JSON Metric Ingestion

Input	Mapping	Output
{ "network":{ "type":"ipv6", "direction":"inbound-XYZ", "iana_number":41 }, "newnetwork":{ "type":"ip", "direction":"ABC-outbound", "iana_number":6 }, "error":{ "code":"process has exited. inode=0, tcp_state=TIME-WAIT" }, "user":{ "name":"root", "full_name":"root", "id":"0" }, "source":{ "ip":"10.106.125.152", "port":22 }, "destination":{ "ip":"127.0.0.1", "port":2282 }, "service":{ "type":"system" }, "event":{ "duration":17345372, "dataset":"system.socket", "module":"system" }, "tags":[ "vm_i_raw_event" ], "ecs":{ "version":"1.6.0" }, "host":{ "architecture":"x86_64", "os":{ "name":"Red Hat Enterprise Linux Server", "family":"redhat", "platform":"rhel", "version":"7.9 (Maipo)", "codename":"Maipo", "kernel":"3.10.0-1160.6.1.el7.x86_64" }, "containerized":false, "name":"vl-vm-ic762", "id":"d69e0181566b99b60326991cad162e19", "ip":[ "10.247.152.27", "fe80::f816:3eff:fe63:615f" ], "mac":[ "fa:16:3e:63:61:5f" ], "hostname":"vl-vm-ic762" }, "@timestamp":"2021-02-10T00:02:42.705Z", "metricset":{ "period":300000, "name":"socket" }, "agent":{ "name":"vl-vm-ic762", "type":"metricbeat", "ephemeral_id":"64506ba5-3ea9-4a76-a0d9-7b1d369cc807", "id":"705840f2-3674-4c2e-9a70-081042d34ee1", "version":"7.10.0", "hostname":"vl-vm-ic762" }, "@version":"1", "system":{ "socket":{ "remote":{ "ip":"127.0.0.1", "port":34086 }, "local":{ "ip":"127.0.0.1", "port":2282 } } } }	{ "metricType": "$.agent.type", "instance": "$.agent.name", "properties.entityName": "$.network[?(@.direction =~ /^.inbound-.$/i)].direction", "properties.entityType": "$.network[?(@.type == 'ipv6')].type", "processedTimestamp": "$.@timestamp", "metrics": "$.metricset", "type": "KafkaCollector-One", "properties.dataSource": "$.source.ip", "properties.deviceName": "$.newnetwork[?(@.direction =~ /^.-outbound.$/i)].direction", "timestamp": "$.@timestamp", "properties.deviceType": "$.newnetwork[?(@.type =~ /^.ip.$/i)].type", "tags": "$.tags" }	{ "instance":"vl-vm-ic762", "metricType":"metricbeat", "timestamp":1612895562705, "processedTimestamp":1612895562705, "type":"KafkaCollector-One", "metrics":{ "period":300000.0 }, "properties":{ "deviceType":"ip", "entityName":"inbound-XYZ", "entityType":"ipv6", "dataSource":"10.106.125.152", "deviceName":"ABC-outbound" }, "tags":{ } }

Input

Mapping

Output

{
 "network":{
 "type":"ipv6",
 "direction":"inbound-XYZ",
 "iana_number":41
 },
 "newnetwork":{
 "type":"ip",
 "direction":"ABC-outbound",
 "iana_number":6
 },
 "error":{
 "code":"process has exited. inode=0, tcp_state=TIME-WAIT"
 },
 "user":{
 "name":"root",
 "full_name":"root",
 "id":"0"
 },
 "source":{
 "ip":"10.106.125.152",
 "port":22
 },
 "destination":{
 "ip":"127.0.0.1",
 "port":2282
 },
 "service":{
 "type":"system"
 },
 "event":{
 "duration":17345372,
 "dataset":"system.socket",
 "module":"system"
 },
 "tags":[
 "vm_i_raw_event"
 ],
 "ecs":{
 "version":"1.6.0"
 },
 "host":{
 "architecture":"x86_64",
 "os":{
 "name":"Red Hat Enterprise Linux Server",
 "family":"redhat",
 "platform":"rhel",
 "version":"7.9 (Maipo)",
 "codename":"Maipo",
 "kernel":"3.10.0-1160.6.1.el7.x86_64"
 },
 "containerized":false,
 "name":"vl-vm-ic762",
 "id":"d69e0181566b99b60326991cad162e19",
 "ip":[
 "10.247.152.27",
 "fe80::f816:3eff:fe63:615f"
 ],
 "mac":[
 "fa:16:3e:63:61:5f"
 ],
 "hostname":"vl-vm-ic762"
 },
 "@timestamp":"2021-02-10T00:02:42.705Z",
 "metricset":{
 "period":300000,
 "name":"socket"
 },
 "agent":{
 "name":"vl-vm-ic762",
 "type":"metricbeat",
 "ephemeral_id":"64506ba5-3ea9-4a76-a0d9-7b1d369cc807",
 "id":"705840f2-3674-4c2e-9a70-081042d34ee1",
 "version":"7.10.0",
 "hostname":"vl-vm-ic762"
 },
 "@version":"1",
 "system":{
 "socket":{
 "remote":{
 "ip":"127.0.0.1",
 "port":34086
 },
 "local":{
 "ip":"127.0.0.1",
 "port":2282
 }
 }
 }
}

{
    "metricType": "$.agent.type",
    "instance": "$.agent.name",
    "properties.entityName": "$.network[?(@.direction =~ /^.*inbound-.*$/i)].direction",
    "properties.entityType": "$.network[?(@.type == 'ipv6')].type",
    "processedTimestamp": "$.@timestamp",
    "metrics": "$.metricset",
    "type": "KafkaCollector-One",
    "properties.dataSource": "$.source.ip",
    "properties.deviceName": "$.newnetwork[?(@.direction =~ /^.*-outbound.*$/i)].direction",
    "timestamp": "$.@timestamp",
    "properties.deviceType": "$.newnetwork[?(@.type =~ /^.*ip.*$/i)].type",
    "tags": "$.tags"
}

{
 "instance":"vl-vm-ic762",
 "metricType":"metricbeat",
 "timestamp":1612895562705,
 "processedTimestamp":1612895562705,
 "type":"KafkaCollector-One",
 "metrics":{
 "period":300000.0
 },
 "properties":{
 "deviceType":"ip",
 "entityName":"inbound-XYZ",
 "entityType":"ipv6",
 "dataSource":"10.106.125.152",
 "deviceName":"ABC-outbound"
 },
 "tags":{
 
 }
}