652. },
3653. {
3654. "names": [
3655. "logs-elastic_agent.heartbeat-default"
3656. ],
3657. "privileges": [
3658. "auto_configure",
3659. "create_doc"
3660. ]
3661. },
3662. {
3663. "names": [
3664. "logs-elastic_agent-default"
3665. ],
3666. "privileges": [
3667. "auto_configure",
3668. "create_doc"
3669. ]
3670. },
3671. {
3672. "names": [
3673. "logs-elastic_agent.fleet_server-default"
3674. ],
3675. "privileges": [
3676. "auto_configure",
3677. "create_doc"
3678. ]
3679. },
3680. {
3681. "names": [
3682. "metrics-elastic_agent.heartbeat-default"
3683. ],
3684. "privileges": [
3685. "auto_configure",
3686. "create_doc"
3687. ]
3688. },
3689. {
3690. "names": [
3691. "metrics-elastic_agent.metricbeat-default"
3692. ],
3693. "privileges": [
3694. "auto_configure",
3695. "create_doc"
3696. ]
3697. },
3698. {
3699. "names": [
3700. "logs-elastic_agent.osquerybeat-default"
3701. ],
3702. "privileges": [
3703. "auto_configure",
3704. "create_doc"
3705. ]
3706. }
3707. ]
3708. },
3709. "_elastic_agent_checks": {
3710. "cluster": [
3711. "monitor"
3712. ]
3713. },
3714. "c7c94db7-48d8-4ccb-935c-e13f6d166860": {
3715. "indices": [
3716. {
3717. "names": [
3718. "logs-system.auth-default"
3719. ],
3720. "privileges": [
3721. "auto_configure",
3722. "create_doc"
3723. ]
3724. },
3725. {
3726. "names": [
3727. "logs-system.syslog-default"
3728. ],
3729. "privileges": [
3730. "auto_configure",
3731. "create_doc"
3732. ]
3733. },
3734. {
3735. "names": [
3736. "logs-system.security-default"
3737. ],
3738. "privileges": [
3739. "auto_configure",
3740. "create_doc"
3741. ]
3742. },
3743. {
3744. "names": [
3745. "logs-system.application-default"
3746. ],
3747. "privileges": [
3748. "auto_configure",
3749. "create_doc"
3750. ]
3751. },
3752. {
3753. "names": [
3754. "logs-system.system-default"
3755. ],
3756. "privileges": [
3757. "auto_configure",
3758. "create_doc"
3759. ]
3760. },
3761. {
3762. "names": [
3763. "metrics-system.cpu-default"
3764. ],
3765. "privileges": [
3766. "auto_configure",
3767. "create_doc"
3768. ]
3769. },
3770. {
3771. "names": [
3772. "metrics-system.network-default"
3773. ],
3774. "privileges": [
3775. "auto_configure",
3776. "create_doc"
3777. ]
3778. },
3779. {
3780. "names": [
3781. "metrics-system.socket_summary-default"
3782. ],
3783. "privileges": [
3784. "auto_configure",
3785. "create_doc"
3786. ]
3787. },
3788. {
3789. "names": [
3790. "metrics-system.uptime-default"
3791. ],
3792. "privileges": [
3793. "auto_configure",
3794. "create_doc"
3795. ]
3796. },
3797. {
3798. "names": [
3799. "metrics-system.diskio-default"
3800. ],
3801. "privileges": [
3802. "auto_configure",
3803. "create_doc"
3804. ]
3805. },
3806. {
3807. "names": [
3808. "metrics-system.memory-default"
3809. ],
3810. "privileges": [
3811. "auto_configure",
3812. "create_doc"
3813. ]
3814. },
3815. {
3816. "names": [
3817. "metrics-system.fsstat-default"
3818. ],
3819. "privileges": [
3820. "auto_configure",
3821. "create_doc"
3822. ]
3823. },
3824. {
3825. "names": [
3826. "metrics-system.filesystem-default"
3827. ],
3828. "privileges": [
3829. "auto_configure",
3830. "create_doc"
3831. ]
3832. },
3833. {
3834. "names": [
3835. "metrics-system.process.summary-default"
3836. ],
3837. "privileges": [
3838. "auto_configure",
3839. "create_doc"
3840. ]
3841. },
3842. {
3843. "names": [
3844. "metrics-system.process-default"
3845. ],
3846. "privileges": [
3847. "auto_configure",
3848. "create_doc"
3849. ]
3850. },
3851. {
3852. "names": [
3853. "metrics-system.load-default"
3854. ],
3855. "privileges": [
3856. "auto_configure",
3857. "create_doc"
3858. ]
3859. }
3860. ]
3861. }
3862. }
3863. },
3864. "fleet": {
3865. "hosts": [
3866. "https://172.24.54.23:8220"
3867. ]
3868. }
3869. },
3870. "policy_id": "fleet-server-policy",
3871. "default_fleet_server": true
3872. }
3873. },
3874. {
3875. "_index": ".fleet-policies-7",
3876. "_id": "e3c8381d-077a-4bb3-9365-30c78f2d375c",
3877. "_score": 0.7907857,
3878. "_source": {
3879. "@timestamp": "2022-11-16T15:42:55.092Z",
3880. "revision_idx": 3,
3881. "coordinator_idx": 0,
3882. "data": {
3883. "id": "fleet-server-policy",
3884. "outputs": {
3885. "default": {
3886. "type": "elasticsearch",
3887. "hosts": [
3888. "https://****:9200"
3889. ]
3890. }
3891. },
3892. "inputs": [
3893. {
3894. "id": "fleet-server-fleet_server-fa8e0d60-8e68-4dab-84f1-faff3f2a12c5",
3895. "revision": 1,
3896. "name": "fleet_server-1",
3897. "type": "fleet-server",
3898. "data_stream": {
3899. "namespace": "default"
3900. },
3901. "use_output": "default",
3902. "server": {
3903. "port": 8220,
3904. "host": "0.0.0.0"
3905. },
3906. "meta": {
3907. "package": {
3908. "name": "fleet_server",
3909. "version": "1.2.0"
3910. }
3911. }
3912. },
3913. {
3914. "id": "logfile-system-c7c94db7-48d8-4ccb-935c-e13f6d166860",
3915. "revision": 1,
3916. "name": "system-1",
3917. "type": "logfile",
3918. "data_stream": {
3919. "namespace": "default"
3920. },
3921. "use_output": "default",
3922. "streams": [
3923. {
3924. "id": "logfile-system.auth-c7c94db7-48d8-4ccb-935c-e13f6d166860",
3925. "data_stream": {
3926. "type": "logs",
3927. "dataset": "system.auth"
3928. },
3929. "paths": [
3930. "/var/log/auth.log*",
3931. "/var/log/secure*"
3932. ],
3933. "exclude_files": [
3934. ".gz$"
3935. ],
3936. "multiline": {
3937. "pattern": """^\s""",
3938. "match": "after"
3939. },
3940. "processors": [
3941. {
3942. "add_locale": null
3943. }
3944. ]
3945. },
3946. {
3947. "id": "logfile-system.syslog-c7c94db7-48d8-4ccb-935c-e13f6d166860",
3948. "data_stream": {
3949. "type": "logs",
3950. "dataset": "system.syslog"
3951. },
3952. "paths": [
3953. "/var/log/messages*",
3954. "/var/log/syslog*"
3955. ],
3956. "exclude_files": [
3957. ".gz$"
3958. ],
3959. "multiline": {
3960. "pattern": """^\s""",
3961. "match": "after"
3962. },
3963. "processors": [
3964. {
3965. "add_locale": null
3966. }
3967. ]
3968. }
3969. ],
3970. "meta": {
3971. "package": {
3972. "name": "system",
3973. "version": "1.6.4"
3974. }
3975. }
3976. },
3977. {
3978. "id": "winlog-system-c7c94db7-48d8-4ccb-935c-e13f6d166860",
3979. "revision": 1,
3980. "name": "system-1",
3981. "type": "winlog",
3982. "data_stream": {
3983. "namespace": "default"
3984. },
3985. "use_output": "default",
3986. "streams": [
3987. {
3988. "id": "winlog-system.security-c7c94db7-48d8-4ccb-935c-e13f6d166860",
3989. "data_stream": {
3990. "type": "logs",
3991. "dataset": "system.security"
3992. },
3993. "name": "Security",
3994. "condition": "${host.platform} == 'windows'",
3995. "tags": null
3996. },
3997. {
3998. "id": "winlog-system.application-c7c94db7-48d8-4ccb-935c-e13f6d166860",
3999. "data_stream": {
4000. "type": "logs",
4001. "dataset": "system.application"
4002. },
4003. "name": "Application",
4004. "condition": "${host.platform} == 'windows'",
4005. "ignore_older": "72h",
4006. "tags": null
4007. },
4008. {
4009. "id": "winlog-system.system-c7c94db7-48d8-4ccb-935c-e13f6d166860",
4010. "data_stream": {
4011. "type": "logs",
4012. "dataset": "system.system"
4013. },
4014. "name": "System",
4015. "condition": "${host.platform} == 'windows'",
4016. "tags": null
4017. }
4018. ],
4019. "meta": {
4020. "package": {
4021. "name": "system",
4022. "version": "1.6.4"
4023. }
4024. }
4025. },
4026. {
4027. "id": "system/metrics-system-c7c94db7-48d8-4ccb-935c-e13f6d166860",
4028. "revision": 1,
4029. "name": "system-1",
4030. "type": "system/metrics",
4031. "data_stream": {
4032. "namespace": "default"
4033. },
4034. "use_output": "default",
4035. "streams": [
4036. {
4037. "id": "system/metrics-system.cpu-c7c94db7-48d8-4ccb-935c-e13f6d166860",
4038. "data_stream": {
4039. "type": "metrics",
4040. "dataset": "system.cpu"
4041. },
4042. "metricsets": [
4043. "cpu"
4044. ],
4045. "cpu.metrics": [
4046. "percentages",
4047. "normalized_percentages"
4048. ],
4049. "period": "10s"
4050. },
4051. {
4052. "id": "system/metrics-system.network-c7c94db7-48d8-4ccb-935c-e13f6d166860",
4053. "data_stream": {
4054. "type": "metrics",
4055. "dataset": "system.network"
4056. },
4057. "metricsets": [
4058. "network"
4059. ],
4060. "period": "10s",
4061. "network.interfaces": null
4062. },
4063. {
4064. "id": "system/metrics-system.socket_summary-c7c94db7-48d8-4ccb-935c-e13f6d166860",
4065. "data_stream": {
4066. "type": "metrics",
4067. "dataset": "system.socket_summary"
4068. },
4069. "metricsets": [
4070. "socket_summary"
4071. ],
4072. "period": "10s"
4073. },
4074. {
4075. "id": "system/metrics-system.uptime-c7c94db7-48d8-4ccb-935c-e13f6d166860",
4076. "data_stream": {
4077. "type": "metrics",
4078. "dataset": "system.uptime"
4079. },
4080. "metricsets": [
4081. "uptime"
4082. ],
4083. "period": "10s"
4084. },
4085. {
4086. "id": "system/metrics-system.diskio-c7c94db7-48d8-4ccb-935c-e13f6d166860",
4087. "data_stream": {
4088. "type": "metrics",
4089. "dataset": "system.diskio"
4090. },
4091. "metricsets": [
4092. "diskio"
4093. ],
4094. "diskio.include_devices": null,
4095. "period": "10s"
4096. },
4097. {
4098. "id": "system/metrics-system.memory-c7c94db7-48d8-4ccb-935c-e13f6d166860",
4099. "data_stream": {
4100. "type": "metrics",
4101. "dataset": "system.memory"
4102. },
4103. "metricsets": [
4104. "memory"
4105. ],
4106. "period": "10s"
4107. },
4108. {
4109. "id": "system/metrics-system.fsstat-c7c94db7-48d8-4ccb-935c-e13f6d166860",
4110. "data_stream": {
4111. "type": "metrics",
4112. "dataset": "system.fsstat"
4113. },
4114. "metricsets": [
4115. "fsstat"
4116. ],
4117. "period": "1m",
4118. "processors": [
4119. {
4120. "drop_event.when.regexp": {
4121. "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"
4122. }
4123. }
4124. ]
4125. },
4126. {
4127. "id": "system/metrics-system.filesystem-c7c94db7-48d8-4ccb-935c-e13f6d166860",
4128. "data_stream": {
4129. "type": "metrics",
4130. "dataset": "system.filesystem"
4131. },
4132. "metricsets": [
4133. "filesystem"
4134. ],
4135. "period": "1m",
4136. "processors": [
4137. {
4138. "drop_event.when.regexp": {
4139. "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"
4140. }
4141. }
4142. ]
4143. },
4144. {
4145. "id": "system/metrics-system.process.summary-c7c94db7-48d8-4ccb-935c-e13f6d166860",
4146. "data_stream": {
4147. "type": "metrics",
4148. "dataset": "system.process.summary"
4149. },
4150. "metricsets": [
4151. "process_summary"
4152. ],
4153. "period": "10s"
4154. },
4155. {
4156. "id": "system/metrics-system.process-c7c94db7-48d8-4ccb-935c-e13f6d166860",
4157. "data_stream": {
4158. "type": "metrics",
4159. "dataset": "system.process"
4160. },
4161. "metricsets": [
4162. "process"
4163. ],
4164. "period": "10s",
4165. "process.include_top_n.by_cpu": 5,
4166. "process.include_top_n.by_memory": 5,
4167. "process.cmdline.cache.enabled": true,
4168. "process.cgroups.enabled": false,
4169. "process.include_cpu_ticks": false,
4170. "processes": [
4171. ".*"
4172. ]
4173. },
4174. {
4175. "id": "system/metrics-system.load-c7c94db7-48d8-4ccb-935c-e13f6d166860",
4176. "data_stream": {
4177. "type": "metrics",
4178. "dataset": "system.load"
4179. },
4180. "metricsets": [
4181. "load"
4182. ],
4183. "condition": "${host.platform} != 'windows'",
4184. "period": "10s"
4185. }
4186. ],
4187. "meta": {
4188. "package": {
4189. "name": "system",
4190. "version": "1.6.4"
4191. }
4192. }
4193. }
4194. ],
4195. "revision": 3,
4196. "agent": {
4197. "download": {
4198. "source_uri": "https://artifacts.elastic.co/downloads/"
4199. },
4200. "monitoring": {
4201. "namespace": "default",
4202. "use_output": "default",
4203. "enabled": true,
4204. "logs": true,
4205. "metrics": true
4206. }
4207. },
4208. "output_permissions": {
4209. "default": {
4210. "_elastic_agent_monitoring": {
4211. "indices": [
4212. {
4213. "names": [
4214. "metrics-elastic_agent.filebeat-default"
4215. ],
4216. "privileges": [
4217. "auto_configure",
4218. "create_doc"
4219. ]
4220. },
4221. {
4222. "names": [
4223. "logs-elastic_agent.endpoint_security-default"
4224. ],
4225. "privileges": [
4226. "auto_configure",
4227. "create_doc"
4228. ]
4229. },
4230. {
4231. "names": [
4232. "logs-elastic_agent.cloudbeat-default"
4233. ],
4234. "privileges": [
4235. "auto_configure",
4236. "create_doc"
4237. ]
4238. },
4239. {
4240. "names": [
4241. "metrics-elastic_agent.apm_server-default"
4242. ],
4243. "privileges": [
4244. "auto_configure",
4245. "create_doc"
4246. ]
4247. },
4248. {
4249. "names": [
4250. "logs-elastic_agent.apm_server-default"
4251. ],
4252. "privileges": [
4253. "auto_configure",
4254. "create_doc"
4255. ]
4256. },
4257. {
4258. "names": [
4259. "logs-elastic_agent.fleet_server-default"
4260. ],
4261. "privileges": [
4262. "auto_configure",
4263. "create_doc"
4264. ]
4265. },
4266. {
4267. "names": [
4268. "metrics-elastic_agent.auditbeat-default"
4269. ],
4270. "privileges": [
4271. "auto_configure",
4272. "create_doc"
4273. ]
4274. },
4275. {
4276. "names": [
4277. "logs-elastic_agent.auditbeat-default"
4278. ],
4279. "privileges": [
4280. "auto_configure",
4281. "create_doc"
4282. ]
4283. },
4284. {
4285. "names": [
4286. "logs-elastic_agent.packetbeat-default"
4287. ],
4288. "privileges": [
4289. "auto_configure",
4290. "create_doc"
4291. ]
4292. },
4293. {
4294. "names": [
4295. "logs-elastic_agent-default"
4296. ],
4297. "privileges": [
4298. "auto_configure",
4299. "create_doc"
4300. ]
4301. },
4302. {
4303. "names": [
4304. "logs-elastic_agent.metricbeat-default"
4305. ],
4306. "privileges": [
4307. "auto_configure",
4308. "create_doc"
4309. ]
4310. },
4311. {
4312. "names": [
4313. "logs-elastic_agent.filebeat-default"
4314. ],
4315. "privileges": [
4316. "auto_configure",
4317. "create_doc"
4318. ]
4319. },
4320. {
4321. "names": [
4322. "metrics-elastic_agent.cloudbeat-default"
4323. ],
4324. "privileges": [
4325. "auto_configure",
4326. "create_doc"
4327. ]
4328. },
4329. {
4330. "names": [
4331. "metrics-elastic_agent.metricbeat-default"
4332. ],
4333. "privileges": [
4334. "auto_configure",
4335. "create_doc"
4336. ]
4337. },
4338. {
4339. "names": [
4340. "metrics-elastic_agent.heartbeat-default"
4341. ],
4342. "privileges": [
4343. "auto_configure",
4344. "create_doc"
4345. ]
4346. },
4347. {
4348. "names": [
4349. "metrics-elastic_agent.packetbeat-default"
4350. ],
4351. "privileges": [
4352. "auto_configure",
4353. "create_doc"
4354. ]
4355. },
4356. {
4357. "names": [
4358. "metrics-elastic_agent.fleet_server-default"
4359. ],
4360. "privileges": [
4361. "auto_configure",
4362. "create_doc"
4363. ]
4364. },
4365. {
4366. "names": [
4367. "logs-elastic_agent.heartbeat-default"
4368. ],
4369. "privileges": [
4370. "auto_configure",
4371. "create_doc"
4372. ]
4373. },
4374. {
4375. "names": [
4376. "logs-elastic_agent.osquerybeat-default"
4377. ],
4378. "privileges": [
4379. "auto_configure",
4380. "create_doc"
4381. ]
4382. },
4383. {
4384. "names": [
4385. "metrics-elastic_agent.osquerybeat-default"
4386. ],
4387. "privileges": [
4388. "auto_configure",
4389. "create_doc"
4390. ]
4391. },
4392. {
4393. "names": [
4394. "metrics-elastic_agent.elastic_agent-default"
4395. ],
4396. "privileges": [
4397. "auto_configure",
4398. "create_doc"
4399. ]
4400. },
4401. {
4402. "names": [
4403. "metrics-elastic_agent.endpoint_security-default"
4404. ],
4405. "privileges": [
4406. "auto_configure",
4407. "create_doc"
4408. ]
4409. }
4410. ]
4411. },
4412. "_elastic_agent_checks": {
4413. "cluster": [
4414. "monitor"
4415. ]
4416. },
4417. "c7c94db7-48d8-4ccb-935c-e13f6d166860": {
4418. "indices": [
4419. {
4420. "names": [
4421. "logs-system.auth-default"
4422. ],
4423. "privileges": [
4424. "auto_configure",
4425. "create_doc"
4426. ]
4427. },
4428. {
4429. "names": [
4430. "logs-system.syslog-default"
4431. ],
4432. "privileges": [
4433. "auto_configure",
4434. "create_doc"
4435. ]
4436. },
4437. {
4438. "names": [
4439. "logs-system.security-default"
4440. ],
4441. "privileges": [
4442. "auto_configure",
4443. "create_doc"
4444. ]
4445. },
4446. {
4447. "names": [
4448. "logs-system.application-default"
4449. ],
4450. "privileges": [
4451. "auto_configure",
4452. "create_doc"
4453. ]
4454. },
4455. {
4456. "names": [
4457. "logs-system.system-default"
4458. ],
4459. "privileges": [
4460. "auto_configure",
4461. "create_doc"
4462. ]
4463. },
4464. {
4465. "names": [
4466. "metrics-system.cpu-default"
4467. ],
4468. "privileges": [
4469. "auto_configure",
4470. "create_doc"
4471. ]
4472. },
4473. {
4474. "names": [
4475. "metrics-system.network-default"
4476. ],
4477. "privileges": [
4478. "auto_configure",
4479. "create_doc"
4480. ]
4481. },
4482. {
4483. "names": [
4484. "metrics-system.socket_summary-default"
4485. ],
4486. "privileges": [
4487. "auto_configure",
4488. "create_doc"
4489. ]
4490. },
4491. {
4492. "names": [
4493. "metrics-system.uptime-default"
4494. ],
4495. "privileges": [
4496. "auto_configure",
4497. "create_doc"
4498. ]
4499. },
4500. {
4501. "names": [
4502. "metrics-system.diskio-default"
4503. ],
4504. "privileges": [
4505. "auto_configure",
4506. "create_doc"
4507. ]
4508. },
4509. {
4510. "names": [
4511. "metrics-system.memory-default"
4512. ],
4513. "privileges": [
4514. "auto_configure",
4515. "create_doc"
4516. ]
4517. },
4518. {
4519. "names": [
4520. "metrics-system.fsstat-default"
4521. ],
4522. "privileges": [
4523. "auto_configure",
4524. "create_doc"
4525. ]
4526. },
4527. {
4528. "names": [
4529. "metrics-system.filesystem-default"
4530. ],
4531. "privileges": [
4532. "auto_configure",
4533. "create_doc"
4534. ]
4535. },
4536. {
4537. "names": [
4538. "metrics-system.process.summary-default"
4539. ],
4540. "privileges": [
4541. "auto_configure",
4542. "create_doc"
4543. ]
4544. },
4545. {
4546. "names": [
4547. "metrics-system.process-default"
4548. ],
4549. "privileges": [
4550. "auto_configure",
4551. "create_doc"
4552. ]
4553. },
4554. {
4555. "names": [
4556. "metrics-system.load-default"
4557. ],
4558. "privileges": [
4559. "auto_configure",
4560. "create_doc"
4561. ]
4562. }
4563. ]
4564. }
4565. }
4566. },
4567. "fleet": {
4568. "hosts": [
4569. "https://172.24.54.23:8220"
4570. ]
4571. }
4572. },
4573. "policy_id": "fleet-server-policy",
4574. "default_fleet_server": true
4575. }
4576. },
4577. {
4578. "_index": ".fleet-policies-7",
4579. "_id": "816ae16c-939e-4bf2-80d2-f927231d09ff",
4580. "_score": 0.7907857,
4581. "_source": {
4582. "@timestamp": "2022-11-16T15:49:11.678Z",
4583. "revision_idx": 4,
4584. "coordinator_idx": 0,
4585. "data": {
4586. "id": "fleet-server-policy",
4587. "outputs": {
4588. "default": {
4589. "type": "elasticsearch",
4590. "hosts": [
4591. "https://****:9200"
4592. ]
4593. }
4594. },
4595. "inputs": [
4596. {
4597. "id": "logfile-system-c7c94db7-48d8-4ccb-935c-e13f6d166860",
4598. "revision": 1,
4599. "name": "system-1",
4600. "type": "logfile",
4601. "data_stream": {
4602. "namespace": "default"
4603. },
4604. "use_output": "default",
4605. "streams": [
4606. {
4607. "id": "logfile-system.auth-c7c94db7-48d8-4ccb-935c-e13f6d166860",
4608. "data_stream": {
4609. "type": "logs",
4610. "dataset": "system.auth"
4611. },
4612. "paths": [
4613. "/var/log/auth.log*",
4614. "/var/log/secure*"
4615. ],
4616. "exclude_files": [
4617. ".gz$"
4618. ],
4619. "multiline": {
4620. "pattern": """^\s""",
4621. "match": "after"
4622. },
4623. "processors": [
4624. {
4625. "add_locale": null
4626. }
4627. ]
4628. },
4629. {
4630. "id": "logfile-system.syslog-c7c94db7-48d8-4ccb-935c-e13f6d166860",
4631. "data_stream": {
4632. "type": "logs",
4633. "dataset": "system.syslog"
4634. },
4635. "paths": [
4636. "/var/log/messages*",
4637. "/var/log/syslog*"
4638. ],
4639. "exclude_files": [
4640. ".gz$"
4641. ],
4642. "multiline": {
4643. "pattern": """^\s""",
4644. "match": "after"
4645. },
4646. "processors": [
4647. {
4648. "add_locale": null
4649. }
4650. ]
4651. }
4652. ],
4653. "meta": {
4654. "package": {
4655. "name": "system",
4656. "version": "1.6.4"
4657. }
4658. }
4659. },
4660. {
4661. "id": "winlog-system-c7c94db7-48d8-4ccb-935c-e13f6d166860",
4662. "revision": 1,
4663. "name": "system-1",
4664. "type": "winlog",
4665. "data_stream": {
4666. "namespace": "default"
4667. },
4668. "use_output": "default",
4669. "streams": [
4670. {
4671. "id": "winlog-system.security-c7c94db7-48d8-4ccb-935c-e13f6d166860",
4672. "data_stream": {
4673. "type": "logs",
4674. "dataset": "system.security"
4675. },
4676. "name": "Security",
4677. "condition": "${host.platform} == 'windows'",
4678. "tags": null
4679. },
4680. {
4681. "id": "winlog-system.application-c7c94db7-48d8-4ccb-935c-e13f6d166860",
4682. "data_stream": {
4683. "type": "logs",
4684. "dataset": "system.application"
4685. },
4686. "name": "Application",
4687. "condition": "${host.platform} == 'windows'",
4688. "ignore_older": "72h",
4689. "tags": null
4690. },
4691. {
4692. "id": "winlog-system.system-c7c94db7-48d8-4ccb-935c-e13f6d166860",
4693. "data_stream": {
4694. "type": "logs",
4695. "dataset": "system.system"
4696. },
4697. "name": "System",
4698. "condition": "${host.platform} == 'windows'",
4699. "tags": null
4700. }
4701. ],
4702. "meta": {
4703. "package": {
4704. "name": "system",
4705. "version": "1.6.4"
4706. }
4707. }
4708. },
4709. {
4710. "id": "system/metrics-system-c7c94db7-48d8-4ccb-935c-e13f6d166860",
4711. "revision": 1,
4712. "name": "system-1",
4713. "type": "system/metrics",
4714. "data_stream": {
4715. "namespace": "default"
4716. },
4717. "use_output": "default",
4718. "streams": [
4719. {
4720. "id": "system/metrics-system.cpu-c7c94db7-48d8-4ccb-935c-e13f6d166860",
4721. "data_stream": {
4722. "type": "metrics",
4723. "dataset": "system.cpu"
4724. },
4725. "metricsets": [
4726. "cpu"
4727. ],
4728. "cpu.metrics": [
4729. "percentages",
4730. "normalized_percentages"
4731. ],
4732. "period": "10s"
4733. },
4734. {
4735. "id": "system/metrics-system.network-c7c94db7-48d8-4ccb-935c-e13f6d166860",
4736. "data_stream": {
4737. "type": "metrics",
4738. "dataset": "system.network"
4739. },
4740. "metricsets": [
4741. "network"
4742. ],
4743. "period": "10s",
4744. "network.interfaces": null
4745. },
4746. {
4747. "id": "system/metrics-system.socket_summary-c7c94db7-48d8-4ccb-935c-e13f6d166860",
4748. "data_stream": {
4749. "type": "metrics",
4750. "dataset": "system.socket_summary"
4751. },
4752. "metricsets": [
4753. "socket_summary"
4754. ],
4755. "period": "10s"
4756. },
4757. {
4758. "id": "system/metrics-system.uptime-c7c94db7-48d8-4ccb-935c-e13f6d166860",
4759. "data_stream": {
4760. "type": "metrics",
4761. "dataset": "system.uptime"
4762. },
4763. "metricsets": [
4764. "uptime"
4765. ],
4766. "period": "10s"
4767. },
4768. {
4769. "id": "system/metrics-system.diskio-c7c94db7-48d8-4ccb-935c-e13f6d166860",
4770. "data_stream": {
4771. "type": "metrics",
4772. "dataset": "system.diskio"
4773. },
4774. "metricsets": [
4775. "diskio"
4776. ],
4777. "diskio.include_devices": null,
4778. "period": "10s"
4779. },
4780. {
4781. "id": "system/metrics-system.memory-c7c94db7-48d8-4ccb-935c-e13f6d166860",
4782. "data_stream": {
4783. "type": "metrics",
4784. "dataset": "system.memory"
4785. },
4786. "metricsets": [
4787. "memory"
4788. ],
4789. "period": "10s"
4790. },
4791. {
4792. "id": "system/metrics-system.fsstat-c7c94db7-48d8-4ccb-935c-e13f6d166860",
4793. "data_stream": {
4794. "type": "metrics",
4795. "dataset": "system.fsstat"
4796. },
4797. "metricsets": [
4798. "fsstat"
4799. ],
4800. "period": "1m",
4801. "processors": [
4802. {
4803. "drop_event.when.regexp": {
4804. "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"
4805. }
4806. }
4807. ]
4808. },
4809. {
4810. "id": "system/metrics-system.filesystem-c7c94db7-48d8-4ccb-935c-e13f6d166860",
4811. "data_stream": {
4812. "type": "metrics",
4813. "dataset": "system.filesystem"
4814. },
4815. "metricsets": [
4816. "filesystem"
4817. ],
4818. "period": "1m",
4819. "processors": [
4820. {
4821. "drop_event.when.regexp": {
4822. "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"
4823. }
4824. }
4825. ]
4826. },
4827. {
4828. "id": "system/metrics-system.process.summary-c7c94db7-48d8-4ccb-935c-e13f6d166860",
4829. "data_stream": {
4830. "type": "metrics",
4831. "dataset": "system.process.summary"
4832. },
4833. "metricsets": [
4834. "process_summary"
4835. ],
4836. "period": "10s"
4837. },
4838. {
4839. "id": "system/metrics-system.process-c7c94db7-48d8-4ccb-935c-e13f6d166860",
4840. "data_stream": {
4841. "type": "metrics",
4842. "dataset": "system.process"
4843. },
4844. "metricsets": [
4845. "process"
4846. ],
4847. "period": "10s",
4848. "process.include_top_n.by_cpu": 5,
4849. "process.include_top_n.by_memory": 5,
4850. "process.cmdline.cache.enabled": true,
4851. "process.cgroups.enabled": false,
4852. "process.include_cpu_ticks": false,
4853. "processes": [
4854. ".*"
4855. ]
4856. },
4857. {
4858. "id": "system/metrics-system.load-c7c94db7-48d8-4ccb-935c-e13f6d166860",
4859. "data_stream": {
4860. "type": "metrics",
4861. "dataset": "system.load"
4862. },
4863. "metricsets": [
4864. "load"
4865. ],
4866. "condition": "${host.platform} != 'windows'",
4867. "period": "10s"
4868. }
4869. ],
4870. "meta": {
4871. "package": {
4872. "name": "system",
4873. "version": "1.6.4"
4874. }
4875. }
4876. }
4877. ],
4878. "revision": 4,
4879. "agent": {
4880. "download": {
4881. "source_uri": "https://artifacts.elastic.co/downloads/"
4882. },
4883. "monitoring": {
4884. "namespace": "default",
4885. "use_output": "default",
4886. "enabled": true,
4887. "logs": true,
4888. "metrics": true
4889. }
4890. },
4891. "output_permissions": {
4892. "default": {
4893. "_elastic_agent_monitoring": {
4894. "indices": [
4895. {
4896. "names": [
4897. "metrics-elastic_agent.filebeat-default"
4898. ],
4899. "privileges": [
4900. "auto_configure",
4901. "create_doc"
4902. ]
4903. },
4904. {
4905. "names": [
4906. "logs-elastic_agent.endpoint_security-default"
4907. ],
4908. "privileges": [
4909. "auto_configure",
4910. "create_doc"
4911. ]
4912. },
4913. {
4914. "names": [
4915. "logs-elastic_agent.cloudbeat-default"
4916. ],
4917. "privileges": [
4918. "auto_configure",
4919. "create_doc"
4920. ]
4921. },
4922. {
4923. "names": [
4924. "metrics-elastic_agent.apm_server-default"
4925. ],
4926. "privileges": [
4927. "auto_configure",
4928. "create_doc"
4929. ]
4930. },
4931. {
4932. "names": [
4933. "logs-elastic_agent.apm_server-default"
4934. ],
4935. "privileges": [
4936. "auto_configure",
4937. "create_doc"
4938. ]
4939. },
4940. {
4941. "names": [
4942. "logs-elastic_agent.fleet_server-default"
4943. ],
4944. "privileges": [
4945. "auto_configure",
4946. "create_doc"
4947. ]
4948. },
4949. {
4950. "names": [
4951. "metrics-elastic_agent.auditbeat-default"
4952. ],
4953. "privileges": [
4954. "auto_configure",
4955. "create_doc"
4956. ]
4957. },
4958. {
4959. "names": [
4960. "logs-elastic_agent.auditbeat-default"
4961. ],
4962. "privileges": [
4963. "auto_configure",
4964. "create_doc"
4965. ]
4966. },
4967. {
4968. "names": [
4969. "logs-elastic_agent.packetbeat-default"
4970. ],
4971. "privileges": [
4972. "auto_configure",
4973. "create_doc"
4974. ]
4975. },
4976. {
4977. "names": [
4978. "logs-elastic_agent-default"
4979. ],
4980. "privileges": [
4981. "auto_configure",
4982. "create_doc"
4983. ]
4984. },
4985. {
4986. "names": [
4987. "logs-elastic_agent.metricbeat-default"
4988. ],
4989. "privileges": [
4990. "auto_configure",
4991. "create_doc"
4992. ]
4993. },
4994. {
4995. "names": [
4996. "logs-elastic_agent.filebeat-default"
4997. ],
4998. "privileges": [
4999. "auto_configure",
5000. "create_doc"
5001. ]
5002. },
5003. {
5004. "names": [
5005. "metrics-elastic_agent.cloudbeat-default"
5006. ],
5007. "privileges": [
5008. "auto_configure",
5009. "create_doc"
5010. ]
5011. },
5012. {
5013. "names": [
5014. "metrics-elastic_agent.metricbeat-default"
5015. ],
5016. "privileges": [
5017. "auto_configure",
5018. "create_doc"
5019. ]
5020. },
5021. {
5022. "names": [
5023. "metrics-elastic_agent.heartbeat-default"
5024. ],
5025. "privileges": [
5026. "auto_configure",
5027. "create_doc"
5028. ]
5029. },
5030. {
5031. "names": [
5032. "metrics-elastic_agent.packetbeat-default"
5033. ],
5034. "privileges": [
5035. "auto_configure",
5036. "create_doc"
5037. ]
5038. },
5039. {
5040. "names": [
5041. "metrics-elastic_agent.fleet_server-default"
5042. ],
5043. "privileges": [
5044. "auto_configure",
5045. "create_doc"
5046. ]
5047. },
5048. {
5049. "names": [
5050. "logs-elastic_agent.heartbeat-default"
5051. ],
5052. "privileges": [
5053. "auto_configure",
5054. "create_doc"
5055. ]
5056. },
5057. {
5058. "names": [
5059. "logs-elastic_agent.osquerybeat-default"
5060. ],
5061. "privileges": [
5062. "auto_configure",
5063. "create_doc"
5064. ]
5065. },
5066. {
5067. "names": [
5068. "metrics-elastic_agent.osquerybeat-default"
5069. ],
5070. "privileges": [
5071. "auto_configure",
5072. "create_doc"
5073. ]
5074. },
5075. {
5076. "names": [
5077. "metrics-elastic_agent.elastic_agent-default"
5078. ],
5079. "privileges": [
5080. "auto_configure",
5081. "create_doc"
5082. ]
5083. },
5084. {
5085. "names": [
5086. "metrics-elastic_agent.endpoint_security-default"
5087. ],
5088. "privileges": [
5089. "auto_configure",
5090. "create_doc"
5091. ]
5092. }
5093. ]
5094. },
5095. "_elastic_agent_checks": {
5096. "cluster": [
5097. "monitor"
5098. ]
5099. },
5100. "c7c94db7-48d8-4ccb-935c-e13f6d166860": {
5101. "indices": [
5102. {
5103. "names": [
5104. "logs-system.auth-default"
5105. ],
5106. "privileges": [
5107. "auto_configure",
5108. "create_doc"
5109. ]
5110. },
5111. {
5112. "names": [
5113. "logs-system.syslog-default"
5114. ],
5115. "privileges": [
5116. "auto_configure",
5117. "create_doc"
5118. ]
5119. },
5120. {
5121. "names": [
5122. "logs-system.security-default"
5123. ],
5124. "privileges": [
5125. "auto_configure",
5126. "create_doc"
5127. ]
5128. },
5129. {
5130. "names": [
5131. "logs-system.application-default"
5132. ],
5133. "privileges": [
5134. "auto_configure",
5135. "create_doc"
5136. ]
5137. },
5138. {
5139. "names": [
5140. "logs-system.system-default"
5141. ],
5142. "privileges": [
5143. "auto_configure",
5144. "create_doc"
5145. ]
5146. },
5147. {
5148. "names": [
5149. "metrics-system.cpu-default"
5150. ],
5151. "privileges": [
5152. "auto_configure",
5153. "create_doc"
5154. ]
5155. },
5156. {
5157. "names": [
5158. "metrics-system.network-default"
5159. ],
5160. "privileges": [
5161. "auto_configure",
5162. "create_doc"
5163. ]
5164. },
5165. {
5166. "names": [
5167. "metrics-system.socket_summary-default"
5168. ],
5169. "privileges": [
5170. "auto_configure",
5171. "create_doc"
5172. ]
5173. },
5174. {
5175. "names": [
5176. "metrics-system.uptime-default"
5177. ],
5178. "privileges": [
5179. "auto_configure",
5180. "create_doc"
5181. ]
5182. },
5183. {
5184. "names": [
5185. "metrics-system.diskio-default"
5186. ],
5187. "privileges": [
5188. "auto_configure",
5189. "create_doc"
5190. ]
5191. },
5192. {
5193. "names": [
5194. "metrics-system.memory-default"
5195. ],
5196. "privileges": [
5197. "auto_configure",
5198. "create_doc"
5199. ]
5200. },
5201. {
5202. "names": [
5203. "metrics-system.fsstat-default"
5204. ],
5205. "privileges": [
5206. "auto_configure",
5207. "create_doc"
5208. ]
5209. },
5210. {
5211. "names": [
5212. "metrics-system.filesystem-default"
5213. ],
5214. "privileges": [
5215. "auto_configure",
5216. "create_doc"
5217. ]
5218. },
5219. {
5220. "names": [
5221. "metrics-system.process.summary-default"
5222. ],
5223. "privileges": [
5224. "auto_configure",
5225. "create_doc"
5226. ]
5227. },
5228. {
5229. "names": [
5230. "metrics-system.process-default"
5231. ],
5232. "privileges": [
5233. "auto_configure",
5234. "create_doc"
5235. ]
5236. },
5237. {
5238. "names": [
5239. "metrics-system.load-default"
5240. ],
5241. "privileges": [
5242. "auto_configure",
5243. "create_doc"
5244. ]
5245. }
5246. ]
5247. }
5248. }
5249. },
5250. "fleet": {
5251. "hosts": [
5252. "https://172.24.54.23:8220"
5253. ]
5254. }
5255. },
5256. "policy_id": "fleet-server-policy",
5257. "default_fleet_server": true
5258. }
5259. }
5260. ]
5261. }
5262. }