Ignored Value: The value in this field is too long and cannot be searched or filtered.
{
"_index": ".ds-logs-aws.cloudtrail-default-2024.07.30-000002",
"_id": "3180f6e90d-000000025993",
"_version": 1,
"_score": 0,
"_ignored": [
"aws.cloudtrail.response_elements"
],
"_source": {
"agent": {
"name": "ip-172-31-33-37",
"id": "6c631dc5-5349-45b3-8cd1-483990f30255",
"ephemeral_id": "b9c4fff6-a880-4c33-8ed4-3818631b989e",
"type": "filebeat",
"version": "8.14.3"
},
"log": {
"file": {
"path": "https://<SANITIZED_BUCKET_NAME>.s3.us-west-2.amazonaws.com/AWSLogs/<SANITIZED_ACCOUNT_ID>/CloudTrail/us-east-1/2024/08/20/<SANITIZED_ACCOUNT_ID>_CloudTrail_us-east-1_20240820T0300Z_0UDy81vfIWWF9Ln5.json.gz"
},
"offset": 25993
},
"elastic_agent": {
"id": "6c631dc5-5349-45b3-8cd1-483990f30255",
"version": "8.14.3",
"snapshot": false
},
"source": {
"geo": {
"continent_name": "North America",
"region_iso_code": "US-OH",
"city_name": "Massillon",
"country_iso_code": "US",
"country_name": "United States",
"region_name": "Ohio",
"location": {
"lon": -81.4971,
"lat": 40.8133
}
},
"as": {
"number": 12097,
"organization": {
"name": "MASSCOM"
}
},
"address": "<SANITIZED_IP_ADDRESS>",
"ip": "<SANITIZED_IP_ADDRESS>"
},
"tags": [
"forwarded",
"aws-cloudtrail"
],
"cloud": {
"region": "us-east-1",
"account": {
"id": "<SANITIZED_ACCOUNT_ID>"
}
},
"input": {
"type": "aws-s3"
},
"@timestamp": "2024-08-20T02:59:33.000Z",
"ecs": {
"version": "8.11.0"
},
"related": {
"user": [
"stratus"
]
},
"data_stream": {
"namespace": "default",
"type": "logs",
"dataset": "aws.cloudtrail"
},
"tls": {
"cipher": "TLS_AES_128_GCM_SHA256",
"client": {
"server_name": "sts.us-east-1.amazonaws.com"
},
"version": "1.3",
"version_protocol": "tls"
},
"event": {
"agent_id_status": "verified",
"ingested": "2024-08-20T02:59:54Z",
"provider": "sts.amazonaws.com",
"created": "2024-08-20T02:59:47.685Z",
"kind": "event",
"action": "GetFederationToken",
"id": "c6af9006-1233-4535-bc52-40ac6b7b5a7a",
"type": [
"info"
],
"dataset": "aws.cloudtrail",
"outcome": "success"
},
"aws": {
"s3": {
"bucket": {
"name": "<SANITIZED_BUCKET_NAME>",
"arn": "arn:aws:s3:::<SANITIZED_BUCKET_NAME>"
},
"object": {
"key": "AWSLogs/<SANITIZED_ACCOUNT_ID>/CloudTrail/us-east-1/2024/08/20/<SANITIZED_ACCOUNT_ID>_CloudTrail_us-east-1_20240820T0300Z_0UDy81vfIWWF9Ln5.json.gz"
}
},
"cloudtrail": {
"event_version": "1.08",
"flattened": {
"request_parameters": {
"name": "consoler",
"policyArns": [
{
"arn": "arn:aws:iam::aws:policy/AdministratorAccess"
}
]
},
"response_elements": {
"federatedUser": {
"arn": "arn:aws:sts::<SANITIZED_ACCOUNT_ID>:federated-user/consoler",
"federatedUserId": "<SANITIZED_ACCOUNT_ID>:consoler"
},
"credentials": {
"accessKeyId": "<SANITIZED_ACCESS_KEY_ID>",
"sessionToken": "<SANITIZED_SESSION_TOKEN>",
"expiration": "Aug 20, 2024, 2:59:33 PM"
},
"packedPolicySize": 7
}
},
"event_type": "AwsApiCall",
"read_only": false,
"user_identity": {
"access_key_id": "<SANITIZED_ACCESS_KEY_ID>",
"type": "IAMUser",
"arn": "arn:aws:iam::<SANITIZED_ACCOUNT_ID>:user/stratus"
},
"recipient_account_id": "<SANITIZED_ACCOUNT_ID>",
"event_category": "Management",
"request_parameters": "{name=consoler, policyArns=[{arn=arn:aws:iam::aws:policy/AdministratorAccess}]}",
"request_id": "00026031-2409-4418-b4ec-f1341e9638d1",
"response_elements": "{federatedUser={arn=arn:aws:sts::<SANITIZED_ACCOUNT_ID>:federated-user/consoler, federatedUserId=<SANITIZED_ACCOUNT_ID>:consoler}, credentials={accessKeyId=<SANITIZED_ACCESS_KEY_ID>, sessionToken=<SANITIZED_SESSION_TOKEN>, expiration=Aug 20, 2024, 2:59:33 PM}, packedPolicySize=7}",
"management_event": true
}
},
"user": {
"name": "stratus",
"id": "<SANITIZED_USER_ID>"
},
"user_agent": {
"original": "aws-cli/2.11.15 Python/3.11.3 Darwin/23.6.0 exe/x86_64 prompt/off command/sts.get-federation-token",
"name": "aws-cli",
"device": {
"name": "Other"
},
"version": "2.11.15"
}
},
"fields": {
"aws.cloudtrail.request_parameters.text": [
"{name=consoler, policyArns=[{arn=arn:aws:iam::aws:policy/AdministratorAccess}]}"
],
"elastic_agent.version": [
"8.14.3"
],
"tls.version_protocol": [
"tls"
],
"user_agent.original.text": [
"aws-cli/2.11.15 Python/3.11.3 Darwin/23.6.0 exe/x86_64 prompt/off command/sts.get-federation-token"
],
"aws.cloudtrail.flattened.response_elements": [
{
"federatedUser": {
"arn": "arn:aws:sts::<SANITIZED_ACCOUNT_ID>:federated-user/consoler",
"federatedUserId": "<SANITIZED_ACCOUNT_ID>:consoler"
},
"credentials": {
"accessKeyId": "<SANITIZED_ACCESS_KEY_ID>",
"sessionToken": "<SANITIZED_SESSION_TOKEN>",
"expiration": "Aug 20, 2024, 2:59:33 PM"
},
"packedPolicySize": 7
}
],
"agent.name.text": [
"ip-172-31-33-37"
],
"source.geo.region_name": [
"Ohio"
],
"source.ip": [
"<SANITIZED_IP_ADDRESS>"
],
"agent.name": [
"ip-172-31-33-37"
],
"user_agent.version": [
"2.11.15"
],
"event.agent_id_status": [
"verified"
],
"source.geo.region_iso_code": [
"US-OH"
],
"aws.cloudtrail.management_event": [
"true"
],
"event.kind": [
"event"
],
"aws.cloudtrail.user_identity.arn": [
"arn:aws:iam::<SANITIZED_ACCOUNT_ID>:user/stratus"
],
"event.outcome": [
"success"
],
"source.geo.city_name": [
"Massillon"
],
"tls.version": [
"1.3"
],
"user_agent.original": [
"aws-cli/2.11.15 Python/3.11.3 Darwin/23.6.0 exe/x86_64 prompt/off command/sts.get-federation-token"
],
"cloud.region": [
"us-east-1"
],
"user.id": [
"<SANITIZED_USER_ID>"
],
"input.type": [
"aws-s3"
],
"log.offset": [
25993
],
"user_agent.name": [
"aws-cli"
],
"data_stream.type": [
"logs"
],
"related.user": [
"stratus"
],
"tags": [
"forwarded",
"aws-cloudtrail"
],
"event.provider": [
"sts.amazonaws.com"
],
"agent.id": [
"6c631dc5-5349-45b3-8cd1-483990f30255"
],
"ecs.version": [
"8.11.0"
],
"event.created": [
"2024-08-20T02:59:47.685Z"
],
"aws.cloudtrail.event_version": [
"1.08"
],
"agent.version": [
"8.14.3"
],
"source.as.number": [
12097
],
"aws.cloudtrail.read_only": [
false
],
"aws.cloudtrail.event_category": [
"Management"
],
"aws.cloudtrail.user_identity.type": [
"IAMUser"
],
"aws.s3.bucket.arn": [
"arn:aws:s3:::<SANITIZED_BUCKET_NAME>"
],
"aws.cloudtrail.recipient_account_id": [
"<SANITIZED_ACCOUNT_ID>"
],
"aws.cloudtrail.request_id": [
"00026031-2409-4418-b4ec-f1341e9638d1"
],
"tls.cipher": [
"TLS_AES_128_GCM_SHA256"
],
"user.name": [
"stratus"
],
"source.geo.location": [
{
"coordinates": [
-81.4971,
40.8133
],
"type": "Point"
}
],
"source.address": [
"<SANITIZED_IP_ADDRESS>"
],
"aws.cloudtrail.flattened.request_parameters": [
{
"name": "consoler",
"policyArns": [
{
"arn": "arn:aws:iam::aws:policy/AdministratorAccess"
}
]
}
],
"agent.type": [
"filebeat"
],
"event.module": [
"aws"
],
"source.geo.country_iso_code": [
"US"
],
"aws.cloudtrail.response_elements.text": [
"{federatedUser={arn=arn:aws:sts::<SANITIZED_ACCOUNT_ID>:federated-user/consoler, federatedUserId=<SANITIZED_ACCOUNT_ID>:consoler}, credentials={accessKeyId=<SANITIZED_ACCESS_KEY_ID>, sessionToken=<SANITIZED_SESSION_TOKEN>, expiration=Aug 20, 2024, 2:59:33 PM}, packedPolicySize=7}"
],
"elastic_agent.snapshot": [
false
],
"aws.cloudtrail.event_type": [
"AwsApiCall"
],
"aws.s3.bucket.name": [
"<SANITIZED_BUCKET_NAME>"
],
"source.as.organization.name.text": [
"MASSCOM"
],
"elastic_agent.id": [
"6c631dc5-5349-45b3-8cd1-483990f30255"
],
"data_stream.namespace": [
"default"
],
"source.as.organization.name": [
"MASSCOM"
],
"source.geo.continent_name": [
"North America"
],
"tls.client.server_name": [
"sts.us-east-1.amazonaws.com"
],
"event.action": [
"GetFederationToken"
],
"event.ingested": [
"2024-08-20T02:59:54.000Z"
],
"@timestamp": [
"2024-08-20T02:59:33.000Z"
],
"cloud.account.id": [
"<SANITIZED_ACCOUNT_ID>"
],
"aws.cloudtrail.user_identity.access_key_id": [
"<SANITIZED_ACCESS_KEY_ID>"
],
"data_stream.dataset": [
"aws.cloudtrail"
],
"event.type": [
"info"
],
"log.file.path": [
"https://<SANITIZED_BUCKET_NAME>.s3.us-west-2.amazonaws.com/AWSLogs/<SANITIZED_ACCOUNT_ID>/CloudTrail/us-east-1/2024/08/20/<SANITIZED_ACCOUNT_ID>_CloudTrail_us-east-1_20240820T0300Z_0UDy81vfIWWF9Ln5.json.gz"
],
"agent.ephemeral_id": [
"b9c4fff6-a880-4c33-8ed4-3818631b989e"
],
"aws.cloudtrail.request_parameters": [
"{name=consoler, policyArns=[{arn=arn:aws:iam::aws:policy/AdministratorAccess}]}"
],
"event.id": [
"c6af9006-1233-4535-bc52-40ac6b7b5a7a"
],
"source.geo.country_name": [
"United States"
],
"user_agent.device.name": [
"Other"
],
"aws.s3.object.key": [
"AWSLogs/<SANITIZED_ACCOUNT_ID>/CloudTrail/us-east-1/2024/08/20/<SANITIZED_ACCOUNT_ID>_CloudTrail_us-east-1_20240820T0300Z_0UDy81vfIWWF9Ln5.json.gz"
],
"event.dataset": [
"aws.cloudtrail"
],
"user.name.text": [
"stratus"
]
},
"ignored_field_values": {
"aws.cloudtrail.response_elements": [
"{federatedUser={arn=arn:aws:sts::<SANITIZED_ACCOUNT_ID>:federated-user/consoler, federatedUserId=<SANITIZED_ACCOUNT_ID>:consoler}, credentials={accessKeyId=<SANITIZED_ACCESS_KEY_ID>, sessionToken=<SANITIZED_SESSION_TOKEN>, expiration=Aug 20, 2024, 2:59:33 PM}, packedPolicySize=7}"
]
}
}AWS integration with Collect CloudTrail logs from S3 where SQS queue URL is used.
If I understand correctly, the field size accepted character count just needs increased. Please note that aws.cloudtrail.request_parameters and aws.cloudtrail.response_elements can be very large fields.
Integration Name
AWS [aws]
Dataset Name
aws.cloudtrail
Integration Version
2.23.0
Agent Version
8.14.3
Agent Output Type
elasticsearch
Elasticsearch Version
8.14.1
OS Version and Architecture
Ubuntu 22.04
Software/API Version
No response
Error Message
Ignored Value: The value in this field is too long and cannot be searched or filtered.
Event Original
{ "_index": ".ds-logs-aws.cloudtrail-default-2024.07.30-000002", "_id": "3180f6e90d-000000025993", "_version": 1, "_score": 0, "_ignored": [ "aws.cloudtrail.response_elements" ], "_source": { "agent": { "name": "ip-172-31-33-37", "id": "6c631dc5-5349-45b3-8cd1-483990f30255", "ephemeral_id": "b9c4fff6-a880-4c33-8ed4-3818631b989e", "type": "filebeat", "version": "8.14.3" }, "log": { "file": { "path": "https://<SANITIZED_BUCKET_NAME>.s3.us-west-2.amazonaws.com/AWSLogs/<SANITIZED_ACCOUNT_ID>/CloudTrail/us-east-1/2024/08/20/<SANITIZED_ACCOUNT_ID>_CloudTrail_us-east-1_20240820T0300Z_0UDy81vfIWWF9Ln5.json.gz" }, "offset": 25993 }, "elastic_agent": { "id": "6c631dc5-5349-45b3-8cd1-483990f30255", "version": "8.14.3", "snapshot": false }, "source": { "geo": { "continent_name": "North America", "region_iso_code": "US-OH", "city_name": "Massillon", "country_iso_code": "US", "country_name": "United States", "region_name": "Ohio", "location": { "lon": -81.4971, "lat": 40.8133 } }, "as": { "number": 12097, "organization": { "name": "MASSCOM" } }, "address": "<SANITIZED_IP_ADDRESS>", "ip": "<SANITIZED_IP_ADDRESS>" }, "tags": [ "forwarded", "aws-cloudtrail" ], "cloud": { "region": "us-east-1", "account": { "id": "<SANITIZED_ACCOUNT_ID>" } }, "input": { "type": "aws-s3" }, "@timestamp": "2024-08-20T02:59:33.000Z", "ecs": { "version": "8.11.0" }, "related": { "user": [ "stratus" ] }, "data_stream": { "namespace": "default", "type": "logs", "dataset": "aws.cloudtrail" }, "tls": { "cipher": "TLS_AES_128_GCM_SHA256", "client": { "server_name": "sts.us-east-1.amazonaws.com" }, "version": "1.3", "version_protocol": "tls" }, "event": { "agent_id_status": "verified", "ingested": "2024-08-20T02:59:54Z", "provider": "sts.amazonaws.com", "created": "2024-08-20T02:59:47.685Z", "kind": "event", "action": "GetFederationToken", "id": "c6af9006-1233-4535-bc52-40ac6b7b5a7a", "type": [ "info" ], "dataset": "aws.cloudtrail", "outcome": "success" }, "aws": { "s3": { "bucket": { "name": "<SANITIZED_BUCKET_NAME>", "arn": "arn:aws:s3:::<SANITIZED_BUCKET_NAME>" }, "object": { "key": "AWSLogs/<SANITIZED_ACCOUNT_ID>/CloudTrail/us-east-1/2024/08/20/<SANITIZED_ACCOUNT_ID>_CloudTrail_us-east-1_20240820T0300Z_0UDy81vfIWWF9Ln5.json.gz" } }, "cloudtrail": { "event_version": "1.08", "flattened": { "request_parameters": { "name": "consoler", "policyArns": [ { "arn": "arn:aws:iam::aws:policy/AdministratorAccess" } ] }, "response_elements": { "federatedUser": { "arn": "arn:aws:sts::<SANITIZED_ACCOUNT_ID>:federated-user/consoler", "federatedUserId": "<SANITIZED_ACCOUNT_ID>:consoler" }, "credentials": { "accessKeyId": "<SANITIZED_ACCESS_KEY_ID>", "sessionToken": "<SANITIZED_SESSION_TOKEN>", "expiration": "Aug 20, 2024, 2:59:33 PM" }, "packedPolicySize": 7 } }, "event_type": "AwsApiCall", "read_only": false, "user_identity": { "access_key_id": "<SANITIZED_ACCESS_KEY_ID>", "type": "IAMUser", "arn": "arn:aws:iam::<SANITIZED_ACCOUNT_ID>:user/stratus" }, "recipient_account_id": "<SANITIZED_ACCOUNT_ID>", "event_category": "Management", "request_parameters": "{name=consoler, policyArns=[{arn=arn:aws:iam::aws:policy/AdministratorAccess}]}", "request_id": "00026031-2409-4418-b4ec-f1341e9638d1", "response_elements": "{federatedUser={arn=arn:aws:sts::<SANITIZED_ACCOUNT_ID>:federated-user/consoler, federatedUserId=<SANITIZED_ACCOUNT_ID>:consoler}, credentials={accessKeyId=<SANITIZED_ACCESS_KEY_ID>, sessionToken=<SANITIZED_SESSION_TOKEN>, expiration=Aug 20, 2024, 2:59:33 PM}, packedPolicySize=7}", "management_event": true } }, "user": { "name": "stratus", "id": "<SANITIZED_USER_ID>" }, "user_agent": { "original": "aws-cli/2.11.15 Python/3.11.3 Darwin/23.6.0 exe/x86_64 prompt/off command/sts.get-federation-token", "name": "aws-cli", "device": { "name": "Other" }, "version": "2.11.15" } }, "fields": { "aws.cloudtrail.request_parameters.text": [ "{name=consoler, policyArns=[{arn=arn:aws:iam::aws:policy/AdministratorAccess}]}" ], "elastic_agent.version": [ "8.14.3" ], "tls.version_protocol": [ "tls" ], "user_agent.original.text": [ "aws-cli/2.11.15 Python/3.11.3 Darwin/23.6.0 exe/x86_64 prompt/off command/sts.get-federation-token" ], "aws.cloudtrail.flattened.response_elements": [ { "federatedUser": { "arn": "arn:aws:sts::<SANITIZED_ACCOUNT_ID>:federated-user/consoler", "federatedUserId": "<SANITIZED_ACCOUNT_ID>:consoler" }, "credentials": { "accessKeyId": "<SANITIZED_ACCESS_KEY_ID>", "sessionToken": "<SANITIZED_SESSION_TOKEN>", "expiration": "Aug 20, 2024, 2:59:33 PM" }, "packedPolicySize": 7 } ], "agent.name.text": [ "ip-172-31-33-37" ], "source.geo.region_name": [ "Ohio" ], "source.ip": [ "<SANITIZED_IP_ADDRESS>" ], "agent.name": [ "ip-172-31-33-37" ], "user_agent.version": [ "2.11.15" ], "event.agent_id_status": [ "verified" ], "source.geo.region_iso_code": [ "US-OH" ], "aws.cloudtrail.management_event": [ "true" ], "event.kind": [ "event" ], "aws.cloudtrail.user_identity.arn": [ "arn:aws:iam::<SANITIZED_ACCOUNT_ID>:user/stratus" ], "event.outcome": [ "success" ], "source.geo.city_name": [ "Massillon" ], "tls.version": [ "1.3" ], "user_agent.original": [ "aws-cli/2.11.15 Python/3.11.3 Darwin/23.6.0 exe/x86_64 prompt/off command/sts.get-federation-token" ], "cloud.region": [ "us-east-1" ], "user.id": [ "<SANITIZED_USER_ID>" ], "input.type": [ "aws-s3" ], "log.offset": [ 25993 ], "user_agent.name": [ "aws-cli" ], "data_stream.type": [ "logs" ], "related.user": [ "stratus" ], "tags": [ "forwarded", "aws-cloudtrail" ], "event.provider": [ "sts.amazonaws.com" ], "agent.id": [ "6c631dc5-5349-45b3-8cd1-483990f30255" ], "ecs.version": [ "8.11.0" ], "event.created": [ "2024-08-20T02:59:47.685Z" ], "aws.cloudtrail.event_version": [ "1.08" ], "agent.version": [ "8.14.3" ], "source.as.number": [ 12097 ], "aws.cloudtrail.read_only": [ false ], "aws.cloudtrail.event_category": [ "Management" ], "aws.cloudtrail.user_identity.type": [ "IAMUser" ], "aws.s3.bucket.arn": [ "arn:aws:s3:::<SANITIZED_BUCKET_NAME>" ], "aws.cloudtrail.recipient_account_id": [ "<SANITIZED_ACCOUNT_ID>" ], "aws.cloudtrail.request_id": [ "00026031-2409-4418-b4ec-f1341e9638d1" ], "tls.cipher": [ "TLS_AES_128_GCM_SHA256" ], "user.name": [ "stratus" ], "source.geo.location": [ { "coordinates": [ -81.4971, 40.8133 ], "type": "Point" } ], "source.address": [ "<SANITIZED_IP_ADDRESS>" ], "aws.cloudtrail.flattened.request_parameters": [ { "name": "consoler", "policyArns": [ { "arn": "arn:aws:iam::aws:policy/AdministratorAccess" } ] } ], "agent.type": [ "filebeat" ], "event.module": [ "aws" ], "source.geo.country_iso_code": [ "US" ], "aws.cloudtrail.response_elements.text": [ "{federatedUser={arn=arn:aws:sts::<SANITIZED_ACCOUNT_ID>:federated-user/consoler, federatedUserId=<SANITIZED_ACCOUNT_ID>:consoler}, credentials={accessKeyId=<SANITIZED_ACCESS_KEY_ID>, sessionToken=<SANITIZED_SESSION_TOKEN>, expiration=Aug 20, 2024, 2:59:33 PM}, packedPolicySize=7}" ], "elastic_agent.snapshot": [ false ], "aws.cloudtrail.event_type": [ "AwsApiCall" ], "aws.s3.bucket.name": [ "<SANITIZED_BUCKET_NAME>" ], "source.as.organization.name.text": [ "MASSCOM" ], "elastic_agent.id": [ "6c631dc5-5349-45b3-8cd1-483990f30255" ], "data_stream.namespace": [ "default" ], "source.as.organization.name": [ "MASSCOM" ], "source.geo.continent_name": [ "North America" ], "tls.client.server_name": [ "sts.us-east-1.amazonaws.com" ], "event.action": [ "GetFederationToken" ], "event.ingested": [ "2024-08-20T02:59:54.000Z" ], "@timestamp": [ "2024-08-20T02:59:33.000Z" ], "cloud.account.id": [ "<SANITIZED_ACCOUNT_ID>" ], "aws.cloudtrail.user_identity.access_key_id": [ "<SANITIZED_ACCESS_KEY_ID>" ], "data_stream.dataset": [ "aws.cloudtrail" ], "event.type": [ "info" ], "log.file.path": [ "https://<SANITIZED_BUCKET_NAME>.s3.us-west-2.amazonaws.com/AWSLogs/<SANITIZED_ACCOUNT_ID>/CloudTrail/us-east-1/2024/08/20/<SANITIZED_ACCOUNT_ID>_CloudTrail_us-east-1_20240820T0300Z_0UDy81vfIWWF9Ln5.json.gz" ], "agent.ephemeral_id": [ "b9c4fff6-a880-4c33-8ed4-3818631b989e" ], "aws.cloudtrail.request_parameters": [ "{name=consoler, policyArns=[{arn=arn:aws:iam::aws:policy/AdministratorAccess}]}" ], "event.id": [ "c6af9006-1233-4535-bc52-40ac6b7b5a7a" ], "source.geo.country_name": [ "United States" ], "user_agent.device.name": [ "Other" ], "aws.s3.object.key": [ "AWSLogs/<SANITIZED_ACCOUNT_ID>/CloudTrail/us-east-1/2024/08/20/<SANITIZED_ACCOUNT_ID>_CloudTrail_us-east-1_20240820T0300Z_0UDy81vfIWWF9Ln5.json.gz" ], "event.dataset": [ "aws.cloudtrail" ], "user.name.text": [ "stratus" ] }, "ignored_field_values": { "aws.cloudtrail.response_elements": [ "{federatedUser={arn=arn:aws:sts::<SANITIZED_ACCOUNT_ID>:federated-user/consoler, federatedUserId=<SANITIZED_ACCOUNT_ID>:consoler}, credentials={accessKeyId=<SANITIZED_ACCESS_KEY_ID>, sessionToken=<SANITIZED_SESSION_TOKEN>, expiration=Aug 20, 2024, 2:59:33 PM}, packedPolicySize=7}" ] } }What did you do?
AWS integration with Collect CloudTrail logs from S3 where SQS queue URL is used.
What did you see?
What did you expect to see?
I expected to be able to search and filter on this field as well as
aws.cloudtrail.request_parameters. I am unable to use, for example, ES|QL'sDISSECTcommand because of this.Anything else?
If I understand correctly, the field size accepted character count just needs increased. Please note that
aws.cloudtrail.request_parametersandaws.cloudtrail.response_elementscan be very large fields.