search

deviantony / docker-elk

The Elastic stack (ELK) powered by Docker and Compose.
MIT License
17.09k stars 6.75k forks source link

Logstash exits with error code 0 after configuring setting the `output.elasticsearch.index` option #629

Closed divyankgarg closed 2 years ago

divyankgarg commented 2 years ago

logstash config file: 

input {
    beats {
        port => 5044
    }

    tcp {
        port => 5000
    }
}

## Add your filters / logstash plugins configuration here

output {
    elasticsearch {
        hosts => "elasticsearch:9200"
        user => "elastic"
        password => "changeme"
        ecs_compatibility => disabled
        index => 'hello-trial"
    }
}

docker-compose.yaml file:

version: '3.2'

services:
  elasticsearch:
    build:
      context: elasticsearch/
      args:
        ELK_VERSION: $ELK_VERSION
    volumes:
      - type: bind
        source: ./elasticsearch/config/elasticsearch.yml
        target: /usr/share/elasticsearch/config/elasticsearch.yml
        read_only: true
      - type: volume
        source: elasticsearch
        target: /usr/share/elasticsearch/data
    ports:
      - "9200:9200"
      - "9300:9300"
    environment:
      ES_JAVA_OPTS: "-Xmx256m -Xms256m"
      ELASTIC_PASSWORD: changeme
      # Use single node discovery in order to disable production mode and avoid bootstrap checks.
      # see: https://www.elastic.co/guide/en/elasticsearch/reference/current/bootstrap-checks.html
      discovery.type: single-node
    networks:
      - elk

  logstash:
    build:
      context: logstash/
      args:
        ELK_VERSION: $ELK_VERSION
    volumes:
      - type: bind
        source: ./logstash/config/logstash.yml
        target: /usr/share/logstash/config/logstash.yml
        read_only: true
      - type: bind
        source: ./logstash/pipeline
        target: /usr/share/logstash/pipeline
        read_only: true
    ports:
      - "5044:5044"
      - "5000:5000/tcp"
      - "5000:5000/udp"
      - "9600:9600"
    environment:
      LS_JAVA_OPTS: "-Xmx256m -Xms256m"
    networks:
      - elk
    depends_on:
      - elasticsearch

  kibana:
    build:
      context: kibana/
      args:
        ELK_VERSION: $ELK_VERSION
    volumes:
      - type: bind
        source: ./kibana/config/kibana.yml
        target: /usr/share/kibana/config/kibana.yml
        read_only: true
    ports:
      - "5601:5601"
    networks:
      - elk
    depends_on:
      - elasticsearch

networks:
  elk:
    driver: bridge

volumes:
  elasticsearch:

Issue: Logstasg getting shut down with exit 0. How to resolve this isuue?

divyankgarg commented 2 years ago

My Log dile

Attaching to docker-elk_kibana_1, docker-elk_logstash_1, docker-elk_elasticsearch_1
elasticsearch_1  | Created elasticsearch keystore in /usr/share/elasticsearch/config/elasticsearch.keystore
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:03,852Z", "level": "INFO", "component": "o.e.n.Node", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "version[7.15.0], pid[7], build[default/docker/79d65f6e357953a5b3cbcc5e2c7c21073d89aa29/2021-09-16T03:05:29.143308416Z], OS[Linux/5.10.25-linuxkit/amd64], JVM[Eclipse Foundation/OpenJDK 64-Bit Server VM/16.0.2/16.0.2+7]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:03,856Z", "level": "INFO", "component": "o.e.n.Node", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "JVM home [/usr/share/elasticsearch/jdk], using bundled JDK [true]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:03,857Z", "level": "INFO", "component": "o.e.n.Node", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "JVM arguments [-Xshare:auto, -Des.networkaddress.cache.ttl=60, -Des.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, --add-opens=java.base/java.io=ALL-UNNAMED, -XX:+UseG1GC, -Djava.io.tmpdir=/tmp/elasticsearch-3745594401413488662, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=logs/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Des.cgroups.hierarchy.override=/, -Xmx256m, -Xms256m, -XX:MaxDirectMemorySize=134217728, -XX:G1HeapRegionSize=4m, -XX:InitiatingHeapOccupancyPercent=30, -XX:G1ReservePercent=15, -Des.path.home=/usr/share/elasticsearch, -Des.path.conf=/usr/share/elasticsearch/config, -Des.distribution.flavor=default, -Des.distribution.type=docker, -Des.bundled_jdk=true]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,406Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [aggs-matrix-stats]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,407Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [analysis-common]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,407Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [constant-keyword]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,408Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [frozen-indices]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,408Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [ingest-common]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,409Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [ingest-geoip]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,409Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [ingest-user-agent]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,409Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [kibana]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,409Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [lang-expression]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,410Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [lang-mustache]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,410Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [lang-painless]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,410Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [mapper-extras]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,411Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [mapper-version]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,411Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [parent-join]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,412Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [percolator]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,413Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [rank-eval]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,413Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [reindex]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,415Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [repositories-metering-api]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,415Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [repository-encrypted]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,416Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [repository-url]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,416Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [runtime-fields-common]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,417Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [search-business-rules]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,417Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [searchable-snapshots]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,418Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [snapshot-repo-test-kit]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,419Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [spatial]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,419Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [transform]" }
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:12+00:00","tags":["info","plugins-service"],"pid":1219,"message":"Plugin \"metricsEntities\" is disabled."}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:12+00:00","tags":["info","http","server","Preboot"],"pid":1219,"message":"http server running at http://0.0.0.0:5601"}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:12+00:00","tags":["warning","config","deprecation"],"pid":1219,"message":"Setting [elasticsearch.username] to \"elastic\" is deprecated. You should use the \"kibana_system\" user instead."}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:12+00:00","tags":["warning","config","deprecation"],"pid":1219,"message":"plugins.scanDirs is deprecated and is no longer used"}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:12+00:00","tags":["warning","config","deprecation"],"pid":1219,"message":"Config key [monitoring.cluster_alerts.email_notifications.email_address] will be required for email notifications to work in 8.0.\""}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:12+00:00","tags":["warning","config","deprecation"],"pid":1219,"message":"Setting [monitoring.username] to \"elastic\" is deprecated. You should use the \"kibana_system\" user instead."}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:12+00:00","tags":["warning","config","deprecation"],"pid":1219,"message":"\"xpack.reporting.roles\" is deprecated. Granting reporting privilege through a \"reporting_user\" role will not be supported starting in 8.0. Please set \"xpack.reporting.roles.enabled\" to \"false\" and grant reporting privileges to users using Kibana application privileges **Management > Security > Roles**."}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:12+00:00","tags":["warning","config","deprecation"],"pid":1219,"message":"Session idle timeout (\"xpack.security.session.idleTimeout\") will be set to 1 hour by default in the next major version (8.0)."}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:12+00:00","tags":["warning","config","deprecation"],"pid":1219,"message":"Session lifespan (\"xpack.security.session.lifespan\") will be set to 30 days by default in the next major version (8.0)."}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:12+00:00","tags":["info","plugins-system","standard"],"pid":1219,"message":"Setting up [113] plugins: [translations,licensing,globalSearch,globalSearchProviders,banners,licenseApiGuard,code,usageCollection,xpackLegacy,taskManager,telemetryCollectionManager,telemetryCollectionXpack,kibanaUsageCollection,securityOss,share,screenshotMode,telemetry,newsfeed,mapsEms,mapsLegacy,legacyExport,kibanaLegacy,embeddable,uiActionsEnhanced,fieldFormats,expressions,charts,esUiShared,bfetch,data,savedObjects,visualizations,visTypeXy,visTypeVislib,visTypeTimelion,features,visTypeTagcloud,visTypeTable,visTypePie,visTypeMetric,visTypeMarkdown,tileMap,regionMap,presentationUtil,expressionShape,expressionRevealImage,expressionRepeatImage,expressionMetric,expressionImage,timelion,indexPatternFieldEditor,home,searchprofiler,painlessLab,grokdebugger,graph,visTypeVega,management,watcher,licenseManagement,indexPatternManagement,advancedSettings,discover,discoverEnhanced,dashboard,dashboardEnhanced,visualize,visTypeTimeseries,savedObjectsManagement,spaces,security,transform,savedObjectsTagging,lens,reporting,canvas,lists,ingestPipelines,fileUpload,maps,dataVisualizer,encryptedSavedObjects,dataEnhanced,dashboardMode,cloud,snapshotRestore,fleet,indexManagement,rollup,remoteClusters,crossClusterReplication,indexLifecycleManagement,eventLog,actions,alerting,triggersActionsUi,stackAlerts,ruleRegistry,osquery,ml,cases,timelines,securitySolution,observability,uptime,infra,upgradeAssistant,monitoring,logstash,enterpriseSearch,console,apmOss,apm]"}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:12+00:00","tags":["info","plugins","taskManager"],"pid":1219,"message":"TaskManager is identified by the Kibana UUID: 34b44c2b-32c9-48f5-b763-3b6e93415b36"}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:12+00:00","tags":["warning","plugins","security","config"],"pid":1219,"message":"Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:12+00:00","tags":["warning","plugins","security","config"],"pid":1219,"message":"Session cookies will be transmitted over insecure connections. This is not recommended."}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:12+00:00","tags":["warning","plugins","reporting","config"],"pid":1219,"message":"Generating a random key for xpack.reporting.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.reporting.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:12+00:00","tags":["warning","plugins","reporting","config"],"pid":1219,"message":"Chromium sandbox provides an additional layer of protection, but is not supported for Linux CentOS 8.4.2105\n OS. Automatically setting 'xpack.reporting.capture.browser.chromium.disableSandbox: true'."}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:12+00:00","tags":["warning","plugins","encryptedSavedObjects"],"pid":1219,"message":"Saved objects encryption key is not set. This will severely limit Kibana functionality. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:13+00:00","tags":["warning","plugins","actions"],"pid":1219,"message":"APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,420Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [transport-netty4]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,420Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [unsigned-long]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,421Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [vector-tile]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,421Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [vectors]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,422Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [wildcard]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,423Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [x-pack-aggregate-metric]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,423Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [x-pack-analytics]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,424Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [x-pack-async]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,425Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [x-pack-async-search]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,425Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [x-pack-autoscaling]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,426Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [x-pack-ccr]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,426Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [x-pack-core]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,426Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [x-pack-data-streams]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,427Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [x-pack-deprecation]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,427Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [x-pack-enrich]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,427Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [x-pack-eql]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,428Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [x-pack-fleet]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,428Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [x-pack-graph]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,429Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [x-pack-identity-provider]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,429Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [x-pack-ilm]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,429Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [x-pack-logstash]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,430Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [x-pack-ml]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,430Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [x-pack-monitoring]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,431Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [x-pack-ql]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,432Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [x-pack-rollup]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,433Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [x-pack-security]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,434Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [x-pack-shutdown]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,435Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [x-pack-sql]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,435Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [x-pack-stack]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,436Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [x-pack-text-structure]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,436Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [x-pack-voting-only-node]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,436Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "loaded module [x-pack-watcher]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,437Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "no plugins loaded" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,489Z", "level": "INFO", "component": "o.e.e.NodeEnvironment", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "using [1] data paths, mounts [[/usr/share/elasticsearch/data (/dev/vda1)]], net usable_space [45.4gb], net total_space [58.4gb], types [ext4]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,490Z", "level": "INFO", "component": "o.e.e.NodeEnvironment", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "heap size [256mb], compressed ordinary object pointers [true]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:06,517Z", "level": "INFO", "component": "o.e.n.Node", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "node name [2437952bdb35], node ID [w5mBuGKUSk6684K6TE_hxg], cluster name [docker-cluster], roles [transform, data_frozen, master, remote_cluster_client, data, ml, data_content, data_hot, data_warm, data_cold, ingest]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:12,799Z", "level": "INFO", "component": "o.e.x.m.p.l.CppLogMessageHandler", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "[controller/507] [Main.cc@122] controller (64 bit): Version 7.15.0 (Build d0ab43b6c551f8) Copyright (c) 2021 Elasticsearch BV" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:13,419Z", "level": "INFO", "component": "o.e.x.s.a.Realms", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "license mode is [trial], currently licensed security realms are [reserved/reserved,file/default_file,native/default_native]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:13,429Z", "level": "INFO", "component": "o.e.x.s.a.s.FileRolesStore", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "parsed [0] roles from file [/usr/share/elasticsearch/config/roles.yml]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:14,577Z", "level": "INFO", "component": "o.e.i.g.LocalDatabases", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "initialized default databases [[GeoLite2-Country.mmdb, GeoLite2-City.mmdb, GeoLite2-ASN.mmdb]], config databases [[]] and watching [/usr/share/elasticsearch/config/ingest-geoip] for changes" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:14,580Z", "level": "INFO", "component": "o.e.i.g.DatabaseRegistry", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "initialized database registry, using geoip-databases directory [/tmp/elasticsearch-3745594401413488662/geoip-databases/w5mBuGKUSk6684K6TE_hxg]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:15,436Z", "level": "INFO", "component": "o.e.t.NettyAllocator", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "creating NettyAllocator with the following configs: [name=unpooled, suggested_max_allocation_size=1mb, factors={es.unsafe.use_unpooled_allocator=null, g1gc_enabled=true, g1gc_region_size=4mb, heap_size=256mb}]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:15,524Z", "level": "INFO", "component": "o.e.d.DiscoveryModule", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "using discovery type [single-node] and seed hosts providers [settings]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:16,074Z", "level": "INFO", "component": "o.e.g.DanglingIndicesState", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:16,680Z", "level": "INFO", "component": "o.e.n.Node", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "initialized" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:16,680Z", "level": "INFO", "component": "o.e.n.Node", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "starting ..." }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:16,694Z", "level": "INFO", "component": "o.e.x.s.c.f.PersistentCache", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "persistent cache index loaded" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:16,824Z", "level": "INFO", "component": "o.e.t.TransportService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "publish_address {172.24.0.2:9300}, bound_addresses {0.0.0.0:9300}" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:16,955Z", "level": "INFO", "component": "o.e.c.c.Coordinator", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "setting initial configuration to VotingConfiguration{w5mBuGKUSk6684K6TE_hxg}" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:17,198Z", "level": "INFO", "component": "o.e.c.s.MasterService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "elected-as-master ([1] nodes joined)[{2437952bdb35}{w5mBuGKUSk6684K6TE_hxg}{Bj2nk-HORHe5iKh9QZiCog}{172.24.0.2}{172.24.0.2:9300}{cdfhilmrstw} elect leader, _BECOME_MASTER_TASK_, _FINISH_ELECTION_], term: 1, version: 1, delta: master node changed {previous [], current [{2437952bdb35}{w5mBuGKUSk6684K6TE_hxg}{Bj2nk-HORHe5iKh9QZiCog}{172.24.0.2}{172.24.0.2:9300}{cdfhilmrstw}]}" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:17,251Z", "level": "INFO", "component": "o.e.c.c.CoordinationState", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "cluster UUID set to [WfkV7-dQR0iKeqz96A2Wxg]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:17,286Z", "level": "INFO", "component": "o.e.c.s.ClusterApplierService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "master node changed {previous [], current [{2437952bdb35}{w5mBuGKUSk6684K6TE_hxg}{Bj2nk-HORHe5iKh9QZiCog}{172.24.0.2}{172.24.0.2:9300}{cdfhilmrstw}]}, term: 1, version: 1, reason: Publication{term=1, version=1}" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:17,382Z", "level": "INFO", "component": "o.e.h.AbstractHttpServerTransport", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "publish_address {172.24.0.2:9200}, bound_addresses {0.0.0.0:9200}", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:17,382Z", "level": "INFO", "component": "o.e.n.Node", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "started", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:17,551Z", "level": "INFO", "component": "o.e.g.GatewayService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "recovered [0] indices into cluster_state", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:18,066Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "adding index template [.ml-notifications-000002] for index patterns [.ml-notifications-000002]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:18,202Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "adding index template [.ml-anomalies-] for index patterns [.ml-anomalies-*]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:18,303Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "adding index template [.ml-stats] for index patterns [.ml-stats-*]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:13+00:00","tags":["warning","plugins","alerting"],"pid":1219,"message":"APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:13+00:00","tags":["info","plugins","ruleRegistry"],"pid":1219,"message":"Write is disabled; not installing common resources shared between all indices"}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:13+00:00","tags":["info","plugins","ruleRegistry"],"pid":1219,"message":"Write is disabled; not installing resources for index .alerts-observability.uptime.alerts"}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:13+00:00","tags":["info","plugins","ruleRegistry"],"pid":1219,"message":"Write is disabled; not installing resources for index .alerts-observability.logs.alerts"}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:13+00:00","tags":["info","plugins","ruleRegistry"],"pid":1219,"message":"Write is disabled; not installing resources for index .alerts-observability.metrics.alerts"}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:13+00:00","tags":["info","plugins","ruleRegistry"],"pid":1219,"message":"Write is disabled; not installing resources for index .alerts-observability.apm.alerts"}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:13+00:00","tags":["info","savedobjects-service"],"pid":1219,"message":"Waiting until all Elasticsearch nodes are compatible with Kibana before starting saved objects migrations..."}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:14+00:00","tags":["error","savedobjects-service"],"pid":1219,"message":"Unable to retrieve version information from Elasticsearch nodes. connect ECONNREFUSED 172.24.0.2:9200"}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:19+00:00","tags":["info","savedobjects-service"],"pid":1219,"message":"Starting saved objects migrations"}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:20+00:00","tags":["info","savedobjects-service"],"pid":1219,"message":"[.kibana] INIT -> CREATE_NEW_TARGET. took: 109ms."}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:20+00:00","tags":["info","savedobjects-service"],"pid":1219,"message":"[.kibana_task_manager] INIT -> CREATE_NEW_TARGET. took: 147ms."}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:20+00:00","tags":["info","savedobjects-service"],"pid":1219,"message":"[.kibana_task_manager] CREATE_NEW_TARGET -> MARK_VERSION_INDEX_READY. took: 610ms."}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:20+00:00","tags":["info","savedobjects-service"],"pid":1219,"message":"[.kibana] CREATE_NEW_TARGET -> MARK_VERSION_INDEX_READY. took: 659ms."}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:20+00:00","tags":["info","savedobjects-service"],"pid":1219,"message":"[.kibana] MARK_VERSION_INDEX_READY -> DONE. took: 198ms."}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:20+00:00","tags":["info","savedobjects-service"],"pid":1219,"message":"[.kibana] Migration completed after 967ms"}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:21+00:00","tags":["info","savedobjects-service"],"pid":1219,"message":"[.kibana_task_manager] MARK_VERSION_INDEX_READY -> DONE. took: 306ms."}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:21+00:00","tags":["info","savedobjects-service"],"pid":1219,"message":"[.kibana_task_manager] Migration completed after 1064ms"}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:21+00:00","tags":["info","plugins-system","standard"],"pid":1219,"message":"Starting [113] plugins: [translations,licensing,globalSearch,globalSearchProviders,banners,licenseApiGuard,code,usageCollection,xpackLegacy,taskManager,telemetryCollectionManager,telemetryCollectionXpack,kibanaUsageCollection,securityOss,share,screenshotMode,telemetry,newsfeed,mapsEms,mapsLegacy,legacyExport,kibanaLegacy,embeddable,uiActionsEnhanced,fieldFormats,expressions,charts,esUiShared,bfetch,data,savedObjects,visualizations,visTypeXy,visTypeVislib,visTypeTimelion,features,visTypeTagcloud,visTypeTable,visTypePie,visTypeMetric,visTypeMarkdown,tileMap,regionMap,presentationUtil,expressionShape,expressionRevealImage,expressionRepeatImage,expressionMetric,expressionImage,timelion,indexPatternFieldEditor,home,searchprofiler,painlessLab,grokdebugger,graph,visTypeVega,management,watcher,licenseManagement,indexPatternManagement,advancedSettings,discover,discoverEnhanced,dashboard,dashboardEnhanced,visualize,visTypeTimeseries,savedObjectsManagement,spaces,security,transform,savedObjectsTagging,lens,reporting,canvas,lists,ingestPipelines,fileUpload,maps,dataVisualizer,encryptedSavedObjects,dataEnhanced,dashboardMode,cloud,snapshotRestore,fleet,indexManagement,rollup,remoteClusters,crossClusterReplication,indexLifecycleManagement,eventLog,actions,alerting,triggersActionsUi,stackAlerts,ruleRegistry,osquery,ml,cases,timelines,securitySolution,observability,uptime,infra,upgradeAssistant,monitoring,logstash,enterpriseSearch,console,apmOss,apm]"}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:21+00:00","tags":["info","plugins","monitoring","monitoring"],"pid":1219,"message":"config sourced from: production cluster"}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:24+00:00","tags":["info","http","server","Kibana"],"pid":1219,"message":"http server running at http://0.0.0.0:5601"}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:24+00:00","tags":["info","plugins","monitoring","monitoring","kibana-monitoring"],"pid":1219,"message":"Starting monitoring stats collection"}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:26+00:00","tags":["info","status"],"pid":1219,"message":"Kibana is now degraded"}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:26+00:00","tags":["info","plugins","reporting"],"pid":1219,"message":"Browser executable: /usr/share/kibana/x-pack/plugins/reporting/chromium/headless_shell-linux_x64/headless_shell"}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:26+00:00","tags":["warning","plugins","reporting"],"pid":1219,"message":"Enabling the Chromium sandbox provides an additional layer of protection."}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:26+00:00","tags":["info","plugins","reporting","store"],"pid":1219,"message":"Creating ILM policy for managing reporting indices: kibana-reporting"}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:29+00:00","tags":["info","plugins","securitySolution"],"pid":1219,"message":"Dependent plugin setup complete - Starting ManifestTask"}
kibana_1         | {"type":"log","@timestamp":"2021-10-19T14:29:34+00:00","tags":["info","status"],"pid":1219,"message":"Kibana is now available (was degraded)"}
kibana_1         | {"type":"response","@timestamp":"2021-10-19T14:30:17+00:00","tags":[],"pid":1219,"method":"post","statusCode":401,"req":{"url":"/api/ui_counters/_report","method":"post","headers":{"host":"localhost:5601","connection":"keep-alive","content-length":"167","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","content-type":"application/json","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","kbn-version":"7.15.0","kbn-system-request":"true","sec-ch-ua-platform":"\"macOS\"","accept":"*/*","origin":"http://localhost:5601","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"http://localhost:5601/app/management/kibana/indexPatterns","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"172.24.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/app/management/kibana/indexPatterns"},"res":{"statusCode":401,"responseTime":43,"contentLength":66},"message":"POST /api/ui_counters/_report 401 43ms - 66.0B"}
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:18,364Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "adding index template [.ml-state] for index patterns [.ml-state*]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:18,437Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "adding component template [data-streams-mappings]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:18,494Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "adding component template [logs-mappings]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:18,554Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "adding component template [logs-settings]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:18,604Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "adding component template [metrics-mappings]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:18,646Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "adding component template [synthetics-mappings]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:18,686Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "adding component template [synthetics-settings]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:18,733Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "adding component template [metrics-settings]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:18,879Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "adding index template [.watch-history-13] for index patterns [.watcher-history-13*]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:18,988Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "adding index template [ilm-history] for index patterns [ilm-history-5*]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:19,077Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "adding component template [.deprecation-indexing-settings]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:19,149Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "adding index template [.slm-history] for index patterns [.slm-history-5*]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:19,223Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "adding component template [.deprecation-indexing-mappings]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:19,294Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "adding template [.monitoring-alerts-7] for index patterns [.monitoring-alerts-7]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:19,408Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "adding template [.monitoring-es] for index patterns [.monitoring-es-7-*]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:19,555Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "adding template [.monitoring-kibana] for index patterns [.monitoring-kibana-7-*]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:19,617Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "adding template [.monitoring-logstash] for index patterns [.monitoring-logstash-7-*]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:19,755Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "adding template [.monitoring-beats] for index patterns [.monitoring-beats-7-*]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:19,847Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "adding index template [logs] for index patterns [logs-*-*]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:19,922Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "adding index template [synthetics] for index patterns [synthetics-*-*]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:20,038Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "adding index template [metrics] for index patterns [metrics-*-*]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:20,134Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "adding index template [.deprecation-indexing-template] for index patterns [.logs-deprecation.*]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:20,253Z", "level": "INFO", "component": "o.e.c.m.MetadataCreateIndexService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "[.kibana_7.15.0_001] creating index, cause [api], templates [], shards [1]/[1]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:20,264Z", "level": "INFO", "component": "o.e.c.r.a.AllocationService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "updating number_of_replicas to [0] for indices [.kibana_7.15.0_001]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:20,485Z", "level": "INFO", "component": "o.e.c.m.MetadataCreateIndexService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "[.kibana_task_manager_7.15.0_001] creating index, cause [api], templates [], shards [1]/[1]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:20,487Z", "level": "INFO", "component": "o.e.c.r.a.AllocationService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "updating number_of_replicas to [0] for indices [.kibana_task_manager_7.15.0_001]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:20,570Z", "level": "INFO", "component": "o.e.x.i.a.TransportPutLifecycleAction", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "adding index lifecycle policy [ml-size-based-ilm-policy]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:20,681Z", "level": "INFO", "component": "o.e.c.r.a.AllocationService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.kibana_task_manager_7.15.0_001][0], [.kibana_7.15.0_001][0]]]).", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:20,754Z", "level": "INFO", "component": "o.e.x.i.a.TransportPutLifecycleAction", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "adding index lifecycle policy [synthetics]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:20,827Z", "level": "INFO", "component": "o.e.x.i.a.TransportPutLifecycleAction", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "adding index lifecycle policy [logs]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:21,055Z", "level": "INFO", "component": "o.e.x.i.a.TransportPutLifecycleAction", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "adding index lifecycle policy [metrics]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:21,140Z", "level": "INFO", "component": "o.e.x.i.a.TransportPutLifecycleAction", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "adding index lifecycle policy [watch-history-ilm-policy]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:21,253Z", "level": "INFO", "component": "o.e.x.i.a.TransportPutLifecycleAction", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "adding index lifecycle policy [slm-history-ilm-policy]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:21,300Z", "level": "INFO", "component": "o.e.x.i.a.TransportPutLifecycleAction", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "adding index lifecycle policy [.deprecation-indexing-ilm-policy]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:21,356Z", "level": "INFO", "component": "o.e.x.i.a.TransportPutLifecycleAction", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "adding index lifecycle policy [.fleet-actions-results-ilm-policy]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:21,431Z", "level": "INFO", "component": "o.e.x.i.a.TransportPutLifecycleAction", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "adding index lifecycle policy [ilm-history-ilm-policy]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:21,589Z", "level": "INFO", "component": "o.e.i.g.GeoIpDownloader", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "updating geoip databases", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:21,589Z", "level": "INFO", "component": "o.e.i.g.GeoIpDownloader", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "fetching geoip databases overview from [https://geoip.elastic.co/v1/database?elastic_geoip_service_tos=agree]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:21,726Z", "level": "INFO", "component": "o.e.l.LicenseService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "license [1106a908-0a3a-4023-8d9d-afa77e4fd8d6] mode [trial] - valid", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:21,730Z", "level": "INFO", "component": "o.e.x.s.a.Realms", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "license mode is [trial], currently licensed security realms are [reserved/reserved,file/default_file,native/default_native]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:21,741Z", "level": "INFO", "component": "o.e.x.s.s.SecurityStatusChangeListener", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "Active license is now [TRIAL]; Security is enabled", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:23,234Z", "level": "INFO", "component": "o.e.i.g.GeoIpDownloader", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "updating geoip database [GeoLite2-ASN.mmdb]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:24,322Z", "level": "INFO", "component": "o.e.c.m.MetadataCreateIndexService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "[.geoip_databases] creating index, cause [auto(bulk api)], templates [], shards [1]/[0]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:24,533Z", "level": "INFO", "component": "o.e.c.r.a.AllocationService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.geoip_databases][0]]]).", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
kibana_1         | {"type":"response","@timestamp":"2021-10-19T14:30:17+00:00","tags":[],"pid":1219,"method":"get","statusCode":200,"req":{"url":"/logout?msg=SESSION_EXPIRED&next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns","method":"get","headers":{"host":"localhost:5601","connection":"keep-alive","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","sec-ch-ua-mobile":"?0","sec-ch-ua-platform":"\"macOS\"","upgrade-insecure-requests":"1","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","sec-fetch-site":"same-origin","sec-fetch-mode":"navigate","sec-fetch-dest":"document","referer":"http://localhost:5601/app/management/kibana/indexPatterns","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"172.24.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/app/management/kibana/indexPatterns"},"res":{"statusCode":200,"responseTime":70,"contentLength":144300},"message":"GET /logout?msg=SESSION_EXPIRED&next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns 200 70ms - 140.9KB"}
kibana_1         | {"type":"response","@timestamp":"2021-10-19T14:30:17+00:00","tags":["api"],"pid":1219,"method":"get","statusCode":304,"req":{"url":"/bootstrap.js","method":"get","headers":{"host":"localhost:5601","connection":"keep-alive","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","sec-ch-ua-platform":"\"macOS\"","accept":"*/*","sec-fetch-site":"same-origin","sec-fetch-mode":"no-cors","sec-fetch-dest":"script","referer":"http://localhost:5601/logout?msg=SESSION_EXPIRED&next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"c680dc6a6f3302019961f6318a1ee5b62b10d73c-gzip\""},"remoteAddress":"172.24.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/logout?msg=SESSION_EXPIRED&next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns"},"res":{"statusCode":304,"responseTime":8,"contentLength":18451},"message":"GET /bootstrap.js 304 8ms - 18.0KB"}
kibana_1         | {"type":"response","@timestamp":"2021-10-19T14:30:17+00:00","tags":[],"pid":1219,"method":"get","statusCode":304,"req":{"url":"/node_modules/@kbn/ui-framework/dist/kui_light.css","method":"get","headers":{"host":"localhost:5601","connection":"keep-alive","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","sec-ch-ua-platform":"\"macOS\"","accept":"text/css,*/*;q=0.1","sec-fetch-site":"same-origin","sec-fetch-mode":"no-cors","sec-fetch-dest":"style","referer":"http://localhost:5601/logout?msg=SESSION_EXPIRED&next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"47af9b8f6e4640c400d5d0b64bd8c8095c9bbcf5-gzip\"","if-modified-since":"Thu, 16 Sep 2021 02:25:43 GMT"},"remoteAddress":"172.24.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/logout?msg=SESSION_EXPIRED&next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns"},"res":{"statusCode":304,"responseTime":31,"contentLength":205},"message":"GET /node_modules/@kbn/ui-framework/dist/kui_light.css 304 31ms - 205.0B"}
kibana_1         | {"type":"response","@timestamp":"2021-10-19T14:30:17+00:00","tags":[],"pid":1219,"method":"get","statusCode":304,"req":{"url":"/ui/legacy_light_theme.css","method":"get","headers":{"host":"localhost:5601","connection":"keep-alive","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","sec-ch-ua-platform":"\"macOS\"","accept":"text/css,*/*;q=0.1","sec-fetch-site":"same-origin","sec-fetch-mode":"no-cors","sec-fetch-dest":"style","referer":"http://localhost:5601/logout?msg=SESSION_EXPIRED&next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"4345f9a3b9a243edd0b81b913ba1901bce549a2b-gzip\"","if-modified-since":"Thu, 16 Sep 2021 02:25:45 GMT"},"remoteAddress":"172.24.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/logout?msg=SESSION_EXPIRED&next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns"},"res":{"statusCode":304,"responseTime":23,"contentLength":206},"message":"GET /ui/legacy_light_theme.css 304 23ms - 206.0B"}
kibana_1         | {"type":"response","@timestamp":"2021-10-19T14:30:18+00:00","tags":[],"pid":1219,"method":"get","statusCode":304,"req":{"url":"/translations/en.json","method":"get","headers":{"host":"localhost:5601","connection":"keep-alive","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","sec-ch-ua-platform":"\"macOS\"","accept":"*/*","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"http://localhost:5601/logout?msg=SESSION_EXPIRED&next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"37992637719f97813c3068cfbf877b2d3bb43b97\""},"remoteAddress":"172.24.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/logout?msg=SESSION_EXPIRED&next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns"},"res":{"statusCode":304,"responseTime":7,"contentLength":29},"message":"GET /translations/en.json 304 7ms - 29.0B"}
kibana_1         | {"type":"response","@timestamp":"2021-10-19T14:30:18+00:00","tags":[],"pid":1219,"method":"post","statusCode":200,"req":{"url":"/api/core/capabilities?useDefaultCapabilities=true","method":"post","headers":{"host":"localhost:5601","connection":"keep-alive","content-length":"600","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","content-type":"application/json","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","kbn-version":"7.15.0","sec-ch-ua-platform":"\"macOS\"","accept":"*/*","origin":"http://localhost:5601","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"http://localhost:5601/logout?msg=SESSION_EXPIRED&next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"172.24.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/logout?msg=SESSION_EXPIRED&next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns"},"res":{"statusCode":200,"responseTime":29,"contentLength":4910},"message":"POST /api/core/capabilities?useDefaultCapabilities=true 200 29ms - 4.8KB"}
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:24,605Z", "level": "INFO", "component": "o.e.c.m.MetadataCreateIndexService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "[.apm-custom-link] creating index, cause [api], templates [], shards [1]/[1]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:24,626Z", "level": "INFO", "component": "o.e.c.r.a.AllocationService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "updating number_of_replicas to [0] for indices [.apm-custom-link]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:24,784Z", "level": "INFO", "component": "o.e.c.r.a.AllocationService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.apm-custom-link][0]]]).", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:24,848Z", "level": "INFO", "component": "o.e.c.m.MetadataMappingService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "[.kibana_task_manager_7.15.0_001/5gFQuMmAQ_-RWkhUTDOM3Q] update_mapping [_doc]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:24,957Z", "level": "INFO", "component": "o.e.c.m.MetadataCreateIndexService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "[.apm-agent-configuration] creating index, cause [api], templates [], shards [1]/[1]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:24,960Z", "level": "INFO", "component": "o.e.c.r.a.AllocationService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "updating number_of_replicas to [0] for indices [.apm-agent-configuration]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "deprecation.elasticsearch", "timestamp": "2021-10-19T14:29:25,047Z", "level": "DEPRECATION", "component": "o.e.d.r.RestController", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "Legacy index templates are deprecated in favor of composable templates.", "key": "deprecated_route_PUT_/_template/{name}", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:25,202Z", "level": "INFO", "component": "o.e.c.m.MetadataMappingService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "[.kibana_7.15.0_001/vfBkX5IPQMG0B8vd_vmHCQ] update_mapping [_doc]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:25,501Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "adding template [.kibana_security_session_index_template_1] for index patterns [.kibana_security_session_1]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:25,592Z", "level": "INFO", "component": "o.e.c.r.a.AllocationService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.apm-agent-configuration][0]]]).", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:25,932Z", "level": "INFO", "component": "o.e.x.s.s.SecurityIndexManager", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "security index does not exist, creating [.security-7] with alias [.security]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:26,021Z", "level": "INFO", "component": "o.e.c.m.MetadataMappingService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "[.kibana_7.15.0_001/vfBkX5IPQMG0B8vd_vmHCQ] update_mapping [_doc]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:26,449Z", "level": "INFO", "component": "o.e.c.m.MetadataCreateIndexService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "[.security-7] creating index, cause [api], templates [], shards [1]/[0]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:26,684Z", "level": "INFO", "component": "o.e.c.m.MetadataCreateIndexService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "[.kibana_security_session_1] creating index, cause [api], templates [.kibana_security_session_index_template_1], shards [1]/[0]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:26,831Z", "level": "INFO", "component": "o.e.c.r.a.AllocationService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.security-7][0], [.kibana_security_session_1][0]]]).", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:27,264Z", "level": "INFO", "component": "o.e.c.m.MetadataCreateIndexService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "[.watches] creating index, cause [auto(bulk api)], templates [], shards [1]/[0]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "deprecation.elasticsearch", "timestamp": "2021-10-19T14:29:27,323Z", "level": "DEPRECATION", "component": "o.e.d.c.m.MetadataCreateIndexService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "index name [.monitoring-kibana-7-2021.10.19] starts with a dot '.', in the next major version, index names starting with a dot are reserved for hidden indices and system indices", "key": "index_name_starts_with_dot", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:27,333Z", "level": "INFO", "component": "o.e.c.m.MetadataCreateIndexService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "[.monitoring-kibana-7-2021.10.19] creating index, cause [auto(bulk api)], templates [.monitoring-kibana], shards [1]/[0]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:27,472Z", "level": "INFO", "component": "o.e.c.r.a.AllocationService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.watches][0], [.monitoring-kibana-7-2021.10.19][0]]]).", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:27,534Z", "level": "INFO", "component": "o.e.x.w.WatcherService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "reloading watcher, reason [new local watcher shard allocation ids], cancelled [0] queued tasks", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:27,583Z", "level": "INFO", "component": "o.e.c.m.MetadataMappingService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "[.kibana_7.15.0_001/vfBkX5IPQMG0B8vd_vmHCQ] update_mapping [_doc]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:27,627Z", "level": "INFO", "component": "o.e.c.m.MetadataMappingService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "[.watches/1FQipO8QQN6q7hMoNUFFdA] update_mapping [_doc]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:27,853Z", "level": "INFO", "component": "o.e.c.m.MetadataMappingService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "[.watches/1FQipO8QQN6q7hMoNUFFdA] update_mapping [_doc]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:28,091Z", "level": "INFO", "component": "o.e.x.i.a.TransportPutLifecycleAction", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "adding index lifecycle policy [kibana-event-log-policy]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:28,346Z", "level": "INFO", "component": "o.e.c.m.MetadataMappingService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "[.kibana_7.15.0_001/vfBkX5IPQMG0B8vd_vmHCQ] update_mapping [_doc]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:28,576Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "adding template [.kibana-event-log-7.15.0-template] for index patterns [.kibana-event-log-7.15.0-*]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:28,717Z", "level": "INFO", "component": "o.e.c.m.MetadataCreateIndexService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "[.kibana-event-log-7.15.0-000001] creating index, cause [api], templates [.kibana-event-log-7.15.0-template], shards [1]/[1]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:28,725Z", "level": "INFO", "component": "o.e.c.r.a.AllocationService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "updating number_of_replicas to [0] for indices [.kibana-event-log-7.15.0-000001]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:28,851Z", "level": "INFO", "component": "o.e.c.r.a.AllocationService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.kibana-event-log-7.15.0-000001][0]]]).", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "deprecation.elasticsearch", "timestamp": "2021-10-19T14:29:29,072Z", "level": "DEPRECATION", "component": "o.e.d.c.m.IndexNameExpressionResolver", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "this request accesses system indices: [.security-7, .watches], but in a future major version, direct access to system indices will be prevented by default", "key": "open_system_index_access", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:29,146Z", "level": "INFO", "component": "o.e.i.g.DatabaseRegistry", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "downloading geoip database [GeoLite2-ASN.mmdb] to [/tmp/elasticsearch-3745594401413488662/geoip-databases/w5mBuGKUSk6684K6TE_hxg/GeoLite2-ASN.mmdb.tmp.gz]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:29,192Z", "level": "INFO", "component": "o.e.x.i.a.TransportPutLifecycleAction", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "adding index lifecycle policy [kibana-reporting]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:29,199Z", "level": "INFO", "component": "o.e.i.g.GeoIpDownloader", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "updated geoip database [GeoLite2-ASN.mmdb]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:29,205Z", "level": "INFO", "component": "o.e.i.g.GeoIpDownloader", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "updating geoip database [GeoLite2-City.mmdb]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:29,470Z", "level": "INFO", "component": "o.e.x.i.IndexLifecycleTransition", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "moving index [.kibana-event-log-7.15.0-000001] from [null] to [{\"phase\":\"new\",\"action\":\"complete\",\"name\":\"complete\"}] in policy [kibana-event-log-policy]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:29,552Z", "level": "INFO", "component": "o.e.x.i.IndexLifecycleTransition", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "moving index [.kibana-event-log-7.15.0-000001] from [{\"phase\":\"new\",\"action\":\"complete\",\"name\":\"complete\"}] to [{\"phase\":\"hot\",\"action\":\"unfollow\",\"name\":\"branch-check-unfollow-prerequisites\"}] in policy [kibana-event-log-policy]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:29,555Z", "level": "INFO", "component": "o.e.i.g.DatabaseRegistry", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "successfully reloaded changed geoip database file [/tmp/elasticsearch-3745594401413488662/geoip-databases/w5mBuGKUSk6684K6TE_hxg/GeoLite2-ASN.mmdb]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:29,677Z", "level": "INFO", "component": "o.e.x.i.IndexLifecycleTransition", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "moving index [.kibana-event-log-7.15.0-000001] from [{\"phase\":\"hot\",\"action\":\"unfollow\",\"name\":\"branch-check-unfollow-prerequisites\"}] to [{\"phase\":\"hot\",\"action\":\"rollover\",\"name\":\"check-rollover-ready\"}] in policy [kibana-event-log-policy]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:33,150Z", "level": "INFO", "component": "o.e.i.g.DatabaseRegistry", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "downloading geoip database [GeoLite2-City.mmdb] to [/tmp/elasticsearch-3745594401413488662/geoip-databases/w5mBuGKUSk6684K6TE_hxg/GeoLite2-City.mmdb.tmp.gz]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:33,188Z", "level": "INFO", "component": "o.e.i.g.GeoIpDownloader", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "updated geoip database [GeoLite2-City.mmdb]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:33,191Z", "level": "INFO", "component": "o.e.i.g.GeoIpDownloader", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "updating geoip database [GeoLite2-Country.mmdb]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:34,154Z", "level": "INFO", "component": "o.e.i.g.DatabaseRegistry", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "downloading geoip database [GeoLite2-Country.mmdb] to [/tmp/elasticsearch-3745594401413488662/geoip-databases/w5mBuGKUSk6684K6TE_hxg/GeoLite2-Country.mmdb.tmp.gz]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:34,174Z", "level": "INFO", "component": "o.e.i.g.GeoIpDownloader", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "updated geoip database [GeoLite2-Country.mmdb]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:34,250Z", "level": "INFO", "component": "o.e.i.g.DatabaseRegistry", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "successfully reloaded changed geoip database file [/tmp/elasticsearch-3745594401413488662/geoip-databases/w5mBuGKUSk6684K6TE_hxg/GeoLite2-Country.mmdb]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:34,517Z", "level": "INFO", "component": "o.e.c.m.MetadataCreateIndexService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "[.ds-ilm-history-5-2021.10.19-000001] creating index, cause [initialize_data_stream], templates [ilm-history], shards [1]/[0]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:34,528Z", "level": "INFO", "component": "o.e.c.m.MetadataCreateDataStreamService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "adding data stream [ilm-history-5] with write index [.ds-ilm-history-5-2021.10.19-000001], backing indices [], and aliases []", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:34,551Z", "level": "INFO", "component": "o.e.i.g.DatabaseRegistry", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "successfully reloaded changed geoip database file [/tmp/elasticsearch-3745594401413488662/geoip-databases/w5mBuGKUSk6684K6TE_hxg/GeoLite2-City.mmdb]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:34,657Z", "level": "INFO", "component": "o.e.x.i.IndexLifecycleTransition", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "moving index [.ds-ilm-history-5-2021.10.19-000001] from [null] to [{\"phase\":\"new\",\"action\":\"complete\",\"name\":\"complete\"}] in policy [ilm-history-ilm-policy]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:34,773Z", "level": "INFO", "component": "o.e.c.r.a.AllocationService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.ds-ilm-history-5-2021.10.19-000001][0]]]).", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:34,831Z", "level": "INFO", "component": "o.e.x.i.IndexLifecycleTransition", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "moving index [.ds-ilm-history-5-2021.10.19-000001] from [{\"phase\":\"new\",\"action\":\"complete\",\"name\":\"complete\"}] to [{\"phase\":\"hot\",\"action\":\"unfollow\",\"name\":\"branch-check-unfollow-prerequisites\"}] in policy [ilm-history-ilm-policy]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:34,889Z", "level": "INFO", "component": "o.e.x.i.IndexLifecycleTransition", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "moving index [.ds-ilm-history-5-2021.10.19-000001] from [{\"phase\":\"hot\",\"action\":\"unfollow\",\"name\":\"branch-check-unfollow-prerequisites\"}] to [{\"phase\":\"hot\",\"action\":\"rollover\",\"name\":\"check-rollover-ready\"}] in policy [ilm-history-ilm-policy]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:36,847Z", "level": "INFO", "component": "o.e.c.m.MetadataCreateIndexService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "[.monitoring-es-7-2021.10.19] creating index, cause [auto(bulk api)], templates [.monitoring-es], shards [1]/[0]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:29:36,941Z", "level": "INFO", "component": "o.e.c.r.a.AllocationService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.monitoring-es-7-2021.10.19][0]]]).", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:30:28,095Z", "level": "INFO", "component": "o.e.c.m.MetadataCreateIndexService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "[.triggered_watches] creating index, cause [auto(bulk api)], templates [], shards [1]/[1]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:30:28,097Z", "level": "INFO", "component": "o.e.c.r.a.AllocationService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "updating number_of_replicas to [0] for indices [.triggered_watches]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:30:28,145Z", "level": "INFO", "component": "o.e.c.r.a.AllocationService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.triggered_watches][0]]]).", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:30:28,580Z", "level": "INFO", "component": "o.e.c.m.MetadataCreateIndexService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "[.watcher-history-13-2021.10.19] creating index, cause [auto(bulk api)], templates [.watch-history-13], shards [1]/[0]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:30:28,635Z", "level": "INFO", "component": "o.e.x.i.IndexLifecycleTransition", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "moving index [.watcher-history-13-2021.10.19] from [null] to [{\"phase\":\"new\",\"action\":\"complete\",\"name\":\"complete\"}] in policy [watch-history-ilm-policy]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:30:28,675Z", "level": "INFO", "component": "o.e.c.r.a.AllocationService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.watcher-history-13-2021.10.19][0]]]).", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:30:28,757Z", "level": "INFO", "component": "o.e.c.m.MetadataMappingService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "[.watcher-history-13-2021.10.19/wf4UK7NbRi25v--3cfHkfA] update_mapping [_doc]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
kibana_1         | {"type":"response","@timestamp":"2021-10-19T14:30:18+00:00","tags":[],"pid":1219,"method":"get","statusCode":200,"req":{"url":"/api/banners/info","method":"get","headers":{"host":"localhost:5601","connection":"keep-alive","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","content-type":"application/json","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","kbn-version":"7.15.0","sec-ch-ua-platform":"\"macOS\"","accept":"*/*","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"http://localhost:5601/logout?msg=SESSION_EXPIRED&next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"172.24.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/logout?msg=SESSION_EXPIRED&next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns"},"res":{"statusCode":200,"responseTime":10,"contentLength":145},"message":"GET /api/banners/info 200 10ms - 145.0B"}
kibana_1         | {"type":"response","@timestamp":"2021-10-19T14:30:18+00:00","tags":["security:canRedirect","security:authFlow"],"pid":1219,"method":"get","statusCode":302,"req":{"url":"/api/security/logout?msg=SESSION_EXPIRED&next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns","method":"get","headers":{"host":"localhost:5601","connection":"keep-alive","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","sec-ch-ua-mobile":"?0","sec-ch-ua-platform":"\"macOS\"","upgrade-insecure-requests":"1","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","sec-fetch-site":"same-origin","sec-fetch-mode":"navigate","sec-fetch-dest":"document","referer":"http://localhost:5601/logout?msg=SESSION_EXPIRED&next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"172.24.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/logout?msg=SESSION_EXPIRED&next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns"},"res":{"statusCode":302,"responseTime":13},"message":"GET /api/security/logout?msg=SESSION_EXPIRED&next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns 302 13ms"}
kibana_1         | {"type":"response","@timestamp":"2021-10-19T14:30:18+00:00","tags":[],"pid":1219,"method":"get","statusCode":401,"req":{"url":"/api/licensing/info","method":"get","headers":{"host":"localhost:5601","connection":"keep-alive","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","content-type":"application/json","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","kbn-version":"7.15.0","kbn-system-request":"true","sec-ch-ua-platform":"\"macOS\"","accept":"*/*","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"http://localhost:5601/logout?msg=SESSION_EXPIRED&next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"172.24.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/logout?msg=SESSION_EXPIRED&next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns"},"res":{"statusCode":401,"responseTime":75,"contentLength":66},"message":"GET /api/licensing/info 401 75ms - 66.0B"}
kibana_1         | {"type":"response","@timestamp":"2021-10-19T14:30:18+00:00","tags":[],"pid":1219,"method":"get","statusCode":200,"req":{"url":"/login?next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns&msg=SESSION_EXPIRED","method":"get","headers":{"host":"localhost:5601","connection":"keep-alive","upgrade-insecure-requests":"1","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","sec-fetch-site":"same-origin","sec-fetch-mode":"navigate","sec-fetch-dest":"document","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","sec-ch-ua-mobile":"?0","sec-ch-ua-platform":"\"macOS\"","referer":"http://localhost:5601/logout?msg=SESSION_EXPIRED&next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"172.24.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/logout?msg=SESSION_EXPIRED&next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns"},"res":{"statusCode":200,"responseTime":59,"contentLength":144300},"message":"GET /login?next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns&msg=SESSION_EXPIRED 200 59ms - 140.9KB"}
kibana_1         | {"type":"response","@timestamp":"2021-10-19T14:30:18+00:00","tags":[],"pid":1219,"method":"get","statusCode":304,"req":{"url":"/node_modules/@kbn/ui-framework/dist/kui_light.css","method":"get","headers":{"host":"localhost:5601","connection":"keep-alive","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","sec-ch-ua-platform":"\"macOS\"","accept":"text/css,*/*;q=0.1","sec-fetch-site":"same-origin","sec-fetch-mode":"no-cors","sec-fetch-dest":"style","referer":"http://localhost:5601/login?next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns&msg=SESSION_EXPIRED","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"47af9b8f6e4640c400d5d0b64bd8c8095c9bbcf5-gzip\"","if-modified-since":"Thu, 16 Sep 2021 02:25:43 GMT"},"remoteAddress":"172.24.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/login?next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns&msg=SESSION_EXPIRED"},"res":{"statusCode":304,"responseTime":10,"contentLength":205},"message":"GET /node_modules/@kbn/ui-framework/dist/kui_light.css 304 10ms - 205.0B"}
kibana_1         | {"type":"response","@timestamp":"2021-10-19T14:30:18+00:00","tags":["api"],"pid":1219,"method":"get","statusCode":304,"req":{"url":"/bootstrap.js","method":"get","headers":{"host":"localhost:5601","connection":"keep-alive","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","if-none-match":"\"c680dc6a6f3302019961f6318a1ee5b62b10d73c-gzip\"","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","sec-ch-ua-platform":"\"macOS\"","accept":"*/*","sec-fetch-site":"same-origin","sec-fetch-mode":"no-cors","sec-fetch-dest":"script","referer":"http://localhost:5601/login?next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns&msg=SESSION_EXPIRED","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"172.24.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/login?next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns&msg=SESSION_EXPIRED"},"res":{"statusCode":304,"responseTime":9,"contentLength":18451},"message":"GET /bootstrap.js 304 9ms - 18.0KB"}
kibana_1         | {"type":"response","@timestamp":"2021-10-19T14:30:18+00:00","tags":[],"pid":1219,"method":"get","statusCode":304,"req":{"url":"/ui/legacy_light_theme.css","method":"get","headers":{"host":"localhost:5601","connection":"keep-alive","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","sec-ch-ua-platform":"\"macOS\"","accept":"text/css,*/*;q=0.1","sec-fetch-site":"same-origin","sec-fetch-mode":"no-cors","sec-fetch-dest":"style","referer":"http://localhost:5601/login?next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns&msg=SESSION_EXPIRED","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"4345f9a3b9a243edd0b81b913ba1901bce549a2b-gzip\"","if-modified-since":"Thu, 16 Sep 2021 02:25:45 GMT"},"remoteAddress":"172.24.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/login?next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns&msg=SESSION_EXPIRED"},"res":{"statusCode":304,"responseTime":14,"contentLength":206},"message":"GET /ui/legacy_light_theme.css 304 14ms - 206.0B"}
kibana_1         | {"type":"response","@timestamp":"2021-10-19T14:30:19+00:00","tags":[],"pid":1219,"method":"get","statusCode":304,"req":{"url":"/translations/en.json","method":"get","headers":{"host":"localhost:5601","connection":"keep-alive","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","sec-ch-ua-platform":"\"macOS\"","accept":"*/*","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"http://localhost:5601/login?next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns&msg=SESSION_EXPIRED","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"37992637719f97813c3068cfbf877b2d3bb43b97\""},"remoteAddress":"172.24.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/login?next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns&msg=SESSION_EXPIRED"},"res":{"statusCode":304,"responseTime":4,"contentLength":29},"message":"GET /translations/en.json 304 4ms - 29.0B"}
kibana_1         | {"type":"response","@timestamp":"2021-10-19T14:30:19+00:00","tags":[],"pid":1219,"method":"post","statusCode":200,"req":{"url":"/api/core/capabilities?useDefaultCapabilities=true","method":"post","headers":{"host":"localhost:5601","connection":"keep-alive","content-length":"600","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","content-type":"application/json","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","kbn-version":"7.15.0","sec-ch-ua-platform":"\"macOS\"","accept":"*/*","origin":"http://localhost:5601","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"http://localhost:5601/login?next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns&msg=SESSION_EXPIRED","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"172.24.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/login?next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns&msg=SESSION_EXPIRED"},"res":{"statusCode":200,"responseTime":23,"contentLength":4910},"message":"POST /api/core/capabilities?useDefaultCapabilities=true 200 23ms - 4.8KB"}
kibana_1         | {"type":"response","@timestamp":"2021-10-19T14:30:19+00:00","tags":[],"pid":1219,"method":"get","statusCode":200,"req":{"url":"/api/banners/info","method":"get","headers":{"host":"localhost:5601","connection":"keep-alive","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","content-type":"application/json","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","kbn-version":"7.15.0","sec-ch-ua-platform":"\"macOS\"","accept":"*/*","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"http://localhost:5601/login?next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns&msg=SESSION_EXPIRED","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"172.24.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/login?next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns&msg=SESSION_EXPIRED"},"res":{"statusCode":200,"responseTime":4,"contentLength":145},"message":"GET /api/banners/info 200 4ms - 145.0B"}
kibana_1         | {"type":"response","@timestamp":"2021-10-19T14:30:19+00:00","tags":[],"pid":1219,"method":"get","statusCode":200,"req":{"url":"/internal/security/login_state","method":"get","headers":{"host":"localhost:5601","connection":"keep-alive","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","content-type":"application/json","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","kbn-version":"7.15.0","sec-ch-ua-platform":"\"macOS\"","accept":"*/*","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"http://localhost:5601/login?next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns&msg=SESSION_EXPIRED","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"172.24.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/login?next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns&msg=SESSION_EXPIRED"},"res":{"statusCode":200,"responseTime":4,"contentLength":186},"message":"GET /internal/security/login_state 200 4ms - 186.0B"}
kibana_1         | {"type":"response","@timestamp":"2021-10-19T14:30:19+00:00","tags":[],"pid":1219,"method":"get","statusCode":401,"req":{"url":"/api/licensing/info","method":"get","headers":{"host":"localhost:5601","connection":"keep-alive","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","content-type":"application/json","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","kbn-version":"7.15.0","kbn-system-request":"true","sec-ch-ua-platform":"\"macOS\"","accept":"*/*","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"http://localhost:5601/login?next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns&msg=SESSION_EXPIRED","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"172.24.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/login?next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns&msg=SESSION_EXPIRED"},"res":{"statusCode":401,"responseTime":26,"contentLength":66},"message":"GET /api/licensing/info 401 26ms - 66.0B"}
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-19T14:30:29,075Z", "level": "INFO", "component": "o.e.c.m.MetadataMappingService", "cluster.name": "docker-cluster", "node.name": "2437952bdb35", "message": "[.watcher-history-13-2021.10.19/wf4UK7NbRi25v--3cfHkfA] update_mapping [_doc]", "cluster.uuid": "WfkV7-dQR0iKeqz96A2Wxg", "node.id": "w5mBuGKUSk6684K6TE_hxg"  }
logstash_1       | Using bundled JDK: /usr/share/logstash/jdk
logstash_1       | OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
logstash_1       | Sending Logstash logs to /usr/share/logstash/logs which is now configured via log4j2.properties
logstash_1       | [2021-10-19T14:29:29,701][INFO ][logstash.runner          ] Log4j configuration path used is: /usr/share/logstash/config/log4j2.properties
logstash_1       | [2021-10-19T14:29:29,716][INFO ][logstash.runner          ] Starting Logstash {"logstash.version"=>"7.15.0", "jruby.version"=>"jruby 9.2.19.0 (2.5.8) 2021-06-15 55810c552b OpenJDK 64-Bit Server VM 11.0.11+9 on 11.0.11+9 +indy +jit [linux-x86_64]"}
logstash_1       | [2021-10-19T14:29:29,752][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.queue", :path=>"/usr/share/logstash/data/queue"}
logstash_1       | [2021-10-19T14:29:29,771][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.dead_letter_queue", :path=>"/usr/share/logstash/data/dead_letter_queue"}
logstash_1       | [2021-10-19T14:29:30,486][INFO ][logstash.agent           ] No persistent UUID file found. Generating new UUID {:uuid=>"40838fac-d154-4d3b-99e0-b9ab18811f96", :path=>"/usr/share/logstash/data/uuid"}
logstash_1       | [2021-10-19T14:29:32,069][WARN ][deprecation.logstash.monitoringextension.pipelineregisterhook] Internal collectors option for Logstash monitoring is deprecated and targeted for removal in the next major version.
logstash_1       | Please configure Metricbeat to monitor Logstash. Documentation can be found at: 
logstash_1       | https://www.elastic.co/guide/en/logstash/current/monitoring-with-metricbeat.html
logstash_1       | [2021-10-19T14:29:32,489][WARN ][deprecation.logstash.codecs.plain] Relying on default value of `pipeline.ecs_compatibility`, which may change in a future major release of Logstash. To avoid unexpected changes when upgrading Logstash, please explicitly declare your desired ECS Compatibility mode.
logstash_1       | [2021-10-19T14:29:32,593][WARN ][deprecation.logstash.outputs.elasticsearch] Relying on default value of `pipeline.ecs_compatibility`, which may change in a future major release of Logstash. To avoid unexpected changes when upgrading Logstash, please explicitly declare your desired ECS Compatibility mode.
logstash_1       | [2021-10-19T14:29:33,078][INFO ][logstash.licensechecker.licensereader] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://elastic:xxxxxx@elasticsearch:9200/]}}
logstash_1       | [2021-10-19T14:29:33,419][WARN ][logstash.licensechecker.licensereader] Restored connection to ES instance {:url=>"http://elastic:xxxxxx@elasticsearch:9200/"}
logstash_1       | [2021-10-19T14:29:33,507][INFO ][logstash.licensechecker.licensereader] Elasticsearch version determined (7.15.0) {:es_version=>7}
logstash_1       | [2021-10-19T14:29:33,510][WARN ][logstash.licensechecker.licensereader] Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {:es_version=>7}
logstash_1       | [2021-10-19T14:29:33,677][INFO ][logstash.monitoring.internalpipelinesource] Monitoring License OK
logstash_1       | [2021-10-19T14:29:33,681][INFO ][logstash.monitoring.internalpipelinesource] Validated license for monitoring. Enabling monitoring pipeline.
logstash_1       | [2021-10-19T14:29:34,308][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9600}
logstash_1       | [2021-10-19T14:29:34,675][ERROR][logstash.agent           ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of \"\\\\'\", any character, \"'\" at line 22, column 1 (byte 289) after output {\n\telasticsearch {\n\t\thosts => \"elasticsearch:9200\"\n\t\tuser => \"elastic\"\n\t\tpassword => \"changeme\"\n\t\tecs_compatibility => disabled\n\t\tindex => 'hello-trial\"\n\t}\n}\n", :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:32:in `compile_imperative'", "org/logstash/execution/AbstractPipelineExt.java:187:in `initialize'", "org/logstash/execution/JavaBasePipelineExt.java:72:in `initialize'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:47:in `initialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:52:in `execute'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:391:in `block in converge_state'"]}
logstash_1       | [2021-10-19T14:29:35,143][INFO ][org.reflections.Reflections] Reflections took 100 ms to scan 1 urls, producing 120 keys and 417 values 
logstash_1       | [2021-10-19T14:29:35,700][WARN ][deprecation.logstash.codecs.plain] Relying on default value of `pipeline.ecs_compatibility`, which may change in a future major release of Logstash. To avoid unexpected changes when upgrading Logstash, please explicitly declare your desired ECS Compatibility mode.
logstash_1       | [2021-10-19T14:29:35,731][WARN ][deprecation.logstash.codecs.plain] Relying on default value of `pipeline.ecs_compatibility`, which may change in a future major release of Logstash. To avoid unexpected changes when upgrading Logstash, please explicitly declare your desired ECS Compatibility mode.
logstash_1       | [2021-10-19T14:29:35,755][WARN ][deprecation.logstash.outputs.elasticsearchmonitoring] Relying on default value of `pipeline.ecs_compatibility`, which may change in a future major release of Logstash. To avoid unexpected changes when upgrading Logstash, please explicitly declare your desired ECS Compatibility mode.
logstash_1       | [2021-10-19T14:29:35,807][INFO ][logstash.outputs.elasticsearchmonitoring][.monitoring-logstash] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearchMonitoring", :hosts=>["http://elasticsearch:9200"]}
logstash_1       | [2021-10-19T14:29:35,829][INFO ][logstash.outputs.elasticsearchmonitoring][.monitoring-logstash] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://elastic:xxxxxx@elasticsearch:9200/]}}
logstash_1       | [2021-10-19T14:29:35,850][WARN ][logstash.outputs.elasticsearchmonitoring][.monitoring-logstash] Restored connection to ES instance {:url=>"http://elastic:xxxxxx@elasticsearch:9200/"}
logstash_1       | [2021-10-19T14:29:35,859][INFO ][logstash.outputs.elasticsearchmonitoring][.monitoring-logstash] Elasticsearch version determined (7.15.0) {:es_version=>7}
logstash_1       | [2021-10-19T14:29:35,860][WARN ][logstash.outputs.elasticsearchmonitoring][.monitoring-logstash] Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {:es_version=>7}
logstash_1       | [2021-10-19T14:29:35,924][WARN ][logstash.outputs.elasticsearchmonitoring][.monitoring-logstash] Configuration is data stream compliant but due backwards compatibility Logstash 7.x will not assume writing to a data-stream, default behavior will change on Logstash 8.0 (set `data_stream => true/false` to disable this warning)
logstash_1       | [2021-10-19T14:29:35,926][WARN ][logstash.outputs.elasticsearchmonitoring][.monitoring-logstash] Configuration is data stream compliant but due backwards compatibility Logstash 7.x will not assume writing to a data-stream, default behavior will change on Logstash 8.0 (set `data_stream => true/false` to disable this warning)
logstash_1       | [2021-10-19T14:29:35,933][WARN ][logstash.javapipeline    ][.monitoring-logstash] 'pipeline.ordered' is enabled and is likely less efficient, consider disabling if preserving event order is not necessary
logstash_1       | [2021-10-19T14:29:35,986][INFO ][logstash.javapipeline    ][.monitoring-logstash] Starting pipeline {:pipeline_id=>".monitoring-logstash", "pipeline.workers"=>1, "pipeline.batch.size"=>2, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>2, "pipeline.sources"=>["monitoring pipeline"], :thread=>"#<Thread:0x2ef4c7e run>"}
logstash_1       | [2021-10-19T14:29:36,682][INFO ][logstash.javapipeline    ][.monitoring-logstash] Pipeline Java execution initialization time {"seconds"=>0.69}
logstash_1       | [2021-10-19T14:29:36,715][INFO ][logstash.javapipeline    ][.monitoring-logstash] Pipeline started {"pipeline.id"=>".monitoring-logstash"}
logstash_1       | [2021-10-19T14:29:38,920][INFO ][logstash.javapipeline    ][.monitoring-logstash] Pipeline terminated {"pipeline.id"=>".monitoring-logstash"}
logstash_1       | [2021-10-19T14:29:39,010][INFO ][logstash.runner          ] Logstash shut down.
antoineco commented 2 years ago

@divyankgarg thanks for the detailed report, it really helps! 🙌

The line that says index => 'hello-trial" has mixed quotes (" and ').

The error is here:

2021-10-19T14:29:34,675][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of \"\\\\'\", any character, \"'\" at line 22, column 1 (byte 289) after output {\n\telasticsearch {\n\t\thosts => \"elasticsearch:9200\"\n\t\tuser => \"elastic\"\n\t\tpassword => \"changeme\"\n\t\tecs_compatibility => disabled\n\t\tindex => 'hello-trial\"\n\t}\n}\n", :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:32:in compile_imperative'", "org/logstash/execution/AbstractPipelineExt.java:187:in initialize'", "org/logstash/execution/JavaBasePipelineExt.java:72:in initialize'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:47:in initialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:52:in execute'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:391:in block in converge_state'"]}

divyankgarg commented 2 years ago

Thanks @antoineco . it worked fine One more help. In this same repo I have added the sample_data folder and want to transfer the csv file to Kibana. My input should be basically a file and filter on delimiter ','. I am not able to create that connection. Could you provide help in editing required in docker-compose.yaml anf logstash.conf file for such connection. My path attached in comment Screenshot 2021-10-20 at 1 09 53 PM

antoineco commented 2 years ago

@divyankgarg would that be a one time import, or a file that needs to be watched for new entries constantly?

divyankgarg commented 2 years ago

to have one time import as of now.

antoineco commented 2 years ago

In that case, I'd use a file input combined with the csv codec in the logstash/pipeline.conf file:

input {
  file {
    path => '/path/to/file.csv'
    mode => read
    codec => csv {
      autodetect_column_names => true
      target => "[document]"
    }
  }
}

Don't forget to mount the CSV file inside the logstash container using a bind volume in docker-compose.yml. (copy an existing file mount and adjust the path)

The CSV codec plugin might need to be installed inside the logstash/Dockerfile file as described in the README, following the instructions from https://www.elastic.co/guide/en/logstash/current/plugins-codecs-csv.html.

divyankgarg commented 2 years ago

I did as shown below in images but I am getting exit 0 error. Logstash getting shut down Check the config, yml and dockerfile. I am getting this issue and cannot find the solution for it. Screenshot 2021-10-20 at 3 18 25 PM Screenshot 2021-10-20 at 2 55 26 PM Screenshot 2021-10-20 at 2 54 40 PM Screenshot 2021-10-20 at 2 54 25 PM

Also, here is the log details:

Attaching to docker-elk_logstash_1, docker-elk_kibana_1, docker-elk_elasticsearch_1
elasticsearch_1  | Created elasticsearch keystore in /usr/share/elasticsearch/config/elasticsearch.keystore
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:32,885Z", "level": "INFO", "component": "o.e.n.Node", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "version[7.15.0], pid[7], build[default/docker/79d65f6e357953a5b3cbcc5e2c7c21073d89aa29/2021-09-16T03:05:29.143308416Z], OS[Linux/5.10.25-linuxkit/amd64], JVM[Eclipse Foundation/OpenJDK 64-Bit Server VM/16.0.2/16.0.2+7]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:32,890Z", "level": "INFO", "component": "o.e.n.Node", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "JVM home [/usr/share/elasticsearch/jdk], using bundled JDK [true]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:32,890Z", "level": "INFO", "component": "o.e.n.Node", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "JVM arguments [-Xshare:auto, -Des.networkaddress.cache.ttl=60, -Des.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, --add-opens=java.base/java.io=ALL-UNNAMED, -XX:+UseG1GC, -Djava.io.tmpdir=/tmp/elasticsearch-9565488145036227484, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=logs/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Des.cgroups.hierarchy.override=/, -Xmx256m, -Xms256m, -XX:MaxDirectMemorySize=134217728, -XX:G1HeapRegionSize=4m, -XX:InitiatingHeapOccupancyPercent=30, -XX:G1ReservePercent=15, -Des.path.home=/usr/share/elasticsearch, -Des.path.conf=/usr/share/elasticsearch/config, -Des.distribution.flavor=default, -Des.distribution.type=docker, -Des.bundled_jdk=true]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,590Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [aggs-matrix-stats]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,590Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [analysis-common]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,590Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [constant-keyword]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,591Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [frozen-indices]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,591Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [ingest-common]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,592Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [ingest-geoip]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,592Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [ingest-user-agent]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,593Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [kibana]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,593Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [lang-expression]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,594Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [lang-mustache]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,594Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [lang-painless]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,594Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [mapper-extras]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,595Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [mapper-version]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,595Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [parent-join]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,595Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [percolator]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,596Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [rank-eval]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,597Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [reindex]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,597Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [repositories-metering-api]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,597Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [repository-encrypted]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,598Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [repository-url]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,598Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [runtime-fields-common]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,599Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [search-business-rules]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,599Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [searchable-snapshots]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,600Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [snapshot-repo-test-kit]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,600Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [spatial]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,601Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [transform]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,601Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [transport-netty4]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,602Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [unsigned-long]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,602Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [vector-tile]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,602Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [vectors]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,603Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [wildcard]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,603Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [x-pack-aggregate-metric]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,603Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [x-pack-analytics]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,604Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [x-pack-async]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,604Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [x-pack-async-search]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,605Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [x-pack-autoscaling]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,606Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [x-pack-ccr]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,606Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [x-pack-core]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,606Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [x-pack-data-streams]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,607Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [x-pack-deprecation]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,607Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [x-pack-enrich]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,608Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [x-pack-eql]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,618Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [x-pack-fleet]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,618Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [x-pack-graph]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,618Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [x-pack-identity-provider]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,619Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [x-pack-ilm]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,619Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [x-pack-logstash]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,619Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [x-pack-ml]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,619Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [x-pack-monitoring]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,620Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [x-pack-ql]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,621Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [x-pack-rollup]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,621Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [x-pack-security]" }
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:42+00:00","tags":["info","plugins-service"],"pid":1220,"message":"Plugin \"metricsEntities\" is disabled."}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:42+00:00","tags":["info","http","server","Preboot"],"pid":1220,"message":"http server running at http://0.0.0.0:5601"}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:42+00:00","tags":["warning","config","deprecation"],"pid":1220,"message":"Setting [elasticsearch.username] to \"elastic\" is deprecated. You should use the \"kibana_system\" user instead."}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:42+00:00","tags":["warning","config","deprecation"],"pid":1220,"message":"plugins.scanDirs is deprecated and is no longer used"}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:42+00:00","tags":["warning","config","deprecation"],"pid":1220,"message":"Config key [monitoring.cluster_alerts.email_notifications.email_address] will be required for email notifications to work in 8.0.\""}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:42+00:00","tags":["warning","config","deprecation"],"pid":1220,"message":"Setting [monitoring.username] to \"elastic\" is deprecated. You should use the \"kibana_system\" user instead."}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:42+00:00","tags":["warning","config","deprecation"],"pid":1220,"message":"\"xpack.reporting.roles\" is deprecated. Granting reporting privilege through a \"reporting_user\" role will not be supported starting in 8.0. Please set \"xpack.reporting.roles.enabled\" to \"false\" and grant reporting privileges to users using Kibana application privileges **Management > Security > Roles**."}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:42+00:00","tags":["warning","config","deprecation"],"pid":1220,"message":"Session idle timeout (\"xpack.security.session.idleTimeout\") will be set to 1 hour by default in the next major version (8.0)."}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:42+00:00","tags":["warning","config","deprecation"],"pid":1220,"message":"Session lifespan (\"xpack.security.session.lifespan\") will be set to 30 days by default in the next major version (8.0)."}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:42+00:00","tags":["info","plugins-system","standard"],"pid":1220,"message":"Setting up [113] plugins: [translations,licensing,globalSearch,globalSearchProviders,banners,licenseApiGuard,code,usageCollection,xpackLegacy,taskManager,telemetryCollectionManager,telemetryCollectionXpack,kibanaUsageCollection,securityOss,share,screenshotMode,telemetry,newsfeed,mapsEms,mapsLegacy,legacyExport,kibanaLegacy,embeddable,uiActionsEnhanced,fieldFormats,expressions,charts,esUiShared,bfetch,data,savedObjects,visualizations,visTypeXy,visTypeVislib,visTypeTimelion,features,visTypeTagcloud,visTypeTable,visTypePie,visTypeMetric,visTypeMarkdown,tileMap,regionMap,presentationUtil,expressionShape,expressionRevealImage,expressionRepeatImage,expressionMetric,expressionImage,timelion,indexPatternFieldEditor,home,searchprofiler,painlessLab,grokdebugger,graph,visTypeVega,management,watcher,licenseManagement,indexPatternManagement,advancedSettings,discover,discoverEnhanced,dashboard,dashboardEnhanced,visualize,visTypeTimeseries,savedObjectsManagement,spaces,security,transform,savedObjectsTagging,lens,reporting,canvas,lists,ingestPipelines,fileUpload,maps,dataVisualizer,encryptedSavedObjects,dataEnhanced,dashboardMode,cloud,snapshotRestore,fleet,indexManagement,rollup,remoteClusters,crossClusterReplication,indexLifecycleManagement,eventLog,actions,alerting,triggersActionsUi,stackAlerts,ruleRegistry,osquery,ml,cases,timelines,securitySolution,observability,uptime,infra,upgradeAssistant,monitoring,logstash,enterpriseSearch,console,apmOss,apm]"}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:42+00:00","tags":["info","plugins","taskManager"],"pid":1220,"message":"TaskManager is identified by the Kibana UUID: 409d8e60-6eb6-43e1-bea7-1cd3edc01ade"}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:42+00:00","tags":["warning","plugins","security","config"],"pid":1220,"message":"Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:42+00:00","tags":["warning","plugins","security","config"],"pid":1220,"message":"Session cookies will be transmitted over insecure connections. This is not recommended."}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:43+00:00","tags":["warning","plugins","reporting","config"],"pid":1220,"message":"Generating a random key for xpack.reporting.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.reporting.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:43+00:00","tags":["warning","plugins","reporting","config"],"pid":1220,"message":"Chromium sandbox provides an additional layer of protection, but is not supported for Linux CentOS 8.4.2105\n OS. Automatically setting 'xpack.reporting.capture.browser.chromium.disableSandbox: true'."}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:43+00:00","tags":["warning","plugins","encryptedSavedObjects"],"pid":1220,"message":"Saved objects encryption key is not set. This will severely limit Kibana functionality. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:43+00:00","tags":["warning","plugins","actions"],"pid":1220,"message":"APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:43+00:00","tags":["warning","plugins","alerting"],"pid":1220,"message":"APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:43+00:00","tags":["info","plugins","ruleRegistry"],"pid":1220,"message":"Write is disabled; not installing common resources shared between all indices"}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:43+00:00","tags":["info","plugins","ruleRegistry"],"pid":1220,"message":"Write is disabled; not installing resources for index .alerts-observability.uptime.alerts"}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:43+00:00","tags":["info","plugins","ruleRegistry"],"pid":1220,"message":"Write is disabled; not installing resources for index .alerts-observability.logs.alerts"}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:43+00:00","tags":["info","plugins","ruleRegistry"],"pid":1220,"message":"Write is disabled; not installing resources for index .alerts-observability.metrics.alerts"}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:43+00:00","tags":["info","plugins","ruleRegistry"],"pid":1220,"message":"Write is disabled; not installing resources for index .alerts-observability.apm.alerts"}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:43+00:00","tags":["info","savedobjects-service"],"pid":1220,"message":"Waiting until all Elasticsearch nodes are compatible with Kibana before starting saved objects migrations..."}
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,626Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [x-pack-shutdown]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,626Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [x-pack-sql]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,627Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [x-pack-stack]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,627Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [x-pack-text-structure]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,627Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [x-pack-voting-only-node]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,627Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "loaded module [x-pack-watcher]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,628Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "no plugins loaded" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,688Z", "level": "INFO", "component": "o.e.e.NodeEnvironment", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "using [1] data paths, mounts [[/usr/share/elasticsearch/data (/dev/vda1)]], net usable_space [46.6gb], net total_space [58.4gb], types [ext4]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,688Z", "level": "INFO", "component": "o.e.e.NodeEnvironment", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "heap size [256mb], compressed ordinary object pointers [true]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:35,714Z", "level": "INFO", "component": "o.e.n.Node", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "node name [9555a91d639d], node ID [rSu665OoSmOAaI1c883snQ], cluster name [docker-cluster], roles [transform, data_frozen, master, remote_cluster_client, data, ml, data_content, data_hot, data_warm, data_cold, ingest]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:42,197Z", "level": "INFO", "component": "o.e.x.m.p.l.CppLogMessageHandler", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "[controller/506] [Main.cc@122] controller (64 bit): Version 7.15.0 (Build d0ab43b6c551f8) Copyright (c) 2021 Elasticsearch BV" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:42,797Z", "level": "INFO", "component": "o.e.x.s.a.Realms", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "license mode is [trial], currently licensed security realms are [reserved/reserved,file/default_file,native/default_native]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:42,809Z", "level": "INFO", "component": "o.e.x.s.a.s.FileRolesStore", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "parsed [0] roles from file [/usr/share/elasticsearch/config/roles.yml]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:43,788Z", "level": "INFO", "component": "o.e.i.g.LocalDatabases", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "initialized default databases [[GeoLite2-Country.mmdb, GeoLite2-City.mmdb, GeoLite2-ASN.mmdb]], config databases [[]] and watching [/usr/share/elasticsearch/config/ingest-geoip] for changes" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:43,791Z", "level": "INFO", "component": "o.e.i.g.DatabaseRegistry", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "initialized database registry, using geoip-databases directory [/tmp/elasticsearch-9565488145036227484/geoip-databases/rSu665OoSmOAaI1c883snQ]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:44,761Z", "level": "INFO", "component": "o.e.t.NettyAllocator", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "creating NettyAllocator with the following configs: [name=unpooled, suggested_max_allocation_size=1mb, factors={es.unsafe.use_unpooled_allocator=null, g1gc_enabled=true, g1gc_region_size=4mb, heap_size=256mb}]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:44,917Z", "level": "INFO", "component": "o.e.d.DiscoveryModule", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "using discovery type [single-node] and seed hosts providers [settings]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:46,012Z", "level": "INFO", "component": "o.e.g.DanglingIndicesState", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:46,777Z", "level": "INFO", "component": "o.e.n.Node", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "initialized" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:46,779Z", "level": "INFO", "component": "o.e.n.Node", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "starting ..." }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:46,792Z", "level": "INFO", "component": "o.e.x.s.c.f.PersistentCache", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "persistent cache index loaded" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:46,924Z", "level": "INFO", "component": "o.e.t.TransportService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "publish_address {172.29.0.2:9300}, bound_addresses {0.0.0.0:9300}" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:47,076Z", "level": "INFO", "component": "o.e.c.c.Coordinator", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "setting initial configuration to VotingConfiguration{rSu665OoSmOAaI1c883snQ}" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:47,230Z", "level": "INFO", "component": "o.e.c.s.MasterService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "elected-as-master ([1] nodes joined)[{9555a91d639d}{rSu665OoSmOAaI1c883snQ}{fNMp7ID7TZOEhyb79OhzSQ}{172.29.0.2}{172.29.0.2:9300}{cdfhilmrstw} elect leader, _BECOME_MASTER_TASK_, _FINISH_ELECTION_], term: 1, version: 1, delta: master node changed {previous [], current [{9555a91d639d}{rSu665OoSmOAaI1c883snQ}{fNMp7ID7TZOEhyb79OhzSQ}{172.29.0.2}{172.29.0.2:9300}{cdfhilmrstw}]}" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:47,275Z", "level": "INFO", "component": "o.e.c.c.CoordinationState", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "cluster UUID set to [iJjvTLSxT52eQ0YyHWJlPA]" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:47,301Z", "level": "INFO", "component": "o.e.c.s.ClusterApplierService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "master node changed {previous [], current [{9555a91d639d}{rSu665OoSmOAaI1c883snQ}{fNMp7ID7TZOEhyb79OhzSQ}{172.29.0.2}{172.29.0.2:9300}{cdfhilmrstw}]}, term: 1, version: 1, reason: Publication{term=1, version=1}" }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:47,427Z", "level": "INFO", "component": "o.e.h.AbstractHttpServerTransport", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "publish_address {172.29.0.2:9200}, bound_addresses {0.0.0.0:9200}", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:47,428Z", "level": "INFO", "component": "o.e.n.Node", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "started", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:47,584Z", "level": "INFO", "component": "o.e.g.GatewayService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "recovered [0] indices into cluster_state", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:47,910Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "adding index template [.ml-anomalies-] for index patterns [.ml-anomalies-*]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:48,052Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "adding index template [.ml-stats] for index patterns [.ml-stats-*]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:48,152Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "adding index template [.ml-notifications-000002] for index patterns [.ml-notifications-000002]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:48,237Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "adding index template [.ml-state] for index patterns [.ml-state*]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:48,328Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "adding component template [logs-mappings]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:48,392Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "adding component template [data-streams-mappings]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:48,445Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "adding component template [metrics-settings]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:48,519Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "adding component template [metrics-mappings]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:48,573Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "adding component template [synthetics-settings]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:48,629Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "adding component template [synthetics-mappings]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:48,680Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "adding component template [logs-settings]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:48,780Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "adding index template [.watch-history-13] for index patterns [.watcher-history-13*]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:48,836Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "adding index template [ilm-history] for index patterns [ilm-history-5*]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:45+00:00","tags":["error","savedobjects-service"],"pid":1220,"message":"Unable to retrieve version information from Elasticsearch nodes. connect ECONNREFUSED 172.29.0.2:9200"}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:49+00:00","tags":["info","savedobjects-service"],"pid":1220,"message":"Starting saved objects migrations"}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:50+00:00","tags":["info","savedobjects-service"],"pid":1220,"message":"[.kibana] INIT -> CREATE_NEW_TARGET. took: 82ms."}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:50+00:00","tags":["info","savedobjects-service"],"pid":1220,"message":"[.kibana_task_manager] INIT -> CREATE_NEW_TARGET. took: 102ms."}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:50+00:00","tags":["info","savedobjects-service"],"pid":1220,"message":"[.kibana] CREATE_NEW_TARGET -> MARK_VERSION_INDEX_READY. took: 566ms."}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:50+00:00","tags":["info","savedobjects-service"],"pid":1220,"message":"[.kibana_task_manager] CREATE_NEW_TARGET -> MARK_VERSION_INDEX_READY. took: 544ms."}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:50+00:00","tags":["info","savedobjects-service"],"pid":1220,"message":"[.kibana] MARK_VERSION_INDEX_READY -> DONE. took: 218ms."}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:50+00:00","tags":["info","savedobjects-service"],"pid":1220,"message":"[.kibana] Migration completed after 867ms"}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:51+00:00","tags":["info","savedobjects-service"],"pid":1220,"message":"[.kibana_task_manager] MARK_VERSION_INDEX_READY -> DONE. took: 265ms."}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:51+00:00","tags":["info","savedobjects-service"],"pid":1220,"message":"[.kibana_task_manager] Migration completed after 912ms"}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:51+00:00","tags":["info","plugins-system","standard"],"pid":1220,"message":"Starting [113] plugins: [translations,licensing,globalSearch,globalSearchProviders,banners,licenseApiGuard,code,usageCollection,xpackLegacy,taskManager,telemetryCollectionManager,telemetryCollectionXpack,kibanaUsageCollection,securityOss,share,screenshotMode,telemetry,newsfeed,mapsEms,mapsLegacy,legacyExport,kibanaLegacy,embeddable,uiActionsEnhanced,fieldFormats,expressions,charts,esUiShared,bfetch,data,savedObjects,visualizations,visTypeXy,visTypeVislib,visTypeTimelion,features,visTypeTagcloud,visTypeTable,visTypePie,visTypeMetric,visTypeMarkdown,tileMap,regionMap,presentationUtil,expressionShape,expressionRevealImage,expressionRepeatImage,expressionMetric,expressionImage,timelion,indexPatternFieldEditor,home,searchprofiler,painlessLab,grokdebugger,graph,visTypeVega,management,watcher,licenseManagement,indexPatternManagement,advancedSettings,discover,discoverEnhanced,dashboard,dashboardEnhanced,visualize,visTypeTimeseries,savedObjectsManagement,spaces,security,transform,savedObjectsTagging,lens,reporting,canvas,lists,ingestPipelines,fileUpload,maps,dataVisualizer,encryptedSavedObjects,dataEnhanced,dashboardMode,cloud,snapshotRestore,fleet,indexManagement,rollup,remoteClusters,crossClusterReplication,indexLifecycleManagement,eventLog,actions,alerting,triggersActionsUi,stackAlerts,ruleRegistry,osquery,ml,cases,timelines,securitySolution,observability,uptime,infra,upgradeAssistant,monitoring,logstash,enterpriseSearch,console,apmOss,apm]"}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:51+00:00","tags":["info","plugins","monitoring","monitoring"],"pid":1220,"message":"config sourced from: production cluster"}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:53+00:00","tags":["info","http","server","Kibana"],"pid":1220,"message":"http server running at http://0.0.0.0:5601"}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:54+00:00","tags":["info","plugins","monitoring","monitoring","kibana-monitoring"],"pid":1220,"message":"Starting monitoring stats collection"}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:55+00:00","tags":["info","status"],"pid":1220,"message":"Kibana is now degraded"}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:55+00:00","tags":["info","plugins","reporting"],"pid":1220,"message":"Browser executable: /usr/share/kibana/x-pack/plugins/reporting/chromium/headless_shell-linux_x64/headless_shell"}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:55+00:00","tags":["warning","plugins","reporting"],"pid":1220,"message":"Enabling the Chromium sandbox provides an additional layer of protection."}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:56+00:00","tags":["info","plugins","reporting","store"],"pid":1220,"message":"Creating ILM policy for managing reporting indices: kibana-reporting"}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:57+00:00","tags":["info","plugins","securitySolution"],"pid":1220,"message":"Dependent plugin setup complete - Starting ManifestTask"}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:34:58+00:00","tags":["info","status"],"pid":1220,"message":"Kibana is now available (was degraded)"}
kibana_1         | {"type":"log","@timestamp":"2021-10-20T09:35:56+00:00","tags":["info","plugins","security","routes"],"pid":1220,"message":"Logging in with provider \"basic\" (basic)"}
kibana_1         | {"type":"response","@timestamp":"2021-10-20T09:35:56+00:00","tags":[],"pid":1220,"method":"post","statusCode":200,"req":{"url":"/internal/security/login","method":"post","headers":{"host":"localhost:5601","connection":"keep-alive","content-length":"214","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","content-type":"application/json","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","kbn-version":"7.15.0","sec-ch-ua-platform":"\"macOS\"","accept":"*/*","origin":"http://localhost:5601","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"http://localhost:5601/login?next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns&msg=SESSION_EXPIRED","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"172.29.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/login?next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns&msg=SESSION_EXPIRED"},"res":{"statusCode":200,"responseTime":301,"contentLength":51},"message":"POST /internal/security/login 200 301ms - 51.0B"}
kibana_1         | {"type":"response","@timestamp":"2021-10-20T09:35:56+00:00","tags":[],"pid":1220,"method":"get","statusCode":200,"req":{"url":"/app/management/kibana/indexPatterns","method":"get","headers":{"host":"localhost:5601","connection":"keep-alive","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","sec-ch-ua-mobile":"?0","sec-ch-ua-platform":"\"macOS\"","upgrade-insecure-requests":"1","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","sec-fetch-site":"same-origin","sec-fetch-mode":"navigate","sec-fetch-user":"?1","sec-fetch-dest":"document","referer":"http://localhost:5601/login?next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns&msg=SESSION_EXPIRED","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"172.29.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/login?next=%2Fapp%2Fmanagement%2Fkibana%2FindexPatterns&msg=SESSION_EXPIRED"},"res":{"statusCode":200,"responseTime":164,"contentLength":144350},"message":"GET /app/management/kibana/indexPatterns 200 164ms - 141.0KB"}
kibana_1         | {"type":"response","@timestamp":"2021-10-20T09:35:56+00:00","tags":[],"pid":1220,"method":"get","statusCode":304,"req":{"url":"/node_modules/@kbn/ui-framework/dist/kui_light.css","method":"get","headers":{"host":"localhost:5601","connection":"keep-alive","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","sec-ch-ua-platform":"\"macOS\"","accept":"text/css,*/*;q=0.1","sec-fetch-site":"same-origin","sec-fetch-mode":"no-cors","sec-fetch-dest":"style","referer":"http://localhost:5601/app/management/kibana/indexPatterns","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"47af9b8f6e4640c400d5d0b64bd8c8095c9bbcf5-gzip\"","if-modified-since":"Thu, 16 Sep 2021 02:25:43 GMT"},"remoteAddress":"172.29.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/app/management/kibana/indexPatterns"},"res":{"statusCode":304,"responseTime":19,"contentLength":205},"message":"GET /node_modules/@kbn/ui-framework/dist/kui_light.css 304 19ms - 205.0B"}
kibana_1         | {"type":"response","@timestamp":"2021-10-20T09:35:56+00:00","tags":[],"pid":1220,"method":"get","statusCode":304,"req":{"url":"/ui/legacy_light_theme.css","method":"get","headers":{"host":"localhost:5601","connection":"keep-alive","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","sec-ch-ua-platform":"\"macOS\"","accept":"text/css,*/*;q=0.1","sec-fetch-site":"same-origin","sec-fetch-mode":"no-cors","sec-fetch-dest":"style","referer":"http://localhost:5601/app/management/kibana/indexPatterns","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"4345f9a3b9a243edd0b81b913ba1901bce549a2b-gzip\"","if-modified-since":"Thu, 16 Sep 2021 02:25:45 GMT"},"remoteAddress":"172.29.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/app/management/kibana/indexPatterns"},"res":{"statusCode":304,"responseTime":25,"contentLength":206},"message":"GET /ui/legacy_light_theme.css 304 25ms - 206.0B"}
kibana_1         | {"type":"response","@timestamp":"2021-10-20T09:35:56+00:00","tags":["api"],"pid":1220,"method":"get","statusCode":304,"req":{"url":"/bootstrap.js","method":"get","headers":{"host":"localhost:5601","connection":"keep-alive","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","sec-ch-ua-platform":"\"macOS\"","accept":"*/*","sec-fetch-site":"same-origin","sec-fetch-mode":"no-cors","sec-fetch-dest":"script","referer":"http://localhost:5601/app/management/kibana/indexPatterns","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"c680dc6a6f3302019961f6318a1ee5b62b10d73c-gzip\""},"remoteAddress":"172.29.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/app/management/kibana/indexPatterns"},"res":{"statusCode":304,"responseTime":68,"contentLength":18451},"message":"GET /bootstrap.js 304 68ms - 18.0KB"}
kibana_1         | {"type":"response","@timestamp":"2021-10-20T09:35:57+00:00","tags":[],"pid":1220,"method":"get","statusCode":304,"req":{"url":"/translations/en.json","method":"get","headers":{"host":"localhost:5601","connection":"keep-alive","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","sec-ch-ua-platform":"\"macOS\"","accept":"*/*","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"http://localhost:5601/app/management/kibana/indexPatterns","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":"\"37992637719f97813c3068cfbf877b2d3bb43b97\""},"remoteAddress":"172.29.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/app/management/kibana/indexPatterns"},"res":{"statusCode":304,"responseTime":5,"contentLength":29},"message":"GET /translations/en.json 304 5ms - 29.0B"}
kibana_1         | {"type":"response","@timestamp":"2021-10-20T09:35:57+00:00","tags":[],"pid":1220,"method":"post","statusCode":200,"req":{"url":"/api/core/capabilities","method":"post","headers":{"host":"localhost:5601","connection":"keep-alive","content-length":"600","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","content-type":"application/json","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","kbn-version":"7.15.0","sec-ch-ua-platform":"\"macOS\"","accept":"*/*","origin":"http://localhost:5601","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"http://localhost:5601/app/management/kibana/indexPatterns","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"172.29.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/app/management/kibana/indexPatterns"},"res":{"statusCode":200,"responseTime":609,"contentLength":4718},"message":"POST /api/core/capabilities 200 609ms - 4.6KB"}
kibana_1         | {"type":"response","@timestamp":"2021-10-20T09:35:58+00:00","tags":[],"pid":1220,"method":"get","statusCode":200,"req":{"url":"/api/licensing/info","method":"get","headers":{"host":"localhost:5601","connection":"keep-alive","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","content-type":"application/json","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","kbn-version":"7.15.0","kbn-system-request":"true","sec-ch-ua-platform":"\"macOS\"","accept":"*/*","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"http://localhost:5601/app/management/kibana/indexPatterns","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"172.29.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/app/management/kibana/indexPatterns"},"res":{"statusCode":200,"responseTime":19},"message":"GET /api/licensing/info 200 19ms"}
logstash_1       | Using bundled JDK: /usr/share/logstash/jdk
logstash_1       | OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
logstash_1       | Sending Logstash logs to /usr/share/logstash/logs which is now configured via log4j2.properties
logstash_1       | [2021-10-20T09:34:58,137][INFO ][logstash.runner          ] Log4j configuration path used is: /usr/share/logstash/config/log4j2.properties
logstash_1       | [2021-10-20T09:34:58,147][INFO ][logstash.runner          ] Starting Logstash {"logstash.version"=>"7.15.0", "jruby.version"=>"jruby 9.2.19.0 (2.5.8) 2021-06-15 55810c552b OpenJDK 64-Bit Server VM 11.0.11+9 on 11.0.11+9 +indy +jit [linux-x86_64]"}
logstash_1       | [2021-10-20T09:34:58,180][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.queue", :path=>"/usr/share/logstash/data/queue"}
logstash_1       | [2021-10-20T09:34:58,195][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.dead_letter_queue", :path=>"/usr/share/logstash/data/dead_letter_queue"}
logstash_1       | [2021-10-20T09:34:58,856][INFO ][logstash.agent           ] No persistent UUID file found. Generating new UUID {:uuid=>"44804dce-eb6b-4ed9-9f93-e04be91951fb", :path=>"/usr/share/logstash/data/uuid"}
logstash_1       | [2021-10-20T09:35:00,680][WARN ][deprecation.logstash.monitoringextension.pipelineregisterhook] Internal collectors option for Logstash monitoring is deprecated and targeted for removal in the next major version.
logstash_1       | Please configure Metricbeat to monitor Logstash. Documentation can be found at: 
logstash_1       | https://www.elastic.co/guide/en/logstash/current/monitoring-with-metricbeat.html
logstash_1       | [2021-10-20T09:35:01,229][WARN ][deprecation.logstash.codecs.plain] Relying on default value of `pipeline.ecs_compatibility`, which may change in a future major release of Logstash. To avoid unexpected changes when upgrading Logstash, please explicitly declare your desired ECS Compatibility mode.
logstash_1       | [2021-10-20T09:35:01,409][WARN ][deprecation.logstash.outputs.elasticsearch] Relying on default value of `pipeline.ecs_compatibility`, which may change in a future major release of Logstash. To avoid unexpected changes when upgrading Logstash, please explicitly declare your desired ECS Compatibility mode.
logstash_1       | [2021-10-20T09:35:02,160][INFO ][logstash.licensechecker.licensereader] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://elastic:xxxxxx@elasticsearch:9200/]}}
logstash_1       | [2021-10-20T09:35:02,592][WARN ][logstash.licensechecker.licensereader] Restored connection to ES instance {:url=>"http://elastic:xxxxxx@elasticsearch:9200/"}
logstash_1       | [2021-10-20T09:35:02,713][INFO ][logstash.licensechecker.licensereader] Elasticsearch version determined (7.15.0) {:es_version=>7}
logstash_1       | [2021-10-20T09:35:02,716][WARN ][logstash.licensechecker.licensereader] Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {:es_version=>7}
logstash_1       | [2021-10-20T09:35:02,877][INFO ][logstash.monitoring.internalpipelinesource] Monitoring License OK
logstash_1       | [2021-10-20T09:35:02,879][INFO ][logstash.monitoring.internalpipelinesource] Validated license for monitoring. Enabling monitoring pipeline.
logstash_1       | [2021-10-20T09:35:03,407][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9600}
logstash_1       | [2021-10-20T09:35:03,841][ERROR][logstash.agent           ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of [ \\t\\r\\n], \"#\", \"{\", \"}\" at line 11, column 3 (byte 202) after input {\n\tbeats {\n\t\tport => 5044\n\t}\n\n\ttcp {\n\t\tport => 5000\n\t}\n\tfile {\n\t\tpath => \"./../../sample_data/train_data1.csv\"#\"./../../sample_data/train_data1.csv\" #\"/usr/share/logstash/data/train_data1.csv\"\n\t\t", :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:32:in `compile_imperative'", "org/logstash/execution/AbstractPipelineExt.java:187:in `initialize'", "org/logstash/execution/JavaBasePipelineExt.java:72:in `initialize'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:47:in `initialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:52:in `execute'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:391:in `block in converge_state'"]}
logstash_1       | [2021-10-20T09:35:04,330][INFO ][org.reflections.Reflections] Reflections took 150 ms to scan 1 urls, producing 120 keys and 417 values 
logstash_1       | [2021-10-20T09:35:04,937][WARN ][deprecation.logstash.codecs.plain] Relying on default value of `pipeline.ecs_compatibility`, which may change in a future major release of Logstash. To avoid unexpected changes when upgrading Logstash, please explicitly declare your desired ECS Compatibility mode.
logstash_1       | [2021-10-20T09:35:04,994][WARN ][deprecation.logstash.codecs.plain] Relying on default value of `pipeline.ecs_compatibility`, which may change in a future major release of Logstash. To avoid unexpected changes when upgrading Logstash, please explicitly declare your desired ECS Compatibility mode.
logstash_1       | [2021-10-20T09:35:05,024][WARN ][deprecation.logstash.outputs.elasticsearchmonitoring] Relying on default value of `pipeline.ecs_compatibility`, which may change in a future major release of Logstash. To avoid unexpected changes when upgrading Logstash, please explicitly declare your desired ECS Compatibility mode.
logstash_1       | [2021-10-20T09:35:05,084][INFO ][logstash.outputs.elasticsearchmonitoring][.monitoring-logstash] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearchMonitoring", :hosts=>["http://elasticsearch:9200"]}
logstash_1       | [2021-10-20T09:35:05,108][INFO ][logstash.outputs.elasticsearchmonitoring][.monitoring-logstash] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://elastic:xxxxxx@elasticsearch:9200/]}}
logstash_1       | [2021-10-20T09:35:05,127][WARN ][logstash.outputs.elasticsearchmonitoring][.monitoring-logstash] Restored connection to ES instance {:url=>"http://elastic:xxxxxx@elasticsearch:9200/"}
logstash_1       | [2021-10-20T09:35:05,139][INFO ][logstash.outputs.elasticsearchmonitoring][.monitoring-logstash] Elasticsearch version determined (7.15.0) {:es_version=>7}
logstash_1       | [2021-10-20T09:35:05,139][WARN ][logstash.outputs.elasticsearchmonitoring][.monitoring-logstash] Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {:es_version=>7}
logstash_1       | [2021-10-20T09:35:05,207][WARN ][logstash.outputs.elasticsearchmonitoring][.monitoring-logstash] Configuration is data stream compliant but due backwards compatibility Logstash 7.x will not assume writing to a data-stream, default behavior will change on Logstash 8.0 (set `data_stream => true/false` to disable this warning)
logstash_1       | [2021-10-20T09:35:05,210][WARN ][logstash.outputs.elasticsearchmonitoring][.monitoring-logstash] Configuration is data stream compliant but due backwards compatibility Logstash 7.x will not assume writing to a data-stream, default behavior will change on Logstash 8.0 (set `data_stream => true/false` to disable this warning)
logstash_1       | [2021-10-20T09:35:05,220][WARN ][logstash.javapipeline    ][.monitoring-logstash] 'pipeline.ordered' is enabled and is likely less efficient, consider disabling if preserving event order is not necessary
logstash_1       | [2021-10-20T09:35:05,297][INFO ][logstash.javapipeline    ][.monitoring-logstash] Starting pipeline {:pipeline_id=>".monitoring-logstash", "pipeline.workers"=>1, "pipeline.batch.size"=>2, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>2, "pipeline.sources"=>["monitoring pipeline"], :thread=>"#<Thread:0x5016cffd run>"}
logstash_1       | [2021-10-20T09:35:05,878][INFO ][logstash.javapipeline    ][.monitoring-logstash] Pipeline Java execution initialization time {"seconds"=>0.58}
logstash_1       | [2021-10-20T09:35:05,927][INFO ][logstash.javapipeline    ][.monitoring-logstash] Pipeline started {"pipeline.id"=>".monitoring-logstash"}
logstash_1       | [2021-10-20T09:35:07,198][INFO ][logstash.javapipeline    ][.monitoring-logstash] Pipeline terminated {"pipeline.id"=>".monitoring-logstash"}
logstash_1       | [2021-10-20T09:35:08,102][INFO ][logstash.runner          ] Logstash shut down.
kibana_1         | {"type":"response","@timestamp":"2021-10-20T09:35:58+00:00","tags":[],"pid":1220,"method":"post","statusCode":200,"req":{"url":"/internal/licensing/feature_usage/register","method":"post","headers":{"host":"localhost:5601","connection":"keep-alive","content-length":"280","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","content-type":"application/json","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","kbn-version":"7.15.0","sec-ch-ua-platform":"\"macOS\"","accept":"*/*","origin":"http://localhost:5601","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"http://localhost:5601/app/management/kibana/indexPatterns","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"172.29.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/app/management/kibana/indexPatterns"},"res":{"statusCode":200,"responseTime":46,"contentLength":16},"message":"POST /internal/licensing/feature_usage/register 200 46ms - 16.0B"}
kibana_1         | {"type":"response","@timestamp":"2021-10-20T09:35:58+00:00","tags":[],"pid":1220,"method":"get","statusCode":200,"req":{"url":"/internal/security_oss/app_state","method":"get","headers":{"host":"localhost:5601","connection":"keep-alive","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","content-type":"application/json","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","kbn-version":"7.15.0","sec-ch-ua-platform":"\"macOS\"","accept":"*/*","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"http://localhost:5601/app/management/kibana/indexPatterns","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"172.29.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/app/management/kibana/indexPatterns"},"res":{"statusCode":200,"responseTime":73,"contentLength":112},"message":"GET /internal/security_oss/app_state 200 73ms - 112.0B"}
kibana_1         | {"type":"response","@timestamp":"2021-10-20T09:35:58+00:00","tags":[],"pid":1220,"method":"get","statusCode":200,"req":{"url":"/api/saved_objects_tagging/tags","method":"get","headers":{"host":"localhost:5601","connection":"keep-alive","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","content-type":"application/json","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","kbn-version":"7.15.0","kbn-system-request":"true","sec-ch-ua-platform":"\"macOS\"","accept":"*/*","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"http://localhost:5601/app/management/kibana/indexPatterns","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"172.29.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/app/management/kibana/indexPatterns"},"res":{"statusCode":200,"responseTime":88,"contentLength":11},"message":"GET /api/saved_objects_tagging/tags 200 88ms - 11.0B"}
kibana_1         | {"type":"response","@timestamp":"2021-10-20T09:35:58+00:00","tags":[],"pid":1220,"method":"get","statusCode":200,"req":{"url":"/internal/security/me","method":"get","headers":{"host":"localhost:5601","connection":"keep-alive","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","content-type":"application/json","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","kbn-version":"7.15.0","kbn-system-request":"true","sec-ch-ua-platform":"\"macOS\"","accept":"*/*","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"http://localhost:5601/app/management/kibana/indexPatterns","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"172.29.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/app/management/kibana/indexPatterns"},"res":{"statusCode":200,"responseTime":105,"contentLength":321},"message":"GET /internal/security/me 200 105ms - 321.0B"}
kibana_1         | {"type":"response","@timestamp":"2021-10-20T09:35:58+00:00","tags":[],"pid":1220,"method":"get","statusCode":200,"req":{"url":"/internal/global_search/searchable_types","method":"get","headers":{"host":"localhost:5601","connection":"keep-alive","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","content-type":"application/json","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","kbn-version":"7.15.0","sec-ch-ua-platform":"\"macOS\"","accept":"*/*","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"http://localhost:5601/app/management/kibana/indexPatterns","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"172.29.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/app/management/kibana/indexPatterns"},"res":{"statusCode":200,"responseTime":109,"contentLength":143},"message":"GET /internal/global_search/searchable_types 200 109ms - 143.0B"}
kibana_1         | {"type":"response","@timestamp":"2021-10-20T09:35:58+00:00","tags":[],"pid":1220,"method":"get","statusCode":200,"req":{"url":"/api/banners/info","method":"get","headers":{"host":"localhost:5601","connection":"keep-alive","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","content-type":"application/json","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","kbn-version":"7.15.0","sec-ch-ua-platform":"\"macOS\"","accept":"*/*","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"http://localhost:5601/app/management/kibana/indexPatterns","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"172.29.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/app/management/kibana/indexPatterns"},"res":{"statusCode":200,"responseTime":174,"contentLength":117},"message":"GET /api/banners/info 200 174ms - 117.0B"}
kibana_1         | {"type":"response","@timestamp":"2021-10-20T09:35:58+00:00","tags":[],"pid":1220,"method":"post","statusCode":200,"req":{"url":"/api/saved_objects/_bulk_get","method":"post","headers":{"host":"localhost:5601","connection":"keep-alive","content-length":"39","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","content-type":"application/json","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","kbn-version":"7.15.0","sec-ch-ua-platform":"\"macOS\"","accept":"*/*","origin":"http://localhost:5601","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"http://localhost:5601/app/management/kibana/indexPatterns","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"172.29.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/app/management/kibana/indexPatterns"},"res":{"statusCode":200,"responseTime":158,"contentLength":161},"message":"POST /api/saved_objects/_bulk_get 200 158ms - 161.0B"}
kibana_1         | {"type":"response","@timestamp":"2021-10-20T09:35:58+00:00","tags":[],"pid":1220,"method":"get","statusCode":200,"req":{"url":"/internal/security/me","method":"get","headers":{"host":"localhost:5601","connection":"keep-alive","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","content-type":"application/json","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","kbn-version":"7.15.0","kbn-system-request":"true","sec-ch-ua-platform":"\"macOS\"","accept":"*/*","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"http://localhost:5601/app/management/kibana/indexPatterns","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"172.29.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/app/management/kibana/indexPatterns"},"res":{"statusCode":200,"responseTime":52,"contentLength":321},"message":"GET /internal/security/me 200 52ms - 321.0B"}
kibana_1         | {"type":"response","@timestamp":"2021-10-20T09:35:58+00:00","tags":[],"pid":1220,"method":"get","statusCode":200,"req":{"url":"/internal/security/session","method":"get","headers":{"host":"localhost:5601","connection":"keep-alive","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","content-type":"application/json","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","kbn-version":"7.15.0","kbn-system-request":"true","sec-ch-ua-platform":"\"macOS\"","accept":"*/*","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"http://localhost:5601/app/management/kibana/indexPatterns","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"172.29.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/app/management/kibana/indexPatterns"},"res":{"statusCode":200,"responseTime":156,"contentLength":85},"message":"GET /internal/security/session 200 156ms - 85.0B"}
kibana_1         | {"type":"response","@timestamp":"2021-10-20T09:35:58+00:00","tags":[],"pid":1220,"method":"get","statusCode":200,"req":{"url":"/internal/spaces/_active_space","method":"get","headers":{"host":"localhost:5601","connection":"keep-alive","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","content-type":"application/json","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","kbn-version":"7.15.0","sec-ch-ua-platform":"\"macOS\"","accept":"*/*","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"http://localhost:5601/app/management/kibana/indexPatterns","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"172.29.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/app/management/kibana/indexPatterns"},"res":{"statusCode":200,"responseTime":156,"contentLength":134},"message":"GET /internal/spaces/_active_space 200 156ms - 134.0B"}
kibana_1         | {"type":"response","@timestamp":"2021-10-20T09:35:59+00:00","tags":[],"pid":1220,"method":"post","statusCode":200,"req":{"url":"/internal/global_search/find","method":"post","headers":{"host":"localhost:5601","connection":"keep-alive","content-length":"77","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","content-type":"application/json","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","kbn-version":"7.15.0","sec-ch-ua-platform":"\"macOS\"","accept":"*/*","origin":"http://localhost:5601","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"http://localhost:5601/app/management/kibana/indexPatterns","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"172.29.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/app/management/kibana/indexPatterns"},"res":{"statusCode":200,"responseTime":39,"contentLength":14},"message":"POST /internal/global_search/find 200 39ms - 14.0B"}
kibana_1         | {"type":"response","@timestamp":"2021-10-20T09:35:58+00:00","tags":[],"pid":1220,"method":"get","statusCode":200,"req":{"url":"/api/saved_objects/_find?fields=title&fields=type&fields=typeMeta&per_page=10000&type=index-pattern","method":"get","headers":{"host":"localhost:5601","connection":"keep-alive","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","content-type":"application/json","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","kbn-version":"7.15.0","sec-ch-ua-platform":"\"macOS\"","accept":"*/*","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"http://localhost:5601/app/management/kibana/indexPatterns","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"172.29.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/app/management/kibana/indexPatterns"},"res":{"statusCode":200,"responseTime":2864,"contentLength":56},"message":"GET /api/saved_objects/_find?fields=title&fields=type&fields=typeMeta&per_page=10000&type=index-pattern 200 2864ms - 56.0B"}
kibana_1         | {"type":"response","@timestamp":"2021-10-20T09:35:58+00:00","tags":[],"pid":1220,"method":"get","statusCode":200,"req":{"url":"/api/alerts/list_alert_types","method":"get","headers":{"host":"localhost:5601","connection":"keep-alive","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","content-type":"application/json","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","kbn-version":"7.15.0","sec-ch-ua-platform":"\"macOS\"","accept":"*/*","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"http://localhost:5601/app/management/kibana/indexPatterns","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"172.29.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/app/management/kibana/indexPatterns"},"res":{"statusCode":200,"responseTime":2888,"contentLength":48105},"message":"GET /api/alerts/list_alert_types 200 2888ms - 47.0KB"}
kibana_1         | {"type":"response","@timestamp":"2021-10-20T09:36:01+00:00","tags":[],"pid":1220,"method":"get","statusCode":200,"req":{"url":"/internal/index-pattern-management/resolve_index/*","method":"get","headers":{"host":"localhost:5601","connection":"keep-alive","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","content-type":"application/json","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","kbn-version":"7.15.0","sec-ch-ua-platform":"\"macOS\"","accept":"*/*","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"http://localhost:5601/app/management/kibana/indexPatterns","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"172.29.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/app/management/kibana/indexPatterns"},"res":{"statusCode":200,"responseTime":31,"contentLength":1168},"message":"GET /internal/index-pattern-management/resolve_index/* 200 31ms - 1.1KB"}
kibana_1         | {"type":"response","@timestamp":"2021-10-20T09:36:01+00:00","tags":[],"pid":1220,"method":"get","statusCode":200,"req":{"url":"/api/rollup/indices","method":"get","headers":{"host":"localhost:5601","connection":"keep-alive","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","content-type":"application/json","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","kbn-version":"7.15.0","sec-ch-ua-platform":"\"macOS\"","accept":"*/*","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"http://localhost:5601/app/management/kibana/indexPatterns","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"172.29.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/app/management/kibana/indexPatterns"},"res":{"statusCode":200,"responseTime":35,"contentLength":2},"message":"GET /api/rollup/indices 200 35ms - 2.0B"}
kibana_1         | {"type":"response","@timestamp":"2021-10-20T09:36:01+00:00","tags":[],"pid":1220,"method":"get","statusCode":200,"req":{"url":"/internal/index-pattern-management/resolve_index/*:*","method":"get","headers":{"host":"localhost:5601","connection":"keep-alive","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","content-type":"application/json","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","kbn-version":"7.15.0","sec-ch-ua-platform":"\"macOS\"","accept":"*/*","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"http://localhost:5601/app/management/kibana/indexPatterns","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"172.29.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/app/management/kibana/indexPatterns"},"res":{"statusCode":200,"responseTime":56,"contentLength":45},"message":"GET /internal/index-pattern-management/resolve_index/*:* 200 56ms - 45.0B"}
kibana_1         | {"type":"response","@timestamp":"2021-10-20T09:36:01+00:00","tags":[],"pid":1220,"method":"get","statusCode":200,"req":{"url":"/api/index_patterns/has_user_index_pattern","method":"get","headers":{"host":"localhost:5601","connection":"keep-alive","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","content-type":"application/json","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","kbn-version":"7.15.0","sec-ch-ua-platform":"\"macOS\"","accept":"*/*","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"http://localhost:5601/app/management/kibana/indexPatterns","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"172.29.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/app/management/kibana/indexPatterns"},"res":{"statusCode":200,"responseTime":76,"contentLength":16},"message":"GET /api/index_patterns/has_user_index_pattern 200 76ms - 16.0B"}
kibana_1         | {"type":"response","@timestamp":"2021-10-20T09:36:01+00:00","tags":[],"pid":1220,"method":"post","statusCode":200,"req":{"url":"/internal/bsearch","method":"post","headers":{"host":"localhost:5601","connection":"keep-alive","content-length":"207","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","content-type":"application/json","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","kbn-version":"7.15.0","x-chunk-encoding":"deflate","sec-ch-ua-platform":"\"macOS\"","accept":"*/*","origin":"http://localhost:5601","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"http://localhost:5601/app/management/kibana/indexPatterns","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"172.29.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/app/management/kibana/indexPatterns"},"res":{"statusCode":200,"responseTime":68},"message":"POST /internal/bsearch 200 68ms"}
kibana_1         | {"type":"response","@timestamp":"2021-10-20T09:37:29+00:00","tags":[],"pid":1220,"method":"post","statusCode":200,"req":{"url":"/api/ui_counters/_report","method":"post","headers":{"host":"localhost:5601","connection":"keep-alive","content-length":"402","sec-ch-ua":"\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"","content-type":"application/json","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","kbn-version":"7.15.0","kbn-system-request":"true","sec-ch-ua-platform":"\"macOS\"","accept":"*/*","origin":"http://localhost:5601","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"http://localhost:5601/app/management/kibana/indexPatterns","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"172.29.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","referer":"http://localhost:5601/app/management/kibana/indexPatterns"},"res":{"statusCode":200,"responseTime":898,"contentLength":15},"message":"POST /api/ui_counters/_report 200 898ms - 15.0B"}
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:48,899Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "adding index template [.slm-history] for index patterns [.slm-history-5*]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:48,956Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "adding component template [.deprecation-indexing-settings]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:49,041Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "adding component template [.deprecation-indexing-mappings]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:49,144Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "adding template [.monitoring-alerts-7] for index patterns [.monitoring-alerts-7]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:49,251Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "adding template [.monitoring-es] for index patterns [.monitoring-es-7-*]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:49,330Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "adding template [.monitoring-kibana] for index patterns [.monitoring-kibana-7-*]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:49,395Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "adding template [.monitoring-logstash] for index patterns [.monitoring-logstash-7-*]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:49,530Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "adding template [.monitoring-beats] for index patterns [.monitoring-beats-7-*]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:49,601Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "adding index template [metrics] for index patterns [metrics-*-*]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:49,673Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "adding index template [synthetics] for index patterns [synthetics-*-*]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:49,746Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "adding index template [logs] for index patterns [logs-*-*]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:49,833Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "adding index template [.deprecation-indexing-template] for index patterns [.logs-deprecation.*]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:49,920Z", "level": "INFO", "component": "o.e.x.i.a.TransportPutLifecycleAction", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "adding index lifecycle policy [ml-size-based-ilm-policy]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:50,007Z", "level": "INFO", "component": "o.e.x.i.a.TransportPutLifecycleAction", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "adding index lifecycle policy [metrics]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:50,078Z", "level": "INFO", "component": "o.e.x.i.a.TransportPutLifecycleAction", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "adding index lifecycle policy [synthetics]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:50,156Z", "level": "INFO", "component": "o.e.x.i.a.TransportPutLifecycleAction", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "adding index lifecycle policy [logs]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:50,222Z", "level": "INFO", "component": "o.e.x.i.a.TransportPutLifecycleAction", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "adding index lifecycle policy [watch-history-ilm-policy]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:50,329Z", "level": "INFO", "component": "o.e.c.m.MetadataCreateIndexService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "[.kibana_task_manager_7.15.0_001] creating index, cause [api], templates [], shards [1]/[1]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:50,350Z", "level": "INFO", "component": "o.e.c.r.a.AllocationService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "updating number_of_replicas to [0] for indices [.kibana_task_manager_7.15.0_001]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:50,565Z", "level": "INFO", "component": "o.e.c.m.MetadataCreateIndexService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "[.kibana_7.15.0_001] creating index, cause [api], templates [], shards [1]/[1]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:50,566Z", "level": "INFO", "component": "o.e.c.r.a.AllocationService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "updating number_of_replicas to [0] for indices [.kibana_7.15.0_001]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:50,691Z", "level": "INFO", "component": "o.e.c.r.a.AllocationService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.kibana_task_manager_7.15.0_001][0], [.kibana_7.15.0_001][0]]]).", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:50,780Z", "level": "INFO", "component": "o.e.x.i.a.TransportPutLifecycleAction", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "adding index lifecycle policy [ilm-history-ilm-policy]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:50,822Z", "level": "INFO", "component": "o.e.x.i.a.TransportPutLifecycleAction", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "adding index lifecycle policy [slm-history-ilm-policy]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:51,041Z", "level": "INFO", "component": "o.e.x.i.a.TransportPutLifecycleAction", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "adding index lifecycle policy [.fleet-actions-results-ilm-policy]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:51,103Z", "level": "INFO", "component": "o.e.x.i.a.TransportPutLifecycleAction", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "adding index lifecycle policy [.deprecation-indexing-ilm-policy]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:51,204Z", "level": "INFO", "component": "o.e.i.g.GeoIpDownloader", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "updating geoip databases", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:51,205Z", "level": "INFO", "component": "o.e.i.g.GeoIpDownloader", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "fetching geoip databases overview from [https://geoip.elastic.co/v1/database?elastic_geoip_service_tos=agree]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:51,347Z", "level": "INFO", "component": "o.e.l.LicenseService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "license [755e8666-4b4e-43f2-9fac-6dd1fc9e280a] mode [trial] - valid", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:51,348Z", "level": "INFO", "component": "o.e.x.s.a.Realms", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "license mode is [trial], currently licensed security realms are [reserved/reserved,file/default_file,native/default_native]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:51,350Z", "level": "INFO", "component": "o.e.x.s.s.SecurityStatusChangeListener", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "Active license is now [TRIAL]; Security is enabled", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:53,565Z", "level": "INFO", "component": "o.e.i.g.GeoIpDownloader", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "updating geoip database [GeoLite2-ASN.mmdb]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:53,834Z", "level": "INFO", "component": "o.e.x.i.a.TransportPutLifecycleAction", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "adding index lifecycle policy [kibana-event-log-policy]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:54,050Z", "level": "INFO", "component": "o.e.x.s.a.AuthorizationService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "Took [169ms] to resolve [6] indices for action [indices:data/read/search] and user [_xpack]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:54,062Z", "level": "INFO", "component": "o.e.c.m.MetadataCreateIndexService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "[.apm-agent-configuration] creating index, cause [api], templates [], shards [1]/[1]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:54,064Z", "level": "INFO", "component": "o.e.c.r.a.AllocationService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "updating number_of_replicas to [0] for indices [.apm-agent-configuration]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:54,165Z", "level": "INFO", "component": "o.e.c.m.MetadataCreateIndexService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "[.apm-custom-link] creating index, cause [api], templates [], shards [1]/[1]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:54,168Z", "level": "INFO", "component": "o.e.c.r.a.AllocationService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "updating number_of_replicas to [0] for indices [.apm-custom-link]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:54,335Z", "level": "INFO", "component": "o.e.c.r.a.AllocationService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.apm-custom-link][0]]]).", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:54,388Z", "level": "INFO", "component": "o.e.c.m.MetadataMappingService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "[.kibana_task_manager_7.15.0_001/bvP6bb7zRP-nv4AvvIxHGQ] update_mapping [_doc]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:54,549Z", "level": "INFO", "component": "o.e.c.m.MetadataMappingService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "[.kibana_7.15.0_001/qXks6FzISyWxTYTJReKWNg] update_mapping [_doc]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "deprecation.elasticsearch", "timestamp": "2021-10-20T09:34:54,566Z", "level": "DEPRECATION", "component": "o.e.d.r.RestController", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "Legacy index templates are deprecated in favor of composable templates.", "key": "deprecated_route_PUT_/_template/{name}", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:54,800Z", "level": "INFO", "component": "o.e.x.s.a.AuthorizationService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "Took [58ms] to resolve [8] indices for action [indices:data/write/bulk[s]] and user [elastic]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:54,840Z", "level": "INFO", "component": "o.e.x.s.a.AuthorizationService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "Took [96ms] to resolve [8] indices for action [indices:admin/mapping/auto_put] and user [elastic]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:54,983Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "adding template [.kibana_security_session_index_template_1] for index patterns [.kibana_security_session_1]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:55,086Z", "level": "INFO", "component": "o.e.x.s.s.SecurityIndexManager", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "security index does not exist, creating [.security-7] with alias [.security]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:55,173Z", "level": "INFO", "component": "o.e.c.m.MetadataIndexTemplateService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "adding template [.kibana-event-log-7.15.0-template] for index patterns [.kibana-event-log-7.15.0-*]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:55,322Z", "level": "INFO", "component": "o.e.c.m.MetadataCreateIndexService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "[.security-7] creating index, cause [api], templates [], shards [1]/[0]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:55,418Z", "level": "INFO", "component": "o.e.c.m.MetadataCreateIndexService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "[.kibana_security_session_1] creating index, cause [api], templates [.kibana_security_session_index_template_1], shards [1]/[0]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "deprecation.elasticsearch", "timestamp": "2021-10-20T09:34:55,508Z", "level": "DEPRECATION", "component": "o.e.d.c.m.MetadataCreateIndexService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "index name [.kibana-event-log-7.15.0-000001] starts with a dot '.', in the next major version, index names starting with a dot are reserved for hidden indices and system indices", "key": "index_name_starts_with_dot", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:55,542Z", "level": "INFO", "component": "o.e.c.m.MetadataCreateIndexService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "[.kibana-event-log-7.15.0-000001] creating index, cause [api], templates [.kibana-event-log-7.15.0-template], shards [1]/[1]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:55,545Z", "level": "INFO", "component": "o.e.c.r.a.AllocationService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "updating number_of_replicas to [0] for indices [.kibana-event-log-7.15.0-000001]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:56,012Z", "level": "INFO", "component": "o.e.c.m.MetadataCreateIndexService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "[.geoip_databases] creating index, cause [auto(bulk api)], templates [], shards [1]/[0]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:56,207Z", "level": "INFO", "component": "o.e.c.r.a.AllocationService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.geoip_databases][0]]]).", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:56,625Z", "level": "INFO", "component": "o.e.c.m.MetadataMappingService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "[.kibana_7.15.0_001/qXks6FzISyWxTYTJReKWNg] update_mapping [_doc]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:56,635Z", "level": "INFO", "component": "o.e.c.m.MetadataMappingService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "[.kibana_7.15.0_001/qXks6FzISyWxTYTJReKWNg] update_mapping [_doc]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:56,920Z", "level": "INFO", "component": "o.e.x.i.IndexLifecycleTransition", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "moving index [.kibana-event-log-7.15.0-000001] from [null] to [{\"phase\":\"new\",\"action\":\"complete\",\"name\":\"complete\"}] in policy [kibana-event-log-policy]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:57,027Z", "level": "INFO", "component": "o.e.x.i.a.TransportPutLifecycleAction", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "adding index lifecycle policy [kibana-reporting]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:57,104Z", "level": "INFO", "component": "o.e.x.i.IndexLifecycleTransition", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "moving index [.kibana-event-log-7.15.0-000001] from [{\"phase\":\"new\",\"action\":\"complete\",\"name\":\"complete\"}] to [{\"phase\":\"hot\",\"action\":\"unfollow\",\"name\":\"branch-check-unfollow-prerequisites\"}] in policy [kibana-event-log-policy]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:57,205Z", "level": "INFO", "component": "o.e.x.i.IndexLifecycleTransition", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "moving index [.kibana-event-log-7.15.0-000001] from [{\"phase\":\"hot\",\"action\":\"unfollow\",\"name\":\"branch-check-unfollow-prerequisites\"}] to [{\"phase\":\"hot\",\"action\":\"rollover\",\"name\":\"check-rollover-ready\"}] in policy [kibana-event-log-policy]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:57,963Z", "level": "INFO", "component": "o.e.i.g.DatabaseRegistry", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "downloading geoip database [GeoLite2-ASN.mmdb] to [/tmp/elasticsearch-9565488145036227484/geoip-databases/rSu665OoSmOAaI1c883snQ/GeoLite2-ASN.mmdb.tmp.gz]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:57,983Z", "level": "INFO", "component": "o.e.i.g.GeoIpDownloader", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "updated geoip database [GeoLite2-ASN.mmdb]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:57,985Z", "level": "INFO", "component": "o.e.c.m.MetadataCreateIndexService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "[.watches] creating index, cause [auto(bulk api)], templates [], shards [1]/[0]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:57,988Z", "level": "INFO", "component": "o.e.i.g.GeoIpDownloader", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "updating geoip database [GeoLite2-City.mmdb]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:58,154Z", "level": "INFO", "component": "o.e.c.r.a.AllocationService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.watches][0]]]).", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:58,253Z", "level": "INFO", "component": "o.e.i.g.DatabaseRegistry", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "successfully reloaded changed geoip database file [/tmp/elasticsearch-9565488145036227484/geoip-databases/rSu665OoSmOAaI1c883snQ/GeoLite2-ASN.mmdb]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:58,253Z", "level": "INFO", "component": "o.e.x.w.WatcherService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "reloading watcher, reason [new local watcher shard allocation ids], cancelled [0] queued tasks", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:58,301Z", "level": "INFO", "component": "o.e.c.m.MetadataMappingService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "[.watches/1Rmu9e5xT6aCfNQm2xGoYw] update_mapping [_doc]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:58,521Z", "level": "INFO", "component": "o.e.c.m.MetadataMappingService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "[.watches/1Rmu9e5xT6aCfNQm2xGoYw] update_mapping [_doc]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "deprecation.elasticsearch", "timestamp": "2021-10-20T09:34:58,725Z", "level": "DEPRECATION", "component": "o.e.d.c.m.IndexNameExpressionResolver", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "this request accesses system indices: [.security-7, .watches], but in a future major version, direct access to system indices will be prevented by default", "key": "open_system_index_access", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:58,750Z", "level": "INFO", "component": "o.e.c.m.MetadataCreateIndexService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "[.monitoring-kibana-7-2021.10.20] creating index, cause [auto(bulk api)], templates [.monitoring-kibana], shards [1]/[0]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:58,870Z", "level": "INFO", "component": "o.e.c.m.MetadataCreateIndexService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "[.ds-ilm-history-5-2021.10.20-000001] creating index, cause [initialize_data_stream], templates [ilm-history], shards [1]/[0]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:58,881Z", "level": "INFO", "component": "o.e.c.m.MetadataCreateDataStreamService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "adding data stream [ilm-history-5] with write index [.ds-ilm-history-5-2021.10.20-000001], backing indices [], and aliases []", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:59,136Z", "level": "INFO", "component": "o.e.c.r.a.AllocationService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.ds-ilm-history-5-2021.10.20-000001][0]]]).", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:59,192Z", "level": "INFO", "component": "o.e.x.i.IndexLifecycleTransition", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "moving index [.ds-ilm-history-5-2021.10.20-000001] from [null] to [{\"phase\":\"new\",\"action\":\"complete\",\"name\":\"complete\"}] in policy [ilm-history-ilm-policy]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:59,312Z", "level": "INFO", "component": "o.e.x.i.IndexLifecycleTransition", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "moving index [.ds-ilm-history-5-2021.10.20-000001] from [{\"phase\":\"new\",\"action\":\"complete\",\"name\":\"complete\"}] to [{\"phase\":\"hot\",\"action\":\"unfollow\",\"name\":\"branch-check-unfollow-prerequisites\"}] in policy [ilm-history-ilm-policy]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:34:59,380Z", "level": "INFO", "component": "o.e.x.i.IndexLifecycleTransition", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "moving index [.ds-ilm-history-5-2021.10.20-000001] from [{\"phase\":\"hot\",\"action\":\"unfollow\",\"name\":\"branch-check-unfollow-prerequisites\"}] to [{\"phase\":\"hot\",\"action\":\"rollover\",\"name\":\"check-rollover-ready\"}] in policy [ilm-history-ilm-policy]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:35:00,294Z", "level": "INFO", "component": "o.e.c.m.MetadataMappingService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "[.kibana_7.15.0_001/qXks6FzISyWxTYTJReKWNg] update_mapping [_doc]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:35:03,465Z", "level": "INFO", "component": "o.e.i.g.DatabaseRegistry", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "downloading geoip database [GeoLite2-City.mmdb] to [/tmp/elasticsearch-9565488145036227484/geoip-databases/rSu665OoSmOAaI1c883snQ/GeoLite2-City.mmdb.tmp.gz]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:35:03,484Z", "level": "INFO", "component": "o.e.i.g.GeoIpDownloader", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "updated geoip database [GeoLite2-City.mmdb]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:35:03,487Z", "level": "INFO", "component": "o.e.i.g.GeoIpDownloader", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "updating geoip database [GeoLite2-Country.mmdb]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:35:04,527Z", "level": "INFO", "component": "o.e.i.g.DatabaseRegistry", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "downloading geoip database [GeoLite2-Country.mmdb] to [/tmp/elasticsearch-9565488145036227484/geoip-databases/rSu665OoSmOAaI1c883snQ/GeoLite2-Country.mmdb.tmp.gz]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:35:04,537Z", "level": "INFO", "component": "o.e.i.g.GeoIpDownloader", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "updated geoip database [GeoLite2-Country.mmdb]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:35:04,613Z", "level": "INFO", "component": "o.e.i.g.DatabaseRegistry", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "successfully reloaded changed geoip database file [/tmp/elasticsearch-9565488145036227484/geoip-databases/rSu665OoSmOAaI1c883snQ/GeoLite2-City.mmdb]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:35:04,612Z", "level": "INFO", "component": "o.e.i.g.DatabaseRegistry", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "successfully reloaded changed geoip database file [/tmp/elasticsearch-9565488145036227484/geoip-databases/rSu665OoSmOAaI1c883snQ/GeoLite2-Country.mmdb]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:35:06,858Z", "level": "INFO", "component": "o.e.c.m.MetadataCreateIndexService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "[.monitoring-es-7-2021.10.20] creating index, cause [auto(bulk api)], templates [.monitoring-es], shards [1]/[0]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:35:06,911Z", "level": "INFO", "component": "o.e.c.r.a.AllocationService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.monitoring-es-7-2021.10.20][0]]]).", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:35:58,696Z", "level": "INFO", "component": "o.e.c.m.MetadataMappingService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "[.kibana_7.15.0_001/qXks6FzISyWxTYTJReKWNg] update_mapping [_doc]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:35:58,894Z", "level": "INFO", "component": "o.e.c.m.MetadataCreateIndexService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "[.triggered_watches] creating index, cause [auto(bulk api)], templates [], shards [1]/[1]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:35:58,896Z", "level": "INFO", "component": "o.e.c.r.a.AllocationService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "updating number_of_replicas to [0] for indices [.triggered_watches]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:35:58,986Z", "level": "INFO", "component": "o.e.c.r.a.AllocationService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.triggered_watches][0]]]).", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:35:59,986Z", "level": "INFO", "component": "o.e.c.m.MetadataCreateIndexService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "[.watcher-history-13-2021.10.20] creating index, cause [auto(bulk api)], templates [.watch-history-13], shards [1]/[0]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:36:00,082Z", "level": "INFO", "component": "o.e.x.i.IndexLifecycleTransition", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "moving index [.watcher-history-13-2021.10.20] from [null] to [{\"phase\":\"new\",\"action\":\"complete\",\"name\":\"complete\"}] in policy [watch-history-ilm-policy]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:36:00,139Z", "level": "INFO", "component": "o.e.c.r.a.AllocationService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.watcher-history-13-2021.10.20][0]]]).", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:36:00,196Z", "level": "INFO", "component": "o.e.c.m.MetadataMappingService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "[.watcher-history-13-2021.10.20/hJhRKtnqTAu1TTUHDX3E5A] update_mapping [_doc]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:36:00,266Z", "level": "INFO", "component": "o.e.c.m.MetadataMappingService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "[.watcher-history-13-2021.10.20/hJhRKtnqTAu1TTUHDX3E5A] update_mapping [_doc]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "deprecation.elasticsearch", "timestamp": "2021-10-20T09:36:01,835Z", "level": "DEPRECATION", "component": "o.e.d.c.m.IndexNameExpressionResolver", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "this request accesses system indices: [.security-7, .triggered_watches, .watches], but in a future major version, direct access to system indices will be prevented by default", "x-opaque-id": "eca6f31f-9049-403b-8698-b1cbe92dfd1b", "key": "open_system_index_access", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
elasticsearch_1  | {"type": "server", "timestamp": "2021-10-20T09:36:06,999Z", "level": "INFO", "component": "o.e.c.m.MetadataMappingService", "cluster.name": "docker-cluster", "node.name": "9555a91d639d", "message": "[.kibana_7.15.0_001/qXks6FzISyWxTYTJReKWNg] update_mapping [_doc]", "cluster.uuid": "iJjvTLSxT52eQ0YyHWJlPA", "node.id": "rSu665OoSmOAaI1c883snQ"  }
antoineco commented 2 years ago

@divyankgarg I see multiple issues in what you just shared:

  1. You are mounting your CSV file at the absolute path /usr/share/logstash/sample_data/train_data1.csv, but you reference that same file using a relative path with a suspicious series of ../../. This is unlikely to work as you expect, since Logstash's home directory is /usr/share/logstash.

    To solve this, replace the path inside your pipeline.conf with either

    • path => 'sample_data/train_data1.csv'
    • or path => '/usr/share/logstash/sample_data/train_data1.csv'

  2. The trailing comment after path => "..." # THIS COMMENT seems to be causing a parsing issue:

    [2021-10-20T09:35:03,841][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of [ \\t\\r\\n], \"#\", \"{\", \"}\" at line 11, column 3 (byte 202) after input {\n\tbeats {\n\t\tport => 5044\n\t}\n\n\ttcp {\n\t\tport => 5000\n\t}\n\tfile {\n\t\tpath => \"./../../sample_data/train_data1.csv\"#\"./../../sample_data/train_data1.csv\" #\"/usr/share/logstash/data/train_data1.csv\"\n\t\t", :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:32:in compile_imperative'", "org/logstash/execution/AbstractPipelineExt.java:187:in initialize'", "org/logstash/execution/JavaBasePipelineExt.java:72:in initialize'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:47:in initialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:52:in execute'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:391:in block in converge_state'"]}

  3. Make sure your CSV file is readable by the logstash user (uid/gid 1000), otherwise you'll see a permission error immediately after fixing (1) and (2).

    chown -v :1000 sample_data/train_data1.csv

    You can ignore this advice if you cloned the docker-elk repository on a Windows machine (real Windows, not WSL), since Docker Desktop automatically grants read-write permissions to mounted files in this case.

divyankgarg commented 2 years ago

Thanks for correction. I resolved 1 and 2 point and it worked fine. Just I was getting issue with codec plugin so I removed it from conf file and it worked fine. Thanks. Now I am working how to import file that needs to be watched for new entries constantly.

antoineco commented 2 years ago

@divyankgarg for this I would recommend either

I won't be able to provide much assistance about Filebeat, and it's out-of-scope for this issue, but Elastic has a great documentation about how to use it on different platforms (including inside a Docker container) and how to connect it to either Logstash, or Elasticsearch directly.

antoineco commented 2 years ago

The original issue is fixed (typo in the Logstash config) and the discussion has become largely about providing support about Elastic's products (which is a topic for https://discuss.elastic.co/ or Gitter), so I am closing this issue.

divyankgarg commented 2 years ago

How to read all log files under the different subdirectories inside more sub-directories. List of log files under 2 folders (message and RSI) in 3 sub-directories under sample_data directory. I want to read all the content of log files at once dynamically. the config file path should automatically read all log files from the subdirectories within the sample_data main directory

Screenshot 2021-12-08 at 12 40 54 PM

The path I tried but it is taking only one log file not all log files

Screenshot 2021-12-08 at 12 41 18 PM

The yml file to define the volume source and destination

Screenshot 2021-12-08 at 12 42 18 PM