Skip to content

Commit 953d067

Browse files
marc-grmarc-gr
authored
[Filebeat][Gsuite] Transform all dates to timestamp with processor (#20308)
* Transform all dates to timestamp with processor * Change parse date function to create a chain
1 parent b797a7e commit 953d067

5 files changed

Lines changed: 80 additions & 56 deletions

File tree

x-pack/filebeat/module/gsuite/admin/config/pipeline.js

Lines changed: 57 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -421,11 +421,7 @@ var login = (function () {
421421
return;
422422
}
423423

424-
var millisToNano = 1e6;
425-
var tsStart = Date.parse(start) * millisToNano;
426-
var tsEnd = Date.parse(end) * millisToNano;
427-
428-
evt.Put("event.duration", tsEnd-tsStart);
424+
evt.Put("event.duration", end.UnixNano() - start.UnixNano());
429425
};
430426

431427
var setEventOutcome = function(evt) {
@@ -451,6 +447,34 @@ var login = (function () {
451447
evt.Delete("gsuite.admin.WHITELISTED_GROUPS");
452448
};
453449

450+
var deleteField = function(field) {
451+
return function(evt) {
452+
evt.Delete(field);
453+
};
454+
};
455+
456+
var parseDate = function(field, targetField) {
457+
return new processor.Chain()
458+
.Add(new processor.Timestamp({
459+
field: field,
460+
target_field: targetField,
461+
timezone: "UTC",
462+
layouts: [
463+
"2006-01-02T15:04:05Z",
464+
"2006-01-02T15:04:05.999Z",
465+
"2006/01/02 15:04:05 UTC",
466+
],
467+
tests: [
468+
"2020-02-05T18:19:23Z",
469+
"2020-02-05T18:19:23.599Z",
470+
"2020/07/28 04:59:59 UTC",
471+
],
472+
ignore_missing: true,
473+
}))
474+
.Add(deleteField(field))
475+
.Build()
476+
};
477+
454478
var pipeline = new processor.Chain()
455479
.Add(categorizeEvent)
456480
.Add(flattenParams)
@@ -621,22 +645,6 @@ var login = (function () {
621645
from: "gsuite.admin.PRIVILEGE_NAME",
622646
to: "gsuite.admin.privilege.name",
623647
},
624-
{
625-
from: "gsuite.admin.BEGIN_DATE_TIME",
626-
to: "event.start",
627-
},
628-
{
629-
from: "gsuite.admin.END_DATE_TIME",
630-
to: "event.end",
631-
},
632-
{
633-
from: "gsuite.admin.START_DATE",
634-
to: "event.start",
635-
},
636-
{
637-
from: "gsuite.admin.END_DATE",
638-
to: "event.end",
639-
},
640648
{
641649
from: "gsuite.admin.SITE_LOCATION",
642650
to: "url.path",
@@ -685,10 +693,6 @@ var login = (function () {
685693
from: "gsuite.admin.EMAIL_LOG_SEARCH_MSG_ID",
686694
to: "gsuite.admin.email.log_search_filter.message_id",
687695
},
688-
{
689-
from: "gsuite.admin.EMAIL_LOG_SEARCH_END_DATE",
690-
to: "gsuite.admin.email.log_search_filter.end_date",
691-
},
692696
{
693697
from: "gsuite.admin.EMAIL_LOG_SEARCH_RECIPIENT",
694698
to: "gsuite.admin.email.log_search_filter.recipient.value",
@@ -707,10 +711,6 @@ var login = (function () {
707711
to: "gsuite.admin.email.log_search_filter.sender.ip",
708712
type: "ip",
709713
},
710-
{
711-
from: "gsuite.admin.EMAIL_LOG_SEARCH_START_DATE",
712-
to: "gsuite.admin.email.log_search_filter.start_date",
713-
},
714714
{
715715
from: "gsuite.admin.QUARANTINE_NAME",
716716
to: "gsuite.admin.email.quarantine_name",
@@ -847,10 +847,6 @@ var login = (function () {
847847
from: "gsuite.admin.USER_NICKNAME",
848848
to: "gsuite.admin.user.nickname",
849849
},
850-
{
851-
from: "gsuite.admin.BIRTHDATE",
852-
to: "gsuite.admin.user.birthdate",
853-
},
854850
{
855851
from: "gsuite.admin.ACTION_ID",
856852
to: "gsuite.admin.mobile.action.id",
@@ -905,6 +901,34 @@ var login = (function () {
905901
ignore_missing: true,
906902
fail_on_error: false,
907903
})
904+
.Add(parseDate(
905+
"gsuite.admin.EMAIL_LOG_SEARCH_END_DATE",
906+
"gsuite.admin.email.log_search_filter.end_date"
907+
))
908+
.Add(parseDate(
909+
"gsuite.admin.EMAIL_LOG_SEARCH_START_DATE",
910+
"gsuite.admin.email.log_search_filter.start_date"
911+
))
912+
.Add(parseDate(
913+
"gsuite.admin.BIRTHDATE",
914+
"gsuite.admin.user.birthdate"
915+
))
916+
.Add(parseDate(
917+
"gsuite.admin.BEGIN_DATE_TIME",
918+
"event.start"
919+
))
920+
.Add(parseDate(
921+
"gsuite.admin.START_DATE",
922+
"event.start"
923+
))
924+
.Add(parseDate(
925+
"gsuite.admin.END_DATE",
926+
"event.end"
927+
))
928+
.Add(parseDate(
929+
"gsuite.admin.END_DATE_TIME",
930+
"event.end"
931+
))
908932
.Add(setGroupInfo)
909933
.Add(setRelatedUserInfo)
910934
.Add(setEventDuration)

x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-docs-test.json.log-expected.json

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -58,12 +58,12 @@
5858
],
5959
"event.dataset": "gsuite.admin",
6060
"event.duration": 10800000000000,
61-
"event.end": "2002-10-02T15:00:00Z",
61+
"event.end": "2002-10-02T15:00:00.000Z",
6262
"event.id": "1",
6363
"event.module": "gsuite",
6464
"event.original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"admin\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"98.235.162.24\",\"events\":{\"type\":\"DOCS_SETTINGS\",\"name\":\"DRIVE_DATA_RESTORE\",\"parameters\":[{\"name\":\"BEGIN_DATE_TIME\",\"value\":\"2002-10-02T12:00:00Z\"},{\"name\":\"END_DATE_TIME\",\"value\":\"2002-10-02T15:00:00Z\"},{\"name\":\"USER_EMAIL\",\"value\":\"user@example.com\"}]}}",
6565
"event.provider": "admin",
66-
"event.start": "2002-10-02T12:00:00Z",
66+
"event.start": "2002-10-02T12:00:00.000Z",
6767
"event.type": [
6868
"info"
6969
],
@@ -157,4 +157,4 @@
157157
"forwarded"
158158
]
159159
}
160-
]
160+
]

x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-gmail-test.json.log

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
{"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:00Z","uniqueQualifier":1,"applicationName":"admin","customerId":"1"},"actor":{"callerType":"USER","email":"foo@bar.com","profileId":1},"ownerDomain":"elastic.com","ipAddress":"98.235.162.24","events":{"type":"EMAIL_SETTINGS","name":"DROP_FROM_QUARANTINE","parameters":[{"name":"EMAIL_LOG_SEARCH_MSG_ID","value":"id"},{"name":"QUARANTINE_NAME","value":"quarantine"}]}}
2-
{"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:00Z","uniqueQualifier":1,"applicationName":"admin","customerId":"1"},"actor":{"callerType":"USER","email":"foo@bar.com","profileId":1},"ownerDomain":"elastic.com","ipAddress":"98.235.162.24","events":{"type":"EMAIL_SETTINGS","name":"EMAIL_LOG_SEARCH","parameters":[{"name":"EMAIL_LOG_SEARCH_END_DATE","value":"2002-10-02T12:00:00Z"},{"name":"EMAIL_LOG_SEARCH_MSG_ID","value":"id"},{"name":"EMAIL_LOG_SEARCH_RECIPIENT","value":"recipient"},{"name":"EMAIL_LOG_SEARCH_SENDER","value":"sender"},{"name":"EMAIL_LOG_SEARCH_SMTP_RECIPIENT_IP","value":"1.1.1.1"},{"name":"EMAIL_LOG_SEARCH_SMTP_SENDER_IP","value":"1.1.1.1"},{"name":"EMAIL_LOG_SEARCH_START_DATE","value":"2002-10-02T10:00:00Z"}]}}
2+
{"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:00Z","uniqueQualifier":1,"applicationName":"admin","customerId":"1"},"actor":{"callerType":"USER","email":"foo@bar.com","profileId":1},"ownerDomain":"elastic.com","ipAddress":"98.235.162.24","events":{"type":"EMAIL_SETTINGS","name":"EMAIL_LOG_SEARCH","parameters":[{"name":"EMAIL_LOG_SEARCH_END_DATE","value":"2020/07/28 04:59:59 UTC"},{"name":"EMAIL_LOG_SEARCH_MSG_ID","value":"id"},{"name":"EMAIL_LOG_SEARCH_RECIPIENT","value":"recipient"},{"name":"EMAIL_LOG_SEARCH_SENDER","value":"sender"},{"name":"EMAIL_LOG_SEARCH_SMTP_RECIPIENT_IP","value":"1.1.1.1"},{"name":"EMAIL_LOG_SEARCH_SMTP_SENDER_IP","value":"1.1.1.1"},{"name":"EMAIL_LOG_SEARCH_START_DATE","value":"2002-10-02T10:00:00Z"}]}}
33
{"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:00Z","uniqueQualifier":1,"applicationName":"admin","customerId":"1"},"actor":{"callerType":"USER","email":"foo@bar.com","profileId":1},"ownerDomain":"elastic.com","ipAddress":"98.235.162.24","events":{"type":"EMAIL_SETTINGS","name":"EMAIL_UNDELETE","parameters":[{"name":"END_DATE","value":"2002-10-02T12:00:00Z"},{"name":"USER_EMAIL","value":"user@example.com"},{"name":"START_DATE","value":"2002-10-02T10:00:00Z"}]}}
44
{"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:00Z","uniqueQualifier":1,"applicationName":"admin","customerId":"1"},"actor":{"callerType":"USER","email":"foo@bar.com","profileId":1},"ownerDomain":"elastic.com","ipAddress":"98.235.162.24","events":{"type":"EMAIL_SETTINGS","name":"CHANGE_EMAIL_SETTING","parameters":[{"name":"DOMAIN_NAME","value":"example.com"},{"name":"GROUP_EMAIL","value":"group@example.com"},{"name":"NEW_VALUE","value":"new"},{"name":"OLD_VALUE","value":"old"},{"name":"ORG_UNIT_NAME","value":"org"},{"name":"SETTING_NAME","value":"setting"}]}}
55
{"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:00Z","uniqueQualifier":1,"applicationName":"admin","customerId":"1"},"actor":{"callerType":"USER","email":"foo@bar.com","profileId":1},"ownerDomain":"elastic.com","ipAddress":"98.235.162.24","events":{"type":"EMAIL_SETTINGS","name":"CHANGE_GMAIL_SETTING","parameters":[{"name":"ORG_UNIT_NAME","value":"org"},{"name":"SETTING_DESCRIPTION","value":"setting description"},{"name":"SETTING_NAME","value":"setting"},{"name":"USER_DEFINED_SETTING_NAME","value":"setting name"}]}}

x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-gmail-test.json.log-expected.json

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -57,20 +57,20 @@
5757
"event.dataset": "gsuite.admin",
5858
"event.id": "1",
5959
"event.module": "gsuite",
60-
"event.original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"admin\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"98.235.162.24\",\"events\":{\"type\":\"EMAIL_SETTINGS\",\"name\":\"EMAIL_LOG_SEARCH\",\"parameters\":[{\"name\":\"EMAIL_LOG_SEARCH_END_DATE\",\"value\":\"2002-10-02T12:00:00Z\"},{\"name\":\"EMAIL_LOG_SEARCH_MSG_ID\",\"value\":\"id\"},{\"name\":\"EMAIL_LOG_SEARCH_RECIPIENT\",\"value\":\"recipient\"},{\"name\":\"EMAIL_LOG_SEARCH_SENDER\",\"value\":\"sender\"},{\"name\":\"EMAIL_LOG_SEARCH_SMTP_RECIPIENT_IP\",\"value\":\"1.1.1.1\"},{\"name\":\"EMAIL_LOG_SEARCH_SMTP_SENDER_IP\",\"value\":\"1.1.1.1\"},{\"name\":\"EMAIL_LOG_SEARCH_START_DATE\",\"value\":\"2002-10-02T10:00:00Z\"}]}}",
60+
"event.original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"admin\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"98.235.162.24\",\"events\":{\"type\":\"EMAIL_SETTINGS\",\"name\":\"EMAIL_LOG_SEARCH\",\"parameters\":[{\"name\":\"EMAIL_LOG_SEARCH_END_DATE\",\"value\":\"2020/07/28 04:59:59 UTC\"},{\"name\":\"EMAIL_LOG_SEARCH_MSG_ID\",\"value\":\"id\"},{\"name\":\"EMAIL_LOG_SEARCH_RECIPIENT\",\"value\":\"recipient\"},{\"name\":\"EMAIL_LOG_SEARCH_SENDER\",\"value\":\"sender\"},{\"name\":\"EMAIL_LOG_SEARCH_SMTP_RECIPIENT_IP\",\"value\":\"1.1.1.1\"},{\"name\":\"EMAIL_LOG_SEARCH_SMTP_SENDER_IP\",\"value\":\"1.1.1.1\"},{\"name\":\"EMAIL_LOG_SEARCH_START_DATE\",\"value\":\"2002-10-02T10:00:00Z\"}]}}",
6161
"event.provider": "admin",
6262
"event.type": [
6363
"info"
6464
],
6565
"fileset.name": "admin",
6666
"gsuite.actor.type": "USER",
67-
"gsuite.admin.email.log_search_filter.end_date": "2002-10-02T12:00:00Z",
67+
"gsuite.admin.email.log_search_filter.end_date": "2020-07-28T04:59:59.000Z",
6868
"gsuite.admin.email.log_search_filter.message_id": "id",
6969
"gsuite.admin.email.log_search_filter.recipient.ip": "1.1.1.1",
7070
"gsuite.admin.email.log_search_filter.recipient.value": "recipient",
7171
"gsuite.admin.email.log_search_filter.sender.ip": "1.1.1.1",
7272
"gsuite.admin.email.log_search_filter.sender.value": "sender",
73-
"gsuite.admin.email.log_search_filter.start_date": "2002-10-02T10:00:00Z",
73+
"gsuite.admin.email.log_search_filter.start_date": "2002-10-02T10:00:00.000Z",
7474
"gsuite.event.type": "EMAIL_SETTINGS",
7575
"gsuite.kind": "admin#reports#activity",
7676
"gsuite.organization.domain": "elastic.com",
@@ -110,12 +110,12 @@
110110
],
111111
"event.dataset": "gsuite.admin",
112112
"event.duration": 7200000000000,
113-
"event.end": "2002-10-02T12:00:00Z",
113+
"event.end": "2002-10-02T12:00:00.000Z",
114114
"event.id": "1",
115115
"event.module": "gsuite",
116116
"event.original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"admin\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"98.235.162.24\",\"events\":{\"type\":\"EMAIL_SETTINGS\",\"name\":\"EMAIL_UNDELETE\",\"parameters\":[{\"name\":\"END_DATE\",\"value\":\"2002-10-02T12:00:00Z\"},{\"name\":\"USER_EMAIL\",\"value\":\"user@example.com\"},{\"name\":\"START_DATE\",\"value\":\"2002-10-02T10:00:00Z\"}]}}",
117117
"event.provider": "admin",
118-
"event.start": "2002-10-02T10:00:00Z",
118+
"event.start": "2002-10-02T10:00:00.000Z",
119119
"event.type": [
120120
"creation"
121121
],
@@ -126,7 +126,7 @@
126126
"gsuite.kind": "admin#reports#activity",
127127
"gsuite.organization.domain": "elastic.com",
128128
"input.type": "log",
129-
"log.offset": 1185,
129+
"log.offset": 1188,
130130
"organization.id": "1",
131131
"related.ip": [
132132
"98.235.162.24"
@@ -182,7 +182,7 @@
182182
"gsuite.kind": "admin#reports#activity",
183183
"gsuite.organization.domain": "elastic.com",
184184
"input.type": "log",
185-
"log.offset": 1668,
185+
"log.offset": 1671,
186186
"organization.id": "1",
187187
"related.ip": [
188188
"98.235.162.24"
@@ -233,7 +233,7 @@
233233
"gsuite.kind": "admin#reports#activity",
234234
"gsuite.organization.domain": "elastic.com",
235235
"input.type": "log",
236-
"log.offset": 2251,
236+
"log.offset": 2254,
237237
"organization.id": "1",
238238
"related.ip": [
239239
"98.235.162.24"
@@ -284,7 +284,7 @@
284284
"gsuite.kind": "admin#reports#activity",
285285
"gsuite.organization.domain": "elastic.com",
286286
"input.type": "log",
287-
"log.offset": 2789,
287+
"log.offset": 2792,
288288
"organization.id": "1",
289289
"related.ip": [
290290
"98.235.162.24"
@@ -335,7 +335,7 @@
335335
"gsuite.kind": "admin#reports#activity",
336336
"gsuite.organization.domain": "elastic.com",
337337
"input.type": "log",
338-
"log.offset": 3327,
338+
"log.offset": 3330,
339339
"organization.id": "1",
340340
"related.ip": [
341341
"98.235.162.24"
@@ -384,7 +384,7 @@
384384
"gsuite.kind": "admin#reports#activity",
385385
"gsuite.organization.domain": "elastic.com",
386386
"input.type": "log",
387-
"log.offset": 3865,
387+
"log.offset": 3868,
388388
"organization.id": "1",
389389
"related.ip": [
390390
"98.235.162.24"
@@ -433,7 +433,7 @@
433433
"gsuite.kind": "admin#reports#activity",
434434
"gsuite.organization.domain": "elastic.com",
435435
"input.type": "log",
436-
"log.offset": 4299,
436+
"log.offset": 4302,
437437
"organization.id": "1",
438438
"related.ip": [
439439
"98.235.162.24"
@@ -460,4 +460,4 @@
460460
"forwarded"
461461
]
462462
}
463-
]
463+
]

x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-user-test.json.log-expected.json

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1389,12 +1389,12 @@
13891389
],
13901390
"event.dataset": "gsuite.admin",
13911391
"event.duration": 3600000000000,
1392-
"event.end": "2002-10-02T16:00:00Z",
1392+
"event.end": "2002-10-02T16:00:00.000Z",
13931393
"event.id": "1",
13941394
"event.module": "gsuite",
13951395
"event.original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"admin\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"98.235.162.24\",\"events\":{\"type\":\"USER_SETTINGS\",\"name\":\"CREATE_EMAIL_MONITOR\",\"parameters\":[{\"name\":\"USER_EMAIL\",\"value\":\"user@example.com\"},{\"name\":\"BEGIN_DATE_TIME\",\"value\":\"2002-10-02T15:00:00Z\"},{\"name\":\"EMAIL_MONITOR_DEST_EMAIL\",\"value\":\"dest@example.com\"},{\"name\":\"EMAIL_MONITOR_LEVEL_CHAT\",\"value\":\"info\"},{\"name\":\"EMAIL_MONITOR_LEVEL_DRAFT_EMAIL\",\"value\":\"info\"},{\"name\":\"EMAIL_MONITOR_LEVEL_INCOMING_EMAIL\",\"value\":\"info\"},{\"name\":\"EMAIL_MONITOR_LEVEL_OUTGOING_EMAIL\",\"value\":\"info\"},{\"name\":\"END_DATE_TIME\",\"value\":\"2002-10-02T16:00:00Z\"}]}}",
13961396
"event.provider": "admin",
1397-
"event.start": "2002-10-02T15:00:00Z",
1397+
"event.start": "2002-10-02T15:00:00.000Z",
13981398
"event.type": [
13991399
"user",
14001400
"creation"
@@ -2361,12 +2361,12 @@
23612361
],
23622362
"event.dataset": "gsuite.admin",
23632363
"event.duration": 3600000000000,
2364-
"event.end": "2002-10-02T16:00:00Z",
2364+
"event.end": "2002-10-02T16:00:00.000Z",
23652365
"event.id": "1",
23662366
"event.module": "gsuite",
23672367
"event.original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"admin\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"98.235.162.24\",\"events\":{\"type\":\"USER_SETTINGS\",\"name\":\"REQUEST_MAILBOX_DUMP\",\"parameters\":[{\"name\":\"USER_EMAIL\",\"value\":\"user@example.com\"},{\"name\":\"BEGIN_DATE_TIME\",\"value\":\"2002-10-02T15:00:00Z\"},{\"name\":\"EMAIL_EXPORT_INCLUDE_DELETED\",\"value\":\"true\"},{\"name\":\"EMAIL_EXPORT_PACKAGE_CONTENT\",\"value\":\"contents\"},{\"name\":\"SEARCH_QUERY_FOR_DUMP\",\"value\":\"foo bar\"},{\"name\":\"END_DATE_TIME\",\"value\":\"2002-10-02T16:00:00Z\"}]}}",
23682368
"event.provider": "admin",
2369-
"event.start": "2002-10-02T15:00:00Z",
2369+
"event.start": "2002-10-02T15:00:00.000Z",
23702370
"event.type": [
23712371
"user",
23722372
"info"
@@ -2929,7 +2929,7 @@
29292929
],
29302930
"fileset.name": "admin",
29312931
"gsuite.actor.type": "USER",
2932-
"gsuite.admin.user.birthdate": "2002-10-02T15:00:00Z",
2932+
"gsuite.admin.user.birthdate": "2002-10-02T15:00:00.000Z",
29332933
"gsuite.admin.user.email": "user@example.com",
29342934
"gsuite.event.type": "USER_SETTINGS",
29352935
"gsuite.kind": "admin#reports#activity",
@@ -3763,4 +3763,4 @@
37633763
"forwarded"
37643764
]
37653765
}
3766-
]
3766+
]

0 commit comments

Comments
 (0)