From e71570a40c8eaa9788c28230a80100a122aec02d Mon Sep 17 00:00:00 2001 From: Adrian Serrano Date: Wed, 20 Nov 2019 09:30:01 +0100 Subject: [PATCH] googlecloud/vpcflow fileset: Populate additional log fields (#14608) To keep the vpcflow fileset of the googlecloud module aligned with the new firewall fileset, a `var.keep_original_message` option is added. Also the log.logger ECS field is now filled. --- filebeat/docs/modules/googlecloud.asciidoc | 6 ++ .../module/googlecloud/_meta/docs.asciidoc | 6 ++ .../googlecloud/vpcflow/config/input.yml | 2 + .../googlecloud/vpcflow/config/pipeline.js | 31 +++++- .../module/googlecloud/vpcflow/manifest.yml | 3 +- ...pc-flow-log-entries.json.log-expected.json | 100 ++++++++++++++++++ 6 files changed, 145 insertions(+), 3 deletions(-) diff --git a/filebeat/docs/modules/googlecloud.asciidoc b/filebeat/docs/modules/googlecloud.asciidoc index 9f71fb804042..047030f1be9f 100644 --- a/filebeat/docs/modules/googlecloud.asciidoc +++ b/filebeat/docs/modules/googlecloud.asciidoc @@ -40,6 +40,7 @@ Example config: var.topic: googlecloud-vpc-flowlogs var.subscription_name: filebeat-googlecloud-vpc-flowlogs-sub var.credentials_file: ${path.config}/gcp-service-account-xyz.json + var.keep_original_message: false ---- include::../include/var-paths.asciidoc[] @@ -61,6 +62,11 @@ exist it will be created. Path to a JSON file containing the credentials and key used to subscribe. +*`var.keep_original_message`*:: + +Flag to control whether the original message is stored in the `log.original` +field. Defaults to `false`, meaning the original message is not saved. + :fileset_ex!: :fileset_ex: firewall diff --git a/x-pack/filebeat/module/googlecloud/_meta/docs.asciidoc b/x-pack/filebeat/module/googlecloud/_meta/docs.asciidoc index 18a6afdeab1d..b0d75e06b10e 100644 --- a/x-pack/filebeat/module/googlecloud/_meta/docs.asciidoc +++ b/x-pack/filebeat/module/googlecloud/_meta/docs.asciidoc @@ -35,6 +35,7 @@ Example config: var.topic: googlecloud-vpc-flowlogs var.subscription_name: filebeat-googlecloud-vpc-flowlogs-sub var.credentials_file: ${path.config}/gcp-service-account-xyz.json + var.keep_original_message: false ---- include::../include/var-paths.asciidoc[] @@ -56,6 +57,11 @@ exist it will be created. Path to a JSON file containing the credentials and key used to subscribe. +*`var.keep_original_message`*:: + +Flag to control whether the original message is stored in the `log.original` +field. Defaults to `false`, meaning the original message is not saved. + :fileset_ex!: :fileset_ex: firewall diff --git a/x-pack/filebeat/module/googlecloud/vpcflow/config/input.yml b/x-pack/filebeat/module/googlecloud/vpcflow/config/input.yml index 1a655f6e12e2..b8b7a260bf47 100644 --- a/x-pack/filebeat/module/googlecloud/vpcflow/config/input.yml +++ b/x-pack/filebeat/module/googlecloud/vpcflow/config/input.yml @@ -22,3 +22,5 @@ processors: lang: javascript id: googlecloud_vpcflow_script file: ${path.home}/module/googlecloud/vpcflow/config/pipeline.js + params: + keep_original_message: {{ .keep_original_message }} diff --git a/x-pack/filebeat/module/googlecloud/vpcflow/config/pipeline.js b/x-pack/filebeat/module/googlecloud/vpcflow/config/pipeline.js index 1a13d2824acd..fdeb6c4e46a5 100644 --- a/x-pack/filebeat/module/googlecloud/vpcflow/config/pipeline.js +++ b/x-pack/filebeat/module/googlecloud/vpcflow/config/pipeline.js @@ -2,7 +2,7 @@ // or more contributor license agreements. Licensed under the Elastic License; // you may not use this file except in compliance with the Elastic License. -var vpcflow = (function () { +function VPCFlow(keep_original_message) { var processor = require("processor"); // The pub/sub input writes the Stackdriver LogEntry object into the message @@ -21,6 +21,16 @@ var vpcflow = (function () { ignore_missing: true, }); + var saveOriginalMessage = function(evt) {}; + if (keep_original_message) { + saveOriginalMessage = new processor.Convert({ + fields: [ + {from: "message", to: "event.original"} + ], + mode: "rename" + }); + } + var dropPubSubFields = function(evt) { evt.Delete("message"); evt.Delete("labels"); @@ -34,6 +44,14 @@ var vpcflow = (function () { }, }); + + var saveMetadata = new processor.Convert({ + fields: [ + {from: "json.logName", to: "log.logger"}, + ], + ignore_missing: true + }); + // Use the LogEntry object's timestamp. VPC flow logs are structured so the // LogEntry includes a jsonPayload field. // https://cloud.google.com/logging/docs/reference/v2/rest/v2/LogEntry @@ -205,8 +223,10 @@ var vpcflow = (function () { var pipeline = new processor.Chain() .Add(decodeJson) .Add(parseTimestamp) + .Add(saveOriginalMessage) .Add(dropPubSubFields) .Add(categorizeEvent) + .Add(saveMetadata) .Add(convertLogEntry) .Add(convertJsonPayload) .Add(dropEmptyObjects) @@ -223,7 +243,14 @@ var vpcflow = (function () { return { process: pipeline.Run, }; -})(); +} + +var vpcflow; + +// Register params from configuration. +function register(params) { + vpcflow = new VPCFlow(params.keep_original_message); +} function process(evt) { return vpcflow.process(evt); diff --git a/x-pack/filebeat/module/googlecloud/vpcflow/manifest.yml b/x-pack/filebeat/module/googlecloud/vpcflow/manifest.yml index 46288049415c..a84b56a31501 100644 --- a/x-pack/filebeat/module/googlecloud/vpcflow/manifest.yml +++ b/x-pack/filebeat/module/googlecloud/vpcflow/manifest.yml @@ -11,7 +11,8 @@ var: default: filebeat-googlecloud-vpcflow - name: credentials_file default: googlecloud-vpcflow-reader-service-identity.json - + - name: keep_original_message + default: false ingest_pipeline: ingest/pipeline.yml input: config/input.yml diff --git a/x-pack/filebeat/module/googlecloud/vpcflow/test/vpc-flow-log-entries.json.log-expected.json b/x-pack/filebeat/module/googlecloud/vpcflow/test/vpc-flow-log-entries.json.log-expected.json index 60caec945057..7b1048b7a6df 100644 --- a/x-pack/filebeat/module/googlecloud/vpcflow/test/vpc-flow-log-entries.json.log-expected.json +++ b/x-pack/filebeat/module/googlecloud/vpcflow/test/vpc-flow-log-entries.json.log-expected.json @@ -26,6 +26,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 0, "network.bytes": 1776, "network.community_id": "1:Eav+HA4T0zQk7MDzMdHH6Hhsx2A=", @@ -78,6 +79,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 1, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 934, "network.bytes": 173663, "network.community_id": "1:e5cZeUPf9fWSqRY+SUSG302spGE=", @@ -136,6 +138,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 201, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 2084, "network.bytes": 155707, "network.community_id": "1:06oSJgliwJ21tZTkobvsHx/M+Pc=", @@ -185,6 +188,7 @@ "googlecloud.source.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "SRC", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 3237, "network.bytes": 0, "network.community_id": "1:E803d6gSw9j7F6zoCo0Ka6fb9Iw=", @@ -233,6 +237,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 4210, "network.bytes": 1784, "network.community_id": "1:IPqv9ifIl7xO904fG0KpG1HbMz8=", @@ -279,6 +284,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 5143, "network.bytes": 1464, "network.community_id": "1:IPqv9ifIl7xO904fG0KpG1HbMz8=", @@ -333,6 +339,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 1, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 6078, "network.bytes": 186151, "network.community_id": "1:yZywQ4jpdohOQ9684uKWIPHHP4Y=", @@ -391,6 +398,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 3, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 7229, "network.bytes": 15169, "network.community_id": "1:Ee5EHtJfWgzMQEQZSyTFAwZbgus=", @@ -443,6 +451,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 1, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 8378, "network.bytes": 250864, "network.community_id": "1:9htI9XhB+GFEM8rmtAiskiLz++Y=", @@ -498,6 +507,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 3, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 9529, "network.bytes": 167939, "network.community_id": "1:Ee5EHtJfWgzMQEQZSyTFAwZbgus=", @@ -546,6 +556,7 @@ "googlecloud.destination.vpc.vpc_name": "default", "googlecloud.vpcflow.reporter": "DEST", "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 10679, "network.bytes": 0, "network.community_id": "1:E803d6gSw9j7F6zoCo0Ka6fb9Iw=", @@ -602,6 +613,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 201, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 11654, "network.bytes": 11773, "network.community_id": "1:06oSJgliwJ21tZTkobvsHx/M+Pc=", @@ -657,6 +669,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 192, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 12806, "network.bytes": 65699, "network.community_id": "1:oDThWwe999DZ+ToL+uXcjZRio7c=", @@ -715,6 +728,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 1, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 13959, "network.bytes": 66029, "network.community_id": "1:yZywQ4jpdohOQ9684uKWIPHHP4Y=", @@ -770,6 +784,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 1, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 15109, "network.bytes": 65154, "network.community_id": "1:orgrC+fuNweNF7YN8VWuWIAnY80=", @@ -825,6 +840,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 1, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 16259, "network.bytes": 13643, "network.community_id": "1:e5cZeUPf9fWSqRY+SUSG302spGE=", @@ -871,6 +887,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 17408, "network.bytes": 34509840, "network.community_id": "1:Y9ynsBV313F1oc4DGZ0sYBcNoQA=", @@ -916,6 +933,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 18297, "network.bytes": 1467, "network.community_id": "1:LQLr5Clnxf10OYhT92IBepyH/y0=", @@ -973,6 +991,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 1, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 19233, "network.bytes": 63671, "network.community_id": "1:9htI9XhB+GFEM8rmtAiskiLz++Y=", @@ -1023,6 +1042,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 220, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 20383, "network.bytes": 51075, "network.community_id": "1:aNFZC/smfQa37MQsZfMmP5cD6PE=", @@ -1078,6 +1098,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 192, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 21370, "network.bytes": 197840, "network.community_id": "1:oDThWwe999DZ+ToL+uXcjZRio7c=", @@ -1123,6 +1144,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 22524, "network.bytes": 173805495, "network.community_id": "1:Y9ynsBV313F1oc4DGZ0sYBcNoQA=", @@ -1169,6 +1191,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 23412, "network.bytes": 1468, "network.community_id": "1:Eav+HA4T0zQk7MDzMdHH6Hhsx2A=", @@ -1226,6 +1249,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 50, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 24348, "network.bytes": 159704, "network.community_id": "1:komMvAI/1VsC7c9d9LuzM29I9NY=", @@ -1272,6 +1296,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 220, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 25501, "network.bytes": 70775, "network.community_id": "1:aNFZC/smfQa37MQsZfMmP5cD6PE=", @@ -1328,6 +1353,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 1, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 26490, "network.bytes": 281147, "network.community_id": "1:orgrC+fuNweNF7YN8VWuWIAnY80=", @@ -1383,6 +1409,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 50, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 27641, "network.bytes": 63590, "network.community_id": "1:komMvAI/1VsC7c9d9LuzM29I9NY=", @@ -1434,6 +1461,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 28793, "network.bytes": 1780, "network.community_id": "1:LQLr5Clnxf10OYhT92IBepyH/y0=", @@ -1480,6 +1508,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 233, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 29727, "network.bytes": 1239, "network.community_id": "1:n2izIhQ6f30pRxm58NLCxNXryuI=", @@ -1539,6 +1568,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 2, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 30719, "network.bytes": 63853, "network.community_id": "1:U8onVg/hApWe9WsWGFifAt6Xktg=", @@ -1585,6 +1615,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 31870, "network.bytes": 1458, "network.community_id": "1:ji6ZJhSkwxeKiorTmyrgBE0/o+c=", @@ -1642,6 +1673,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 311, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 32809, "network.bytes": 252397, "network.community_id": "1:pYIEYHtraTMNgdi3XDEMGSH5LV4=", @@ -1697,6 +1729,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 216, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 33964, "network.bytes": 205787, "network.community_id": "1:vLK9hCfMg91TvjmTPfnw8bfG514=", @@ -1747,6 +1780,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 87, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 35119, "network.bytes": 106409, "network.community_id": "1:z1VfQro/CzS/3/Jcw7ACjDX47kM=", @@ -1799,6 +1833,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 311, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 36107, "network.bytes": 61242, "network.community_id": "1:pYIEYHtraTMNgdi3XDEMGSH5LV4=", @@ -1857,6 +1892,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 113, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 37261, "network.bytes": 248826, "network.community_id": "1:o9OoB7tVAGCzWrss+96PmO6N0FI=", @@ -1905,6 +1941,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 38440, "network.bytes": 1777, "network.community_id": "1:PNZTJG/Xqm+YMqKIui8nRXoLovE=", @@ -1955,6 +1992,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 219, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 39374, "network.bytes": 116845, "network.community_id": "1:bN6NKWS7CM7qV5T0FRSxEVoL53I=", @@ -2007,6 +2045,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 0, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 40363, "network.bytes": 4614, "network.community_id": "1:jUDducT3iKEBK6mG6FO1bbR/lzQ=", @@ -2065,6 +2104,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 41513, "network.bytes": 50379, "network.community_id": "1:h6NgISKzvTiBXyH4aX48ebaiTiY=", @@ -2117,6 +2157,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 2, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 42677, "network.bytes": 200417, "network.community_id": "1:U8onVg/hApWe9WsWGFifAt6Xktg=", @@ -2175,6 +2216,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 0, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 43829, "network.bytes": 30233, "network.community_id": "1:jUDducT3iKEBK6mG6FO1bbR/lzQ=", @@ -2227,6 +2269,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 1, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 44980, "network.bytes": 160693, "network.community_id": "1:jiDRQHDBdyhzib4qfhhB5Y0obik=", @@ -2282,6 +2325,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 216, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 46132, "network.bytes": 59903, "network.community_id": "1:vLK9hCfMg91TvjmTPfnw8bfG514=", @@ -2333,6 +2377,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 47286, "network.bytes": 1780, "network.community_id": "1:ji6ZJhSkwxeKiorTmyrgBE0/o+c=", @@ -2383,6 +2428,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 89, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 48223, "network.bytes": 129335, "network.community_id": "1:32epFp/pi9XGVYf8FMJ7jpc0AzI=", @@ -2429,6 +2475,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 49211, "network.bytes": 1464, "network.community_id": "1:PNZTJG/Xqm+YMqKIui8nRXoLovE=", @@ -2477,6 +2524,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 219, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 50147, "network.bytes": 75477, "network.community_id": "1:bN6NKWS7CM7qV5T0FRSxEVoL53I=", @@ -2531,6 +2579,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 86, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 51137, "network.bytes": 102119, "network.community_id": "1:inMMyMxBckhL35Xh3+nNKgSc4qA=", @@ -2583,6 +2632,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 113, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 52125, "network.bytes": 1541638, "network.community_id": "1:o9OoB7tVAGCzWrss+96PmO6N0FI=", @@ -2638,6 +2688,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 53305, "network.bytes": 755901, "network.community_id": "1:h6NgISKzvTiBXyH4aX48ebaiTiY=", @@ -2696,6 +2747,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 144, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 54470, "network.bytes": 248715, "network.community_id": "1:dH+LewCyUH2MeBfvw4hfqQCcruA=", @@ -2742,6 +2794,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 86, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 55625, "network.bytes": 69757, "network.community_id": "1:inMMyMxBckhL35Xh3+nNKgSc4qA=", @@ -2792,6 +2845,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 87, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 56614, "network.bytes": 69440, "network.community_id": "1:z1VfQro/CzS/3/Jcw7ACjDX47kM=", @@ -2842,6 +2896,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 57603, "network.bytes": 1457, "network.community_id": "1:W4ijXBQBwNbGcf7z2YuONE7/Z8I=", @@ -2892,6 +2947,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 58539, "network.bytes": 1784, "network.community_id": "1:W4ijXBQBwNbGcf7z2YuONE7/Z8I=", @@ -2942,6 +2998,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 233, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 59473, "network.bytes": 2395, "network.community_id": "1:n2izIhQ6f30pRxm58NLCxNXryuI=", @@ -2994,6 +3051,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 144, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 60463, "network.bytes": 60335, "network.community_id": "1:dH+LewCyUH2MeBfvw4hfqQCcruA=", @@ -3052,6 +3110,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 1, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 61617, "network.bytes": 65565, "network.community_id": "1:jiDRQHDBdyhzib4qfhhB5Y0obik=", @@ -3098,6 +3157,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 89, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 62768, "network.bytes": 70174, "network.community_id": "1:32epFp/pi9XGVYf8FMJ7jpc0AzI=", @@ -3148,6 +3208,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 63757, "network.bytes": 1461, "network.community_id": "1:bh7TlqiDrY8ste65CJNAKtfwOT0=", @@ -3196,6 +3257,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 64693, "network.bytes": 1460, "network.community_id": "1:+QA68gzvBX6Rs13KKi5Sm666UiU=", @@ -3250,6 +3312,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 224, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 65631, "network.bytes": 66736, "network.community_id": "1:BbRNTmVcGaqf/baRzluKDpJAprQ=", @@ -3301,6 +3364,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 66784, "network.bytes": 1776, "network.community_id": "1:+QA68gzvBX6Rs13KKi5Sm666UiU=", @@ -3347,6 +3411,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 67720, "network.bytes": 1464, "network.community_id": "1:x8E1sBwJRB/brRn7+TWuuDv6Seg=", @@ -3401,6 +3466,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 2, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 68656, "network.bytes": 259510, "network.community_id": "1:kmlKCdqw/+vcFaSeBx9hVkJjnAE=", @@ -3452,6 +3518,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 69807, "network.bytes": 1781, "network.community_id": "1:MlFaFjbkXS6KKyiSbXcNDQJbn8U=", @@ -3507,6 +3574,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 1, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 70741, "network.bytes": 65069, "network.community_id": "1:ZvwQ2j/3ZuFaLSX6WH5V4iy9utU=", @@ -3562,6 +3630,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 15, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 71891, "network.bytes": 60530, "network.community_id": "1:88xKud9UZj+uL0CBL+jvBleTFIk=", @@ -3614,6 +3683,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 230, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 73042, "network.bytes": 11384, "network.community_id": "1:W60ErjE9kT0Dm5xlbB8kttSgelA=", @@ -3672,6 +3742,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 224, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 74194, "network.bytes": 272063, "network.community_id": "1:BbRNTmVcGaqf/baRzluKDpJAprQ=", @@ -3720,6 +3791,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 43, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 75348, "network.bytes": 1791, "network.community_id": "1:0BGh5oABRy6JrttDfTSBw1iBDW4=", @@ -3772,6 +3844,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 253, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 76282, "network.bytes": 18295, "network.community_id": "1:DXSnxcLrDyftjOc5jFhwTKkshsM=", @@ -3821,6 +3894,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 77435, "network.bytes": 1467, "network.community_id": "1:aT1tuR31uByuIcuxfCbs1kvMBMA=", @@ -3875,6 +3949,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 15, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 78373, "network.bytes": 165290, "network.community_id": "1:88xKud9UZj+uL0CBL+jvBleTFIk=", @@ -3924,6 +3999,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 43, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 79525, "network.bytes": 1458, "network.community_id": "1:0BGh5oABRy6JrttDfTSBw1iBDW4=", @@ -3972,6 +4048,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 80461, "network.bytes": 1464, "network.community_id": "1:MlFaFjbkXS6KKyiSbXcNDQJbn8U=", @@ -4022,6 +4099,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 81397, "network.bytes": 1780, "network.community_id": "1:Tx2SSXIplYZjqzTurpvVWc2USh0=", @@ -4070,6 +4148,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 82331, "network.bytes": 1780, "network.community_id": "1:bh7TlqiDrY8ste65CJNAKtfwOT0=", @@ -4118,6 +4197,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 83265, "network.bytes": 1776, "network.community_id": "1:aT1tuR31uByuIcuxfCbs1kvMBMA=", @@ -4164,6 +4244,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 84201, "network.bytes": 1461, "network.community_id": "1:jbQzsE/elxbdsdcfLH3Z+WY7yoA=", @@ -4214,6 +4295,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 85139, "network.bytes": 1781, "network.community_id": "1:5iAZA+PYVbiwpnPFNQCxKlsIp60=", @@ -4269,6 +4351,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 2, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 86073, "network.bytes": 60222, "network.community_id": "1:kmlKCdqw/+vcFaSeBx9hVkJjnAE=", @@ -4324,6 +4407,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 16, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 87223, "network.bytes": 61810, "network.community_id": "1:8Fb+m/uf2rxjkmtxbzg2YY6RXUU=", @@ -4370,6 +4454,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 88374, "network.bytes": 1467, "network.community_id": "1:5iAZA+PYVbiwpnPFNQCxKlsIp60=", @@ -4424,6 +4509,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 16, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 89310, "network.bytes": 136558, "network.community_id": "1:8Fb+m/uf2rxjkmtxbzg2YY6RXUU=", @@ -4475,6 +4561,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 90462, "network.bytes": 1781, "network.community_id": "1:jbQzsE/elxbdsdcfLH3Z+WY7yoA=", @@ -4523,6 +4610,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 91398, "network.bytes": 1781, "network.community_id": "1:x8E1sBwJRB/brRn7+TWuuDv6Seg=", @@ -4569,6 +4657,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 92332, "network.bytes": 1467, "network.community_id": "1:Tx2SSXIplYZjqzTurpvVWc2USh0=", @@ -4623,6 +4712,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 1, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 93268, "network.bytes": 170396, "network.community_id": "1:ZvwQ2j/3ZuFaLSX6WH5V4iy9utU=", @@ -4681,6 +4771,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 230, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 94419, "network.bytes": 171610, "network.community_id": "1:W60ErjE9kT0Dm5xlbB8kttSgelA=", @@ -4736,6 +4827,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 253, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 95572, "network.bytes": 15186, "network.community_id": "1:DXSnxcLrDyftjOc5jFhwTKkshsM=", @@ -4791,6 +4883,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 109, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 96724, "network.bytes": 208416, "network.community_id": "1:LSB085+2dyGfQIXV+wF0qEVVBbM=", @@ -4846,6 +4939,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 97878, "network.bytes": 90977, "network.community_id": "1:kjDd+NEFkosMxZFp790k2Cervw4=", @@ -4901,6 +4995,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 194, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 99041, "network.bytes": 187301, "network.community_id": "1:c/u5Mg/PGR6riBWo0YXGpZWs3cI=", @@ -4953,6 +5048,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 11, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 100195, "network.bytes": 139106, "network.community_id": "1:daatd5jK/QqBAjEYb64ySmXIcOU=", @@ -5008,6 +5104,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 101347, "network.bytes": 1733360, "network.community_id": "1:kjDd+NEFkosMxZFp790k2Cervw4=", @@ -5066,6 +5163,7 @@ "googlecloud.vpcflow.reporter": "SRC", "googlecloud.vpcflow.rtt.ms": 142, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 102512, "network.bytes": 149157, "network.community_id": "1:5AIfpIZXAUHToCeVBhXgBuugIac=", @@ -5118,6 +5216,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 201, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 103665, "network.bytes": 11108, "network.community_id": "1:dMHgvk8guroE0eXkr19X6xQ6X24=", @@ -5173,6 +5272,7 @@ "googlecloud.vpcflow.reporter": "DEST", "googlecloud.vpcflow.rtt.ms": 109, "input.type": "log", + "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 104817, "network.bytes": 67337, "network.community_id": "1:LSB085+2dyGfQIXV+wF0qEVVBbM=",