Cherry-pick #20170 to 7.x: [Filebeat] Fix fileset field namespacing

[andrewkroh]

Cherry-pick of PR #20170 to 7.x branch. Original message:

What does this PR do?

When the fields.yml file is constructed it is done by appending files together and adding some indenting.
In the case of Filebeat, a fileset's fields.yml is appended with an indent of 8 spaces to the module's fields.yml.
This generally allows for all of the filesets fields to become children of the module.

The problem we had was that the new filesets added in #19713 expected that their fields would be root fields
(not children to the module namespace). In cases where the module already existed and had declared
a module namespace field in its fields.yml this resulted in unexpectedly namespaced fieldset fields
(e.g. microsoft.rsa.* instead of rsa.*).

The size of the x-pack/filebeat index-pattern is still large (915885 bytes), but not so large that it goes beyond the Kibana
request payload limit.

Why is it important?

Reduces the number of fields in the Filebeat mapping and allows Kibana to generate a smaller index pattern.

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

How to test this PR locally

• Build filebeat.
• Run filebeat setup
• Verify that the index pattern exists.
• Verify that you can view the index pattern.
• Verify that discover works.

Related issues

• Fixes Filebeat setup is not creating index pattern in kibana  #19965

[elasticmachine]

Pinging @elastic/siem (Team:SIEM)

[elasticmachine]

💔 Tests Failed

Expand to view the summary

Build stats

• Build Cause: [Pull request #20199 opened]

• Start Time: 2020-07-23T12:15:41.744+0000

• Duration: 69 min 15 sec

Test stats 🧪

Test	Results
Failed	10
Passed	3944
Skipped	679
Total	4633

Test errors

Expand to view the tests failures

• Name: Build and Test / Filebeat x-pack / test_fileset_file_056_o365 – test_xpack_modules.XPackTest
  • Age: 1
  • Duration: 3.743
  • Error Details: The following expected object doesn't match:
    Diff:
    {'values_changed': {"root['user_agent.device.name']": {'new_value': 'Mac', 'old_value': 'Other'}}}, full object:
    {'log.offset': 0, 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'ES-B', 'source.geo.city_name': 'Barcelona', 'source.geo.country_iso_code': 'ES', 'source.geo.region_name': 'Barcelona', 'source.geo.location.lon': 2.1611, 'source.geo.location.lat': 41.3891, 'source.as.number': 3352, 'source.as.organization.name': 'Telefonica De Espana', 'source.ip': '213.97.47.133', 'network.type': 'ipv4', 'o365.audit.Site': 'd5180cfc-3479-44d6-b410-8c985ac894e3', 'o365.audit.ObjectId': 'https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot 2020-01-27 at 11.30.48.png', 'o365.audit.SourceFileName': 'Screenshot 2020-01-27 at 11.30.48.png', 'o365.audit.ItemType': 'File', 'o365.audit.UserKey': 'i:0h.f|membership|1003200096971f55@live.com', 'o365.audit.Operation': 'FileDeleted', 'o365.audit.OrganizationId': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'o365.audit.SiteUrl': 'https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/', 'o365.audit.ClientIP': '213.97.47.133', 'o365.audit.SourceFileExtension': 'png', 'o365.audit.Workload': 'OneDrive', 'o365.audit.SourceRelativeUrl': 'Documents', 'o365.audit.EventSource': 'SharePoint', 'o365.audit.RecordType': 6, 'o365.audit.ListId': '2b6ad2bd-0fd7-4556-9c89-a97847085b85', 'o365.audit.Version': 1, 'o365.audit.UserId': 'asr@testsiem.onmicrosoft.com', 'o365.audit.WebId': '8c5c94bb-8396-470c-87d7-8999f440cd30', 'o365.audit.UserAgent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0', 'o365.audit.CreationTime': '2020-02-07T16:44:07', 'o365.audit.Id': 'ec04aa09-0a43-4879-cdc8-08d7abecf327', 'o365.audit.CorrelationId': '652b339f-908c-a000-f25f-91423da7dd9b', 'o365.audit.UserType': 0, 'o365.audit.ListItemUniqueId': '4803608a-df7d-4f63-aa73-67aa33bb576e', 'file.extension': 'png', 'file.name': 'Screenshot 2020-01-27 at 11.30.48.png', 'file.directory': 'Documents', 'related.ip': '213.97.47.133', 'related.user': 'asr', 'host.name': 'testsiem.onmicrosoft.com', 'host.id': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'client.address': '213.97.47.133', 'client.ip': '213.97.47.133', 'event.code': 'SharePointFileOperation', 'event.provider': 'OneDrive', 'event.kind': 'event', 'event.module': 'o365', 'event.action': 'FileDeleted', 'event.id': 'ec04aa09-0a43-4879-cdc8-08d7abecf327', 'event.type': 'deletion', 'event.category': 'file', 'event.dataset': 'o365.audit', 'event.outcome': 'success', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.14', 'user_agent.os.full': 'Mac OS X 10.14', 'user_agent.name': 'Firefox', 'user_agent.device.name': 'Mac', 'user_agent.version': '72.0.', 'fileset.name': 'audit', 'url.original': 'https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot 2020-01-27 at 11.30.48.png', 'tags': ['forwarded'], 'input.type': 'log', '@timestamp': '2020-02-07T16:44:07.000Z', 'service.type': 'o365', 'organization.id': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'user.domain': 'testsiem.onmicrosoft.com', 'user.name': 'asr', 'user.id': 'asr@testsiem.onmicrosoft.com'}
    -------------------- >> begin captured stdout << ---------------------
    Using elasticsearch: http://elasticsearch:9200
    Testing o365/audit on /go/src/github.com/elastic/beats/x-pack/filebeat/module/o365/audit/test/06-sharepointfileop.log

--------------------- >> end captured stdout << ----------------------

• Name: Build and Test / Filebeat x-pack / test_fileset_file_060_o365 – test_xpack_modules.XPackTest
  • Age: 1
  • Duration: 3.324
  • Error Details: The following expected object doesn't match:
    Diff:
    {'values_changed': {"root['user_agent.device.name']": {'new_value': 'Mac', 'old_value': 'Other'}}}, full object:
    {'log.offset': 0, 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'ES-B', 'source.geo.city_name': 'Barcelona', 'source.geo.country_iso_code': 'ES', 'source.geo.region_name': 'Barcelona', 'source.geo.location.lon': 2.1611, 'source.geo.location.lat': 41.3891, 'source.as.number': 3352, 'source.as.organization.name': 'Telefonica De Espana', 'source.ip': '213.97.47.133', 'fileset.name': 'audit', 'network.type': 'ipv4', 'tags': ['forwarded'], 'o365.audit.Site': 'd5180cfc-3479-44d6-b410-8c985ac894e3', 'o365.audit.ObjectId': 'https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/_layouts/15/onedrive.aspx', 'o365.audit.UserKey': 'i:0h.f|membership|1003200096971f55@live.com', 'o365.audit.ItemType': 'Page', 'o365.audit.Operation': 'PageViewed', 'o365.audit.OrganizationId': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'o365.audit.ClientIP': '213.97.47.133', 'o365.audit.Workload': 'OneDrive', 'o365.audit.EventSource': 'SharePoint', 'o365.audit.RecordType': 4, 'o365.audit.Version': 1, 'o365.audit.WebId': '8c5c94bb-8396-470c-87d7-8999f440cd30', 'o365.audit.UserId': 'asr@testsiem.onmicrosoft.com', 'o365.audit.CreationTime': '2020-02-07T16:43:53', 'o365.audit.UserAgent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0', 'o365.audit.CustomUniqueId': True, 'o365.audit.Id': '99d005e6-a4c6-46fd-117c-08d7abeceab5', 'o365.audit.CorrelationId': '622b339f-4000-a000-f25f-92b3478c7a25', 'o365.audit.ListItemUniqueId': '59a8433d-9bb8-cfef-6edc-4c0fc8b86875', 'o365.audit.UserType': 0, 'input.type': 'log', '@timestamp': '2020-02-07T16:43:53.000Z', 'related.ip': '213.97.47.133', 'related.user': 'asr', 'service.type': 'o365', 'organization.id': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'host.name': 'testsiem.onmicrosoft.com', 'host.id': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'client.address': '213.97.47.133', 'client.ip': '213.97.47.133', 'event.code': 'SharePoint', 'event.provider': 'OneDrive', 'event.kind': 'event', 'event.module': 'o365', 'event.action': 'PageViewed', 'event.id': '99d005e6-a4c6-46fd-117c-08d7abeceab5', 'event.type': 'info', 'event.category': 'web', 'event.dataset': 'o365.audit', 'event.outcome': 'success', 'user.domain': 'testsiem.onmicrosoft.com', 'user.name': 'asr', 'user.id': 'asr@testsiem.onmicrosoft.com', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.14', 'user_agent.os.full': 'Mac OS X 10.14', 'user_agent.name': 'Firefox', 'user_agent.device.name': 'Mac', 'user_agent.version': '72.0.'}
    -------------------- >> begin captured stdout << ---------------------
    Using elasticsearch: http://elasticsearch:9200
    Testing o365/audit on /go/src/github.com/elastic/beats/x-pack/filebeat/module/o365/audit/test/04-sharepoint.log

--------------------- >> end captured stdout << ----------------------

• Name: Build and Test / Filebeat x-pack / test_fileset_file_061_o365 – test_xpack_modules.XPackTest
  • Age: 1
  • Duration: 3.865
  • Error Details: The following expected object doesn't match:
    Diff:
    {'values_changed': {"root['user_agent.device.name']": {'new_value': 'Mac', 'old_value': 'Other'}}}, full object:
    {'log.offset': 3965, 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'ES-B', 'source.geo.city_name': 'Barcelona', 'source.geo.country_iso_code': 'ES', 'source.geo.region_name': 'Barcelona', 'source.geo.location.lon': 2.1611, 'source.geo.location.lat': 41.3891, 'source.as.number': 3352, 'source.as.organization.name': 'Telefonica De Espana', 'source.ip': '79.159.10.151', 'fileset.name': 'audit', 'tags': ['forwarded'], 'network.type': 'ipv4', 'o365.audit.Site': 'd5180cfc-3479-44d6-b410-8c985ac894e3', 'o365.audit.ObjectId': 'https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com//personal/asr_testsiem_onmicrosoft_com/Sharing Links', 'o365.audit.UserKey': 'i:0h.f|membership|1003200096971f55@live.com', 'o365.audit.ItemType': 'List', 'o365.audit.SiteUrl': 'https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com', 'o365.audit.Operation': 'SharingInheritanceBroken', 'o365.audit.OrganizationId': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'o365.audit.ClientIP': '79.159.10.151', 'o365.audit.EventData': 'FalseFalse', 'o365.audit.Workload': 'OneDrive', 'o365.audit.SourceRelativeUrl': 'Sharing Links', 'o365.audit.EventSource': 'SharePoint', 'o365.audit.ListId': 'b108938d-3546-4359-925d-a1b54b4db8c2', 'o365.audit.RecordType': 14, 'o365.audit.Version': 1, 'o365.audit.WebId': '8c5c94bb-8396-470c-87d7-8999f440cd30', 'o365.audit.UserId': 'asr@testsiem.onmicrosoft.com', 'o365.audit.UserAgent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0', 'o365.audit.CreationTime': '2020-02-14T18:25:45', 'o365.audit.Id': 'dd162cd7-5df5-4fef-078a-08d7b17b4e95', 'o365.audit.CorrelationId': 'fe71359f-005f-9000-7cb1-ccf5124703db', 'o365.audit.UserType': 0, 'input.type': 'log', '@timestamp': '2020-02-14T18:25:45.000Z', 'related.ip': '79.159.10.151', 'related.user': 'asr', 'service.type': 'o365', 'organization.id': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'host.name': 'testsiem.onmicrosoft.com', 'host.id': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'client.address': '79.159.10.151', 'client.ip': '79.159.10.151', 'event.code': 'SharePointSharingOperation', 'event.provider': 'OneDrive', 'event.kind': 'event', 'event.module': 'o365', 'event.action': 'SharingInheritanceBroken', 'event.id': 'dd162cd7-5df5-4fef-078a-08d7b17b4e95', 'event.category': 'web', 'event.type': 'info', 'event.dataset': 'o365.audit', 'event.outcome': 'success', 'user.domain': 'testsiem.onmicrosoft.com', 'user.name': 'asr', 'user.id': 'asr@testsiem.onmicrosoft.com', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.14', 'user_agent.os.full': 'Mac OS X 10.14', 'user_agent.name': 'Firefox', 'user_agent.device.name': 'Mac', 'user_agent.version': '73.0.'}
    -------------------- >> begin captured stdout << ---------------------
    Using elasticsearch: http://elasticsearch:9200
    Testing o365/audit on /go/src/github.com/elastic/beats/x-pack/filebeat/module/o365/audit/test/14-sp-sharing-op.log

--------------------- >> end captured stdout << ----------------------

• Name: Build and Test / Filebeat x-pack / test_fileset_file_062_o365 – test_xpack_modules.XPackTest
  • Age: 1
  • Duration: 8.439
  • Error Details: The following expected object doesn't match:
    Diff:
    {'values_changed': {"root['user_agent.device.name']": {'new_value': 'Mac', 'old_value': 'Other'}}}, full object:
    {'log.offset': 0, 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'ES-B', 'source.geo.city_name': 'Barcelona', 'source.geo.country_iso_code': 'ES', 'source.geo.region_name': 'Barcelona', 'source.geo.location.lon': 2.1611, 'source.geo.location.lat': 41.3891, 'source.as.number': 3352, 'source.as.organization.name': 'Telefonica De Espana', 'source.ip': '83.57.233.151', 'fileset.name': 'audit', 'network.type': 'ipv4', 'tags': ['forwarded'], 'o365.audit.AzureActiveDirectoryEventType': 1, 'o365.audit.UserKey': '1003200096971F55@testsiem.onmicrosoft.com', 'o365.audit.ActorIpAddress': '83.57.233.151', 'o365.audit.OrganizationId': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'o365.audit.Operation': 'UserLoggedIn', 'o365.audit.ExtendedProperties.ResultStatusDetail': 'Success', 'o365.audit.ExtendedProperties.UserAgent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0', 'o365.audit.ExtendedProperties.KeepMeSignedIn': 'False', 'o365.audit.ExtendedProperties.UserAuthenticationMethod': '9', 'o365.audit.ExtendedProperties.RequestType': 'OAuth2:Authorize', 'o365.audit.IntraSystemId': 'c4206c29-46c2-4a6f-a46b-735107705400', 'o365.audit.Target': [{'Type': 0, 'ID': '00000002-0000-0000-c000-000000000000'}], 'o365.audit.RecordType': 15, 'o365.audit.Version': 1, 'o365.audit.SupportTicketId': '', 'o365.audit.Actor': [{'Type': 0, 'ID': '755e500a-6c03-46b0-b53b-282f23374e3b'}, {'Type': 5, 'ID': 'asr@testsiem.onmicrosoft.com'}, {'Type': 3, 'ID': '1003200096971F55'}], 'o365.audit.ActorContextId': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'o365.audit.ResultStatus': 'Succeeded', 'o365.audit.ObjectId': '00000002-0000-0000-c000-000000000000', 'o365.audit.ClientIP': '83.57.233.151', 'o365.audit.Workload': 'AzureActiveDirectory', 'o365.audit.UserId': 'asr@testsiem.onmicrosoft.com', 'o365.audit.TargetContextId': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'o365.audit.CreationTime': '2020-02-10T15:13:13', 'o365.audit.InterSystemsId': '03616b3a-fc75-46a1-b34a-2d82fc8f1e7e', 'o365.audit.Id': 'ca0efc24-1b89-4962-8fef-a3ac5437302f', 'o365.audit.ApplicationId': '4345a7b9-9a63-4910-a426-35363201d503', 'o365.audit.UserType': 0, 'input.type': 'log', '@timestamp': '2020-02-10T15:13:13.000Z', 'related.ip': '83.57.233.151', 'related.user': 'asr', 'service.type': 'o365', 'organization.id': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'host.name': 'testsiem.onmicrosoft.com', 'host.id': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'client.address': '83.57.233.151', 'client.ip': '83.57.233.151', 'event.code': 'AzureActiveDirectoryStsLogon', 'event.provider': 'AzureActiveDirectory', 'event.kind': 'event', 'event.module': 'o365', 'event.action': 'UserLoggedIn', 'event.id': 'ca0efc24-1b89-4962-8fef-a3ac5437302f', 'event.type': ['start', 'authentication_success'], 'event.category': 'authentication', 'event.dataset': 'o365.audit', 'event.outcome': 'success', 'user.domain': 'testsiem.onmicrosoft.com', 'user.name': 'asr', 'user.id': 'asr@testsiem.onmicrosoft.com', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.14', 'user_agent.os.full': 'Mac OS X 10.14', 'user_agent.name': 'Firefox', 'user_agent.device.name': 'Mac', 'user_agent.version': '72.0.'}
    -------------------- >> begin captured stdout << ---------------------
    Using elasticsearch: http://elasticsearch:9200
    Testing o365/audit on /go/src/github.com/elastic/beats/x-pack/filebeat/module/o365/audit/test/15-azuread-sts-logon.log

--------------------- >> end captured stdout << ----------------------

• Name: Build and Test / Filebeat x-pack / test_fileset_file_095_cylance – test_xpack_modules.XPackTest
  • Age: 1
  • Duration: 9.048
  • Error Details: The following expected object doesn't match:
    Diff:
    {'values_changed': {"root['@timestamp']": {'new_value': '2020-07-25T11:47:41.000Z', 'old_value': '2019-07-25T11:47:41.000Z'}, "root['rsa.time.event_time']": {'new_value': '2020-07-25T11:47:41.000Z', 'old_value': '2019-07-25T11:47:41.000Z'}}}, full object:
    {'rsa.internal.messageid': 'CylancePROTECT', 'rsa.investigations.event_cat': 1804020000, 'rsa.investigations.event_cat_name': 'Network.Devices.Removals', 'rsa.time.event_time': '2020-07-25T11:47:41.000Z', 'rsa.db.index': 'mpo', 'rsa.network.eth_host': '01:00:5e:ee:e8:77', 'rsa.network.alias_host': ['ntium4450.www5.localdomain'], 'rsa.misc.node': 'vol', 'rsa.misc.event_type': 'DeviceRemove', 'rsa.misc.OS': 'animid', 'log.offset': 10027, 'source.ip': ['10.22.94.10'], 'fileset.name': 'protect', 'tags': ['cylance.protect', 'forwarded'], 'input.type': 'log', 'observer.product': 'Protect', 'observer.vendor': 'Cylance', 'observer.type': 'Anti-Virus', '@timestamp': '2020-07-25T11:47:41.000Z', 'related.ip': ['10.22.94.10'], 'related.user': ['ssusci'], 'service.type': 'cylance', 'host.name': 'ntium4450.www5.localdomain', 'host.mac': '01:00:5e:ee:e8:77', 'event.code': 'CylancePROTECT', 'event.original': '25-Jul-2017 9:47:41 very-high idolor3916.www5.home tas <tasun 25T09:47:41.duntutla ntium4450.www5.localdomain CylancePROTECT Event Name:DeviceRemove, Device Name:vol, Agent Version:oremquel, IP Address: (10.22.94.10), MAC Address: (01:00:5e:ee:e8:77), Logged On Users: (ssusci), OS:animid, Zone Names:mpo', 'event.module': 'cylance', 'event.action': 'DeviceRemove', 'event.dataset': 'cylance.protect', 'user.name': 'ssusci'}
    -------------------- >> begin captured stdout << ---------------------
    Using elasticsearch: http://elasticsearch:9200
    Testing cylance/protect on /go/src/github.com/elastic/beats/x-pack/filebeat/module/cylance/protect/test/generated.log

--------------------- >> end captured stdout << ----------------------

• Name: Build and Test / Filebeat x-pack / test_fileset_file_106_okta – test_xpack_modules.XPackTest
  • Age: 1
  • Duration: 3.473
  • Error Details: The following expected object doesn't match:
    Diff:
    {'values_changed': {"root['user_agent.device.name']": {'new_value': 'Mac', 'old_value': 'Other'}}}, full object:
    {'log.offset': 0, 'source.geo.continent_name': 'North America', 'source.geo.region_iso_code': 'US-CA', 'source.geo.city_name': 'Dublin', 'source.geo.country_iso_code': 'US', 'source.geo.region_name': 'California', 'source.geo.location.lon': -121.919, 'source.geo.location.lat': 37.7201, 'source.as.number': 7018, 'source.as.organization.name': 'AT&T Services, Inc.', 'source.ip': '108.255.197.247', 'source.user.full_name': 'xxxxxx', 'source.user.id': '00u1abvz4pYqdM8ms4x6', 'fileset.name': 'system', 'tags': ['forwarded'], 'input.type': 'log', '@timestamp': '2020-02-14T22:18:51.843Z', 'related.ip': '108.255.197.247', 'related.user': 'xxxxxx', 'service.type': 'okta', 'client.geo.city_name': 'Dublin', 'client.geo.country_name': 'United States', 'client.geo.location.lon': -121.919, 'client.geo.location.lat': 37.7201, 'client.geo.region_name': 'California', 'client.ip': '108.255.197.247', 'client.user.full_name': 'xxxxxx', 'client.user.id': '00u1abvz4pYqdM8ms4x6', 'event.original': '{"actor":{"alternateId":"xxxxxx@elastic.co","detailEntry":null,"displayName":"xxxxxx","id":"00u1abvz4pYqdM8ms4x6","type":"User"},"authenticationContext":{"authenticationProvider":null,"authenticationStep":0,"credentialProvider":null,"credentialType":null,"externalSessionId":"102nZHzd6OHSfGG51vsoc22gw","interface":null,"issuer":null},"client":{"device":"Computer","geographicalContext":{"city":"Dublin","country":"United States","geolocation":{"lat":37.7201,"lon":-121.919},"postalCode":"94568","state":"California"},"id":null,"ipAddress":"108.255.197.247","userAgent":{"browser":"FIREFOX","os":"Mac OS X","rawUserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0"},"zone":"null"},"debugContext":{"debugData":{"authnRequestId":"XkcAsWb8WjwDP76xh@1v8wAABp0","requestId":"XkccyyMli2Uay2I93ZgRzQAAB0c","requestUri":"/login/signout","threatSuspected":"false","url":"/login/signout?message=login_page_messages.session_has_expired"}},"displayMessage":"User logout from Okta","eventType":"user.session.end","legacyEventType":"core.user_auth.logout_success","outcome":{"reason":null,"result":"SUCCESS"},"published":"2020-02-14T22:18:51.843Z","request":{"ipChain":[{"geographicalContext":{"city":"Dublin","country":"United States","geolocation":{"lat":37.7201,"lon":-121.919},"postalCode":"94568","state":"California"},"ip":"108.255.197.247","source":null,"version":"V4"}]},"securityContext":{"asNumber":null,"asOrg":null,"domain":null,"isProxy":null,"isp":null},"severity":"INFO","target":null,"transaction":{"detail":{},"id":"XkccyyMli2Uay2I93ZgRzQAAB0c","type":"WEB"},"uuid":"faf7398a-4f77-11ea-97fb-5925e98228bd","version":"0"}', 'event.kind': 'event', 'event.module': 'okta', 'event.action': 'user.session.end', 'event.id': 'faf7398a-4f77-11ea-97fb-5925e98228bd', 'event.type': ['access'], 'event.category': ['authentication'], 'event.dataset': 'okta.system', 'event.outcome': 'success', 'okta.actor.id': '00u1abvz4pYqdM8ms4x6', 'okta.actor.type': 'User', 'okta.actor.display_name': 'xxxxxx', 'okta.actor.alternate_id': 'xxxxxx@elastic.co', 'okta.debug_context.debug_data.threat_suspected': 'false', 'okta.debug_context.debug_data.request_id': 'XkccyyMli2Uay2I93ZgRzQAAB0c', 'okta.debug_context.debug_data.request_uri': '/login/signout', 'okta.debug_context.debug_data.url': '/login/signout?message=login_page_messages.session_has_expired', 'okta.event_type': 'user.session.end', 'okta.authentication_context.authentication_step': 0, 'okta.authentication_context.external_session_id': '102nZHzd6OHSfGG51vsoc22gw', 'okta.display_message': 'User logout from Okta', 'okta.client.zone': 'null', 'okta.client.ip': '108.255.197.247', 'okta.client.device': 'Computer', 'okta.client.user_agent.raw_user_agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0', 'okta.client.user_agent.os': 'Mac OS X', 'okta.client.user_agent.browser': 'FIREFOX', 'okta.uuid': 'faf7398a-4f77-11ea-97fb-5925e98228bd', 'okta.outcome.result': 'SUCCESS', 'okta.transaction.id': 'XkccyyMli2Uay2I93ZgRzQAAB0c', 'okta.transaction.type': 'WEB', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.15', 'user_agent.os.full': 'Mac OS X 10.15', 'user_agent.name': 'Firefox', 'user_agent.device.name': 'Mac', 'user_agent.version': '72.0.'}
    -------------------- >> begin captured stdout << ---------------------
    Using elasticsearch: http://elasticsearch:9200
    Testing okta/system on /go/src/github.com/elastic/beats/x-pack/filebeat/module/okta/system/test/okta-system-test.json.log

--------------------- >> end captured stdout << ----------------------

• Name: Build and Test / Filebeat x-pack / test_fileset_file_167_zscaler – test_xpack_modules.XPackTest
  • Age: 1
  • Duration: 9.309
  • Error Details: The following expected object doesn't match:
    Diff:
    {'values_changed': {"root['user_agent.device.name']": {'new_value': 'U307AS', 'old_value': 'Generic Smartphone'}}}, full object:
    {'rsa.internal.data': 'amco', 'rsa.internal.messageid': 'ZSCALERNSS_1', 'rsa.web.fqdn': 'orsitame3262.domain', 'rsa.identity.user_dept': 'onev', 'rsa.investigations.ec_subject': 'User', 'rsa.investigations.ec_activity': 'Deny', 'rsa.investigations.ec_theme': 'Communication', 'rsa.investigations.event_vcat': 'uptassi', 'rsa.time.timezone': 'CT', 'rsa.time.event_time': '2016-02-26T10:15:08.000Z', 'rsa.threat.threat_category': 'tur', 'rsa.db.index': 'nsequat', 'rsa.network.alias_host': ['orsitame3262.domain'], 'rsa.misc.result': 'success', 'rsa.misc.filter': 'tconsec', 'rsa.misc.reference_id': 'laboreet', 'rsa.misc.action': ['giatq', 'Blocked'], 'rsa.misc.result_code': 'tia', 'rsa.misc.category': 'llu', 'log.offset': 1742, 'destination.bytes': 1837, 'destination.ip': ['10.204.86.149'], 'source.bytes': 2935, 'source.ip': ['10.254.146.57'], 'network.protocol': 'igmp', 'network.bytes': 6905, 'observer.product': 'Internet', 'observer.vendor': 'Zscaler', 'observer.type': 'Configuration', 'file.type': 'oluptas', 'related.ip': ['10.204.86.149', '10.254.146.57'], 'related.user': ['tenima'], 'host.name': 'orsitame3262.domain', 'event.original': 'amco ZSCALERNSS: time=exe Feb 26 8:15:08 2016^^timezone=CT^^action=Blocked^^reason=success^^hostname=orsitame3262.domain^^protocol=igmp^^serverip=10.204.86.149^^url=https://example.com/taspe/mvolu.gif?atcup=snos#iquaUte^^urlcategory=tconsec^^urlclass=nsequat^^dlpdictionaries=taev^^dlpengine=roidents^^filetype=oluptas^^threatcategory=llu^^threatclass=uptassi^^pagerisk=tamremap^^threatname=tur^^clientpublicIP=aperi^^ClientIP=10.254.146.57^^location=estqui^^refererURL=https://www5.example.net/emaper/ssitasp.html?enimad=rmagni#sit^^useragent=Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36^^department=onev^^user=tenima^^event_id=laboreet^^clienttranstime=aquaeabi^^requestmethod=giatq^^requestsize=2935^^requestversion=veleumi^^status=tia^^responsesize=1837^^responseversion=ude^^transactionsize=6905', 'event.code': 'laboreet', 'event.timezone': 'CT', 'event.module': 'zscaler', 'event.action': 'Blocked', 'event.dataset': 'zscaler.zia', 'user_agent.original': 'Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36', 'user_agent.os.name': 'Android', 'user_agent.os.version': '9', 'user_agent.os.full': 'Android 9', 'user_agent.name': 'Chrome Mobile', 'user_agent.device.name': 'U307AS', 'user_agent.version': '83.0.4103.83', 'fileset.name': 'zia', 'url.original': 'https://example.com/taspe/mvolu.gif?atcup=snos#iquaUte', 'tags': ['zscaler.zia', 'forwarded'], 'input.type': 'log', '@timestamp': '2016-02-26T10:15:08.000Z', 'service.type': 'zscaler', 'http.request.referrer': 'https://www5.example.net/emaper/ssitasp.html?enimad=rmagni#sit', 'user.name': 'tenima'}
    -------------------- >> begin captured stdout << ---------------------
    Using elasticsearch: http://elasticsearch:9200
    Testing zscaler/zia on /go/src/github.com/elastic/beats/x-pack/filebeat/module/zscaler/zia/test/generated.log

--------------------- >> end captured stdout << ----------------------

• Name: Build and Test / Filebeat x-pack / test_fileset_file_179_suricata – test_xpack_modules.XPackTest
  • Age: 1
  • Duration: 3.594
  • Error Details: The following expected object doesn't match:
    Diff:
    {'values_changed': {"root['user_agent.device.name']": {'new_value': 'Mac', 'old_value': 'Other'}}}, full object:
    {'log.offset': 985, 'destination.address': '192.168.86.28', 'destination.port': 63963, 'destination.ip': '192.168.86.28', 'destination.domain': '192.168.86.28', 'source.address': '192.168.86.85', 'source.port': 56119, 'source.ip': '192.168.86.85', 'fileset.name': 'eve', 'url.path': '/dd.xml', 'url.original': '/dd.xml', 'url.domain': '192.168.86.28', 'tags': ['suricata'], 'network.protocol': 'http', 'network.community_id': '1:gjMiDGtS5SVvdwzjjQdAKGBrDA4=', 'network.transport': 'tcp', 'input.type': 'log', '@timestamp': '2018-07-05T19:43:47.690Z', 'related.ip': ['192.168.86.85', '192.168.86.28'], 'service.type': 'suricata', 'http.request.method': 'GET', 'http.response.status_code': 200, 'http.response.body.bytes': 1155, 'suricata.eve.in_iface': 'en0', 'suricata.eve.event_type': 'http', 'suricata.eve.flow_id': 2115002772430095, 'suricata.eve.http.protocol': 'HTTP/1.1', 'suricata.eve.http.http_content_type': 'text/xml', 'suricata.eve.tx_id': 0, 'event.original': '{"timestamp":"2018-07-05T15:43:47.690014-0400","flow_id":2115002772430095,"in_iface":"en0","event_type":"http","src_ip":"192.168.86.85","src_port":56119,"dest_ip":"192.168.86.28","dest_port":63963,"proto":"TCP","tx_id":0,"http":{"hostname":"192.168.86.28","url":"\/dd.xml","http_user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/67.0.3396.99 Safari\/537.36","http_content_type":"text\/xml","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":1155}}', 'event.kind': 'event', 'event.module': 'suricata', 'event.category': ['network', 'web'], 'event.type': ['access', 'protocol'], 'event.dataset': 'suricata.eve', 'event.outcome': 'success', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.13.5', 'user_agent.os.full': 'Mac OS X 10.13.5', 'user_agent.name': 'Chrome', 'user_agent.device.name': 'Mac', 'user_agent.version': '67.0.3396.99'}
    -------------------- >> begin captured stdout << ---------------------
    Using elasticsearch: http://elasticsearch:9200
    Testing suricata/eve on /go/src/github.com/elastic/beats/x-pack/filebeat/module/suricata/eve/test/eve-small.log

--------------------- >> end captured stdout << ----------------------

• Name: Build and Test / Filebeat x-pack / test_fileset_file_188_googlecloud – test_xpack_modules.XPackTest
  • Age: 1
  • Duration: 3.644
  • Error Details: The following expected object doesn't match:
    Diff:
    {'values_changed': {"root['user_agent.device.name']": {'new_value': 'Mac', 'old_value': 'Other'}}}, full object:
    {'log.offset': 945, 'log.logger': 'projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access', 'source.ip': '192.168.1.1', 'fileset.name': 'audit', 'tags': ['forwarded'], 'cloud.project.id': 'elastic-beats', 'input.type': 'log', '@timestamp': '2019-12-19T00:45:51.228Z', 'service.name': 'compute.googleapis.com', 'service.type': 'googlecloud', 'event.kind': 'event', 'event.module': 'googlecloud', 'event.action': 'beta.compute.machineTypes.aggregatedList', 'event.id': '-h6onuze1h7dg', 'event.dataset': 'googlecloud.audit', 'event.outcome': 'failure', 'googlecloud.audit.request.proto_name': 'type.googleapis.com/compute.machineTypes.aggregatedList', 'googlecloud.audit.authentication_info.principal_email': 'xxx@xxx.xxx', 'googlecloud.audit.request_metadata.caller_ip': '192.168.1.1', 'googlecloud.audit.request_metadata.caller_supplied_user_agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)', 'googlecloud.audit.method_name': 'beta.compute.machineTypes.aggregatedList', 'googlecloud.audit.service_name': 'compute.googleapis.com', 'googlecloud.audit.num_response_items': 71, 'googlecloud.audit.authorization_info': [{'permission': 'compute.machineTypes.list', 'resource_attributes': {'service': 'resourcemanager', 'name': 'projects/elastic-beats', 'type': 'resourcemanager.projects'}, 'granted': False}], 'googlecloud.audit.resource_name': 'projects/elastic-beats/global/machineTypes', 'googlecloud.audit.type': 'type.googleapis.com/google.cloud.audit.AuditLog', 'googlecloud.audit.resource_location.current_locations': ['global'], 'user.email': 'xxx@xxx.xxx', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.15', 'user_agent.os.full': 'Mac OS X 10.15', 'user_agent.name': 'Firefox', 'user_agent.device.name': 'Mac', 'user_agent.version': '71.0.'}
    -------------------- >> begin captured stdout << ---------------------
    Using elasticsearch: http://elasticsearch:9200
    Testing googlecloud/audit on /go/src/github.com/elastic/beats/x-pack/filebeat/module/googlecloud/audit/test/audit-log-entries.json.log

--------------------- >> end captured stdout << ----------------------

• Name: Build and Test / Filebeat x-pack / test_fileset_file_207_tomcat – test_xpack_modules.XPackTest
  • Age: 1
  • Duration: 9.092
  • Error Details: The following expected object doesn't match:
    Diff:
    {'values_changed': {"root['user_agent.device.name']": {'new_value': 'G8142', 'old_value': 'Generic Smartphone'}}}, full object:
    {'rsa.internal.level': 1516, 'rsa.internal.messageid': 'asdf', 'rsa.web.web_ref_domain': 'mail.example.net', 'rsa.web.alias_host': 'https://example.com/illumqui/ventore.html?min=ite#utl', 'rsa.web.fqdn': 'https://example.com/illumqui/ventore.html?min=ite#utl', 'rsa.web.web_cookie': 'aliqu', 'rsa.time.timezone': 'OMST', 'rsa.time.event_time': '2016-01-29T08:09:59.000Z', 'rsa.network.network_service': 'oremi', 'rsa.misc.action': ['exercita'], 'rsa.misc.result_code': 'ntsunti', 'log.offset': 0, 'source.bytes': 5293, 'source.ip': ['10.251.224.219'], 'fileset.name': 'log', 'url.domain': 'example.com', 'url.query': 'amremap', 'tags': ['tomcat.log', 'forwarded'], 'input.type': 'log', 'observer.product': 'TomCat', 'observer.vendor': 'Apache', 'observer.type': 'Web', '@timestamp': '2016-01-29T08:09:59.000Z', 'file.name': 'vol', 'related.ip': ['10.251.224.219'], 'related.user': ['rci'], 'service.type': 'tomcat', 'http.request.referrer': 'https://mail.example.net/turadipi/aeca.htm?ntium=psaq#cer', 'event.original': '%APACHETOMCAT-1516-asdf: 10.251.224.219||eacommod||rci||[29/Jan/2016:6:09:59 OMST]||exercita||https://example.com/illumqui/ventore.html?min=ite#utl||vol||amremap||oremi||ntsunti||5293||https://mail.example.net/turadipi/aeca.htm?ntium=psaq#cer||Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||aliqu', 'event.code': 'asdf', 'event.timezone': 'OMST', 'event.module': 'tomcat', 'event.dataset': 'tomcat.log', 'user.name': 'rci', 'user_agent.original': 'Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36', 'user_agent.os.name': 'Android', 'user_agent.os.version': '9', 'user_agent.os.full': 'Android 9', 'user_agent.name': 'Chrome Mobile', 'user_agent.device.name': 'G8142', 'user_agent.version': '83.0.4103.83'}
    -------------------- >> begin captured stdout << ---------------------
    Using elasticsearch: http://elasticsearch:9200
    Testing tomcat/log on /go/src/github.com/elastic/beats/x-pack/filebeat/module/tomcat/log/test/generated.log

--------------------- >> end captured stdout << ----------------------

Steps errors

Expand to view the steps failures

• Name: Make testsuite

  • Description: make -C filebeat testsuite

  • Duration: 7 min 17 sec

  • Start Time: 2020-07-23T12:42:26.631+0000

  • log

• Name: Mage update build test

  • Description: mage update build test

  • Duration: 32 min 52 sec

  • Start Time: 2020-07-23T12:42:14.916+0000

  • log

Log output

Expand to view the last 100 lines of log output

[2020-07-23T13:24:10.338Z] [INFO] system-tests='build/filebeat/build/system-tests'. If no empty then let's create a tarball
[2020-07-23T13:24:11.105Z] + tar --version
[2020-07-23T13:24:12.041Z] + tar --exclude=filebeat--system-tests-darwin.tgz -czf filebeat--system-tests-darwin.tgz build/filebeat/build/system-tests
[2020-07-23T13:24:13.732Z] Archiving artifacts
[2020-07-23T13:24:15.392Z] + .ci/scripts/report-codecov.sh auditbeat filebeat heartbeat journalbeat libbeat metricbeat packetbeat winlogbeat
[2020-07-23T13:24:15.392Z] + CODECOV_URL=https://codecov.io/bash
[2020-07-23T13:24:15.392Z] + '[' -e /usr/local/bin/bash_standard_lib.sh ']'
[2020-07-23T13:24:15.392Z] + curl -sSLo codecov https://codecov.io/bash
[2020-07-23T13:24:15.536Z] + for i in '"$@"'
[2020-07-23T13:24:15.537Z] + FILE=auditbeat/build/coverage/full.cov
[2020-07-23T13:24:15.537Z] + '[' -f auditbeat/build/coverage/full.cov ']'
[2020-07-23T13:24:15.537Z] + for i in '"$@"'
[2020-07-23T13:24:15.537Z] + FILE=filebeat/build/coverage/full.cov
[2020-07-23T13:24:15.537Z] + '[' -f filebeat/build/coverage/full.cov ']'
[2020-07-23T13:24:15.537Z] + for i in '"$@"'
[2020-07-23T13:24:15.537Z] + FILE=heartbeat/build/coverage/full.cov
[2020-07-23T13:24:15.537Z] + '[' -f heartbeat/build/coverage/full.cov ']'
[2020-07-23T13:24:15.537Z] + for i in '"$@"'
[2020-07-23T13:24:15.537Z] + FILE=journalbeat/build/coverage/full.cov
[2020-07-23T13:24:15.537Z] + '[' -f journalbeat/build/coverage/full.cov ']'
[2020-07-23T13:24:15.537Z] + for i in '"$@"'
[2020-07-23T13:24:15.537Z] + FILE=libbeat/build/coverage/full.cov
[2020-07-23T13:24:15.537Z] + '[' -f libbeat/build/coverage/full.cov ']'
[2020-07-23T13:24:15.537Z] + for i in '"$@"'
[2020-07-23T13:24:15.537Z] + FILE=metricbeat/build/coverage/full.cov
[2020-07-23T13:24:15.537Z] + '[' -f metricbeat/build/coverage/full.cov ']'
[2020-07-23T13:24:15.537Z] + for i in '"$@"'
[2020-07-23T13:24:15.537Z] + FILE=packetbeat/build/coverage/full.cov
[2020-07-23T13:24:15.537Z] + '[' -f packetbeat/build/coverage/full.cov ']'
[2020-07-23T13:24:15.537Z] + for i in '"$@"'
[2020-07-23T13:24:15.537Z] + FILE=winlogbeat/build/coverage/full.cov
[2020-07-23T13:24:15.537Z] + '[' -f winlogbeat/build/coverage/full.cov ']'
[2020-07-23T13:24:16.921Z] Post stage
[2020-07-23T13:24:16.936Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20199/src/github.com/elastic/beats
[2020-07-23T13:24:17.792Z] Starting "default"...
[2020-07-23T13:24:17.792Z] Machine "default" is already running.
[2020-07-23T13:24:19.905Z] Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "192.168.99.101:2376": dial tcp 192.168.99.101:2376: connect: connection refused
[2020-07-23T13:24:19.905Z] You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
[2020-07-23T13:24:19.905Z] Be advised that this will trigger a Docker daemon restart which might stop running containers.
[2020-07-23T13:24:19.905Z] 
[2020-07-23T13:24:19.905Z] Client: Docker Engine - Community
[2020-07-23T13:24:19.905Z]  Version:           19.03.1
[2020-07-23T13:24:19.905Z]  API version:       1.40
[2020-07-23T13:24:19.905Z]  Go version:        go1.12.5
[2020-07-23T13:24:19.905Z]  Git commit:        74b1e89
[2020-07-23T13:24:19.905Z]  Built:             Thu Jul 25 21:18:17 2019
[2020-07-23T13:24:19.905Z]  OS/Arch:           darwin/amd64
[2020-07-23T13:24:19.905Z]  Experimental:      false
[2020-07-23T13:24:19.905Z] Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
[2020-07-23T13:24:19.905Z] It requires Docker daemon to be installed and running
[2020-07-23T13:24:32.846Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20199/src/github.com/elastic/beats
[2020-07-23T13:24:33.181Z] + find . -type f -name TEST*.xml -path */build/* -delete
[2020-07-23T13:24:33.204Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20199/src/github.com/elastic/beats/Lint
[2020-07-23T13:24:33.365Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20199/src/github.com/elastic/beats/Filebeat-oss
[2020-07-23T13:24:33.526Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20199/src/github.com/elastic/beats/Filebeat-x-pack-Windows
[2020-07-23T13:24:33.689Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20199/src/github.com/elastic/beats/Filebeat-Windows
[2020-07-23T13:24:33.855Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20199/src/github.com/elastic/beats/Filebeat-x-pack
[2020-07-23T13:24:34.018Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20199/src/github.com/elastic/beats/Filebeat-x-pack-Mac-OS-X
[2020-07-23T13:24:34.204Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20199/src/github.com/elastic/beats/Filebeat-Mac-OS-X
[2020-07-23T13:24:34.662Z] + cat
[2020-07-23T13:24:34.662Z] + /usr/local/bin/runbld ./runbld-script
[2020-07-23T13:24:34.662Z] Picked up JAVA_TOOL_OPTIONS: -Dfile.encoding=UTF8
[2020-07-23T13:24:41.291Z] runbld>>> runbld started
[2020-07-23T13:24:41.291Z] runbld>>> 1.6.12/f45d832f2ba0aa2722ab4ec1fda8ad140f027f8b
[2020-07-23T13:24:42.237Z] runbld>>> The following profiles matched the job 'Beats/beats/PR-20199' in order of occurrence in the config (last value wins).
[2020-07-23T13:24:43.620Z] runbld>>> Debug logging enabled.
[2020-07-23T13:24:43.620Z] runbld>>> Storing result
[2020-07-23T13:24:43.620Z] runbld>>> Store result: created {:total 2, :successful 2, :failed 0} 1
[2020-07-23T13:24:43.620Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1587637540455/t/20200723132443-7B78010B
[2020-07-23T13:24:43.620Z] runbld>>> Adding system facts.
[2020-07-23T13:24:44.403Z] runbld>>> Adding vcs info for the latest commit:  00cd07beb2eb0cfac9f76441c7247bf92124031c
[2020-07-23T13:24:44.403Z] runbld>>> >>>>>>>>>>>> SCRIPT EXECUTION BEGIN >>>>>>>>>>>>
[2020-07-23T13:24:44.403Z] runbld>>> Adding /usr/lib/jvm/java-8-openjdk-amd64/bin to the path.
[2020-07-23T13:24:44.667Z] + echo 'Processing JUnit reports with runbld...'
[2020-07-23T13:24:44.667Z] Processing JUnit reports with runbld...
[2020-07-23T13:24:44.928Z] runbld>>> <<<<<<<<<<<< SCRIPT EXECUTION END <<<<<<<<<<<<
[2020-07-23T13:24:44.928Z] runbld>>> DURATION: 14ms
[2020-07-23T13:24:44.928Z] runbld>>> STDOUT: 40 bytes
[2020-07-23T13:24:44.928Z] runbld>>> STDERR: 49 bytes
[2020-07-23T13:24:44.928Z] runbld>>> WRAPPED PROCESS: SUCCESS (0)
[2020-07-23T13:24:44.928Z] runbld>>> Searching for build metadata in /var/lib/jenkins/workspace/Beats_beats_PR-20199/src/github.com/elastic/beats
[2020-07-23T13:24:45.871Z] runbld>>> Storing build metadata: 
[2020-07-23T13:24:45.871Z] runbld>>> Adding test report.
[2020-07-23T13:24:45.871Z] runbld>>> Searching for junit test output files with the pattern: TEST-.*\.xml$ in: /var/lib/jenkins/workspace/Beats_beats_PR-20199/src/github.com/elastic/beats
[2020-07-23T13:24:46.813Z] runbld>>> Found 12 test output files
[2020-07-23T13:24:48.198Z] runbld>>> Test output logs contained: Errors: 0 Failures: 10 Tests: 4633 Skipped: 655
[2020-07-23T13:24:48.198Z] runbld>>> Storing result
[2020-07-23T13:24:48.198Z] runbld>>> FAILURES: 10
[2020-07-23T13:24:50.117Z] runbld>>> Store result: updated {:total 2, :successful 2, :failed 0} 2
[2020-07-23T13:24:50.117Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1587637540455/t/20200723132443-7B78010B
[2020-07-23T13:24:50.379Z] runbld>>> Email notification disabled by environment variable.
[2020-07-23T13:24:50.379Z] runbld>>> Slack notification disabled by environment variable.
[2020-07-23T13:24:56.003Z] Running on Jenkins in /var/lib/jenkins/workspace/Beats_beats_PR-20199
[2020-07-23T13:24:56.177Z] [INFO] getVaultSecret: Getting secrets
[2020-07-23T13:24:56.266Z] Masking supported pattern matches of $VAULT_ADDR or $VAULT_ROLE_ID or $VAULT_SECRET_ID
[2020-07-23T13:24:57.300Z] + chmod 755 generate-build-data.sh
[2020-07-23T13:24:57.300Z] + ./generate-build-data.sh https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-20199/ https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-20199/runs/1 FAILURE 4155287
[2020-07-23T13:24:57.300Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-20199/runs/1/steps/?limit=10000 -o steps-info.json
[2020-07-23T13:24:57.851Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-20199/runs/1/tests/?status=FAILED -o tests-errors.json
[2020-07-23T13:24:58.101Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-20199/runs/1/log/ -o pipeline-log.txt