diff --git a/docs/docset.yml b/docs/docset.yml
index 5ee8a35..8fffdd6 100644
--- a/docs/docset.yml
+++ b/docs/docset.yml
@@ -26,3 +26,4 @@ subs:
ilm-init: "ILM"
dlm: "data lifecycle management"
dlm-init: "DLM"
+ ess-leadin: "You can run Elasticsearch on your own hardware or use our hosted Elasticsearch Service that is available on AWS, GCP, and Azure. Try the Elasticsearch Service for free: https://cloud.elastic.co/registration."
diff --git a/docs/lsr/plugins-codecs-cef.md b/docs/lsr/plugins-codecs-cef.md
index 799b818..17d2e85 100644
--- a/docs/lsr/plugins-codecs-cef.md
+++ b/docs/lsr/plugins-codecs-cef.md
@@ -83,12 +83,12 @@ The following is a mapping between these fields.
| CEF Field Name (optional CEF Key) | ECS Field |
| --- | --- |
| `agentAddress` (`agt`) | `[agent][ip]` |
-| `agentDnsDomain` | `[cef][agent][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
+| `agentDnsDomain` | `[cef][agent][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
| `agentHostName` (`ahost`) | `[agent][name]` |
| `agentId` (`aid`) | `[agent][id]` |
| `agentMacAddress` (`amac`) | `[agent][mac]` |
-| `agentNtDomain` | `[cef][agent][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
-| `agentReceiptTime` (`art`) | `[event][created]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `agentNtDomain` | `[cef][agent][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
+| `agentReceiptTime` (`art`) | `[event][created]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `agentTimeZone` (`atz`) | `[cef][agent][timezone]` |
| `agentTranslatedAddress` | `[cef][agent][nat][ip]` |
| `agentTranslatedZoneExternalID` | `[cef][agent][translated_zone][external_id]` |
@@ -105,12 +105,12 @@ The following is a mapping between these fields.
| `customerExternalID` | `[organization][id]` |
| `customerURI` | `[organization][name]` |
| `destinationAddress` (`dst`) | `[destination][ip]` |
-| `destinationDnsDomain` | `[destination][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
+| `destinationDnsDomain` | `[destination][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
| `destinationGeoLatitude` (`dlat`) | `[destination][geo][location][lat]` |
| `destinationGeoLongitude` (`dlong`) | `[destination][geo][location][lon]` |
| `destinationHostName` (`dhost`) | `[destination][domain]` |
| `destinationMacAddress` (`dmac`) | `[destination][mac]` |
-| `destinationNtDomain` (`dntdom`) | `[destination][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
+| `destinationNtDomain` (`dntdom`) | `[destination][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
| `destinationPort` (`dpt`) | `[destination][port]` |
| `destinationProcessId` (`dpid`) | `[destination][process][pid]` |
| `destinationProcessName` (`dproc`) | `[destination][process][name]` |
@@ -125,8 +125,7 @@ The following is a mapping between these fields.
| `destinationZoneExternalID` | `[cef][destination][zone][external_id]` |
| `destinationZoneURI` | `[cef][destination][zone][uri]` |
| `deviceAction` (`act`) | `[event][action]` |
-| `deviceAddress` (`dvc`) | `[observer][ip]`
When plugin configured with `device => observer` |
-| `[host][ip]`
When plugin configured with `device => host` |
+| `deviceAddress` (`dvc`) | `[observer][ip]`
When plugin configured with `device => observer`
`[host][ip]`
When plugin configured with `device => host` |
| `deviceCustomFloatingPoint1` (`cfp1`) | `[cef][device_custom_floating_point_1][value]` |
| `deviceCustomFloatingPoint1Label` (`cfp1Label`) | `[cef][device_custom_floating_point_1][label]` |
| `deviceCustomFloatingPoint2` (`cfp2`) | `[cef][device_custom_floating_point_2][value]` |
@@ -248,23 +247,19 @@ The following is a mapping between these fields.
| `deviceCustomString15` (`cs15`) | `[cef][device_custom_string_15][value]` |
| `deviceCustomString15Label` (`cs15Label`) | `[cef][device_custom_string_15][label]` |
| `deviceDirection` | `[network][direction]` |
-| `deviceDnsDomain` | `[observer][registered_domain]`
When plugin configured with `device => observer`. |
-| `[host][registered_domain]`
When plugin configured with `device => host`. |
+| `deviceDnsDomain` | `[observer][registered_domain]`
When plugin configured with `device => observer`.
`[host][registered_domain]`
When plugin configured with `device => host`. |
| `deviceEventCategory` (`cat`) | `[cef][category]` |
-| `deviceExternalId` | `[observer][name]`
When plugin configured with `device => observer`. |
-| `[host][id]`
When plugin configured with `device => host`. |
+| `deviceExternalId` | `[observer][name]`
When plugin configured with `device => observer`.
`[host][id]`
When plugin configured with `device => host`. |
| `deviceFacility` | `[log][syslog][facility][code]` |
-| `deviceHostName` (`dvchost`) | `[observer][hostname]`
When plugin configured with `device => observer`. |
-| `[host][name]`
When plugin configured with `device => host`. |
+| `deviceHostName` (`dvchost`) | `[observer][hostname]`
When plugin configured with `device => observer`.
`[host][name]`
When plugin configured with `device => host`. |
| `deviceInboundInterface` | `[observer][ingress][interface][name]` |
-| `deviceMacAddress` (`dvcmac`) | `[observer][mac]`
When plugin configured with `device => observer`. |
-| `[host][mac]`
When plugin configured with `device => host`. |
+| `deviceMacAddress` (`dvcmac`) | `[observer][mac]`
When plugin configured with `device => observer`.
`[host][mac]`
When plugin configured with `device => host`. |
| `deviceNtDomain` | `[cef][nt_domain]` |
| `deviceOutboundInterface` | `[observer][egress][interface][name]` |
| `devicePayloadId` | `[cef][payload_id]` |
| `deviceProcessId` (`dvcpid`) | `[process][pid]` |
| `deviceProcessName` | `[process][name]` |
-| `deviceReceiptTime` (`rt`) | `@timestamp`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `deviceReceiptTime` (`rt`) | `@timestamp`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `deviceTimeZone` (`dtz`) | `[event][timezone]` |
| `deviceTranslatedAddress` | `[host][nat][ip]` |
| `deviceTranslatedZoneExternalID` | `[cef][translated_zone][external_id]` |
@@ -272,25 +267,25 @@ The following is a mapping between these fields.
| `deviceVersion` | `[observer][version]` |
| `deviceZoneExternalID` | `[cef][zone][external_id]` |
| `deviceZoneURI` | `[cef][zone][uri]` |
-| `endTime` (`end`) | `[event][end]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `endTime` (`end`) | `[event][end]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `eventId` | `[event][id]` |
| `eventOutcome` (`outcome`) | `[event][outcome]` |
| `externalId` | `[cef][external_id]` |
| `fileCreateTime` | `[file][created]` |
| `fileHash` | `[file][hash]` |
| `fileId` | `[file][inode]` |
-| `fileModificationTime` | `[file][mtime]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `fileModificationTime` | `[file][mtime]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `fileName` (`fname`) | `[file][name]` |
| `filePath` | `[file][path]` |
| `filePermission` | `[file][group]` |
| `fileSize` (`fsize`) | `[file][size]` |
| `fileType` | `[file][extension]` |
-| `managerReceiptTime` (`mrt`) | `[event][ingested]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `managerReceiptTime` (`mrt`) | `[event][ingested]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `message` (`msg`) | `[message]` |
-| `oldFileCreateTime` | `[cef][old_file][created]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `oldFileCreateTime` | `[cef][old_file][created]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `oldFileHash` | `[cef][old_file][hash]` |
| `oldFileId` | `[cef][old_file][inode]` |
-| `oldFileModificationTime` | `[cef][old_file][mtime]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `oldFileModificationTime` | `[cef][old_file][mtime]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `oldFileName` | `[cef][old_file][name]` |
| `oldFilePath` | `[cef][old_file][path]` |
| `oldFilePermission` | `[cef][old_file][group]` |
@@ -304,12 +299,12 @@ The following is a mapping between these fields.
| `requestMethod` | `[http][request][method]` |
| `requestUrl` (`request`) | `[url][original]` |
| `sourceAddress` (`src`) | `[source][ip]` |
-| `sourceDnsDomain` | `[source][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
+| `sourceDnsDomain` | `[source][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
| `sourceGeoLatitude` (`slat`) | `[source][geo][location][lat]` |
| `sourceGeoLongitude` (`slong`) | `[source][geo][location][lon]` |
| `sourceHostName` (`shost`) | `[source][domain]` |
| `sourceMacAddress` (`smac`) | `[source][mac]` |
-| `sourceNtDomain` (`sntdom`) | `[source][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
+| `sourceNtDomain` (`sntdom`) | `[source][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
| `sourcePort` (`spt`) | `[source][port]` |
| `sourceProcessId` (`spid`) | `[source][process][pid]` |
| `sourceProcessName` (`sproc`) | `[source][process][name]` |
@@ -323,7 +318,7 @@ The following is a mapping between these fields.
| `sourceUserPrivileges` (`spriv`) | `[source][user][group][name]` |
| `sourceZoneExternalID` | `[cef][source][zone][external_id]` |
| `sourceZoneURI` | `[cef][source][zone][uri]` |
-| `startTime` (`start`) | `[event][start]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `startTime` (`start`) | `[event][start]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `transportProtocol` (`proto`) | `[network][transport]` |
| `type` | `[cef][type]` |
@@ -372,7 +367,7 @@ When parsing timestamp fields in ECS mode and encountering timestamps that do no
If your input puts a delimiter between each CEF event, you’ll want to set this to be that delimiter.
-::::{note}
+::::{note}
Byte stream inputs such as TCP require delimiter to be specified. Otherwise input can be truncated or incorrectly split.
::::
diff --git a/docs/lsr/plugins-filters-elastic_integration.md b/docs/lsr/plugins-filters-elastic_integration.md
index 1008aaf..2089f36 100644
--- a/docs/lsr/plugins-filters-elastic_integration.md
+++ b/docs/lsr/plugins-filters-elastic_integration.md
@@ -28,7 +28,7 @@ Use of this plugin requires an active Elastic Enterprise [subscription](https://
Use this filter to process Elastic integrations powered by {{es}} Ingest Node in {{ls}}.
-::::{admonition} Extending Elastic integrations with {ls}
+::::{admonition} Extending Elastic integrations with {{ls}}
This plugin can help you take advantage of the extensive, built-in capabilities of [Elastic {{integrations}}](https://docs.elastic.co/en/integrations)—such as managing data collection, transformation, and visualization—and then use {{ls}} for additional data processing and output options. For more info about extending Elastic integrations with {{ls}}, check out [Using {{ls}} with Elastic Integrations](logstash://reference/using-logstash-with-elastic-integrations.md).
::::
@@ -38,7 +38,7 @@ When you configure this filter to point to an {{es}} cluster, it detects which i
It then loads that pipeline’s definition from {{es}} and run that pipeline inside Logstash without transmitting the event to {{es}}. Events that are successfully handled by their ingest pipeline will have `[@metadata][target_ingest_pipeline]` set to `_none` so that any downstream {{es}} output in the Logstash pipeline will avoid running the event’s default pipeline *again* in {{es}}.
-::::{note}
+::::{note}
Some multi-pipeline configurations such as logstash-to-logstash over http(s) do not maintain the state of `[@metadata]` fields. In these setups, you may need to explicitly configure your downstream pipeline’s {{es}} output with `pipeline => "_none"` to avoid re-running the default pipeline.
::::
@@ -50,7 +50,7 @@ Events that *fail* ingest pipeline processing will be tagged with `_ingest_pipel
* This plugin requires Java 17 minimum with {{ls}} `8.x` versions and Java 21 minimum with {{ls}} `9.x` versions.
* When you upgrade the {{stack}}, upgrade {{ls}} (or this plugin specifically) *before* you upgrade {{kib}}. (Note that this requirement is a departure from the typical {{stack}} [installation order](https://www.elastic.co/guide/en/elastic-stack/current/installing-elastic-stack.md#install-order-elastic-stack).)
- The {{es}}-{ls}-{{kib}} installation order ensures the best experience with {{agent}}-managed pipelines, and embeds functionality from a version of {{es}} Ingest Node that is compatible with the plugin version (`major`.`minor`).
+ The {{es}}-{{ls}}-{{kib}} installation order ensures the best experience with {{agent}}-managed pipelines, and embeds functionality from a version of {{es}} Ingest Node that is compatible with the plugin version (`major`.`minor`).
@@ -119,7 +119,7 @@ You can configure this plugin to present authentication credentials to {{es}} in
* Cloud Auth: (see [`cloud_auth`](plugins-filters-elastic_integration.md#plugins-filters-elastic_integration-cloud_auth))
* HTTP Basic Auth: (see [`username`](plugins-filters-elastic_integration.md#plugins-filters-elastic_integration-username) and [`password`](plugins-filters-elastic_integration.md#plugins-filters-elastic_integration-password))
-::::{note}
+::::{note}
Your request credentials are only as secure as the connection they are being passed over. They provide neither privacy nor secrecy on their own, and can easily be recovered by an adversary when SSL is disabled.
::::
@@ -136,7 +136,7 @@ This plugin communicates with Elasticsearch to resolve events into pipeline defi
| `read_pipeline` | A read-only get and simulate access to ingest pipeline. It is required when plugin reads {{es}} ingest pipeline definitions. |
| `manage_index_templates` | All operations on index templates privilege. It is required when plugin resolves default pipeline based on event data stream name. |
-::::{note}
+::::{note}
This plugin cannot determine if an anonymous user has the required privileges when it connects to an {{es}} cluster that has security features disabled or when the user does not provide credentials. The plugin starts in an unsafe mode with a runtime error indicating that API permissions are insufficient, and prevents events from being processed by the ingest pipeline.
To avoid these issues, set up user authentication and ensure that security in {{es}} is enabled (default).
@@ -308,7 +308,7 @@ This plugin will discover all regular files with the `.mmdb` suffix in the provi
* `Enterprise`
* `Isp`
-::::{note}
+::::{note}
Most integrations rely on databases being present named *exactly*:
* `GeoLite2-ASN.mmdb`,
@@ -601,7 +601,7 @@ Add a unique `ID` to the plugin configuration. If no ID is specified, Logstash w
}
```
-::::{note}
+::::{note}
Variable substitution in the `id` field only supports environment variables and does not support the use of values from the secret store.
::::
diff --git a/docs/lsr/plugins-filters-geoip.md b/docs/lsr/plugins-filters-geoip.md
index c8d499e..cb41878 100644
--- a/docs/lsr/plugins-filters-geoip.md
+++ b/docs/lsr/plugins-filters-geoip.md
@@ -47,19 +47,19 @@ The Logstash open source distribution uses the MaxMind Creative Commons license
This plugin bundles Creative Commons (CC) license databases. If the auto-update feature is enabled in `logstash.yml`(as it is by default), Logstash checks for database updates every day. It downloads the latest and can replace the old database while the plugin is running.
-::::{note}
+::::{note}
If the auto-update feature is disabled or the database has never been updated successfully, as in air-gapped environments, Logstash can use CC license databases indefinitely.
::::
After Logstash has switched to a EULA licensed database, the geoip filter will stop enriching events in order to maintain compliance if Logstash fails to check for database updates for 30 days. Events will be tagged with `_geoip_expired_database` tag to facilitate the handling of this situation.
-::::{note}
+::::{note}
If the auto-update feature is enabled, Logstash upgrades from the CC database license to the EULA version on the first download.
::::
-::::{tip}
+::::{tip}
When possible, allow Logstash to access the internet to download databases so that they are always up-to-date.
::::
@@ -184,7 +184,7 @@ When this plugin is run with [`ecs_compatibility`](plugins-filters-geoip.md#plug
| `continent_code` | `[geo][continent_code]` | `NA` |
| `continent_name` | `[geo][continent_name]` | `North America` |
| `country_code2` | `[geo][country_iso_code]` | `US` |
-| `country_code3` | *N/A* | `US`
*maintained for legacy support, but populated with 2-character country code* |
+| `country_code3` | *N/A* | `US`
*maintained for legacy support, but populated with 2-character country code* |
| `postal_code` | `[geo][postal_code]` | `98106` |
| `region_name` | `[geo][region_name]` | `Washington` |
| `region_code` | `[geo][region_code]` | `WA` |
@@ -200,7 +200,7 @@ When this plugin is run with [`ecs_compatibility`](plugins-filters-geoip.md#plug
| `dma_code` | `[mmdb][dma_code]` | `819` |
| `organization` | `[mmdb][organization]` | `Elastic, NV` |
-::::{note}
+::::{note}
`*` indicates a composite field, which is only populated if GeoIP lookup result contains all components.
::::
@@ -214,7 +214,7 @@ The `location` field combines the latitude and longitude into a structure called
As this field is a `geo_point` *and* it is still valid GeoJSON, you get the awesomeness of Elasticsearch’s geospatial query, facet and filter functions and the flexibility of having GeoJSON for all other applications (like Kibana’s map visualization).
-::::{note}
+::::{note}
This product includes GeoLite2 data created by MaxMind, available from [http://www.maxmind.com](http://www.maxmind.com). This database is licensed under [Creative Commons Attribution-ShareAlike 4.0 International License](http://creativecommons.org/licenses/by-sa/4.0/).
Versions 4.0.0 and later of the GeoIP filter use the MaxMind GeoLite2 database and support both IPv4 and IPv6 lookups. Versions prior to 4.0.0 use the legacy MaxMind GeoLite database and support IPv4 lookups only.
@@ -438,7 +438,7 @@ Add a unique `ID` to the plugin configuration. If no ID is specified, Logstash w
}
```
-::::{note}
+::::{note}
Variable substitution in the `id` field only supports environment variables and does not support the use of values from the secret store.
::::
diff --git a/docs/lsr/plugins-inputs-elastic_serverless_forwarder.md b/docs/lsr/plugins-inputs-elastic_serverless_forwarder.md
index a830e6d..80dc101 100644
--- a/docs/lsr/plugins-inputs-elastic_serverless_forwarder.md
+++ b/docs/lsr/plugins-inputs-elastic_serverless_forwarder.md
@@ -24,17 +24,34 @@ Using this input you can receive events from Elastic Serverless Forwarder over h
### Minimum Configuration [plugins-inputs-elastic_serverless_forwarder-ext-field]
-| SSL Enabled | SSL Disabled |
-| --- | --- |
-| ```
input {
elastic_serverless_forwarder {
port => 8080
ssl_certificate => "/path/to/logstash.crt"
ssl_key => "/path/to/logstash.key"
}
}
```
| ```
input {
elastic_serverless_forwarder {
port => 8080
ssl_enabled => false
}
}
```
|
+#### SSL Enabled
+
+```
+input {
+ elastic_serverless_forwarder {
+ port => 8080
+ ssl_certificate => "/path/to/logstash.crt"
+ ssl_key => "/path/to/logstash.key"
+ }
+}
+```
+#### SSL Disabled
+```
+input {
+ elastic_serverless_forwarder {
+ port => 8080
+ ssl_enabled => false
+ }
+}
+```
## Enrichment [plugins-inputs-elastic_serverless_forwarder-enrichment]
This input provides *minimal enrichment* on events, and avoids including information about itself, the client from which it received the data, or about the original event as-decoded from the request.
-::::{note}
+::::{note}
Senders are advised to use care with respect to fields that are [reserved in Logstash](https://www.elastic.co/guide/en/logstash/current/processing.html#reserved-fields). ESF sends the Logstash-required `@timestamp` field by default, but if this value is missing it will be populated with the current time.
::::
@@ -59,7 +76,7 @@ By default, this plugin does not request certificates from clients during SSL ne
It can be configured to either request or require client certificates using [`ssl_client_authentication`](plugins-inputs-elastic_serverless_forwarder.md#plugins-inputs-elastic_serverless_forwarder-ssl_client_authentication), which often also requires configuring it with a list of [`ssl_certificate_authorities`](plugins-inputs-elastic_serverless_forwarder.md#plugins-inputs-elastic_serverless_forwarder-ssl_certificate_authorities) to trust. When validating a certificate that is presented, [`ssl_verification_mode`](plugins-inputs-elastic_serverless_forwarder.md#plugins-inputs-elastic_serverless_forwarder-ssl_verification_mode) controls how certificates are verified.
-::::{note}
+::::{note}
ESF does not currently support *presenting* client certificates, so requesting or requiring clients to present identity is only useful when combined with an SSL-terminating proxy.
::::
@@ -78,7 +95,7 @@ This plugin exposes several advanced SSL configurations:
You can configure this plugin to authenticate requests using HTTP Basic authentication by configuring [`auth_basic_username`](plugins-inputs-elastic_serverless_forwarder.md#plugins-inputs-elastic_serverless_forwarder-auth_basic_username) and [`auth_basic_password`](plugins-inputs-elastic_serverless_forwarder.md#plugins-inputs-elastic_serverless_forwarder-auth_basic_password).
-::::{note}
+::::{note}
Basic Authentication is not a substitute for SSL, as it provides neither secrecy nor security on its own. When used with SSL disabled, HTTP Basic credentials are transmitted in effectively clear-text and can be easily recovered by an adversary.
::::
@@ -119,7 +136,7 @@ Here are some tips for configuring the {{esf}} input to work with the elasticsea
This plugin supports the following configuration options plus the [Common options](plugins-inputs-elastic_serverless_forwarder.md#plugins-inputs-elastic_serverless_forwarder-common-options) described later.
-::::{note}
+::::{note}
As of version `2.0.0` of this plugin, a previously deprecated SSL setting has been removed. Please check out [Elasticsearch Output Obsolete Configuration Options](plugins-inputs-elastic_serverless_forwarder.md#plugins-inputs-elastic_serverless_forwarder-obsolete-options) for details.
::::
@@ -247,7 +264,7 @@ This is an advanced SSL configuration.
SSL key to use.
-::::{note}
+::::{note}
This key need to be in the PKCS8 format, you can convert it with [OpenSSL](https://www.openssl.org/docs/man1.1.1/man1/openssl-pkcs8.md) for more information.
::::
@@ -273,7 +290,7 @@ This is an advanced SSL configuration.
For Java 8 `'TLSv1.3'` is supported only since ***8u262*** (AdoptOpenJDK), but requires that you set the `LS_JAVA_OPTS="-Djdk.tls.client.protocols=TLSv1.3"` system property in Logstash.
-::::{note}
+::::{note}
If you configure the plugin to use `'TLSv1.1'` on any recent JVM, such as the one packaged with Logstash, the protocol is disabled by default and needs to be enabled manually by changing `jdk.tls.disabledAlgorithms` in the **$JDK_HOME/conf/security/java.security** configuration file. That is, `TLSv1.1` needs to be removed from the list.
::::
@@ -291,7 +308,7 @@ If you configure the plugin to use `'TLSv1.1'` on any recent JVM, such as the on
When [`ssl_client_authentication`](plugins-inputs-elastic_serverless_forwarder.md#plugins-inputs-elastic_serverless_forwarder-ssl_client_authentication) causes a client to present a certificate, this setting controls how that certificate is verified.
-::::{note}
+::::{note}
Client identity is not typically validated using SSL because the receiving server only has access to the client’s outbound-ip, which is not always constant and is frequently not represented in the certificate’s subject or subjectAltNames extensions. For more information, see [RFC2818 § 3.2 (HTTP over TLS — Client Identity)](https://www.rfc-editor.org/rfc/rfc2818#section-3.1)
::::
@@ -300,7 +317,7 @@ Client identity is not typically validated using SSL because the receiving serve
## Elasticsearch Output Obsolete Configuration Options [plugins-inputs-elastic_serverless_forwarder-obsolete-options]
-::::{warning}
+::::{warning}
As of version `2.0.0` of this plugin, some configuration options have been replaced. The plugin will fail to start if it contains any of these obsolete options.
::::
@@ -353,7 +370,7 @@ input {
}
```
-::::{note}
+::::{note}
Variable substitution in the `id` field only supports environment variables and does not support the use of values from the secret store.
::::
diff --git a/docs/lsr/plugins-inputs-kafka.md b/docs/lsr/plugins-inputs-kafka.md
index e020533..dd2cb73 100644
--- a/docs/lsr/plugins-inputs-kafka.md
+++ b/docs/lsr/plugins-inputs-kafka.md
@@ -34,7 +34,7 @@ This input supports connecting to Kafka over:
By default security is disabled but can be turned on as needed.
-::::{note}
+::::{note}
This plugin does not support using a proxy when communicating to the Kafka broker.
This plugin does support using a proxy when communicating to the Schema Registry using the [`schema_registry_proxy`](plugins-inputs-kafka.md#plugins-inputs-kafka-schema_registry_proxy) option.
@@ -73,7 +73,7 @@ Please note that `@metadata` fields are not part of any of your events at output
This plugin supports these configuration options plus the [Common options](plugins-inputs-kafka.md#plugins-inputs-kafka-common-options) described later.
-::::{note}
+::::{note}
Some of these options map to a Kafka option. Defaults usually reflect the Kafka default setting, and might change if Kafka’s consumer defaults change. See the [https://kafka.apache.org/38/documentation](https://kafka.apache.org/38/documentation) for more details.
::::
@@ -198,7 +198,7 @@ Automatically check the CRC32 of the records consumed. This ensures no on-the-wi
How DNS lookups should be done. If set to `use_all_dns_ips`, when the lookup returns multiple IP addresses for a hostname, they will all be attempted to connect to before failing the connection. If the value is `resolve_canonical_bootstrap_servers_only` each entry will be resolved and expanded into a list of canonical names.
-::::{note}
+::::{note}
Starting from Kafka 3 `default` value for `client.dns.lookup` value has been removed. If explicitly configured it fallbacks to `use_all_dns_ips`.
::::
@@ -220,7 +220,7 @@ The id string to pass to the server when making requests. The purpose of this is
A rack identifier for the Kafka consumer. Used to select the physically closest rack for the consumer to read from. The setting corresponds with Kafka’s `broker.rack` configuration.
-::::{note}
+::::{note}
Available only for Kafka 2.4.0 and higher. See [KIP-392](https://cwiki.apache.org/confluence/display/KAFKA/KIP-392%3A+Allow+consumers+to+fetch+from+closest+replica).
::::
@@ -266,7 +266,8 @@ Option to add Kafka metadata like topic, message size and header key values to t
### `auto_create_topics` [plugins-inputs-kafka-auto_create_topics]
- * Value type is [boolean](value-types.md#boolean) * Default value is `true`
+* Value type is [boolean](value-types.md#boolean)
+* Default value is `true`
Controls whether the topic is automatically created when subscribing to a non-existent topic. A topic will be auto-created only if this configuration is set to `true` and auto-topic creation is enabled on the broker using `auto.create.topics.enable`; otherwise auto-topic creation is not permitted.
@@ -320,7 +321,7 @@ The minimum amount of data the server should return for a fetch request. If insu
The identifier of the group this consumer belongs to. Consumer group is a single logical subscriber that happens to be made up of multiple processors. Messages in a topic will be distributed to all Logstash instances with the same `group_id`.
-::::{note}
+::::{note}
In cases when multiple inputs are being used in a single pipeline, reading from different topics, it’s essential to set a different `group_id => ...` for each input. Setting a unique `client_id => ...` is also recommended.
::::
@@ -333,12 +334,12 @@ In cases when multiple inputs are being used in a single pipeline, reading from
The static membership identifier for this Logstash Kafka consumer. Static membership feature was introduced in [KIP-345](https://cwiki.apache.org/confluence/display/KAFKA/KIP-345%3A+Introduce+static+membership+protocol+to+reduce+consumer+rebalances), available under Kafka property `group.instance.id`. Its purpose is to avoid rebalances in situations in which a lot of data has to be forwarded after a consumer goes offline. This feature mitigates cases where the service state is heavy and the rebalance of one topic partition from instance A to B would cause a huge amount of data to be transferred. A client that goes offline/online frequently can avoid frequent and heavy rebalances by using this option.
-::::{note}
+::::{note}
The `group_instance_id` setting must be unique across all the clients belonging to the same [`group_id`](plugins-inputs-kafka.md#plugins-inputs-kafka-group_id). Otherwise, another client connecting with same `group.instance.id` value would cause the oldest instance to be disconnected. You can set this value to use information such as a hostname, an IP, or anything that uniquely identifies the client application.
::::
-::::{note}
+::::{note}
In cases when multiple threads are configured and `consumer_threads` is greater than one, a suffix is appended to the `group_instance_id` to avoid collisions.
::::
@@ -670,7 +671,7 @@ Use either the Schema Registry config option or the [`value_deserializer_class`]
* Value can be either of: `auto`, `skip`
* Default value is `"auto"`
-::::{note}
+::::{note}
Under most circumstances, the default setting of `auto` should not need to be changed.
::::
@@ -783,7 +784,7 @@ A topic regular expression pattern to subscribe to.
Filtering by a regular expression is done by retrieving the full list of topic names from the broker and applying the pattern locally. When used with brokers with a lot of topics this operation could be very slow, especially if there are a lot of consumers.
-::::{note}
+::::{note}
When the broker has some topics configured with ACL rules and they miss the DESCRIBE permission, then the subscription happens but on the broker side it is logged that the subscription of some topics was denied to the configured user.
::::
@@ -850,7 +851,7 @@ input {
}
```
-::::{note}
+::::{note}
Variable substitution in the `id` field only supports environment variables and does not support the use of values from the secret store.
::::
diff --git a/docs/lsr/plugins-inputs-logstash.md b/docs/lsr/plugins-inputs-logstash.md
index 7c269d0..67b1034 100644
--- a/docs/lsr/plugins-inputs-logstash.md
+++ b/docs/lsr/plugins-inputs-logstash.md
@@ -23,17 +23,35 @@ For questions about the plugin, open a topic in the [Discuss](http://discuss.ela
Listen for events that are sent by a [Logstash output plugin](plugins-outputs-logstash.md) in a pipeline that may be in another process or on another host. The upstream output must have a TCP route to the port (defaults to 9800) on an interface that this plugin is bound to.
-::::{note}
+::::{note}
Sending events to this input by *any* means other than `plugins-outputs-logstash` is neither advised nor supported. We will maintain cross-compatibility with any two supported versions of output/input pair and reserve the right to change details such as protocol and encoding.
::::
### Minimum Configuration [plugins-inputs-logstash-minimum-config]
-| SSL Enabled | SSL Disabled |
-| --- | --- |
-| ```
input {
logstash {
ssl_keystore_path
=> "/path/to/logstash.p12"
ssl_keystore_password
=> "${PASS}"
}
}
```
| ```
input {
logstash {
ssl_enabled => false
}
}
```
|
+#### SSL Enabled
+```
+input {
+ logstash {
+ ssl_keystore_path
+ => "/path/to/logstash.p12"
+ ssl_keystore_password
+ => "${PASS}"
+ }
+}
+```
+
+#### SSL Disabled
+
+```
+input {
+ logstash {
+ ssl_enabled => false
+ }
+}
+```
### Configuration Concepts [plugins-inputs-logstash-config-binding]
@@ -56,7 +74,7 @@ Certificates that are presented by clients are validated by default using the sy
* A PEM-formatted list of trusted certificate authorities (see [`ssl_certificate_authorities`](plugins-inputs-logstash.md#plugins-inputs-logstash-ssl_certificate_authorities))
-::::{note}
+::::{note}
Client-certificate verification does *not* verify identity claims on the presented certificate, such as whether the certificate includes a Subject Alt Name matching the IP address from which the client is connecting.
::::
@@ -66,7 +84,7 @@ Client-certificate verification does *not* verify identity claims on the present
You can also configure this plugin to require a specific username/password be provided by configuring [`username`](plugins-inputs-logstash.md#plugins-inputs-logstash-username) and [`password`](plugins-inputs-logstash.md#plugins-inputs-logstash-password). Doing so requires connecting `logstash-output` plugin clients to provide matching `username` and `password`.
-::::{note}
+::::{note}
when SSL is disabled, data and credentials will be received in clear-text.
::::
@@ -210,7 +228,7 @@ A password or passphrase of the [`ssl_key`](plugins-inputs-logstash.md#plugins-i
Username for password-based authentication. When this input plugin is configured with a `username`, it also requires a `password`, and any upstream `logstash-output` plugin must also be configured with a matching `username`/`password` pair.
-::::{note}
+::::{note}
when SSL is disabled, credentials will be transmitted in clear-text.
::::
@@ -260,7 +278,7 @@ input {
}
```
-::::{note}
+::::{note}
Variable substitution in the `id` field only supports environment variables and does not support the use of values from the secret store.
::::
diff --git a/docs/lsr/plugins-inputs-snmp.md b/docs/lsr/plugins-inputs-snmp.md
index 8e8e402..16317ca 100644
--- a/docs/lsr/plugins-inputs-snmp.md
+++ b/docs/lsr/plugins-inputs-snmp.md
@@ -18,7 +18,7 @@ For other versions, see the [Versioned plugin docs](/vpr/input-snmp-index.md).
For questions about the plugin, open a topic in the [Discuss](http://discuss.elastic.co) forums. For bugs or feature requests, open an issue in [Github](https://github.com/logstash-plugins/logstash-integration-snmp). For the list of Elastic supported plugins, please consult the [Elastic Support Matrix](https://www.elastic.co/support/matrix#logstash_plugins).
-::::{admonition} Migrating to `logstash-integration-snmp` from stand-alone `input-snmp`
+::::{admonition} Migrating to logstash-integration-snmp from stand-alone input-snmp
The `logstash-input-snmp` plugin is now a component of the `logstash-integration-snmp` plugin which is bundled with {{ls}} 8.15.0 by default. This integrated plugin package provides better alignment in snmp processing, better resource management, easier package maintenance, and a smaller installation footprint.
Before you upgrade to {{ls}} 8.15.0, be aware of [behavioral and mapping differences](https://www.elastic.co/guide/en/logstash/current/plugins-integrations-snmp.md#plugins-integrations-snmp-migration) between current stand-alone plugins and the new versions included in `integration-snmp`.
@@ -513,7 +513,7 @@ input {
}
```
-::::{note}
+::::{note}
Variable substitution in the `id` field only supports environment variables and does not support the use of values from the secret store.
::::
diff --git a/docs/lsr/plugins-inputs-snmptrap.md b/docs/lsr/plugins-inputs-snmptrap.md
index aea8710..39e615a 100644
--- a/docs/lsr/plugins-inputs-snmptrap.md
+++ b/docs/lsr/plugins-inputs-snmptrap.md
@@ -18,7 +18,7 @@ For other versions, see the [Versioned plugin docs](/vpr/input-snmptrap-index.md
For questions about the plugin, open a topic in the [Discuss](http://discuss.elastic.co) forums. For bugs or feature requests, open an issue in [Github](https://github.com/logstash-plugins/logstash-integration-snmp). For the list of Elastic supported plugins, please consult the [Elastic Support Matrix](https://www.elastic.co/support/matrix#logstash_plugins).
-::::{admonition} Migrating to `logstash-integration-snmp` from stand-alone `input-snmptrap`
+::::{admonition} Migrating to logstash-integration-snmp from stand-alone input-snmptrap
The `logstash-input-snmptrap` plugin is now a component of the `logstash-integration-snmp` plugin which is bundled with {{ls}} 8.15.0 by default. This integrated plugin package provides better alignment in snmp processing, better resource management, easier package maintenance, and a smaller installation footprint.
Before you upgrade to {{ls}} 8.15.0, be aware of [behavioral and mapping differences](https://www.elastic.co/guide/en/logstash/current/plugins-integrations-snmp.md#plugins-integrations-snmp-migration) between current stand-alone plugins and the new versions included in `integration-snmp`. If you need to maintain current mappings for the `input-snmptrap` plugin, you have options to [preserve existing behavior](https://www.elastic.co/guide/en/logstash/current/plugins-integrations-snmp.html#plugins-integrations-snmp-input-snmptrap-compat).
@@ -410,7 +410,7 @@ input {
}
```
-::::{note}
+::::{note}
Variable substitution in the `id` field only supports environment variables and does not support the use of values from the secret store.
::::
diff --git a/docs/lsr/plugins-outputs-elasticsearch.md b/docs/lsr/plugins-outputs-elasticsearch.md
index 4c77fd8..aa419d8 100644
--- a/docs/lsr/plugins-outputs-elasticsearch.md
+++ b/docs/lsr/plugins-outputs-elasticsearch.md
@@ -45,7 +45,7 @@ You can use this plugin to send your {{ls}} data to {{es-serverless}}. Some diff
* {{es-serverless}} uses **data streams** and [{{dlm}} ({{dlm-init}})](https://www.elastic.co/guide/en/elasticsearch/reference/current/data-stream-lifecycle.html) instead of {{ilm}} ({{ilm-init}}). Any {{ilm-init}} settings in your [{{es}} output plugin](plugins-outputs-elasticsearch.md) configuration are ignored and may cause errors.
* **{{ls}} monitoring** is available through the [{{ls}} Integration](https://github.com/elastic/integrations/blob/main/packages/logstash/_dev/build/docs/README.md) in [Elastic Observability](https://docs.elastic.co/serverless/observability/what-is-observability-serverless) on {{serverless-full}}.
-::::{admonition} Known issue for {{ls}} to {es-serverless}
+::::{admonition} Known issue for {{ls}} to {{es-serverless}}
The logstash-output-elasticsearch `hosts` setting on {{serverless-short}} defaults the port to 9200 when omitted. Set the value to port :443 instead.
::::
@@ -56,7 +56,7 @@ For more info on sending data from {{ls}} to {{es-serverless}}, check out the [{
## Hosted {{es}} Service on Elastic Cloud [plugins-outputs-elasticsearch-ess]
-{ess-leadin}
+{{ess-leadin}}
## Compatibility with the Elastic Common Schema (ECS) [_compatibility_with_the_elastic_common_schema_ecs]
@@ -79,7 +79,7 @@ Use the data stream options for indexing time series datasets (such as logs, met
* [`data_stream_sync_fields`](plugins-outputs-elasticsearch.md#plugins-outputs-elasticsearch-data_stream_sync_fields)
* [`data_stream_type`](plugins-outputs-elasticsearch.md#plugins-outputs-elasticsearch-data_stream_type)
-::::{important}
+::::{important}
[ECS compatibility](plugins-outputs-elasticsearch.md#plugins-outputs-elasticsearch-ecs_compatibility) must be enabled (set to `v1` or `v8`) for data streams to work properly.
::::
@@ -117,7 +117,7 @@ output {
## Writing to different indices: best practices [_writing_to_different_indices_best_practices]
-::::{note}
+::::{note}
You cannot use dynamic variable substitution when `ilm_enabled` is `true` and when using `ilm_rollover_alias`.
::::
@@ -189,7 +189,7 @@ Mapping (404) errors from Elasticsearch can lead to data loss. Unfortunately map
## {{ilm-cap}} ({{ilm-init}}) [plugins-outputs-elasticsearch-ilm]
-::::{note}
+::::{note}
* The {{ilm-cap}} ({{ilm-init}}) feature does not apply for {{es-serverless}}. Any {{ilm-init}} settings in your plugin configuration are ignored and may cause errors.
* The {{ilm-init}} feature requires plugin version `9.3.1` or higher.
* This feature requires an {{es}} instance of 6.6.0 or higher with at least a Basic license
@@ -223,7 +223,7 @@ See config below for an example:
}
```
-::::{note}
+::::{note}
* Custom ILM policies must already exist on the {{es}} cluster before they can be used.
* If the rollover alias or pattern is modified, the index template will need to be overwritten as the settings `index.lifecycle.name` and `index.lifecycle.rollover_alias` are automatically written to the template
* If the index property is supplied in the output definition, it will be overwritten by the rollover alias.
@@ -272,7 +272,7 @@ This plugin transmits events to Elasticsearch using a JSON API, and therefore re
This plugin supports these configuration options plus the [Common options](plugins-outputs-elasticsearch.md#plugins-outputs-elasticsearch-common-options) described later.
-::::{note}
+::::{note}
As of version 12.0.0 of this plugin, a number of previously deprecated SSL settings have been removed. Please check out [Elasticsearch Output Obsolete Configuration Options](plugins-outputs-elasticsearch.md#plugins-outputs-elasticsearch-obsolete-options) for details.
::::
@@ -475,7 +475,7 @@ The data stream namespace used to construct the data stream at index time.
Automatically adds and syncs the `data_stream.*` event fields if they are missing from the event. This ensures that fields match the name of the data stream that is receiving events.
-::::{note}
+::::{note}
If existing `data_stream.*` event fields do not match the data stream name and `data_stream_auto_routing` is disabled, the event fields will be overwritten with a warning.
::::
@@ -527,12 +527,12 @@ The document ID for the index. Useful for overwriting existing entries in Elasti
* There is no default value for this setting.
* This option is deprecated
-::::{note}
+::::{note}
This option is deprecated due to the [removal of types in Elasticsearch 6.0](https://www.elastic.co/guide/en/elasticsearch/reference/6.0/removal-of-types.md). It will be removed in the next major version of Logstash.
::::
-::::{note}
+::::{note}
This value is ignored and has no effect for Elasticsearch clusters `8.x`.
::::
@@ -571,7 +571,7 @@ Controls this plugin’s compatibility with the [Elastic Common Schema (ECS)](ht
* Value type is [array](value-types.md#array)
* Default value is `[]`
-::::{note}
+::::{note}
Deprecated, refer to [`silence_errors_in_log`](plugins-outputs-elasticsearch.md#plugins-outputs-elasticsearch-silence_errors_in_log).
::::
@@ -630,7 +630,7 @@ Setting `true` enables gzip compression level 1 on requests.
This setting allows you to reduce this plugin’s outbound network traffic by compressing each bulk *request* to {{es}}.
-::::{note}
+::::{note}
This output plugin reads compressed *responses* from {{es}} regardless of the value of this setting.
::::
@@ -645,7 +645,7 @@ The default setting of `auto` will automatically enable [Index Lifecycle Managem
Setting this flag to `false` will disable the Index Lifecycle Management feature, even if the Elasticsearch cluster supports ILM. Setting this flag to `true` will enable Index Lifecycle Management feature, if the Elasticsearch cluster supports it. This is required to enable Index Lifecycle Management on a version of Elasticsearch earlier than version `7.0.0`.
-::::{note}
+::::{note}
This feature requires a Basic License or above to be installed on an Elasticsearch cluster version 6.6.0 or later.
::::
@@ -660,17 +660,17 @@ Pattern used for generating indices managed by [Index Lifecycle Management](http
Date Math can be used when specifying an ilm pattern, see [Rollover API docs](https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-rollover-index.html#_using_date_math_with_the_rollover_api) for details.
-::::{note}
+::::{note}
Updating the pattern will require the index template to be rewritten.
::::
-::::{note}
+::::{note}
The pattern must finish with a dash and a number that will be automatically incremented when indices rollover.
::::
-::::{note}
+::::{note}
The pattern is a 6-digit string padded by zeros, regardless of prior index name. Example: 000001. See [Rollover path parameters API docs](https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-rollover-index.html#rollover-index-api-path-params) for details.
::::
@@ -683,7 +683,7 @@ The pattern is a 6-digit string padded by zeros, regardless of prior index name.
Modify this setting to use a custom Index Lifecycle Management policy, rather than the default. If this value is not set, the default policy will be automatically installed into Elasticsearch
-::::{note}
+::::{note}
If this setting is specified, the policy must already exist in Elasticsearch cluster.
::::
@@ -700,17 +700,17 @@ If this setting is specified, the policy must already exist in Elasticsearch clu
The rollover alias is the alias where indices managed using Index Lifecycle Management will be written to.
-::::{note}
+::::{note}
If both `index` and `ilm_rollover_alias` are specified, `ilm_rollover_alias` takes precedence.
::::
-::::{note}
+::::{note}
Updating the rollover alias will require the index template to be rewritten.
::::
-::::{note}
+::::{note}
`ilm_rollover_alias` does NOT support dynamic variable substitution as `index` does.
::::
@@ -907,7 +907,7 @@ Defines the list of Elasticsearch errors that you don’t want to log. A useful
}
```
-::::{note}
+::::{note}
Deprecates [`failure_type_logging_whitelist`](plugins-outputs-elasticsearch.md#plugins-outputs-elasticsearch-failure_type_logging_whitelist).
::::
@@ -944,7 +944,7 @@ HTTP Path to be used for the sniffing requests the default value is computed by
SSL certificate to use to authenticate the client. This certificate should be an OpenSSL-style X.509 certificate file.
-::::{note}
+::::{note}
This setting can be used only if [`ssl_key`](plugins-outputs-elasticsearch.md#plugins-outputs-elasticsearch-ssl_key) is set.
::::
@@ -957,7 +957,7 @@ This setting can be used only if [`ssl_key`](plugins-outputs-elasticsearch.md#pl
The .cer or .pem files to validate the server’s certificate.
-::::{note}
+::::{note}
You cannot use this setting and [`ssl_truststore_path`](plugins-outputs-elasticsearch.md#plugins-outputs-elasticsearch-ssl_truststore_path) at the same time.
::::
@@ -990,7 +990,7 @@ SSL key to use. This key must be in the PKCS8 format and PEM encoded. You can us
openssl pkcs8 -inform PEM -in path/to/logstash.key -topk8 -nocrypt -outform PEM -out path/to/logstash.pkcs8.key
```
-::::{note}
+::::{note}
This setting can be used only if [`ssl_certificate`](plugins-outputs-elasticsearch.md#plugins-outputs-elasticsearch-ssl_certificate) is set.
::::
@@ -1011,7 +1011,7 @@ Set the keystore password
The keystore used to present a certificate to the server. It can be either `.jks` or `.p12`
-::::{note}
+::::{note}
You cannot use this setting and [`ssl_certificate`](plugins-outputs-elasticsearch.md#plugins-outputs-elasticsearch-ssl_certificate) at the same time.
::::
@@ -1035,7 +1035,7 @@ List of allowed SSL/TLS versions to use when establishing a connection to the El
For Java 8 `'TLSv1.3'` is supported only since ***8u262*** (AdoptOpenJDK), but requires that you set the `LS_JAVA_OPTS="-Djdk.tls.client.protocols=TLSv1.3"` system property in Logstash.
-::::{note}
+::::{note}
If you configure the plugin to use `'TLSv1.1'` on any recent JVM, such as the one packaged with Logstash, the protocol is disabled by default and needs to be enabled manually by changing `jdk.tls.disabledAlgorithms` in the **$JDK_HOME/conf/security/java.security** configuration file. That is, `TLSv1.1` needs to be removed from the list.
::::
@@ -1056,7 +1056,7 @@ Set the truststore password
The truststore to validate the server’s certificate. It can be either `.jks` or `.p12`.
-::::{note}
+::::{note}
You cannot use this setting and [`ssl_certificate_authorities`](plugins-outputs-elasticsearch.md#plugins-outputs-elasticsearch-ssl_certificate_authorities) at the same time.
::::
@@ -1081,7 +1081,7 @@ Defines how to verify the certificates presented by another party in the TLS con
`none` performs no certificate validation.
-::::{warning}
+::::{warning}
Setting certificate verification to `none` disables many security benefits of SSL/TLS, which is very dangerous. For more information on disabling certificate verification please read [https://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf](https://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf)
::::
@@ -1104,7 +1104,7 @@ The default setting of `auto` will use [index template API](https://www.elastic.
Setting this flag to `legacy` will use legacy template API to create index template. Setting this flag to `composable` will use index template API to create index template.
-::::{note}
+::::{note}
The format of template provided to [`template`](plugins-outputs-elasticsearch.md#plugins-outputs-elasticsearch-template) needs to match the template API being used.
::::
@@ -1189,7 +1189,7 @@ The version_type to use for indexing. See the [versioning support blog](https://
## Elasticsearch Output Obsolete Configuration Options [plugins-outputs-elasticsearch-obsolete-options]
-::::{warning}
+::::{warning}
As of version `12.0.0` of this plugin, some configuration options have been replaced. The plugin will fail to start if it contains any of these obsolete options.
::::
@@ -1237,7 +1237,7 @@ output {
}
```
-::::{note}
+::::{note}
Variable substitution in the `id` field only supports environment variables and does not support the use of values from the secret store.
::::
diff --git a/docs/lsr/plugins-outputs-graphite.md b/docs/lsr/plugins-outputs-graphite.md
index a1ff051..e0e9b78 100644
--- a/docs/lsr/plugins-outputs-graphite.md
+++ b/docs/lsr/plugins-outputs-graphite.md
@@ -104,7 +104,7 @@ Defines the format of the metric string. The placeholder *** will be replaced wi
metrics_format => "foo.bar.*.sum"
```
-::::{note}
+::::{note}
If no metrics_format is defined, the name of the metric will be used as fallback.
::::
@@ -115,9 +115,7 @@ If no metrics_format is defined, the name of the metric will be used as fallback
* Value type is [string](value-types.md#string)
* Default value is `"."`
-When hashes are passed in as values they are broken out into a dotted notation For instance if you configure this plugin with # [source,ruby] metrics ⇒ "mymetrics"
-
-and "mymetrics" is a nested hash of *{a ⇒ 1, b ⇒ { c ⇒ 2 }}* this plugin will generate two metrics: a ⇒ 1, and b.c ⇒ 2 . If you’ve specified a *metrics_format* it will respect that, but you still may want control over the separator within these nested key names. This config setting changes the separator from the *.* default.
+When hashes are passed in as values they are broken out into a dotted notation For instance if you configure this plugin with `metrics ⇒ "mymetrics` and "mymetrics" is a nested hash of *{a ⇒ 1, b ⇒ { c ⇒ 2 }}* this plugin will generate two metrics: a ⇒ 1, and b.c ⇒ 2 . If you’ve specified a *metrics_format* it will respect that, but you still may want control over the separator within these nested key names. This config setting changes the separator from the *.* default.
### `port` [plugins-outputs-graphite-port]
@@ -194,7 +192,7 @@ output {
}
```
-::::{note}
+::::{note}
Variable substitution in the `id` field only supports environment variables and does not support the use of values from the secret store.
::::
diff --git a/docs/lsr/plugins-outputs-logstash.md b/docs/lsr/plugins-outputs-logstash.md
index a264805..071dd67 100644
--- a/docs/lsr/plugins-outputs-logstash.md
+++ b/docs/lsr/plugins-outputs-logstash.md
@@ -23,17 +23,34 @@ For questions about the plugin, open a topic in the [Discuss](http://discuss.ela
Send events to a [Logstash input plugin](plugins-inputs-logstash.md) in a pipeline that may be in another process or on another host. You must have a TCP route to the port (defaults to 9800) on an interface that the downstream input is bound to.
-::::{note}
+::::{note}
Sending events to *any* destination other than a `logstash-input` plugin is neither advised nor supported. We will maintain cross-compatibility with any two supported versions of output/input pair and reserve the right to change details such as protocol and encoding.
::::
### Minimum Configuration [plugins-outputs-logstash-minimum-config]
-| SSL Enabled | SSL Disabled |
-| --- | --- |
-| ```
output {
logstash {
hosts => "10.0.0.123:9801"
}
}
```
| ```
output {
logstash {
hosts => "10.0.0.123:9801"
ssl_enabled
=> false
}
}
```
|
+#### SSL Enabled
+```
+output {
+ logstash {
+ hosts => "10.0.0.123:9801"
+ }
+}
+```
+
+#### SSL Disabled
+
+```
+output {
+ logstash {
+ hosts => "10.0.0.123:9801"
+ ssl_enabled
+ => false
+ }
+}
+```
### Configuration Concepts [plugins-outputs-logstash-config-connecting]
@@ -64,7 +81,7 @@ If the downstream input plugin is configured to request or require client authen
If the downstream `logstash-input` plugin is configured to require `username` and `password`, you will need to configure this output with a matching [`username`](plugins-outputs-logstash.md#plugins-outputs-logstash-username) and [`password`](plugins-outputs-logstash.md#plugins-outputs-logstash-password).
-::::{note}
+::::{note}
when SSL is disabled, data and credentials will be transmitted in clear-text.
::::
@@ -129,7 +146,7 @@ The security of this plugin relies on SSL to avoid leaking credentials and to av
::::
-::::{note}
+::::{note}
when using SSL, the server that responds must present a certificated with identity claim matching this host name or ip address.
::::
@@ -251,7 +268,7 @@ Username for password-based authentication.
When the downstream input plugin is configured with a `username` and `password`, you must also configure upstream outputs with a matching `username`/`password` pair.
-::::{note}
+::::{note}
when SSL is disabled, credentials will be transmitted in clear-text.
::::
@@ -290,7 +307,7 @@ output {
}
```
-::::{note}
+::::{note}
Variable substitution in the `id` field only supports environment variables and does not support the use of values from the secret store.
::::
diff --git a/docs/vpr/v0-0-1-plugins-filters-elastic_integration.md b/docs/vpr/v0-0-1-plugins-filters-elastic_integration.md
index d2b674e..873dcd0 100644
--- a/docs/vpr/v0-0-1-plugins-filters-elastic_integration.md
+++ b/docs/vpr/v0-0-1-plugins-filters-elastic_integration.md
@@ -198,7 +198,7 @@ This plugin supports the following configuration options plus the [Common option
* Value type is [password](logstash://reference/configuration-file-structure.md#password)
* There is no default value for this setting.
-The encoded form of an API key that is used to authenticate this plugin to {es}
+The encoded form of an API key that is used to authenticate this plugin to {{es}}
### `auth_basic_password` [v0.0.1-plugins-filters-elastic_integration-auth_basic_password]
diff --git a/docs/vpr/v0-0-1-plugins-inputs-logstash.md b/docs/vpr/v0-0-1-plugins-inputs-logstash.md
index 1c99406..b295741 100644
--- a/docs/vpr/v0-0-1-plugins-inputs-logstash.md
+++ b/docs/vpr/v0-0-1-plugins-inputs-logstash.md
@@ -32,10 +32,30 @@ Sending events to this input by *any* means other than [logstash output plugin](
### Minimum Configuration [v0.0.1-plugins-inputs-logstash-minimum-config]
-| SSL Enabled | SSL Disabled |
-| --- | --- |
-| ```shell
input {
logstash {
port => 8080
ssl_keystore_path
=> "/path/to/logstash.p12"
ssl_keystore_password
=> "${PASS}"
}
}
```
| ```shell
input {
logstash {
port => 8080
ssl_enabled => false
}
}
```
|
+#### SSL Enabled
+```shell
+input {
+ logstash {
+ port => 8080
+ ssl_keystore_path
+ => "/path/to/logstash.p12"
+ ssl_keystore_password
+ => "${PASS}"
+ }
+}
+```
+
+#### SSL Disabled
+
+```shell
+input {
+ logstash {
+ port => 8080
+ ssl_enabled => false
+ }
+}
+```
### Configuration Concepts [v0.0.1-plugins-inputs-logstash-config-binding]
diff --git a/docs/vpr/v0-0-1-plugins-outputs-logstash.md b/docs/vpr/v0-0-1-plugins-outputs-logstash.md
index 6db9950..6e4dcc9 100644
--- a/docs/vpr/v0-0-1-plugins-outputs-logstash.md
+++ b/docs/vpr/v0-0-1-plugins-outputs-logstash.md
@@ -32,9 +32,27 @@ Sending events to *any* destination other than [logstash input plugin](/lsr/plug
### Minimum Configuration [v0.0.1-plugins-outputs-logstash-minimum-config]
-| SSL Enabled | SSL Disabled |
-| --- | --- |
-| ```shell
output {
logstash {
host => "10.0.0.123"
port => 8080
}
}
```
| ```shell
output {
logstash {
host => "10.0.0.123"
port => 8080
ssl_enabled
=> false
}
}
```
|
+```shell
+output {
+ logstash {
+ host => "10.0.0.123"
+ port => 8080
+ }
+}
+```
+
+#### SSL Disabled
+
+```shell
+output {
+ logstash {
+ host => "10.0.0.123"
+ port => 8080
+ ssl_enabled
+ => false
+ }
+}
+```
### Configuration Concepts [v0.0.1-plugins-outputs-logstash-config-connecting]
diff --git a/docs/vpr/v0-0-2-plugins-filters-elastic_integration.md b/docs/vpr/v0-0-2-plugins-filters-elastic_integration.md
index 6c9c999..a4f62ae 100644
--- a/docs/vpr/v0-0-2-plugins-filters-elastic_integration.md
+++ b/docs/vpr/v0-0-2-plugins-filters-elastic_integration.md
@@ -233,7 +233,7 @@ This plugin supports the following configuration options plus the [Common option
* Value type is [password](logstash://reference/configuration-file-structure.md#password)
* There is no default value for this setting.
-The encoded form of an API key that is used to authenticate this plugin to {es}
+The encoded form of an API key that is used to authenticate this plugin to {{es}}
### `cloud_auth` [v0.0.2-plugins-filters-elastic_integration-cloud_auth]
diff --git a/docs/vpr/v0-0-2-plugins-inputs-logstash.md b/docs/vpr/v0-0-2-plugins-inputs-logstash.md
index 18d62f9..4871142 100644
--- a/docs/vpr/v0-0-2-plugins-inputs-logstash.md
+++ b/docs/vpr/v0-0-2-plugins-inputs-logstash.md
@@ -32,9 +32,30 @@ Sending events to this input by *any* means other than [logstash output plugin](
### Minimum Configuration [v0.0.2-plugins-inputs-logstash-minimum-config]
-| SSL Enabled | SSL Disabled |
-| --- | --- |
-| ```shell
input {
logstash {
port => 8080
ssl_keystore_path
=> "/path/to/logstash.p12"
ssl_keystore_password
=> "${PASS}"
}
}
```
| ```shell
input {
logstash {
port => 8080
ssl_enabled => false
}
}
```
|
+#### SSL Enabled
+
+```shell
+input {
+ logstash {
+ port => 8080
+ ssl_keystore_path
+ => "/path/to/logstash.p12"
+ ssl_keystore_password
+ => "${PASS}"
+ }
+}
+```
+
+#### SSL Disabled
+
+```shell
+input {
+ logstash {
+ port => 8080
+ ssl_enabled => false
+ }
+}
+```
### Configuration Concepts [v0.0.2-plugins-inputs-logstash-config-binding]
diff --git a/docs/vpr/v0-0-2-plugins-outputs-logstash.md b/docs/vpr/v0-0-2-plugins-outputs-logstash.md
index ae4bd57..6c984e8 100644
--- a/docs/vpr/v0-0-2-plugins-outputs-logstash.md
+++ b/docs/vpr/v0-0-2-plugins-outputs-logstash.md
@@ -32,10 +32,29 @@ Sending events to *any* destination other than [logstash input plugin](/lsr/plug
### Minimum Configuration [v0.0.2-plugins-outputs-logstash-minimum-config]
-| SSL Enabled | SSL Disabled |
-| --- | --- |
-| ```shell
output {
logstash {
host => "10.0.0.123"
port => 8080
}
}
```
| ```shell
output {
logstash {
host => "10.0.0.123"
port => 8080
ssl_enabled
=> false
}
}
```
|
+#### SSL Enabled
+```shell
+output {
+ logstash {
+ host => "10.0.0.123"
+ port => 8080
+ }
+}
+```
+
+#### SSL Disabled
+
+```shell
+output {
+ logstash {
+ host => "10.0.0.123"
+ port => 8080
+ ssl_enabled
+ => false
+ }
+}
+```
### Configuration Concepts [v0.0.2-plugins-outputs-logstash-config-connecting]
diff --git a/docs/vpr/v0-0-3-plugins-filters-elastic_integration.md b/docs/vpr/v0-0-3-plugins-filters-elastic_integration.md
index 4ac929b..659bafa 100644
--- a/docs/vpr/v0-0-3-plugins-filters-elastic_integration.md
+++ b/docs/vpr/v0-0-3-plugins-filters-elastic_integration.md
@@ -251,7 +251,7 @@ This plugin supports the following configuration options plus the [Common option
* Value type is [password](logstash://reference/configuration-file-structure.md#password)
* There is no default value for this setting.
-The encoded form of an API key that is used to authenticate this plugin to {es}
+The encoded form of an API key that is used to authenticate this plugin to {{es}}
### `cloud_auth` [v0.0.3-plugins-filters-elastic_integration-cloud_auth]
diff --git a/docs/vpr/v0-0-3-plugins-inputs-logstash.md b/docs/vpr/v0-0-3-plugins-inputs-logstash.md
index 3929185..bc24129 100644
--- a/docs/vpr/v0-0-3-plugins-inputs-logstash.md
+++ b/docs/vpr/v0-0-3-plugins-inputs-logstash.md
@@ -32,9 +32,30 @@ Sending events to this input by *any* means other than `plugins-outputs-logstash
### Minimum Configuration [v0.0.3-plugins-inputs-logstash-minimum-config]
-| SSL Enabled | SSL Disabled |
-| --- | --- |
-| ```shell
input {
logstash {
port => 8080
ssl_keystore_path
=> "/path/to/logstash.p12"
ssl_keystore_password
=> "${PASS}"
}
}
```
| ```shell
input {
logstash {
port => 8080
ssl_enabled => false
}
}
```
|
+#### SSL Enabled
+
+```shell
+input {
+ logstash {
+ port => 8080
+ ssl_keystore_path
+ => "/path/to/logstash.p12"
+ ssl_keystore_password
+ => "${PASS}"
+ }
+}
+```
+
+#### SSL Disabled
+
+```shell
+input {
+ logstash {
+ port => 8080
+ ssl_enabled => false
+ }
+}
+```
### Configuration Concepts [v0.0.3-plugins-inputs-logstash-config-binding]
diff --git a/docs/vpr/v0-0-3-plugins-outputs-logstash.md b/docs/vpr/v0-0-3-plugins-outputs-logstash.md
index a56e975..652c5b6 100644
--- a/docs/vpr/v0-0-3-plugins-outputs-logstash.md
+++ b/docs/vpr/v0-0-3-plugins-outputs-logstash.md
@@ -32,9 +32,27 @@ Sending events to *any* destination other than [logstash input plugin](/lsr/plug
### Minimum Configuration [v0.0.3-plugins-outputs-logstash-minimum-config]
-| SSL Enabled | SSL Disabled |
-| --- | --- |
-| ```shell
output {
logstash {
host => "10.0.0.123"
port => 8080
}
}
```
| ```shell
output {
logstash {
host => "10.0.0.123"
port => 8080
ssl_enabled
=> false
}
}
```
|
+```shell
+output {
+ logstash {
+ host => "10.0.0.123"
+ port => 8080
+ }
+}
+```
+
+#### SSL Disabled
+
+```shell
+output {
+ logstash {
+ host => "10.0.0.123"
+ port => 8080
+ ssl_enabled
+ => false
+ }
+}
+```
### Configuration Concepts [v0.0.3-plugins-outputs-logstash-config-connecting]
diff --git a/docs/vpr/v0-0-4-plugins-inputs-logstash.md b/docs/vpr/v0-0-4-plugins-inputs-logstash.md
index 4e1a9fe..8da35cc 100644
--- a/docs/vpr/v0-0-4-plugins-inputs-logstash.md
+++ b/docs/vpr/v0-0-4-plugins-inputs-logstash.md
@@ -32,10 +32,28 @@ Sending events to this input by *any* means other than `plugins-outputs-logstash
### Minimum Configuration [v0.0.4-plugins-inputs-logstash-minimum-config]
-| SSL Enabled | SSL Disabled |
-| --- | --- |
-| ```shell
input {
logstash {
ssl_keystore_path
=> "/path/to/logstash.p12"
ssl_keystore_password
=> "${PASS}"
}
}
```
| ```shell
input {
logstash {
ssl_enabled => false
}
}
```
|
+#### SSL Enabled
+```shell
+input {
+ logstash {
+ ssl_keystore_path
+ => "/path/to/logstash.p12"
+ ssl_keystore_password
+ => "${PASS}"
+ }
+}
+```
+
+#### SSL Disabled
+
+```shell
+input {
+ logstash {
+ ssl_enabled => false
+ }
+}
+```
### Configuration Concepts [v0.0.4-plugins-inputs-logstash-config-binding]
diff --git a/docs/vpr/v0-0-4-plugins-outputs-logstash.md b/docs/vpr/v0-0-4-plugins-outputs-logstash.md
index b90651b..e376215 100644
--- a/docs/vpr/v0-0-4-plugins-outputs-logstash.md
+++ b/docs/vpr/v0-0-4-plugins-outputs-logstash.md
@@ -32,10 +32,27 @@ Sending events to *any* destination other than [logstash input plugin](/lsr/plug
### Minimum Configuration [v0.0.4-plugins-outputs-logstash-minimum-config]
-| SSL Enabled | SSL Disabled |
-| --- | --- |
-| ```shell
output {
logstash {
hosts => "10.0.0.123:9801"
}
}
```
| ```shell
output {
logstash {
hosts => "10.0.0.123:9801"
ssl_enabled
=> false
}
}
```
|
+#### SSL Enabled
+```shell
+output {
+ logstash {
+ hosts => "10.0.0.123:9801"
+ }
+}
+```
+
+#### SSL Disabled
+
+```shell
+output {
+ logstash {
+ hosts => "10.0.0.123:9801"
+ ssl_enabled
+ => false
+ }
+}
+```
### Configuration Concepts [v0.0.4-plugins-outputs-logstash-config-connecting]
diff --git a/docs/vpr/v0-0-5-plugins-inputs-logstash.md b/docs/vpr/v0-0-5-plugins-inputs-logstash.md
index 2075ca0..cca131f 100644
--- a/docs/vpr/v0-0-5-plugins-inputs-logstash.md
+++ b/docs/vpr/v0-0-5-plugins-inputs-logstash.md
@@ -32,9 +32,28 @@ Sending events to this input by *any* means other than `plugins-outputs-logstash
### Minimum Configuration [v0.0.5-plugins-inputs-logstash-minimum-config]
-| SSL Enabled | SSL Disabled |
-| --- | --- |
-| ```shell
input {
logstash {
ssl_keystore_path
=> "/path/to/logstash.p12"
ssl_keystore_password
=> "${PASS}"
}
}
```
| ```shell
input {
logstash {
ssl_enabled => false
}
}
```
|
+#### SSL Enabled
+
+```shell
+input {
+ logstash {
+ ssl_keystore_path
+ => "/path/to/logstash.p12"
+ ssl_keystore_password
+ => "${PASS}"
+ }
+}
+```
+
+#### SSL Disabled
+
+```shell
+input {
+ logstash {
+ ssl_enabled => false
+ }
+}
+```
### Configuration Concepts [v0.0.5-plugins-inputs-logstash-config-binding]
diff --git a/docs/vpr/v0-0-5-plugins-outputs-logstash.md b/docs/vpr/v0-0-5-plugins-outputs-logstash.md
index 773737b..1af228f 100644
--- a/docs/vpr/v0-0-5-plugins-outputs-logstash.md
+++ b/docs/vpr/v0-0-5-plugins-outputs-logstash.md
@@ -32,9 +32,27 @@ Sending events to *any* destination other than a `logstash-input` plugin is neit
### Minimum Configuration [v0.0.5-plugins-outputs-logstash-minimum-config]
-| SSL Enabled | SSL Disabled |
-| --- | --- |
-| ```shell
output {
logstash {
hosts => "10.0.0.123:9801"
}
}
```
| ```shell
output {
logstash {
hosts => "10.0.0.123:9801"
ssl_enabled
=> false
}
}
```
|
+#### SSL Enabled
+
+```shell
+output {
+ logstash {
+ hosts => "10.0.0.123:9801"
+ }
+}
+```
+
+#### SSL Disabled
+
+```shell
+output {
+ logstash {
+ hosts => "10.0.0.123:9801"
+ ssl_enabled
+ => false
+ }
+}
+```
### Configuration Concepts [v0.0.5-plugins-outputs-logstash-config-connecting]
diff --git a/docs/vpr/v0-1-0-plugins-inputs-elastic_serverless_forwarder.md b/docs/vpr/v0-1-0-plugins-inputs-elastic_serverless_forwarder.md
index de360d4..9fad749 100644
--- a/docs/vpr/v0-1-0-plugins-inputs-elastic_serverless_forwarder.md
+++ b/docs/vpr/v0-1-0-plugins-inputs-elastic_serverless_forwarder.md
@@ -26,11 +26,28 @@ Using this input you can receive events from Elastic Serverless Forwarder over h
### Minimum Configuration [v0.1.0-plugins-inputs-elastic_serverless_forwarder-ext-field]
-| SSL Enabled | SSL Disabled |
-| --- | --- |
-| ```
input {
elastic_serverless_forwarder {
port => 8080
ssl_certificate => "/path/to/logstash.crt"
ssl_key => "/path/to/logstash.key"
}
}
```
| ```
input {
elastic_serverless_forwarder {
port => 8080
ssl => false
}
}
```
|
+#### SSL Enabled
+```
+input {
+ elastic_serverless_forwarder {
+ port => 8080
+ ssl_certificate => "/path/to/logstash.crt"
+ ssl_key => "/path/to/logstash.key"
+ }
+}
+```
+
+#### SSL Disabled
+```
+input {
+ elastic_serverless_forwarder {
+ port => 8080
+ ssl => false
+ }
+}
+```
## Enrichment [v0.1.0-plugins-inputs-elastic_serverless_forwarder-enrichment]
diff --git a/docs/vpr/v0-1-1-plugins-inputs-elastic_serverless_forwarder.md b/docs/vpr/v0-1-1-plugins-inputs-elastic_serverless_forwarder.md
index f5e30bc..fb0a68e 100644
--- a/docs/vpr/v0-1-1-plugins-inputs-elastic_serverless_forwarder.md
+++ b/docs/vpr/v0-1-1-plugins-inputs-elastic_serverless_forwarder.md
@@ -26,11 +26,28 @@ Using this input you can receive events from Elastic Serverless Forwarder over h
### Minimum Configuration [v0.1.1-plugins-inputs-elastic_serverless_forwarder-ext-field]
-| SSL Enabled | SSL Disabled |
-| --- | --- |
-| ```shell
input {
elastic_serverless_forwarder {
port => 8080
ssl_certificate => "/path/to/logstash.crt"
ssl_key => "/path/to/logstash.key"
}
}
```
| ```shell
input {
elastic_serverless_forwarder {
port => 8080
ssl => false
}
}
```
|
+#### SSL Enabled
+```shell
+input {
+ elastic_serverless_forwarder {
+ port => 8080
+ ssl_certificate => "/path/to/logstash.crt"
+ ssl_key => "/path/to/logstash.key"
+ }
+}
+```
+
+#### SSL Disabled
+```shell
+input {
+ elastic_serverless_forwarder {
+ port => 8080
+ ssl => false
+ }
+}
+```
## Enrichment [v0.1.1-plugins-inputs-elastic_serverless_forwarder-enrichment]
diff --git a/docs/vpr/v0-1-10-plugins-filters-elastic_integration.md b/docs/vpr/v0-1-10-plugins-filters-elastic_integration.md
index deda0bf..ef50b1e 100644
--- a/docs/vpr/v0-1-10-plugins-filters-elastic_integration.md
+++ b/docs/vpr/v0-1-10-plugins-filters-elastic_integration.md
@@ -30,7 +30,7 @@ Use of this plugin requires an active Elastic Enterprise [subscription](https://
Use this filter to process Elastic integrations powered by {{es}} Ingest Node in {{ls}}.
-::::{admonition} Extending Elastic integrations with {ls}
+::::{admonition} Extending Elastic integrations with {{ls}}
This plugin can help you take advantage of the extensive, built-in capabilities of [Elastic {{integrations}}\]\(([^:]+)://reference/index.md)—such as managing data collection, transformation, and visualization—and then use {{ls}} for additional data processing and output options. For more info about extending Elastic integrations with {{ls}}, check out [Using {{ls}} with Elastic Integrations](logstash://reference/using-logstash-with-elastic-integrations.md).
::::
diff --git a/docs/vpr/v0-1-11-plugins-filters-elastic_integration.md b/docs/vpr/v0-1-11-plugins-filters-elastic_integration.md
index 945b5cb..230d2a8 100644
--- a/docs/vpr/v0-1-11-plugins-filters-elastic_integration.md
+++ b/docs/vpr/v0-1-11-plugins-filters-elastic_integration.md
@@ -30,7 +30,7 @@ Use of this plugin requires an active Elastic Enterprise [subscription](https://
Use this filter to process Elastic integrations powered by {{es}} Ingest Node in {{ls}}.
-::::{admonition} Extending Elastic integrations with {ls}
+::::{admonition} Extending Elastic integrations with {{ls}}
This plugin can help you take advantage of the extensive, built-in capabilities of [Elastic {{integrations}}\]\(([^:]+)://reference/index.md)—such as managing data collection, transformation, and visualization—and then use {{ls}} for additional data processing and output options. For more info about extending Elastic integrations with {{ls}}, check out [Using {{ls}} with Elastic Integrations](logstash://reference/using-logstash-with-elastic-integrations.md).
::::
diff --git a/docs/vpr/v0-1-12-plugins-filters-elastic_integration.md b/docs/vpr/v0-1-12-plugins-filters-elastic_integration.md
index ec3e9d4..721f865 100644
--- a/docs/vpr/v0-1-12-plugins-filters-elastic_integration.md
+++ b/docs/vpr/v0-1-12-plugins-filters-elastic_integration.md
@@ -30,7 +30,7 @@ Use of this plugin requires an active Elastic Enterprise [subscription](https://
Use this filter to process Elastic integrations powered by {{es}} Ingest Node in {{ls}}.
-::::{admonition} Extending Elastic integrations with {ls}
+::::{admonition} Extending Elastic integrations with {{ls}}
This plugin can help you take advantage of the extensive, built-in capabilities of [Elastic {{integrations}}\]\(([^:]+)://reference/index.md)—such as managing data collection, transformation, and visualization—and then use {{ls}} for additional data processing and output options. For more info about extending Elastic integrations with {{ls}}, check out [Using {{ls}} with Elastic Integrations](logstash://reference/using-logstash-with-elastic-integrations.md).
::::
diff --git a/docs/vpr/v0-1-13-plugins-filters-elastic_integration.md b/docs/vpr/v0-1-13-plugins-filters-elastic_integration.md
index d388fd2..450cfba 100644
--- a/docs/vpr/v0-1-13-plugins-filters-elastic_integration.md
+++ b/docs/vpr/v0-1-13-plugins-filters-elastic_integration.md
@@ -30,7 +30,7 @@ Use of this plugin requires an active Elastic Enterprise [subscription](https://
Use this filter to process Elastic integrations powered by {{es}} Ingest Node in {{ls}}.
-::::{admonition} Extending Elastic integrations with {ls}
+::::{admonition} Extending Elastic integrations with {{ls}}
This plugin can help you take advantage of the extensive, built-in capabilities of [Elastic {{integrations}}\]\(([^:]+)://reference/index.md)—such as managing data collection, transformation, and visualization—and then use {{ls}} for additional data processing and output options. For more info about extending Elastic integrations with {{ls}}, check out [Using {{ls}} with Elastic Integrations](logstash://reference/using-logstash-with-elastic-integrations.md).
::::
diff --git a/docs/vpr/v0-1-14-plugins-filters-elastic_integration.md b/docs/vpr/v0-1-14-plugins-filters-elastic_integration.md
index cd7499a..7a13a38 100644
--- a/docs/vpr/v0-1-14-plugins-filters-elastic_integration.md
+++ b/docs/vpr/v0-1-14-plugins-filters-elastic_integration.md
@@ -30,7 +30,7 @@ Use of this plugin requires an active Elastic Enterprise [subscription](https://
Use this filter to process Elastic integrations powered by {{es}} Ingest Node in {{ls}}.
-::::{admonition} Extending Elastic integrations with {ls}
+::::{admonition} Extending Elastic integrations with {{ls}}
This plugin can help you take advantage of the extensive, built-in capabilities of [Elastic {{integrations}}\]\(([^:]+)://reference/index.md)—such as managing data collection, transformation, and visualization—and then use {{ls}} for additional data processing and output options. For more info about extending Elastic integrations with {{ls}}, check out [Using {{ls}} with Elastic Integrations](logstash://reference/using-logstash-with-elastic-integrations.md).
::::
diff --git a/docs/vpr/v0-1-15-plugins-filters-elastic_integration.md b/docs/vpr/v0-1-15-plugins-filters-elastic_integration.md
index 35b892e..4d48819 100644
--- a/docs/vpr/v0-1-15-plugins-filters-elastic_integration.md
+++ b/docs/vpr/v0-1-15-plugins-filters-elastic_integration.md
@@ -30,7 +30,7 @@ Use of this plugin requires an active Elastic Enterprise [subscription](https://
Use this filter to process Elastic integrations powered by {{es}} Ingest Node in {{ls}}.
-::::{admonition} Extending Elastic integrations with {ls}
+::::{admonition} Extending Elastic integrations with {{ls}}
This plugin can help you take advantage of the extensive, built-in capabilities of [Elastic {{integrations}}\]\(([^:]+)://reference/index.md)—such as managing data collection, transformation, and visualization—and then use {{ls}} for additional data processing and output options. For more info about extending Elastic integrations with {{ls}}, check out [Using {{ls}} with Elastic Integrations](logstash://reference/using-logstash-with-elastic-integrations.md).
::::
diff --git a/docs/vpr/v0-1-16-plugins-filters-elastic_integration.md b/docs/vpr/v0-1-16-plugins-filters-elastic_integration.md
index c0d3f08..4146116 100644
--- a/docs/vpr/v0-1-16-plugins-filters-elastic_integration.md
+++ b/docs/vpr/v0-1-16-plugins-filters-elastic_integration.md
@@ -30,7 +30,7 @@ Use of this plugin requires an active Elastic Enterprise [subscription](https://
Use this filter to process Elastic integrations powered by {{es}} Ingest Node in {{ls}}.
-::::{admonition} Extending Elastic integrations with {ls}
+::::{admonition} Extending Elastic integrations with {{ls}}
This plugin can help you take advantage of the extensive, built-in capabilities of [Elastic {{integrations}}\]\(([^:]+)://reference/index.md)—such as managing data collection, transformation, and visualization—and then use {{ls}} for additional data processing and output options. For more info about extending Elastic integrations with {{ls}}, check out [Using {{ls}} with Elastic Integrations](logstash://reference/using-logstash-with-elastic-integrations.md).
::::
diff --git a/docs/vpr/v0-1-17-plugins-filters-elastic_integration.md b/docs/vpr/v0-1-17-plugins-filters-elastic_integration.md
index 91421df..cf95fc8 100644
--- a/docs/vpr/v0-1-17-plugins-filters-elastic_integration.md
+++ b/docs/vpr/v0-1-17-plugins-filters-elastic_integration.md
@@ -30,7 +30,7 @@ Use of this plugin requires an active Elastic Enterprise [subscription](https://
Use this filter to process Elastic integrations powered by {{es}} Ingest Node in {{ls}}.
-::::{admonition} Extending Elastic integrations with {ls}
+::::{admonition} Extending Elastic integrations with {{ls}}
This plugin can help you take advantage of the extensive, built-in capabilities of [Elastic {{integrations}}\]\(([^:]+)://reference/index.md)—such as managing data collection, transformation, and visualization—and then use {{ls}} for additional data processing and output options. For more info about extending Elastic integrations with {{ls}}, check out [Using {{ls}} with Elastic Integrations](logstash://reference/using-logstash-with-elastic-integrations.md).
::::
diff --git a/docs/vpr/v0-1-2-plugins-inputs-elastic_serverless_forwarder.md b/docs/vpr/v0-1-2-plugins-inputs-elastic_serverless_forwarder.md
index d8a93ba..a981377 100644
--- a/docs/vpr/v0-1-2-plugins-inputs-elastic_serverless_forwarder.md
+++ b/docs/vpr/v0-1-2-plugins-inputs-elastic_serverless_forwarder.md
@@ -26,9 +26,28 @@ Using this input you can receive events from Elastic Serverless Forwarder over h
### Minimum Configuration [v0.1.2-plugins-inputs-elastic_serverless_forwarder-ext-field]
-| SSL Enabled | SSL Disabled |
-| --- | --- |
-| ```shell
input {
elastic_serverless_forwarder {
port => 8080
ssl_certificate => "/path/to/logstash.crt"
ssl_key => "/path/to/logstash.key"
}
}
```
| ```shell
input {
elastic_serverless_forwarder {
port => 8080
ssl => false
}
}
```
|
+#### SSL Enabled
+
+```shell
+input {
+ elastic_serverless_forwarder {
+ port => 8080
+ ssl_certificate => "/path/to/logstash.crt"
+ ssl_key => "/path/to/logstash.key"
+ }
+}
+```
+
+#### SSL Disabled
+
+```shell
+input {
+ elastic_serverless_forwarder {
+ port => 8080
+ ssl => false
+ }
+}
+```
::::{admonition} Technical Preview
This Elastic Serverless Forwarder input plugin is part of a *Technical Preview*, which means that both configuration options and implementation details are subject to change in minor releases without being preceded by deprecation warnings.
diff --git a/docs/vpr/v0-1-3-plugins-inputs-elastic_serverless_forwarder.md b/docs/vpr/v0-1-3-plugins-inputs-elastic_serverless_forwarder.md
index b990957..9d0b078 100644
--- a/docs/vpr/v0-1-3-plugins-inputs-elastic_serverless_forwarder.md
+++ b/docs/vpr/v0-1-3-plugins-inputs-elastic_serverless_forwarder.md
@@ -26,9 +26,28 @@ Using this input you can receive events from Elastic Serverless Forwarder over h
### Minimum Configuration [v0.1.3-plugins-inputs-elastic_serverless_forwarder-ext-field]
-| SSL Enabled | SSL Disabled |
-| --- | --- |
-| ```shell
input {
elastic_serverless_forwarder {
port => 8080
ssl_certificate => "/path/to/logstash.crt"
ssl_key => "/path/to/logstash.key"
}
}
```
| ```shell
input {
elastic_serverless_forwarder {
port => 8080
ssl_enabled => false
}
}
```
|
+#### SSL Enabled
+
+```shell
+input {
+ elastic_serverless_forwarder {
+ port => 8080
+ ssl_certificate => "/path/to/logstash.crt"
+ ssl_key => "/path/to/logstash.key"
+ }
+}
+```
+
+#### SSL Disabled
+
+```shell
+input {
+ elastic_serverless_forwarder {
+ port => 8080
+ ssl_enabled => false
+ }
+}
+```
::::{admonition} Technical Preview
This Elastic Serverless Forwarder input plugin is part of a *Technical Preview*, which means that both configuration options and implementation details are subject to change in minor releases without being preceded by deprecation warnings.
diff --git a/docs/vpr/v0-1-4-plugins-inputs-elastic_serverless_forwarder.md b/docs/vpr/v0-1-4-plugins-inputs-elastic_serverless_forwarder.md
index c8c72dd..bba6477 100644
--- a/docs/vpr/v0-1-4-plugins-inputs-elastic_serverless_forwarder.md
+++ b/docs/vpr/v0-1-4-plugins-inputs-elastic_serverless_forwarder.md
@@ -26,9 +26,28 @@ Using this input you can receive events from Elastic Serverless Forwarder over h
### Minimum Configuration [v0.1.4-plugins-inputs-elastic_serverless_forwarder-ext-field]
-| SSL Enabled | SSL Disabled |
-| --- | --- |
-| ```shell
input {
elastic_serverless_forwarder {
port => 8080
ssl_certificate => "/path/to/logstash.crt"
ssl_key => "/path/to/logstash.key"
}
}
```
| ```shell
input {
elastic_serverless_forwarder {
port => 8080
ssl_enabled => false
}
}
```
|
+#### SSL Enabled
+
+```shell
+input {
+ elastic_serverless_forwarder {
+ port => 8080
+ ssl_certificate => "/path/to/logstash.crt"
+ ssl_key => "/path/to/logstash.key"
+ }
+}
+```
+
+#### SSL Disabled
+
+```shell
+input {
+ elastic_serverless_forwarder {
+ port => 8080
+ ssl_enabled => false
+ }
+}
+```
::::{admonition} Technical Preview
This Elastic Serverless Forwarder input plugin is part of a *Technical Preview*, which means that both configuration options and implementation details are subject to change in minor releases without being preceded by deprecation warnings.
diff --git a/docs/vpr/v0-1-5-plugins-inputs-elastic_serverless_forwarder.md b/docs/vpr/v0-1-5-plugins-inputs-elastic_serverless_forwarder.md
index 2535036..34394d6 100644
--- a/docs/vpr/v0-1-5-plugins-inputs-elastic_serverless_forwarder.md
+++ b/docs/vpr/v0-1-5-plugins-inputs-elastic_serverless_forwarder.md
@@ -26,9 +26,28 @@ Using this input you can receive events from Elastic Serverless Forwarder over h
### Minimum Configuration [v0.1.5-plugins-inputs-elastic_serverless_forwarder-ext-field]
-| SSL Enabled | SSL Disabled |
-| --- | --- |
-| ```shell
input {
elastic_serverless_forwarder {
port => 8080
ssl_certificate => "/path/to/logstash.crt"
ssl_key => "/path/to/logstash.key"
}
}
```
| ```shell
input {
elastic_serverless_forwarder {
port => 8080
ssl_enabled => false
}
}
```
|
+#### SSL Enabled
+
+```shell
+input {
+ elastic_serverless_forwarder {
+ port => 8080
+ ssl_certificate => "/path/to/logstash.crt"
+ ssl_key => "/path/to/logstash.key"
+ }
+}
+```
+
+#### SSL Disabled
+
+```shell
+input {
+ elastic_serverless_forwarder {
+ port => 8080
+ ssl_enabled => false
+ }
+}
+```
::::{admonition} Technical Preview
This Elastic Serverless Forwarder input plugin is part of a *Technical Preview*, which means that both configuration options and implementation details are subject to change in minor releases without being preceded by deprecation warnings.
diff --git a/docs/vpr/v0-1-9-plugins-filters-elastic_integration.md b/docs/vpr/v0-1-9-plugins-filters-elastic_integration.md
index ce9210d..d593e0c 100644
--- a/docs/vpr/v0-1-9-plugins-filters-elastic_integration.md
+++ b/docs/vpr/v0-1-9-plugins-filters-elastic_integration.md
@@ -30,7 +30,7 @@ Use of this plugin requires an active Elastic Enterprise [subscription](https://
Use this filter to process Elastic integrations powered by {{es}} Ingest Node in {{ls}}.
-::::{admonition} Extending Elastic integrations with {ls}
+::::{admonition} Extending Elastic integrations with {{ls}}
This plugin can help you take advantage of the extensive, built-in capabilities of [Elastic {{integrations}}\]\(([^:]+)://reference/index.md)—such as managing data collection, transformation, and visualization—and then use {{ls}} for additional data processing and output options. For more info about extending Elastic integrations with {{ls}}, check out [Using {{ls}} with Elastic Integrations](logstash://reference/using-logstash-with-elastic-integrations.md).
::::
diff --git a/docs/vpr/v1-0-0-plugins-inputs-azure_event_hubs.md b/docs/vpr/v1-0-0-plugins-inputs-azure_event_hubs.md
index 42d8f6a..9d2b32f 100644
--- a/docs/vpr/v1-0-0-plugins-inputs-azure_event_hubs.md
+++ b/docs/vpr/v1-0-0-plugins-inputs-azure_event_hubs.md
@@ -60,7 +60,7 @@ Find the connection string to Blob Storage here: [Azure Portal](https://portal.a
Here are some guidelines to help you avoid data conflicts that can cause lost events.
-* **Create a {{ls}} consumer group.** Create a new consumer group specifically for {{ls}}}. Do not use the $default or any other consumer group that might already be in use. Reusing consumer groups among non-related consumers can cause expected behavior and possibly lost events. All [ls] instances should use the same consumer group so that they can work together for processing events.
+* **Create a {{ls}} consumer group.** Create a new consumer group specifically for {{ls}}. Do not use the $default or any other consumer group that might already be in use. Reusing consumer groups among non-related consumers can cause expected behavior and possibly lost events. All [ls] instances should use the same consumer group so that they can work together for processing events.
* **Avoid overwriting offset with multiple Event Hubs.** The offsets (position) of the Event Hubs are stored in the configured Azure Blob store. The Azure Blob store uses paths like a file system to store the offsets. If the paths between multiple Event Hubs overlap, then the offsets may be stored incorrectly. To avoid duplicate file paths, use the advanced configuration model and make sure that at least one of these options is different per Event Hub:
* storage_connection
diff --git a/docs/vpr/v1-0-0-plugins-inputs-logstash.md b/docs/vpr/v1-0-0-plugins-inputs-logstash.md
index a6dc21a..6b2ff6a 100644
--- a/docs/vpr/v1-0-0-plugins-inputs-logstash.md
+++ b/docs/vpr/v1-0-0-plugins-inputs-logstash.md
@@ -32,9 +32,28 @@ Sending events to this input by *any* means other than `plugins-outputs-logstash
### Minimum Configuration [v1.0.0-plugins-inputs-logstash-minimum-config]
-| SSL Enabled | SSL Disabled |
-| --- | --- |
-| ```shell
input {
logstash {
ssl_keystore_path
=> "/path/to/logstash.p12"
ssl_keystore_password
=> "${PASS}"
}
}
```
| ```shell
input {
logstash {
ssl_enabled => false
}
}
```
|
+#### SSL Enabled
+
+```shell
+input {
+ logstash {
+ ssl_keystore_path
+ => "/path/to/logstash.p12"
+ ssl_keystore_password
+ => "${PASS}"
+ }
+}
+```
+
+#### SSL Disabled
+
+```shell
+input {
+ logstash {
+ ssl_enabled => false
+ }
+}
+```
### Configuration Concepts [v1.0.0-plugins-inputs-logstash-config-binding]
diff --git a/docs/vpr/v1-0-0-plugins-outputs-logstash.md b/docs/vpr/v1-0-0-plugins-outputs-logstash.md
index 9ce73fd..b569cda 100644
--- a/docs/vpr/v1-0-0-plugins-outputs-logstash.md
+++ b/docs/vpr/v1-0-0-plugins-outputs-logstash.md
@@ -32,9 +32,27 @@ Sending events to *any* destination other than a `logstash-input` plugin is neit
### Minimum Configuration [v1.0.0-plugins-outputs-logstash-minimum-config]
-| SSL Enabled | SSL Disabled |
-| --- | --- |
-| ```shell
output {
logstash {
hosts => "10.0.0.123:9801"
}
}
```
| ```shell
output {
logstash {
hosts => "10.0.0.123:9801"
ssl_enabled
=> false
}
}
```
|
+#### SSL Enabled
+
+```shell
+output {
+ logstash {
+ hosts => "10.0.0.123:9801"
+ }
+}
+```
+
+#### SSL Disabled
+
+```shell
+output {
+ logstash {
+ hosts => "10.0.0.123:9801"
+ ssl_enabled
+ => false
+ }
+}
+```
### Configuration Concepts [v1.0.0-plugins-outputs-logstash-config-connecting]
diff --git a/docs/vpr/v1-0-1-plugins-inputs-azure_event_hubs.md b/docs/vpr/v1-0-1-plugins-inputs-azure_event_hubs.md
index 5c92ba8..91da6a1 100644
--- a/docs/vpr/v1-0-1-plugins-inputs-azure_event_hubs.md
+++ b/docs/vpr/v1-0-1-plugins-inputs-azure_event_hubs.md
@@ -60,7 +60,7 @@ Find the connection string to Blob Storage here: [Azure Portal](https://portal.a
Here are some guidelines to help you avoid data conflicts that can cause lost events.
-* **Create a {{ls}} consumer group.** Create a new consumer group specifically for {{ls}}}. Do not use the $default or any other consumer group that might already be in use. Reusing consumer groups among non-related consumers can cause expected behavior and possibly lost events. All [ls] instances should use the same consumer group so that they can work together for processing events.
+* **Create a {{ls}} consumer group.** Create a new consumer group specifically for {{ls}}. Do not use the $default or any other consumer group that might already be in use. Reusing consumer groups among non-related consumers can cause expected behavior and possibly lost events. All [ls] instances should use the same consumer group so that they can work together for processing events.
* **Avoid overwriting offset with multiple Event Hubs.** The offsets (position) of the Event Hubs are stored in the configured Azure Blob store. The Azure Blob store uses paths like a file system to store the offsets. If the paths between multiple Event Hubs overlap, then the offsets may be stored incorrectly. To avoid duplicate file paths, use the advanced configuration model and make sure that at least one of these options is different per Event Hub:
* storage_connection
diff --git a/docs/vpr/v1-0-1-plugins-inputs-logstash.md b/docs/vpr/v1-0-1-plugins-inputs-logstash.md
index 125f628..ab63583 100644
--- a/docs/vpr/v1-0-1-plugins-inputs-logstash.md
+++ b/docs/vpr/v1-0-1-plugins-inputs-logstash.md
@@ -32,9 +32,28 @@ Sending events to this input by *any* means other than `plugins-outputs-logstash
### Minimum Configuration [v1.0.1-plugins-inputs-logstash-minimum-config]
-| SSL Enabled | SSL Disabled |
-| --- | --- |
-| ```shell
input {
logstash {
ssl_keystore_path
=> "/path/to/logstash.p12"
ssl_keystore_password
=> "${PASS}"
}
}
```
| ```shell
input {
logstash {
ssl_enabled => false
}
}
```
|
+#### SSL Enabled
+
+```shell
+input {
+ logstash {
+ ssl_keystore_path
+ => "/path/to/logstash.p12"
+ ssl_keystore_password
+ => "${PASS}"
+ }
+}
+```
+
+#### SSL Disabled
+
+```shell
+input {
+ logstash {
+ ssl_enabled => false
+ }
+}
+```
### Configuration Concepts [v1.0.1-plugins-inputs-logstash-config-binding]
diff --git a/docs/vpr/v1-0-1-plugins-outputs-logstash.md b/docs/vpr/v1-0-1-plugins-outputs-logstash.md
index e9c9987..7820b4f 100644
--- a/docs/vpr/v1-0-1-plugins-outputs-logstash.md
+++ b/docs/vpr/v1-0-1-plugins-outputs-logstash.md
@@ -32,9 +32,27 @@ Sending events to *any* destination other than a `logstash-input` plugin is neit
### Minimum Configuration [v1.0.1-plugins-outputs-logstash-minimum-config]
-| SSL Enabled | SSL Disabled |
-| --- | --- |
-| ```shell
output {
logstash {
hosts => "10.0.0.123:9801"
}
}
```
| ```shell
output {
logstash {
hosts => "10.0.0.123:9801"
ssl_enabled
=> false
}
}
```
|
+#### SSL Enabled
+
+```shell
+output {
+ logstash {
+ hosts => "10.0.0.123:9801"
+ }
+}
+```
+
+#### SSL Disabled
+
+```shell
+output {
+ logstash {
+ hosts => "10.0.0.123:9801"
+ ssl_enabled
+ => false
+ }
+}
+```
### Configuration Concepts [v1.0.1-plugins-outputs-logstash-config-connecting]
diff --git a/docs/vpr/v1-0-2-plugins-inputs-logstash.md b/docs/vpr/v1-0-2-plugins-inputs-logstash.md
index e08972c..8ab928d 100644
--- a/docs/vpr/v1-0-2-plugins-inputs-logstash.md
+++ b/docs/vpr/v1-0-2-plugins-inputs-logstash.md
@@ -32,9 +32,28 @@ Sending events to this input by *any* means other than `plugins-outputs-logstash
### Minimum Configuration [v1.0.2-plugins-inputs-logstash-minimum-config]
-| SSL Enabled | SSL Disabled |
-| --- | --- |
-| ```shell
input {
logstash {
ssl_keystore_path
=> "/path/to/logstash.p12"
ssl_keystore_password
=> "${PASS}"
}
}
```
| ```shell
input {
logstash {
ssl_enabled => false
}
}
```
|
+#### SSL Enabled
+
+```shell
+input {
+ logstash {
+ ssl_keystore_path
+ => "/path/to/logstash.p12"
+ ssl_keystore_password
+ => "${PASS}"
+ }
+}
+```
+
+#### SSL Disabled
+
+```shell
+input {
+ logstash {
+ ssl_enabled => false
+ }
+}
+```
### Configuration Concepts [v1.0.2-plugins-inputs-logstash-config-binding]
diff --git a/docs/vpr/v1-0-2-plugins-outputs-logstash.md b/docs/vpr/v1-0-2-plugins-outputs-logstash.md
index b3f137b..58f5441 100644
--- a/docs/vpr/v1-0-2-plugins-outputs-logstash.md
+++ b/docs/vpr/v1-0-2-plugins-outputs-logstash.md
@@ -32,9 +32,27 @@ Sending events to *any* destination other than a `logstash-input` plugin is neit
### Minimum Configuration [v1.0.2-plugins-outputs-logstash-minimum-config]
-| SSL Enabled | SSL Disabled |
-| --- | --- |
-| ```shell
output {
logstash {
hosts => "10.0.0.123:9801"
}
}
```
| ```shell
output {
logstash {
hosts => "10.0.0.123:9801"
ssl_enabled
=> false
}
}
```
|
+#### SSL Enabled
+
+```shell
+output {
+ logstash {
+ hosts => "10.0.0.123:9801"
+ }
+}
+```
+
+#### SSL Disabled
+
+```shell
+output {
+ logstash {
+ hosts => "10.0.0.123:9801"
+ ssl_enabled
+ => false
+ }
+}
+```
### Configuration Concepts [v1.0.2-plugins-outputs-logstash-config-connecting]
diff --git a/docs/vpr/v1-0-3-plugins-inputs-logstash.md b/docs/vpr/v1-0-3-plugins-inputs-logstash.md
index 23f9945..7dda485 100644
--- a/docs/vpr/v1-0-3-plugins-inputs-logstash.md
+++ b/docs/vpr/v1-0-3-plugins-inputs-logstash.md
@@ -32,9 +32,28 @@ Sending events to this input by *any* means other than `plugins-outputs-logstash
### Minimum Configuration [v1.0.3-plugins-inputs-logstash-minimum-config]
-| SSL Enabled | SSL Disabled |
-| --- | --- |
-| ```shell
input {
logstash {
ssl_keystore_path
=> "/path/to/logstash.p12"
ssl_keystore_password
=> "${PASS}"
}
}
```
| ```shell
input {
logstash {
ssl_enabled => false
}
}
```
|
+#### SSL Enabled
+
+```shell
+input {
+ logstash {
+ ssl_keystore_path
+ => "/path/to/logstash.p12"
+ ssl_keystore_password
+ => "${PASS}"
+ }
+}
+```
+
+#### SSL Disabled
+
+```shell
+input {
+ logstash {
+ ssl_enabled => false
+ }
+}
+```
### Configuration Concepts [v1.0.3-plugins-inputs-logstash-config-binding]
diff --git a/docs/vpr/v1-0-3-plugins-outputs-logstash.md b/docs/vpr/v1-0-3-plugins-outputs-logstash.md
index 7f37a5a..4cdf580 100644
--- a/docs/vpr/v1-0-3-plugins-outputs-logstash.md
+++ b/docs/vpr/v1-0-3-plugins-outputs-logstash.md
@@ -32,9 +32,27 @@ Sending events to *any* destination other than a `logstash-input` plugin is neit
### Minimum Configuration [v1.0.3-plugins-outputs-logstash-minimum-config]
-| SSL Enabled | SSL Disabled |
-| --- | --- |
-| ```shell
output {
logstash {
hosts => "10.0.0.123:9801"
}
}
```
| ```shell
output {
logstash {
hosts => "10.0.0.123:9801"
ssl_enabled
=> false
}
}
```
|
+#### SSL Enabled
+
+```shell
+output {
+ logstash {
+ hosts => "10.0.0.123:9801"
+ }
+}
+```
+
+#### SSL Disabled
+
+```shell
+output {
+ logstash {
+ hosts => "10.0.0.123:9801"
+ ssl_enabled
+ => false
+ }
+}
+```
### Configuration Concepts [v1.0.3-plugins-outputs-logstash-config-connecting]
diff --git a/docs/vpr/v10-7-3-plugins-outputs-elasticsearch.md b/docs/vpr/v10-7-3-plugins-outputs-elasticsearch.md
index 3cb792f..c778c93 100644
--- a/docs/vpr/v10-7-3-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v10-7-3-plugins-outputs-elasticsearch.md
@@ -42,7 +42,7 @@ If you are using a custom [`template`](v10-7-3-plugins-outputs-elasticsearch.md#
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_62]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v10-8-0-plugins-outputs-elasticsearch.md b/docs/vpr/v10-8-0-plugins-outputs-elasticsearch.md
index c93e899..30e9aea 100644
--- a/docs/vpr/v10-8-0-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v10-8-0-plugins-outputs-elasticsearch.md
@@ -42,7 +42,7 @@ If you are using a custom [`template`](v10-8-0-plugins-outputs-elasticsearch.md#
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_61]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v10-8-1-plugins-outputs-elasticsearch.md b/docs/vpr/v10-8-1-plugins-outputs-elasticsearch.md
index 0fe0833..e16a275 100644
--- a/docs/vpr/v10-8-1-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v10-8-1-plugins-outputs-elasticsearch.md
@@ -42,7 +42,7 @@ If you are using a custom [`template`](v10-8-1-plugins-outputs-elasticsearch.md#
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_60]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v10-8-2-plugins-outputs-elasticsearch.md b/docs/vpr/v10-8-2-plugins-outputs-elasticsearch.md
index 9e4bf9a..40da0fa 100644
--- a/docs/vpr/v10-8-2-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v10-8-2-plugins-outputs-elasticsearch.md
@@ -42,7 +42,7 @@ If you are using a custom [`template`](v10-8-2-plugins-outputs-elasticsearch.md#
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_59]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v10-8-3-plugins-outputs-elasticsearch.md b/docs/vpr/v10-8-3-plugins-outputs-elasticsearch.md
index d4d0541..9261885 100644
--- a/docs/vpr/v10-8-3-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v10-8-3-plugins-outputs-elasticsearch.md
@@ -42,7 +42,7 @@ If you are using a custom [`template`](v10-8-3-plugins-outputs-elasticsearch.md#
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_58]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v10-8-4-plugins-outputs-elasticsearch.md b/docs/vpr/v10-8-4-plugins-outputs-elasticsearch.md
index 33bd455..17dd036 100644
--- a/docs/vpr/v10-8-4-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v10-8-4-plugins-outputs-elasticsearch.md
@@ -42,7 +42,7 @@ If you are using a custom [`template`](v10-8-4-plugins-outputs-elasticsearch.md#
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_57]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v10-8-6-plugins-outputs-elasticsearch.md b/docs/vpr/v10-8-6-plugins-outputs-elasticsearch.md
index ca82546..7e2f92e 100644
--- a/docs/vpr/v10-8-6-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v10-8-6-plugins-outputs-elasticsearch.md
@@ -42,7 +42,7 @@ If you are using a custom [`template`](v10-8-6-plugins-outputs-elasticsearch.md#
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_56]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-0-0-plugins-outputs-elasticsearch.md b/docs/vpr/v11-0-0-plugins-outputs-elasticsearch.md
index 9f14637..3cc274e 100644
--- a/docs/vpr/v11-0-0-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-0-0-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-0-0-plugins-outputs-elasticsearch.md#
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_55]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-0-1-plugins-outputs-elasticsearch.md b/docs/vpr/v11-0-1-plugins-outputs-elasticsearch.md
index 8ba28a7..cf2e5e2 100644
--- a/docs/vpr/v11-0-1-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-0-1-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-0-1-plugins-outputs-elasticsearch.md#
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_54]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-0-2-plugins-outputs-elasticsearch.md b/docs/vpr/v11-0-2-plugins-outputs-elasticsearch.md
index 6575c01..11dc669 100644
--- a/docs/vpr/v11-0-2-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-0-2-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-0-2-plugins-outputs-elasticsearch.md#
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_53]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-0-3-plugins-outputs-elasticsearch.md b/docs/vpr/v11-0-3-plugins-outputs-elasticsearch.md
index d75e77a..2750708 100644
--- a/docs/vpr/v11-0-3-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-0-3-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-0-3-plugins-outputs-elasticsearch.md#
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_52]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-0-4-plugins-outputs-elasticsearch.md b/docs/vpr/v11-0-4-plugins-outputs-elasticsearch.md
index 143482f..025a546 100644
--- a/docs/vpr/v11-0-4-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-0-4-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-0-4-plugins-outputs-elasticsearch.md#
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_51]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-0-5-plugins-outputs-elasticsearch.md b/docs/vpr/v11-0-5-plugins-outputs-elasticsearch.md
index 1b3b20e..939bb9b 100644
--- a/docs/vpr/v11-0-5-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-0-5-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-0-5-plugins-outputs-elasticsearch.md#
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_50]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-1-0-plugins-outputs-elasticsearch.md b/docs/vpr/v11-1-0-plugins-outputs-elasticsearch.md
index 4321414..cf1b820 100644
--- a/docs/vpr/v11-1-0-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-1-0-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-1-0-plugins-outputs-elasticsearch.md#
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_49]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-10-0-plugins-outputs-elasticsearch.md b/docs/vpr/v11-10-0-plugins-outputs-elasticsearch.md
index de94cc4..c78cafd 100644
--- a/docs/vpr/v11-10-0-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-10-0-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-10-0-plugins-outputs-elasticsearch.md
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_29]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-11-0-plugins-outputs-elasticsearch.md b/docs/vpr/v11-11-0-plugins-outputs-elasticsearch.md
index 2af8f7c..4c4fb50 100644
--- a/docs/vpr/v11-11-0-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-11-0-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-11-0-plugins-outputs-elasticsearch.md
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_28]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-12-0-plugins-outputs-elasticsearch.md b/docs/vpr/v11-12-0-plugins-outputs-elasticsearch.md
index ec8267f..03eb5e5 100644
--- a/docs/vpr/v11-12-0-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-12-0-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-12-0-plugins-outputs-elasticsearch.md
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_27]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-12-1-plugins-outputs-elasticsearch.md b/docs/vpr/v11-12-1-plugins-outputs-elasticsearch.md
index e0a8721..ead7723 100644
--- a/docs/vpr/v11-12-1-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-12-1-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-12-1-plugins-outputs-elasticsearch.md
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_26]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-12-2-plugins-outputs-elasticsearch.md b/docs/vpr/v11-12-2-plugins-outputs-elasticsearch.md
index 1fb531d..7da99a5 100644
--- a/docs/vpr/v11-12-2-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-12-2-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-12-2-plugins-outputs-elasticsearch.md
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_25]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-12-3-plugins-outputs-elasticsearch.md b/docs/vpr/v11-12-3-plugins-outputs-elasticsearch.md
index d7eb99b..1ea3e85 100644
--- a/docs/vpr/v11-12-3-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-12-3-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-12-3-plugins-outputs-elasticsearch.md
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_24]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-12-4-plugins-outputs-elasticsearch.md b/docs/vpr/v11-12-4-plugins-outputs-elasticsearch.md
index 617e32e..48b4d87 100644
--- a/docs/vpr/v11-12-4-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-12-4-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-12-4-plugins-outputs-elasticsearch.md
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_23]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-13-0-plugins-outputs-elasticsearch.md b/docs/vpr/v11-13-0-plugins-outputs-elasticsearch.md
index cfb9685..30d3cc7 100644
--- a/docs/vpr/v11-13-0-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-13-0-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-13-0-plugins-outputs-elasticsearch.md
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_22]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-13-1-plugins-outputs-elasticsearch.md b/docs/vpr/v11-13-1-plugins-outputs-elasticsearch.md
index 7e21c0a..d7be497 100644
--- a/docs/vpr/v11-13-1-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-13-1-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-13-1-plugins-outputs-elasticsearch.md
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_21]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-14-0-plugins-outputs-elasticsearch.md b/docs/vpr/v11-14-0-plugins-outputs-elasticsearch.md
index 069c98d..62ca1d9 100644
--- a/docs/vpr/v11-14-0-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-14-0-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-14-0-plugins-outputs-elasticsearch.md
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_20]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-14-1-plugins-outputs-elasticsearch.md b/docs/vpr/v11-14-1-plugins-outputs-elasticsearch.md
index 606087f..7164c8c 100644
--- a/docs/vpr/v11-14-1-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-14-1-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-14-1-plugins-outputs-elasticsearch.md
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_19]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-15-0-plugins-outputs-elasticsearch.md b/docs/vpr/v11-15-0-plugins-outputs-elasticsearch.md
index 1d4a4f1..6761b84 100644
--- a/docs/vpr/v11-15-0-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-15-0-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-15-0-plugins-outputs-elasticsearch.md
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_18]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-15-1-plugins-outputs-elasticsearch.md b/docs/vpr/v11-15-1-plugins-outputs-elasticsearch.md
index 775716e..7616769 100644
--- a/docs/vpr/v11-15-1-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-15-1-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-15-1-plugins-outputs-elasticsearch.md
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_17]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-15-2-plugins-outputs-elasticsearch.md b/docs/vpr/v11-15-2-plugins-outputs-elasticsearch.md
index 62c5d7d..e10e3af 100644
--- a/docs/vpr/v11-15-2-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-15-2-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-15-2-plugins-outputs-elasticsearch.md
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_16]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-15-4-plugins-outputs-elasticsearch.md b/docs/vpr/v11-15-4-plugins-outputs-elasticsearch.md
index e7c220d..7ab7967 100644
--- a/docs/vpr/v11-15-4-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-15-4-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-15-4-plugins-outputs-elasticsearch.md
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_15]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-15-5-plugins-outputs-elasticsearch.md b/docs/vpr/v11-15-5-plugins-outputs-elasticsearch.md
index 9598336..83e4402 100644
--- a/docs/vpr/v11-15-5-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-15-5-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-15-5-plugins-outputs-elasticsearch.md
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_14]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-15-6-plugins-outputs-elasticsearch.md b/docs/vpr/v11-15-6-plugins-outputs-elasticsearch.md
index fc94327..f16e3f1 100644
--- a/docs/vpr/v11-15-6-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-15-6-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-15-6-plugins-outputs-elasticsearch.md
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_13]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-15-7-plugins-outputs-elasticsearch.md b/docs/vpr/v11-15-7-plugins-outputs-elasticsearch.md
index 4d93f5a..287ffe2 100644
--- a/docs/vpr/v11-15-7-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-15-7-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-15-7-plugins-outputs-elasticsearch.md
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_12]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-15-8-plugins-outputs-elasticsearch.md b/docs/vpr/v11-15-8-plugins-outputs-elasticsearch.md
index 17a414c..9cce3ae 100644
--- a/docs/vpr/v11-15-8-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-15-8-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-15-8-plugins-outputs-elasticsearch.md
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_11]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-15-9-plugins-outputs-elasticsearch.md b/docs/vpr/v11-15-9-plugins-outputs-elasticsearch.md
index 34851a0..471a5d1 100644
--- a/docs/vpr/v11-15-9-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-15-9-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-15-9-plugins-outputs-elasticsearch.md
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_10]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-16-0-plugins-outputs-elasticsearch.md b/docs/vpr/v11-16-0-plugins-outputs-elasticsearch.md
index 8dc9b0c..17b8b29 100644
--- a/docs/vpr/v11-16-0-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-16-0-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-16-0-plugins-outputs-elasticsearch.md
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_9]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-17-0-plugins-outputs-elasticsearch.md b/docs/vpr/v11-17-0-plugins-outputs-elasticsearch.md
index bfc5359..a0e7061 100644
--- a/docs/vpr/v11-17-0-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-17-0-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-17-0-plugins-outputs-elasticsearch.md
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_8]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-18-0-plugins-outputs-elasticsearch.md b/docs/vpr/v11-18-0-plugins-outputs-elasticsearch.md
index 51fafbc..a94d476 100644
--- a/docs/vpr/v11-18-0-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-18-0-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-18-0-plugins-outputs-elasticsearch.md
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_7]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-19-0-plugins-outputs-elasticsearch.md b/docs/vpr/v11-19-0-plugins-outputs-elasticsearch.md
index 58feac0..303f2cd 100644
--- a/docs/vpr/v11-19-0-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-19-0-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-19-0-plugins-outputs-elasticsearch.md
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_6]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-2-0-plugins-outputs-elasticsearch.md b/docs/vpr/v11-2-0-plugins-outputs-elasticsearch.md
index 57d985a..72eabad 100644
--- a/docs/vpr/v11-2-0-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-2-0-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-2-0-plugins-outputs-elasticsearch.md#
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_48]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-2-1-plugins-outputs-elasticsearch.md b/docs/vpr/v11-2-1-plugins-outputs-elasticsearch.md
index e9265cb..5fa5f01 100644
--- a/docs/vpr/v11-2-1-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-2-1-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-2-1-plugins-outputs-elasticsearch.md#
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_47]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-2-2-plugins-outputs-elasticsearch.md b/docs/vpr/v11-2-2-plugins-outputs-elasticsearch.md
index 2867d2d..18b09dd 100644
--- a/docs/vpr/v11-2-2-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-2-2-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-2-2-plugins-outputs-elasticsearch.md#
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_46]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-2-3-plugins-outputs-elasticsearch.md b/docs/vpr/v11-2-3-plugins-outputs-elasticsearch.md
index db56298..0a7985d 100644
--- a/docs/vpr/v11-2-3-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-2-3-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-2-3-plugins-outputs-elasticsearch.md#
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_45]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-20-0-plugins-outputs-elasticsearch.md b/docs/vpr/v11-20-0-plugins-outputs-elasticsearch.md
index 88b072f..aa1b0b4 100644
--- a/docs/vpr/v11-20-0-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-20-0-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-20-0-plugins-outputs-elasticsearch.md
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_5]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-20-1-plugins-outputs-elasticsearch.md b/docs/vpr/v11-20-1-plugins-outputs-elasticsearch.md
index dc6505c..d14e973 100644
--- a/docs/vpr/v11-20-1-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-20-1-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-20-1-plugins-outputs-elasticsearch.md
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_4]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-21-0-plugins-outputs-elasticsearch.md b/docs/vpr/v11-21-0-plugins-outputs-elasticsearch.md
index 636b8ee..64ed98a 100644
--- a/docs/vpr/v11-21-0-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-21-0-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-21-0-plugins-outputs-elasticsearch.md
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_3]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-22-0-plugins-outputs-elasticsearch.md b/docs/vpr/v11-22-0-plugins-outputs-elasticsearch.md
index 09533d2..2f330f9 100644
--- a/docs/vpr/v11-22-0-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-22-0-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-22-0-plugins-outputs-elasticsearch.md
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_2]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-22-1-plugins-outputs-elasticsearch.md b/docs/vpr/v11-22-1-plugins-outputs-elasticsearch.md
index b10fe6a..e89151c 100644
--- a/docs/vpr/v11-22-1-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-22-1-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-22-1-plugins-outputs-elasticsearch.md
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-22-10-plugins-outputs-elasticsearch.md b/docs/vpr/v11-22-10-plugins-outputs-elasticsearch.md
index 6c4d304..797b781 100644
--- a/docs/vpr/v11-22-10-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-22-10-plugins-outputs-elasticsearch.md
@@ -47,7 +47,7 @@ You can use this plugin to send your {{ls}} data to {{es-serverless}}. Some diff
* {{es-serverless}} uses **data streams** and [{{dlm}} ({{dlm-init}})](docs-content://manage-data/lifecycle/data-stream.md) instead of {{ilm}} ({{ilm-init}}). Any {{ilm-init}} settings in your [{{es}} output plugin](v11-22-10-plugins-outputs-elasticsearch.md) configuration are ignored and may cause errors.
* **{{ls}} monitoring** is available through the [{{ls}} Integration](https://github.com/elastic/integrations/blob/main/packages/logstash/_dev/build/docs/README.md) in [Elastic Observability](docs-content://solutions/observability.md) on {{serverless-full}}.
-::::{admonition} Known issue for {{ls}} to {es-serverless}
+::::{admonition} Known issue for {{ls}} to {{es-serverless}}
The logstash-output-elasticsearch `hosts` setting on {{serverless-short}} defaults the port to 9200 when omitted. Set the value to port :443 instead.
::::
@@ -58,7 +58,7 @@ For more info on sending data from {{ls}} to {{es-serverless}}, check out the [{
## Hosted {{es}} Service on Elastic Cloud [v11.22.10-plugins-outputs-elasticsearch-ess]
-{ess-leadin}
+{{ess-leadin}}
## Compatibility with the Elastic Common Schema (ECS) [_compatibility_with_the_elastic_common_schema_ecs_6]
diff --git a/docs/vpr/v11-22-11-plugins-outputs-elasticsearch.md b/docs/vpr/v11-22-11-plugins-outputs-elasticsearch.md
index 722bed6..dad8bc0 100644
--- a/docs/vpr/v11-22-11-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-22-11-plugins-outputs-elasticsearch.md
@@ -47,7 +47,7 @@ You can use this plugin to send your {{ls}} data to {{es-serverless}}. Some diff
* {{es-serverless}} uses **data streams** and [{{dlm}} ({{dlm-init}})](docs-content://manage-data/lifecycle/data-stream.md) instead of {{ilm}} ({{ilm-init}}). Any {{ilm-init}} settings in your [{{es}} output plugin](v11-22-11-plugins-outputs-elasticsearch.md) configuration are ignored and may cause errors.
* **{{ls}} monitoring** is available through the [{{ls}} Integration](https://github.com/elastic/integrations/blob/main/packages/logstash/_dev/build/docs/README.md) in [Elastic Observability](docs-content://solutions/observability.md) on {{serverless-full}}.
-::::{admonition} Known issue for {{ls}} to {es-serverless}
+::::{admonition} Known issue for {{ls}} to {{es-serverless}}
The logstash-output-elasticsearch `hosts` setting on {{serverless-short}} defaults the port to 9200 when omitted. Set the value to port :443 instead.
::::
@@ -58,7 +58,7 @@ For more info on sending data from {{ls}} to {{es-serverless}}, check out the [{
## Hosted {{es}} Service on Elastic Cloud [v11.22.11-plugins-outputs-elasticsearch-ess]
-{ess-leadin}
+{{ess-leadin}}
## Compatibility with the Elastic Common Schema (ECS) [_compatibility_with_the_elastic_common_schema_ecs_5]
diff --git a/docs/vpr/v11-22-12-plugins-outputs-elasticsearch.md b/docs/vpr/v11-22-12-plugins-outputs-elasticsearch.md
index 0442a1d..3693898 100644
--- a/docs/vpr/v11-22-12-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-22-12-plugins-outputs-elasticsearch.md
@@ -47,7 +47,7 @@ You can use this plugin to send your {{ls}} data to {{es-serverless}}. Some diff
* {{es-serverless}} uses **data streams** and [{{dlm}} ({{dlm-init}})](docs-content://manage-data/lifecycle/data-stream.md) instead of {{ilm}} ({{ilm-init}}). Any {{ilm-init}} settings in your [{{es}} output plugin](v11-22-12-plugins-outputs-elasticsearch.md) configuration are ignored and may cause errors.
* **{{ls}} monitoring** is available through the [{{ls}} Integration](https://github.com/elastic/integrations/blob/main/packages/logstash/_dev/build/docs/README.md) in [Elastic Observability](docs-content://solutions/observability.md) on {{serverless-full}}.
-::::{admonition} Known issue for {{ls}} to {es-serverless}
+::::{admonition} Known issue for {{ls}} to {{es-serverless}}
The logstash-output-elasticsearch `hosts` setting on {{serverless-short}} defaults the port to 9200 when omitted. Set the value to port :443 instead.
::::
@@ -58,7 +58,7 @@ For more info on sending data from {{ls}} to {{es-serverless}}, check out the [{
## Hosted {{es}} Service on Elastic Cloud [v11.22.12-plugins-outputs-elasticsearch-ess]
-{ess-leadin}
+{{ess-leadin}}
## Compatibility with the Elastic Common Schema (ECS) [_compatibility_with_the_elastic_common_schema_ecs_4]
diff --git a/docs/vpr/v11-22-2-plugins-outputs-elasticsearch.md b/docs/vpr/v11-22-2-plugins-outputs-elasticsearch.md
index 1e38e32..53d45f7 100644
--- a/docs/vpr/v11-22-2-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-22-2-plugins-outputs-elasticsearch.md
@@ -47,7 +47,7 @@ You can use this plugin to send your {{ls}} data to {{es-serverless}}. Some diff
* {{es-serverless}} uses **data streams** and [{{dlm}} ({{dlm-init}})](docs-content://manage-data/lifecycle/data-stream.md) instead of {{ilm}} ({{ilm-init}}). Any {{ilm-init}} settings in your [{{es}} output plugin](v11-22-2-plugins-outputs-elasticsearch.md) configuration are ignored and may cause errors.
* **{{ls}} monitoring** is available through the [{{ls}} Integration](https://github.com/elastic/integrations/blob/main/packages/logstash/_dev/build/docs/README.md) in [Elastic Observability](docs-content://solutions/observability.md) on {{serverless-full}}.
-::::{admonition} Known issue for {{ls}} to {es-serverless}
+::::{admonition} Known issue for {{ls}} to {{es-serverless}}
The logstash-output-elasticsearch `hosts` setting on {{serverless-short}} defaults the port to 9200 when omitted. Set the value to port :443 instead.
::::
@@ -58,7 +58,7 @@ For more info on sending data from {{ls}} to {{es-serverless}}, check out the [{
## Hosted {{es}} Service on Elastic Cloud [v11.22.2-plugins-outputs-elasticsearch-ess]
-{ess-leadin}
+{{ess-leadin}}
## Compatibility with the Elastic Common Schema (ECS) [_compatibility_with_the_elastic_common_schema_ecs_14]
diff --git a/docs/vpr/v11-22-3-plugins-outputs-elasticsearch.md b/docs/vpr/v11-22-3-plugins-outputs-elasticsearch.md
index 31bfcad..bf57978 100644
--- a/docs/vpr/v11-22-3-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-22-3-plugins-outputs-elasticsearch.md
@@ -47,7 +47,7 @@ You can use this plugin to send your {{ls}} data to {{es-serverless}}. Some diff
* {{es-serverless}} uses **data streams** and [{{dlm}} ({{dlm-init}})](docs-content://manage-data/lifecycle/data-stream.md) instead of {{ilm}} ({{ilm-init}}). Any {{ilm-init}} settings in your [{{es}} output plugin](v11-22-3-plugins-outputs-elasticsearch.md) configuration are ignored and may cause errors.
* **{{ls}} monitoring** is available through the [{{ls}} Integration](https://github.com/elastic/integrations/blob/main/packages/logstash/_dev/build/docs/README.md) in [Elastic Observability](docs-content://solutions/observability.md) on {{serverless-full}}.
-::::{admonition} Known issue for {{ls}} to {es-serverless}
+::::{admonition} Known issue for {{ls}} to {{es-serverless}}
The logstash-output-elasticsearch `hosts` setting on {{serverless-short}} defaults the port to 9200 when omitted. Set the value to port :443 instead.
::::
@@ -58,7 +58,7 @@ For more info on sending data from {{ls}} to {{es-serverless}}, check out the [{
## Hosted {{es}} Service on Elastic Cloud [v11.22.3-plugins-outputs-elasticsearch-ess]
-{ess-leadin}
+{{ess-leadin}}
## Compatibility with the Elastic Common Schema (ECS) [_compatibility_with_the_elastic_common_schema_ecs_13]
diff --git a/docs/vpr/v11-22-4-plugins-outputs-elasticsearch.md b/docs/vpr/v11-22-4-plugins-outputs-elasticsearch.md
index ed0bb35..8ff9031 100644
--- a/docs/vpr/v11-22-4-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-22-4-plugins-outputs-elasticsearch.md
@@ -47,7 +47,7 @@ You can use this plugin to send your {{ls}} data to {{es-serverless}}. Some diff
* {{es-serverless}} uses **data streams** and [{{dlm}} ({{dlm-init}})](docs-content://manage-data/lifecycle/data-stream.md) instead of {{ilm}} ({{ilm-init}}). Any {{ilm-init}} settings in your [{{es}} output plugin](v11-22-4-plugins-outputs-elasticsearch.md) configuration are ignored and may cause errors.
* **{{ls}} monitoring** is available through the [{{ls}} Integration](https://github.com/elastic/integrations/blob/main/packages/logstash/_dev/build/docs/README.md) in [Elastic Observability](docs-content://solutions/observability.md) on {{serverless-full}}.
-::::{admonition} Known issue for {{ls}} to {es-serverless}
+::::{admonition} Known issue for {{ls}} to {{es-serverless}}
The logstash-output-elasticsearch `hosts` setting on {{serverless-short}} defaults the port to 9200 when omitted. Set the value to port :443 instead.
::::
@@ -58,7 +58,7 @@ For more info on sending data from {{ls}} to {{es-serverless}}, check out the [{
## Hosted {{es}} Service on Elastic Cloud [v11.22.4-plugins-outputs-elasticsearch-ess]
-{ess-leadin}
+{{ess-leadin}}
## Compatibility with the Elastic Common Schema (ECS) [_compatibility_with_the_elastic_common_schema_ecs_12]
diff --git a/docs/vpr/v11-22-5-plugins-outputs-elasticsearch.md b/docs/vpr/v11-22-5-plugins-outputs-elasticsearch.md
index 75d4d86..e21f1da 100644
--- a/docs/vpr/v11-22-5-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-22-5-plugins-outputs-elasticsearch.md
@@ -47,7 +47,7 @@ You can use this plugin to send your {{ls}} data to {{es-serverless}}. Some diff
* {{es-serverless}} uses **data streams** and [{{dlm}} ({{dlm-init}})](docs-content://manage-data/lifecycle/data-stream.md) instead of {{ilm}} ({{ilm-init}}). Any {{ilm-init}} settings in your [{{es}} output plugin](v11-22-5-plugins-outputs-elasticsearch.md) configuration are ignored and may cause errors.
* **{{ls}} monitoring** is available through the [{{ls}} Integration](https://github.com/elastic/integrations/blob/main/packages/logstash/_dev/build/docs/README.md) in [Elastic Observability](docs-content://solutions/observability.md) on {{serverless-full}}.
-::::{admonition} Known issue for {{ls}} to {es-serverless}
+::::{admonition} Known issue for {{ls}} to {{es-serverless}}
The logstash-output-elasticsearch `hosts` setting on {{serverless-short}} defaults the port to 9200 when omitted. Set the value to port :443 instead.
::::
@@ -58,7 +58,7 @@ For more info on sending data from {{ls}} to {{es-serverless}}, check out the [{
## Hosted {{es}} Service on Elastic Cloud [v11.22.5-plugins-outputs-elasticsearch-ess]
-{ess-leadin}
+{{ess-leadin}}
## Compatibility with the Elastic Common Schema (ECS) [_compatibility_with_the_elastic_common_schema_ecs_11]
diff --git a/docs/vpr/v11-22-6-plugins-outputs-elasticsearch.md b/docs/vpr/v11-22-6-plugins-outputs-elasticsearch.md
index 91bbabb..6ef94ca 100644
--- a/docs/vpr/v11-22-6-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-22-6-plugins-outputs-elasticsearch.md
@@ -47,7 +47,7 @@ You can use this plugin to send your {{ls}} data to {{es-serverless}}. Some diff
* {{es-serverless}} uses **data streams** and [{{dlm}} ({{dlm-init}})](docs-content://manage-data/lifecycle/data-stream.md) instead of {{ilm}} ({{ilm-init}}). Any {{ilm-init}} settings in your [{{es}} output plugin](v11-22-6-plugins-outputs-elasticsearch.md) configuration are ignored and may cause errors.
* **{{ls}} monitoring** is available through the [{{ls}} Integration](https://github.com/elastic/integrations/blob/main/packages/logstash/_dev/build/docs/README.md) in [Elastic Observability](docs-content://solutions/observability.md) on {{serverless-full}}.
-::::{admonition} Known issue for {{ls}} to {es-serverless}
+::::{admonition} Known issue for {{ls}} to {{es-serverless}}
The logstash-output-elasticsearch `hosts` setting on {{serverless-short}} defaults the port to 9200 when omitted. Set the value to port :443 instead.
::::
@@ -58,7 +58,7 @@ For more info on sending data from {{ls}} to {{es-serverless}}, check out the [{
## Hosted {{es}} Service on Elastic Cloud [v11.22.6-plugins-outputs-elasticsearch-ess]
-{ess-leadin}
+{{ess-leadin}}
## Compatibility with the Elastic Common Schema (ECS) [_compatibility_with_the_elastic_common_schema_ecs_10]
diff --git a/docs/vpr/v11-22-7-plugins-outputs-elasticsearch.md b/docs/vpr/v11-22-7-plugins-outputs-elasticsearch.md
index 5e20d63..b0e7255 100644
--- a/docs/vpr/v11-22-7-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-22-7-plugins-outputs-elasticsearch.md
@@ -47,7 +47,7 @@ You can use this plugin to send your {{ls}} data to {{es-serverless}}. Some diff
* {{es-serverless}} uses **data streams** and [{{dlm}} ({{dlm-init}})](docs-content://manage-data/lifecycle/data-stream.md) instead of {{ilm}} ({{ilm-init}}). Any {{ilm-init}} settings in your [{{es}} output plugin](v11-22-7-plugins-outputs-elasticsearch.md) configuration are ignored and may cause errors.
* **{{ls}} monitoring** is available through the [{{ls}} Integration](https://github.com/elastic/integrations/blob/main/packages/logstash/_dev/build/docs/README.md) in [Elastic Observability](docs-content://solutions/observability.md) on {{serverless-full}}.
-::::{admonition} Known issue for {{ls}} to {es-serverless}
+::::{admonition} Known issue for {{ls}} to {{es-serverless}}
The logstash-output-elasticsearch `hosts` setting on {{serverless-short}} defaults the port to 9200 when omitted. Set the value to port :443 instead.
::::
@@ -58,7 +58,7 @@ For more info on sending data from {{ls}} to {{es-serverless}}, check out the [{
## Hosted {{es}} Service on Elastic Cloud [v11.22.7-plugins-outputs-elasticsearch-ess]
-{ess-leadin}
+{{ess-leadin}}
## Compatibility with the Elastic Common Schema (ECS) [_compatibility_with_the_elastic_common_schema_ecs_9]
diff --git a/docs/vpr/v11-22-8-plugins-outputs-elasticsearch.md b/docs/vpr/v11-22-8-plugins-outputs-elasticsearch.md
index fc972bd..0a82ffd 100644
--- a/docs/vpr/v11-22-8-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-22-8-plugins-outputs-elasticsearch.md
@@ -47,7 +47,7 @@ You can use this plugin to send your {{ls}} data to {{es-serverless}}. Some diff
* {{es-serverless}} uses **data streams** and [{{dlm}} ({{dlm-init}})](docs-content://manage-data/lifecycle/data-stream.md) instead of {{ilm}} ({{ilm-init}}). Any {{ilm-init}} settings in your [{{es}} output plugin](v11-22-8-plugins-outputs-elasticsearch.md) configuration are ignored and may cause errors.
* **{{ls}} monitoring** is available through the [{{ls}} Integration](https://github.com/elastic/integrations/blob/main/packages/logstash/_dev/build/docs/README.md) in [Elastic Observability](docs-content://solutions/observability.md) on {{serverless-full}}.
-::::{admonition} Known issue for {{ls}} to {es-serverless}
+::::{admonition} Known issue for {{ls}} to {{es-serverless}}
The logstash-output-elasticsearch `hosts` setting on {{serverless-short}} defaults the port to 9200 when omitted. Set the value to port :443 instead.
::::
@@ -58,7 +58,7 @@ For more info on sending data from {{ls}} to {{es-serverless}}, check out the [{
## Hosted {{es}} Service on Elastic Cloud [v11.22.8-plugins-outputs-elasticsearch-ess]
-{ess-leadin}
+{{ess-leadin}}
## Compatibility with the Elastic Common Schema (ECS) [_compatibility_with_the_elastic_common_schema_ecs_8]
diff --git a/docs/vpr/v11-22-9-plugins-outputs-elasticsearch.md b/docs/vpr/v11-22-9-plugins-outputs-elasticsearch.md
index d37b702..3db646e 100644
--- a/docs/vpr/v11-22-9-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-22-9-plugins-outputs-elasticsearch.md
@@ -47,7 +47,7 @@ You can use this plugin to send your {{ls}} data to {{es-serverless}}. Some diff
* {{es-serverless}} uses **data streams** and [{{dlm}} ({{dlm-init}})](docs-content://manage-data/lifecycle/data-stream.md) instead of {{ilm}} ({{ilm-init}}). Any {{ilm-init}} settings in your [{{es}} output plugin](v11-22-9-plugins-outputs-elasticsearch.md) configuration are ignored and may cause errors.
* **{{ls}} monitoring** is available through the [{{ls}} Integration](https://github.com/elastic/integrations/blob/main/packages/logstash/_dev/build/docs/README.md) in [Elastic Observability](docs-content://solutions/observability.md) on {{serverless-full}}.
-::::{admonition} Known issue for {{ls}} to {es-serverless}
+::::{admonition} Known issue for {{ls}} to {{es-serverless}}
The logstash-output-elasticsearch `hosts` setting on {{serverless-short}} defaults the port to 9200 when omitted. Set the value to port :443 instead.
::::
@@ -58,7 +58,7 @@ For more info on sending data from {{ls}} to {{es-serverless}}, check out the [{
## Hosted {{es}} Service on Elastic Cloud [v11.22.9-plugins-outputs-elasticsearch-ess]
-{ess-leadin}
+{{ess-leadin}}
## Compatibility with the Elastic Common Schema (ECS) [_compatibility_with_the_elastic_common_schema_ecs_7]
diff --git a/docs/vpr/v11-3-0-plugins-outputs-elasticsearch.md b/docs/vpr/v11-3-0-plugins-outputs-elasticsearch.md
index 920cae7..1b62be6 100644
--- a/docs/vpr/v11-3-0-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-3-0-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-3-0-plugins-outputs-elasticsearch.md#
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_44]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-3-1-plugins-outputs-elasticsearch.md b/docs/vpr/v11-3-1-plugins-outputs-elasticsearch.md
index 4c0bdc2..44a6227 100644
--- a/docs/vpr/v11-3-1-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-3-1-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-3-1-plugins-outputs-elasticsearch.md#
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_43]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-3-2-plugins-outputs-elasticsearch.md b/docs/vpr/v11-3-2-plugins-outputs-elasticsearch.md
index c9c252f..b33ffc5 100644
--- a/docs/vpr/v11-3-2-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-3-2-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-3-2-plugins-outputs-elasticsearch.md#
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_42]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-3-3-plugins-outputs-elasticsearch.md b/docs/vpr/v11-3-3-plugins-outputs-elasticsearch.md
index 51ca39d..e6fe767 100644
--- a/docs/vpr/v11-3-3-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-3-3-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-3-3-plugins-outputs-elasticsearch.md#
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_41]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-4-0-plugins-outputs-elasticsearch.md b/docs/vpr/v11-4-0-plugins-outputs-elasticsearch.md
index 3b65030..ca10dab 100644
--- a/docs/vpr/v11-4-0-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-4-0-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-4-0-plugins-outputs-elasticsearch.md#
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_40]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-4-1-plugins-outputs-elasticsearch.md b/docs/vpr/v11-4-1-plugins-outputs-elasticsearch.md
index 1214756..1f221d9 100644
--- a/docs/vpr/v11-4-1-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-4-1-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-4-1-plugins-outputs-elasticsearch.md#
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_39]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-4-2-plugins-outputs-elasticsearch.md b/docs/vpr/v11-4-2-plugins-outputs-elasticsearch.md
index 7f42f6d..12370bc 100644
--- a/docs/vpr/v11-4-2-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-4-2-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-4-2-plugins-outputs-elasticsearch.md#
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_38]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-5-0-plugins-inputs-kafka.md b/docs/vpr/v11-5-0-plugins-inputs-kafka.md
index 6b70f7a..fb4038a 100644
--- a/docs/vpr/v11-5-0-plugins-inputs-kafka.md
+++ b/docs/vpr/v11-5-0-plugins-inputs-kafka.md
@@ -260,7 +260,8 @@ Option to add Kafka metadata like topic, message size and header key values to t
### `auto_create_topics` [v11.5.0-plugins-inputs-kafka-auto_create_topics]
- * Value type is [boolean](logstash://reference/configuration-file-structure.md#boolean) * Default value is `true`
+* Value type is [boolean](logstash://reference/configuration-file-structure.md#boolean)
+* Default value is `true`
Controls whether the topic is automatically created when subscribing to a non-existent topic. A topic will be auto-created only if this configuration is set to `true` and auto-topic creation is enabled on the broker using `auto.create.topics.enable`; otherwise auto-topic creation is not permitted.
diff --git a/docs/vpr/v11-5-0-plugins-outputs-elasticsearch.md b/docs/vpr/v11-5-0-plugins-outputs-elasticsearch.md
index ebba9fd..aaac282 100644
--- a/docs/vpr/v11-5-0-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-5-0-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-5-0-plugins-outputs-elasticsearch.md#
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_37]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-5-1-plugins-inputs-kafka.md b/docs/vpr/v11-5-1-plugins-inputs-kafka.md
index cc3e654..cffc643 100644
--- a/docs/vpr/v11-5-1-plugins-inputs-kafka.md
+++ b/docs/vpr/v11-5-1-plugins-inputs-kafka.md
@@ -260,7 +260,8 @@ Option to add Kafka metadata like topic, message size and header key values to t
### `auto_create_topics` [v11.5.1-plugins-inputs-kafka-auto_create_topics]
- * Value type is [boolean](logstash://reference/configuration-file-structure.md#boolean) * Default value is `true`
+* Value type is [boolean](logstash://reference/configuration-file-structure.md#boolean)
+* Default value is `true`
Controls whether the topic is automatically created when subscribing to a non-existent topic. A topic will be auto-created only if this configuration is set to `true` and auto-topic creation is enabled on the broker using `auto.create.topics.enable`; otherwise auto-topic creation is not permitted.
diff --git a/docs/vpr/v11-5-2-plugins-inputs-kafka.md b/docs/vpr/v11-5-2-plugins-inputs-kafka.md
index 1117f8e..ebf3cea 100644
--- a/docs/vpr/v11-5-2-plugins-inputs-kafka.md
+++ b/docs/vpr/v11-5-2-plugins-inputs-kafka.md
@@ -261,7 +261,8 @@ Option to add Kafka metadata like topic, message size and header key values to t
### `auto_create_topics` [v11.5.2-plugins-inputs-kafka-auto_create_topics]
- * Value type is [boolean](logstash://reference/configuration-file-structure.md#boolean) * Default value is `true`
+* Value type is [boolean](logstash://reference/configuration-file-structure.md#boolean)
+* Default value is `true`
Controls whether the topic is automatically created when subscribing to a non-existent topic. A topic will be auto-created only if this configuration is set to `true` and auto-topic creation is enabled on the broker using `auto.create.topics.enable`; otherwise auto-topic creation is not permitted.
diff --git a/docs/vpr/v11-5-3-plugins-inputs-kafka.md b/docs/vpr/v11-5-3-plugins-inputs-kafka.md
index 7ebfd78..079b727 100644
--- a/docs/vpr/v11-5-3-plugins-inputs-kafka.md
+++ b/docs/vpr/v11-5-3-plugins-inputs-kafka.md
@@ -261,7 +261,8 @@ Option to add Kafka metadata like topic, message size and header key values to t
### `auto_create_topics` [v11.5.3-plugins-inputs-kafka-auto_create_topics]
- * Value type is [boolean](logstash://reference/configuration-file-structure.md#boolean) * Default value is `true`
+* Value type is [boolean](logstash://reference/configuration-file-structure.md#boolean)
+* Default value is `true`
Controls whether the topic is automatically created when subscribing to a non-existent topic. A topic will be auto-created only if this configuration is set to `true` and auto-topic creation is enabled on the broker using `auto.create.topics.enable`; otherwise auto-topic creation is not permitted.
diff --git a/docs/vpr/v11-5-4-plugins-inputs-kafka.md b/docs/vpr/v11-5-4-plugins-inputs-kafka.md
index cf4b3b7..ed64fe1 100644
--- a/docs/vpr/v11-5-4-plugins-inputs-kafka.md
+++ b/docs/vpr/v11-5-4-plugins-inputs-kafka.md
@@ -261,7 +261,8 @@ Option to add Kafka metadata like topic, message size and header key values to t
### `auto_create_topics` [v11.5.4-plugins-inputs-kafka-auto_create_topics]
- * Value type is [boolean](logstash://reference/configuration-file-structure.md#boolean) * Default value is `true`
+* Value type is [boolean](logstash://reference/configuration-file-structure.md#boolean)
+* Default value is `true`
Controls whether the topic is automatically created when subscribing to a non-existent topic. A topic will be auto-created only if this configuration is set to `true` and auto-topic creation is enabled on the broker using `auto.create.topics.enable`; otherwise auto-topic creation is not permitted.
diff --git a/docs/vpr/v11-6-0-plugins-inputs-kafka.md b/docs/vpr/v11-6-0-plugins-inputs-kafka.md
index 37188df..a406558 100644
--- a/docs/vpr/v11-6-0-plugins-inputs-kafka.md
+++ b/docs/vpr/v11-6-0-plugins-inputs-kafka.md
@@ -268,7 +268,8 @@ Option to add Kafka metadata like topic, message size and header key values to t
### `auto_create_topics` [v11.6.0-plugins-inputs-kafka-auto_create_topics]
- * Value type is [boolean](logstash://reference/configuration-file-structure.md#boolean) * Default value is `true`
+* Value type is [boolean](logstash://reference/configuration-file-structure.md#boolean)
+* Default value is `true`
Controls whether the topic is automatically created when subscribing to a non-existent topic. A topic will be auto-created only if this configuration is set to `true` and auto-topic creation is enabled on the broker using `auto.create.topics.enable`; otherwise auto-topic creation is not permitted.
diff --git a/docs/vpr/v11-6-0-plugins-outputs-elasticsearch.md b/docs/vpr/v11-6-0-plugins-outputs-elasticsearch.md
index 8e491e0..1d839d4 100644
--- a/docs/vpr/v11-6-0-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-6-0-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-6-0-plugins-outputs-elasticsearch.md#
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_36]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-7-0-plugins-outputs-elasticsearch.md b/docs/vpr/v11-7-0-plugins-outputs-elasticsearch.md
index 70d71b8..bc012f3 100644
--- a/docs/vpr/v11-7-0-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-7-0-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-7-0-plugins-outputs-elasticsearch.md#
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_35]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-8-0-plugins-outputs-elasticsearch.md b/docs/vpr/v11-8-0-plugins-outputs-elasticsearch.md
index b45a977..53d4e09 100644
--- a/docs/vpr/v11-8-0-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-8-0-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-8-0-plugins-outputs-elasticsearch.md#
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_34]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-9-0-plugins-outputs-elasticsearch.md b/docs/vpr/v11-9-0-plugins-outputs-elasticsearch.md
index f458f68..e380fe4 100644
--- a/docs/vpr/v11-9-0-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-9-0-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-9-0-plugins-outputs-elasticsearch.md#
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_33]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-9-1-plugins-outputs-elasticsearch.md b/docs/vpr/v11-9-1-plugins-outputs-elasticsearch.md
index 4c261ee..5c076bf 100644
--- a/docs/vpr/v11-9-1-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-9-1-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-9-1-plugins-outputs-elasticsearch.md#
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_32]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-9-2-plugins-outputs-elasticsearch.md b/docs/vpr/v11-9-2-plugins-outputs-elasticsearch.md
index 32cf6e2..3f38cb1 100644
--- a/docs/vpr/v11-9-2-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-9-2-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-9-2-plugins-outputs-elasticsearch.md#
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_31]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v11-9-3-plugins-outputs-elasticsearch.md b/docs/vpr/v11-9-3-plugins-outputs-elasticsearch.md
index 40c5acb..d7ad1a9 100644
--- a/docs/vpr/v11-9-3-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v11-9-3-plugins-outputs-elasticsearch.md
@@ -40,7 +40,7 @@ If you are using a custom [`template`](v11-9-3-plugins-outputs-elasticsearch.md#
### Hosted {{es}} Service on Elastic Cloud [_hosted_es_service_on_elastic_cloud_30]
-{ess-leadin}
+{{ess-leadin}}
diff --git a/docs/vpr/v12-0-0-plugins-outputs-elasticsearch.md b/docs/vpr/v12-0-0-plugins-outputs-elasticsearch.md
index baa3723..95a96b8 100644
--- a/docs/vpr/v12-0-0-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v12-0-0-plugins-outputs-elasticsearch.md
@@ -47,7 +47,7 @@ You can use this plugin to send your {{ls}} data to {{es-serverless}}. Some diff
* {{es-serverless}} uses **data streams** and [{{dlm}} ({{dlm-init}})](docs-content://manage-data/lifecycle/data-stream.md) instead of {{ilm}} ({{ilm-init}}). Any {{ilm-init}} settings in your [{{es}} output plugin](v12-0-0-plugins-outputs-elasticsearch.md) configuration are ignored and may cause errors.
* **{{ls}} monitoring** is available through the [{{ls}} Integration](https://github.com/elastic/integrations/blob/main/packages/logstash/_dev/build/docs/README.md) in [Elastic Observability](docs-content://solutions/observability.md) on {{serverless-full}}.
-::::{admonition} Known issue for {{ls}} to {es-serverless}
+::::{admonition} Known issue for {{ls}} to {{es-serverless}}
The logstash-output-elasticsearch `hosts` setting on {{serverless-short}} defaults the port to 9200 when omitted. Set the value to port :443 instead.
::::
@@ -58,7 +58,7 @@ For more info on sending data from {{ls}} to {{es-serverless}}, check out the [{
## Hosted {{es}} Service on Elastic Cloud [v12.0.0-plugins-outputs-elasticsearch-ess]
-{ess-leadin}
+{{ess-leadin}}
## Compatibility with the Elastic Common Schema (ECS) [_compatibility_with_the_elastic_common_schema_ecs_3]
diff --git a/docs/vpr/v12-0-1-plugins-outputs-elasticsearch.md b/docs/vpr/v12-0-1-plugins-outputs-elasticsearch.md
index de0ede7..4701805 100644
--- a/docs/vpr/v12-0-1-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v12-0-1-plugins-outputs-elasticsearch.md
@@ -47,7 +47,7 @@ You can use this plugin to send your {{ls}} data to {{es-serverless}}. Some diff
* {{es-serverless}} uses **data streams** and [{{dlm}} ({{dlm-init}})](docs-content://manage-data/lifecycle/data-stream.md) instead of {{ilm}} ({{ilm-init}}). Any {{ilm-init}} settings in your [{{es}} output plugin](v12-0-1-plugins-outputs-elasticsearch.md) configuration are ignored and may cause errors.
* **{{ls}} monitoring** is available through the [{{ls}} Integration](https://github.com/elastic/integrations/blob/main/packages/logstash/_dev/build/docs/README.md) in [Elastic Observability](docs-content://solutions/observability.md) on {{serverless-full}}.
-::::{admonition} Known issue for {{ls}} to {es-serverless}
+::::{admonition} Known issue for {{ls}} to {{es-serverless}}
The logstash-output-elasticsearch `hosts` setting on {{serverless-short}} defaults the port to 9200 when omitted. Set the value to port :443 instead.
::::
@@ -58,7 +58,7 @@ For more info on sending data from {{ls}} to {{es-serverless}}, check out the [{
## Hosted {{es}} Service on Elastic Cloud [v12.0.1-plugins-outputs-elasticsearch-ess]
-{ess-leadin}
+{{ess-leadin}}
## Compatibility with the Elastic Common Schema (ECS) [_compatibility_with_the_elastic_common_schema_ecs_2]
diff --git a/docs/vpr/v12-0-2-plugins-outputs-elasticsearch.md b/docs/vpr/v12-0-2-plugins-outputs-elasticsearch.md
index c2fbe7c..54d695e 100644
--- a/docs/vpr/v12-0-2-plugins-outputs-elasticsearch.md
+++ b/docs/vpr/v12-0-2-plugins-outputs-elasticsearch.md
@@ -47,7 +47,7 @@ You can use this plugin to send your {{ls}} data to {{es-serverless}}. Some diff
* {{es-serverless}} uses **data streams** and [{{dlm}} ({{dlm-init}})](docs-content://manage-data/lifecycle/data-stream.md) instead of {{ilm}} ({{ilm-init}}). Any {{ilm-init}} settings in your [{{es}} output plugin](v12-0-2-plugins-outputs-elasticsearch.md) configuration are ignored and may cause errors.
* **{{ls}} monitoring** is available through the [{{ls}} Integration](https://github.com/elastic/integrations/blob/main/packages/logstash/_dev/build/docs/README.md) in [Elastic Observability](docs-content://solutions/observability.md) on {{serverless-full}}.
-::::{admonition} Known issue for {{ls}} to {es-serverless}
+::::{admonition} Known issue for {{ls}} to {{es-serverless}}
The logstash-output-elasticsearch `hosts` setting on {{serverless-short}} defaults the port to 9200 when omitted. Set the value to port :443 instead.
::::
@@ -58,7 +58,7 @@ For more info on sending data from {{ls}} to {{es-serverless}}, check out the [{
## Hosted {{es}} Service on Elastic Cloud [v12.0.2-plugins-outputs-elasticsearch-ess]
-{ess-leadin}
+{{ess-leadin}}
## Compatibility with the Elastic Common Schema (ECS) [_compatibility_with_the_elastic_common_schema_ecs]
diff --git a/docs/vpr/v2-6-0-plugins-filters-aggregate.md b/docs/vpr/v2-6-0-plugins-filters-aggregate.md
index e2ccf6e..f07a470 100644
--- a/docs/vpr/v2-6-0-plugins-filters-aggregate.md
+++ b/docs/vpr/v2-6-0-plugins-filters-aggregate.md
@@ -226,7 +226,7 @@ Fourth use case : like example #3, you have no specific end event, but also, tas
Fifth use case: like example #3, there is no end event.
Events keep comming for an indefinite time and you want to push the aggregation map as soon as possible after the last user interaction without waiting for the `timeout`.
This allows to have the aggregated events pushed closer to real time.
-A typical case is aggregating or tracking user behaviour.
We can track a user by its ID through the events, however once the user stops interacting, the events stop coming in.
There is no specific event indicating the end of the user’s interaction.
The user ineraction will be considered as ended when no events for the specified user (task_id) arrive after the specified inactivity_timeout`.
If the user continues interacting for longer than `timeout` seconds (since first event), the aggregation map will still be deleted and pushed as a new event when timeout occurs.
The difference with example #3 is that the events will be pushed as soon as the user stops interacting for `inactivity_timeout` seconds instead of waiting for the end of `timeout` seconds since first event.
+A typical case is aggregating or tracking user behaviour.
We can track a user by its ID through the events, however once the user stops interacting, the events stop coming in.
There is no specific event indicating the end of the user’s interaction.
The user ineraction will be considered as ended when no events for the specified user (task_id) arrive after the `specified inactivity_timeout`.
If the user continues interacting for longer than `timeout` seconds (since first event), the aggregation map will still be deleted and pushed as a new event when timeout occurs.
The difference with example #3 is that the events will be pushed as soon as the user stops interacting for `inactivity_timeout` seconds instead of waiting for the end of `timeout` seconds since first event.
In this case, we can enable the option *push_map_as_event_on_timeout* to enable pushing the aggregation map as a new event when inactivity timeout occurs.
In addition, we can enable *timeout_code* to execute code on the populated timeout event.
We can also add *timeout_task_id_field* so we can correlate the task_id, which in this case would be the user’s ID.
diff --git a/docs/vpr/v2-6-1-plugins-filters-aggregate.md b/docs/vpr/v2-6-1-plugins-filters-aggregate.md
index 4384ae8..8eafbe8 100644
--- a/docs/vpr/v2-6-1-plugins-filters-aggregate.md
+++ b/docs/vpr/v2-6-1-plugins-filters-aggregate.md
@@ -226,7 +226,7 @@ Fourth use case : like example #3, you have no specific end event, but also, tas
Fifth use case: like example #3, there is no end event.
Events keep comming for an indefinite time and you want to push the aggregation map as soon as possible after the last user interaction without waiting for the `timeout`.
This allows to have the aggregated events pushed closer to real time.
-A typical case is aggregating or tracking user behaviour.
We can track a user by its ID through the events, however once the user stops interacting, the events stop coming in.
There is no specific event indicating the end of the user’s interaction.
The user ineraction will be considered as ended when no events for the specified user (task_id) arrive after the specified inactivity_timeout`.
If the user continues interacting for longer than `timeout` seconds (since first event), the aggregation map will still be deleted and pushed as a new event when timeout occurs.
The difference with example #3 is that the events will be pushed as soon as the user stops interacting for `inactivity_timeout` seconds instead of waiting for the end of `timeout` seconds since first event.
+A typical case is aggregating or tracking user behaviour.
We can track a user by its ID through the events, however once the user stops interacting, the events stop coming in.
There is no specific event indicating the end of the user’s interaction.
The user ineraction will be considered as ended when no events for the specified user (task_id) arrive after the specified `inactivity_timeout`.
If the user continues interacting for longer than `timeout` seconds (since first event), the aggregation map will still be deleted and pushed as a new event when timeout occurs.
The difference with example #3 is that the events will be pushed as soon as the user stops interacting for `inactivity_timeout` seconds instead of waiting for the end of `timeout` seconds since first event.
In this case, we can enable the option *push_map_as_event_on_timeout* to enable pushing the aggregation map as a new event when inactivity timeout occurs.
In addition, we can enable *timeout_code* to execute code on the populated timeout event.
We can also add *timeout_task_id_field* so we can correlate the task_id, which in this case would be the user’s ID.
diff --git a/docs/vpr/v2-6-3-plugins-filters-aggregate.md b/docs/vpr/v2-6-3-plugins-filters-aggregate.md
index 6891737..a4e6a04 100644
--- a/docs/vpr/v2-6-3-plugins-filters-aggregate.md
+++ b/docs/vpr/v2-6-3-plugins-filters-aggregate.md
@@ -224,7 +224,7 @@ Fourth use case : like example #3, you have no specific end event, but also, tas
Fifth use case: like example #3, there is no end event.
Events keep comming for an indefinite time and you want to push the aggregation map as soon as possible after the last user interaction without waiting for the `timeout`.
This allows to have the aggregated events pushed closer to real time.
-A typical case is aggregating or tracking user behaviour.
We can track a user by its ID through the events, however once the user stops interacting, the events stop coming in.
There is no specific event indicating the end of the user’s interaction.
The user ineraction will be considered as ended when no events for the specified user (task_id) arrive after the specified inactivity_timeout`.
If the user continues interacting for longer than `timeout` seconds (since first event), the aggregation map will still be deleted and pushed as a new event when timeout occurs.
The difference with example #3 is that the events will be pushed as soon as the user stops interacting for `inactivity_timeout` seconds instead of waiting for the end of `timeout` seconds since first event.
+A typical case is aggregating or tracking user behaviour.
We can track a user by its ID through the events, however once the user stops interacting, the events stop coming in.
There is no specific event indicating the end of the user’s interaction.
The user ineraction will be considered as ended when no events for the specified user (task_id) arrive after the specified `inactivity_timeout`.
If the user continues interacting for longer than `timeout` seconds (since first event), the aggregation map will still be deleted and pushed as a new event when timeout occurs.
The difference with example #3 is that the events will be pushed as soon as the user stops interacting for `inactivity_timeout` seconds instead of waiting for the end of `timeout` seconds since first event.
In this case, we can enable the option *push_map_as_event_on_timeout* to enable pushing the aggregation map as a new event when inactivity timeout occurs.
In addition, we can enable *timeout_code* to execute code on the populated timeout event.
We can also add *timeout_task_id_field* so we can correlate the task_id, which in this case would be the user’s ID.
diff --git a/docs/vpr/v2-6-4-plugins-filters-aggregate.md b/docs/vpr/v2-6-4-plugins-filters-aggregate.md
index 125f151..5375fd4 100644
--- a/docs/vpr/v2-6-4-plugins-filters-aggregate.md
+++ b/docs/vpr/v2-6-4-plugins-filters-aggregate.md
@@ -224,7 +224,7 @@ Fourth use case : like example #3, you have no specific end event, but also, tas
Fifth use case: like example #3, there is no end event.
Events keep comming for an indefinite time and you want to push the aggregation map as soon as possible after the last user interaction without waiting for the `timeout`.
This allows to have the aggregated events pushed closer to real time.
-A typical case is aggregating or tracking user behaviour.
We can track a user by its ID through the events, however once the user stops interacting, the events stop coming in.
There is no specific event indicating the end of the user’s interaction.
The user ineraction will be considered as ended when no events for the specified user (task_id) arrive after the specified inactivity_timeout`.
If the user continues interacting for longer than `timeout` seconds (since first event), the aggregation map will still be deleted and pushed as a new event when timeout occurs.
The difference with example #3 is that the events will be pushed as soon as the user stops interacting for `inactivity_timeout` seconds instead of waiting for the end of `timeout` seconds since first event.
+A typical case is aggregating or tracking user behaviour.
We can track a user by its ID through the events, however once the user stops interacting, the events stop coming in.
There is no specific event indicating the end of the user’s interaction.
The user ineraction will be considered as ended when no events for the specified user (task_id) arrive after the specified `inactivity_timeout`.
If the user continues interacting for longer than `timeout` seconds (since first event), the aggregation map will still be deleted and pushed as a new event when timeout occurs.
The difference with example #3 is that the events will be pushed as soon as the user stops interacting for `inactivity_timeout` seconds instead of waiting for the end of `timeout` seconds since first event.
In this case, we can enable the option *push_map_as_event_on_timeout* to enable pushing the aggregation map as a new event when inactivity timeout occurs.
In addition, we can enable *timeout_code* to execute code on the populated timeout event.
We can also add *timeout_task_id_field* so we can correlate the task_id, which in this case would be the user’s ID.
diff --git a/docs/vpr/v3-0-1-plugins-outputs-circonus.md b/docs/vpr/v3-0-1-plugins-outputs-circonus.md
index 8795412..70ee15b 100644
--- a/docs/vpr/v3-0-1-plugins-outputs-circonus.md
+++ b/docs/vpr/v3-0-1-plugins-outputs-circonus.md
@@ -51,8 +51,11 @@ Example:
```ruby
["title":"Logstash event", "description":"Logstash event for %{host}"]
+```
+
or
-[source,ruby]
+
+```ruby
["title":"Logstash event", "description":"Logstash event for %{host}", "parent_id", "1"]
```
diff --git a/docs/vpr/v3-0-1-plugins-outputs-riak.md b/docs/vpr/v3-0-1-plugins-outputs-riak.md
index 3ae83bd..5ce7f31 100644
--- a/docs/vpr/v3-0-1-plugins-outputs-riak.md
+++ b/docs/vpr/v3-0-1-plugins-outputs-riak.md
@@ -66,12 +66,16 @@ Bucket properties (NYI) Logstash hash of properties for the bucket i.e.
"w" => "one"
"dw", "one
}
+```
+
or
-[source,ruby]
- bucket_props => { "n_val" => "3" }
-Properties will be passed as-is
+
+```ruby
+bucket_props => { "n_val" => "3" }
```
+Properties will be passed as-is
+
### `enable_search` [v3.0.1-plugins-outputs-riak-enable_search]
diff --git a/docs/vpr/v3-0-1-plugins-outputs-riemann.md b/docs/vpr/v3-0-1-plugins-outputs-riemann.md
index a389c89..85fe592 100644
--- a/docs/vpr/v3-0-1-plugins-outputs-riemann.md
+++ b/docs/vpr/v3-0-1-plugins-outputs-riemann.md
@@ -87,8 +87,11 @@ As an example, the logstash event:
"key": "value"
}
}
+```
+
Is mapped to this riemann event:
-[source,ruby]
+
+```ruby
{
:time 1386686186,
:host host.domain.com,
diff --git a/docs/vpr/v3-0-2-plugins-outputs-librato.md b/docs/vpr/v3-0-2-plugins-outputs-librato.md
index 458cf28..0734792 100644
--- a/docs/vpr/v3-0-2-plugins-outputs-librato.md
+++ b/docs/vpr/v3-0-2-plugins-outputs-librato.md
@@ -69,8 +69,11 @@ Example:
"title" => "Logstash event on %{host}"
"name" => "logstash_stream"
}
+```
+
or
-[source,ruby]
+
+```ruby
{
"title" => "Logstash event"
"description" => "%{message}"
@@ -141,18 +144,20 @@ Example:
"source" => "%{host}"
"name" => "apache_bytes"
}
+```
+
Additionally, you can override the `measure_time` for the event. Must be a unix timestamp:
-[source,ruby]
+
+```ruby
{
"value" => "%{bytes_received}"
"source" => "%{host}"
"name" => "apache_bytes"
"measure_time" => "%{my_unixtime_field}
}
-Default is to use the event's timestamp
```
-
+Default is to use the event's timestamp
## Common options [v3.0.2-plugins-outputs-librato-common-options]
diff --git a/docs/vpr/v3-0-2-plugins-outputs-riak.md b/docs/vpr/v3-0-2-plugins-outputs-riak.md
index f585d65..717ad5c 100644
--- a/docs/vpr/v3-0-2-plugins-outputs-riak.md
+++ b/docs/vpr/v3-0-2-plugins-outputs-riak.md
@@ -66,12 +66,14 @@ Bucket properties (NYI) Logstash hash of properties for the bucket i.e.
"w" => "one"
"dw", "one
}
+```
or
-[source,ruby]
+
+```ruby
bucket_props => { "n_val" => "3" }
-Properties will be passed as-is
```
+Properties will be passed as-is
### `enable_search` [v3.0.2-plugins-outputs-riak-enable_search]
diff --git a/docs/vpr/v3-0-2-plugins-outputs-riemann.md b/docs/vpr/v3-0-2-plugins-outputs-riemann.md
index a00970f..8ef719a 100644
--- a/docs/vpr/v3-0-2-plugins-outputs-riemann.md
+++ b/docs/vpr/v3-0-2-plugins-outputs-riemann.md
@@ -87,8 +87,11 @@ As an example, the logstash event:
"key": "value"
}
}
+```
+
Is mapped to this riemann event:
-[source,ruby]
+
+```ruby
{
:time 1386686186,
:host host.domain.com,
diff --git a/docs/vpr/v3-0-3-plugins-outputs-circonus.md b/docs/vpr/v3-0-3-plugins-outputs-circonus.md
index c571847..c7edc73 100644
--- a/docs/vpr/v3-0-3-plugins-outputs-circonus.md
+++ b/docs/vpr/v3-0-3-plugins-outputs-circonus.md
@@ -51,8 +51,11 @@ Example:
```ruby
["title":"Logstash event", "description":"Logstash event for %{host}"]
+```
+
or
-[source,ruby]
+
+```ruby
["title":"Logstash event", "description":"Logstash event for %{host}", "parent_id", "1"]
```
diff --git a/docs/vpr/v3-0-3-plugins-outputs-riak.md b/docs/vpr/v3-0-3-plugins-outputs-riak.md
index 700f04c..7ac8e95 100644
--- a/docs/vpr/v3-0-3-plugins-outputs-riak.md
+++ b/docs/vpr/v3-0-3-plugins-outputs-riak.md
@@ -66,12 +66,16 @@ Bucket properties (NYI) Logstash hash of properties for the bucket i.e.
"w" => "one"
"dw", "one
}
+```
+
or
-[source,ruby]
+
+```ruby
bucket_props => { "n_val" => "3" }
-Properties will be passed as-is
```
+Properties will be passed as-is
+
### `enable_search` [v3.0.3-plugins-outputs-riak-enable_search]
diff --git a/docs/vpr/v3-0-3-plugins-outputs-riemann.md b/docs/vpr/v3-0-3-plugins-outputs-riemann.md
index f1dcb0a..b0b2c79 100644
--- a/docs/vpr/v3-0-3-plugins-outputs-riemann.md
+++ b/docs/vpr/v3-0-3-plugins-outputs-riemann.md
@@ -87,8 +87,11 @@ As an example, the logstash event:
"key": "value"
}
}
+```
+
Is mapped to this riemann event:
-[source,ruby]
+
+```ruby
{
:time 1386686186,
:host host.domain.com,
diff --git a/docs/vpr/v3-0-4-plugins-outputs-circonus.md b/docs/vpr/v3-0-4-plugins-outputs-circonus.md
index 8bc0c5c..9e77170 100644
--- a/docs/vpr/v3-0-4-plugins-outputs-circonus.md
+++ b/docs/vpr/v3-0-4-plugins-outputs-circonus.md
@@ -51,8 +51,11 @@ Example:
```ruby
["title":"Logstash event", "description":"Logstash event for %{host}"]
+```
+
or
-[source,ruby]
+
+```ruby
["title":"Logstash event", "description":"Logstash event for %{host}", "parent_id", "1"]
```
diff --git a/docs/vpr/v3-0-4-plugins-outputs-librato.md b/docs/vpr/v3-0-4-plugins-outputs-librato.md
index cca3901..56134a4 100644
--- a/docs/vpr/v3-0-4-plugins-outputs-librato.md
+++ b/docs/vpr/v3-0-4-plugins-outputs-librato.md
@@ -67,8 +67,10 @@ Example:
"title" => "Logstash event on %{host}"
"name" => "logstash_stream"
}
+```
or
-[source,ruby]
+
+```ruby
{
"title" => "Logstash event"
"description" => "%{message}"
@@ -139,18 +141,20 @@ Example:
"source" => "%{host}"
"name" => "apache_bytes"
}
+```
+
Additionally, you can override the `measure_time` for the event. Must be a unix timestamp:
-[source,ruby]
+
+```ruby
{
"value" => "%{bytes_received}"
"source" => "%{host}"
"name" => "apache_bytes"
"measure_time" => "%{my_unixtime_field}
}
-Default is to use the event's timestamp
```
-
+Default is to use the event's timestamp
## Common options [v3.0.4-plugins-outputs-librato-common-options]
diff --git a/docs/vpr/v3-0-4-plugins-outputs-riak.md b/docs/vpr/v3-0-4-plugins-outputs-riak.md
index 30967cf..f9a2c7e 100644
--- a/docs/vpr/v3-0-4-plugins-outputs-riak.md
+++ b/docs/vpr/v3-0-4-plugins-outputs-riak.md
@@ -66,12 +66,15 @@ Bucket properties (NYI) Logstash hash of properties for the bucket i.e.
"w" => "one"
"dw", "one
}
+```
+
or
-[source,ruby]
+
+```ruby
bucket_props => { "n_val" => "3" }
-Properties will be passed as-is
```
+Properties will be passed as-is
### `enable_search` [v3.0.4-plugins-outputs-riak-enable_search]
diff --git a/docs/vpr/v3-0-4-plugins-outputs-riemann.md b/docs/vpr/v3-0-4-plugins-outputs-riemann.md
index dff02d4..43c0a06 100644
--- a/docs/vpr/v3-0-4-plugins-outputs-riemann.md
+++ b/docs/vpr/v3-0-4-plugins-outputs-riemann.md
@@ -87,8 +87,11 @@ As an example, the logstash event:
"key": "value"
}
}
+```
+
Is mapped to this riemann event:
-[source,ruby]
+
+```ruby
{
:time 1386686186,
:host host.domain.com,
diff --git a/docs/vpr/v3-0-5-plugins-outputs-circonus.md b/docs/vpr/v3-0-5-plugins-outputs-circonus.md
index 554b081..5bab72c 100644
--- a/docs/vpr/v3-0-5-plugins-outputs-circonus.md
+++ b/docs/vpr/v3-0-5-plugins-outputs-circonus.md
@@ -51,8 +51,11 @@ Example:
```ruby
["title":"Logstash event", "description":"Logstash event for %{host}"]
+```
+
or
-[source,ruby]
+
+```ruby
["title":"Logstash event", "description":"Logstash event for %{host}", "parent_id", "1"]
```
diff --git a/docs/vpr/v3-0-5-plugins-outputs-librato.md b/docs/vpr/v3-0-5-plugins-outputs-librato.md
index d395e96..2ff29a8 100644
--- a/docs/vpr/v3-0-5-plugins-outputs-librato.md
+++ b/docs/vpr/v3-0-5-plugins-outputs-librato.md
@@ -67,8 +67,11 @@ Example:
"title" => "Logstash event on %{host}"
"name" => "logstash_stream"
}
+```
+
or
-[source,ruby]
+
+```ruby
{
"title" => "Logstash event"
"description" => "%{message}"
@@ -139,18 +142,20 @@ Example:
"source" => "%{host}"
"name" => "apache_bytes"
}
+```
+
Additionally, you can override the `measure_time` for the event. Must be a unix timestamp:
-[source,ruby]
+
+```ruby
{
"value" => "%{bytes_received}"
"source" => "%{host}"
"name" => "apache_bytes"
"measure_time" => "%{my_unixtime_field}
}
-Default is to use the event's timestamp
```
-
+Default is to use the event's timestamp
## Common options [v3.0.5-plugins-outputs-librato-common-options]
diff --git a/docs/vpr/v3-0-6-plugins-outputs-librato.md b/docs/vpr/v3-0-6-plugins-outputs-librato.md
index d1e251d..0ae2586 100644
--- a/docs/vpr/v3-0-6-plugins-outputs-librato.md
+++ b/docs/vpr/v3-0-6-plugins-outputs-librato.md
@@ -67,8 +67,11 @@ Example:
"title" => "Logstash event on %{host}"
"name" => "logstash_stream"
}
+```
+
or
-[source,ruby]
+
+```ruby
{
"title" => "Logstash event"
"description" => "%{message}"
@@ -139,18 +142,20 @@ Example:
"source" => "%{host}"
"name" => "apache_bytes"
}
+```
+
Additionally, you can override the `measure_time` for the event. Must be a unix timestamp:
-[source,ruby]
+
+```ruby
{
"value" => "%{bytes_received}"
"source" => "%{host}"
"name" => "apache_bytes"
"measure_time" => "%{my_unixtime_field}
}
-Default is to use the event's timestamp
```
-
+Default is to use the event's timestamp
## Common options [v3.0.6-plugins-outputs-librato-common-options]
diff --git a/docs/vpr/v3-1-2-plugins-outputs-graphite.md b/docs/vpr/v3-1-2-plugins-outputs-graphite.md
index b741a50..755d261 100644
--- a/docs/vpr/v3-1-2-plugins-outputs-graphite.md
+++ b/docs/vpr/v3-1-2-plugins-outputs-graphite.md
@@ -117,9 +117,7 @@ If no metrics_format is defined, the name of the metric will be used as fallback
* Value type is [string](logstash://reference/configuration-file-structure.md#string)
* Default value is `"."`
-When hashes are passed in as values they are broken out into a dotted notation For instance if you configure this plugin with # [source,ruby] metrics ⇒ "mymetrics"
-
-and "mymetrics" is a nested hash of *{a ⇒ 1, b ⇒ { c ⇒ 2 }}* this plugin will generate two metrics: a ⇒ 1, and b.c ⇒ 2 . If you’ve specified a *metrics_format* it will respect that, but you still may want control over the separator within these nested key names. This config setting changes the separator from the *.* default.
+When hashes are passed in as values they are broken out into a dotted notation For instance if you configure this plugin with `metrics ⇒ "mymetrics` and "mymetrics" is a nested hash of *{a ⇒ 1, b ⇒ { c ⇒ 2 }}* this plugin will generate two metrics: a ⇒ 1, and b.c ⇒ 2 . If you’ve specified a *metrics_format* it will respect that, but you still may want control over the separator within these nested key names. This config setting changes the separator from the *.* default.
### `port` [v3.1.2-plugins-outputs-graphite-port]
diff --git a/docs/vpr/v3-1-3-plugins-outputs-graphite.md b/docs/vpr/v3-1-3-plugins-outputs-graphite.md
index d975b2a..bf3ffc2 100644
--- a/docs/vpr/v3-1-3-plugins-outputs-graphite.md
+++ b/docs/vpr/v3-1-3-plugins-outputs-graphite.md
@@ -117,9 +117,7 @@ If no metrics_format is defined, the name of the metric will be used as fallback
* Value type is [string](logstash://reference/configuration-file-structure.md#string)
* Default value is `"."`
-When hashes are passed in as values they are broken out into a dotted notation For instance if you configure this plugin with # [source,ruby] metrics ⇒ "mymetrics"
-
-and "mymetrics" is a nested hash of *{a ⇒ 1, b ⇒ { c ⇒ 2 }}* this plugin will generate two metrics: a ⇒ 1, and b.c ⇒ 2 . If you’ve specified a *metrics_format* it will respect that, but you still may want control over the separator within these nested key names. This config setting changes the separator from the *.* default.
+When hashes are passed in as values they are broken out into a dotted notation For instance if you configure this plugin with `metrics ⇒ "mymetrics` and "mymetrics" is a nested hash of *{a ⇒ 1, b ⇒ { c ⇒ 2 }}* this plugin will generate two metrics: a ⇒ 1, and b.c ⇒ 2 . If you’ve specified a *metrics_format* it will respect that, but you still may want control over the separator within these nested key names. This config setting changes the separator from the *.* default.
### `port` [v3.1.3-plugins-outputs-graphite-port]
diff --git a/docs/vpr/v3-1-4-plugins-outputs-graphite.md b/docs/vpr/v3-1-4-plugins-outputs-graphite.md
index 81c6844..78a5c62 100644
--- a/docs/vpr/v3-1-4-plugins-outputs-graphite.md
+++ b/docs/vpr/v3-1-4-plugins-outputs-graphite.md
@@ -117,9 +117,7 @@ If no metrics_format is defined, the name of the metric will be used as fallback
* Value type is [string](logstash://reference/configuration-file-structure.md#string)
* Default value is `"."`
-When hashes are passed in as values they are broken out into a dotted notation For instance if you configure this plugin with # [source,ruby] metrics ⇒ "mymetrics"
-
-and "mymetrics" is a nested hash of *{a ⇒ 1, b ⇒ { c ⇒ 2 }}* this plugin will generate two metrics: a ⇒ 1, and b.c ⇒ 2 . If you’ve specified a *metrics_format* it will respect that, but you still may want control over the separator within these nested key names. This config setting changes the separator from the *.* default.
+When hashes are passed in as values they are broken out into a dotted notation For instance if you configure this plugin with `metrics ⇒ "mymetrics` and "mymetrics" is a nested hash of *{a ⇒ 1, b ⇒ { c ⇒ 2 }}* this plugin will generate two metrics: a ⇒ 1, and b.c ⇒ 2 . If you’ve specified a *metrics_format* it will respect that, but you still may want control over the separator within these nested key names. This config setting changes the separator from the *.* default.
### `port` [v3.1.4-plugins-outputs-graphite-port]
diff --git a/docs/vpr/v3-1-5-plugins-outputs-graphite.md b/docs/vpr/v3-1-5-plugins-outputs-graphite.md
index 3e5f8ff..2043ca1 100644
--- a/docs/vpr/v3-1-5-plugins-outputs-graphite.md
+++ b/docs/vpr/v3-1-5-plugins-outputs-graphite.md
@@ -117,9 +117,7 @@ If no metrics_format is defined, the name of the metric will be used as fallback
* Value type is [string](logstash://reference/configuration-file-structure.md#string)
* Default value is `"."`
-When hashes are passed in as values they are broken out into a dotted notation For instance if you configure this plugin with # [source,ruby] metrics ⇒ "mymetrics"
-
-and "mymetrics" is a nested hash of *{a ⇒ 1, b ⇒ { c ⇒ 2 }}* this plugin will generate two metrics: a ⇒ 1, and b.c ⇒ 2 . If you’ve specified a *metrics_format* it will respect that, but you still may want control over the separator within these nested key names. This config setting changes the separator from the *.* default.
+When hashes are passed in as values they are broken out into a dotted notation For instance if you configure this plugin with `metrics ⇒ "mymetrics` and "mymetrics" is a nested hash of *{a ⇒ 1, b ⇒ { c ⇒ 2 }}* this plugin will generate two metrics: a ⇒ 1, and b.c ⇒ 2 . If you’ve specified a *metrics_format* it will respect that, but you still may want control over the separator within these nested key names. This config setting changes the separator from the *.* default.
### `port` [v3.1.5-plugins-outputs-graphite-port]
diff --git a/docs/vpr/v3-1-6-plugins-outputs-graphite.md b/docs/vpr/v3-1-6-plugins-outputs-graphite.md
index 8022dd4..a314fb4 100644
--- a/docs/vpr/v3-1-6-plugins-outputs-graphite.md
+++ b/docs/vpr/v3-1-6-plugins-outputs-graphite.md
@@ -117,9 +117,7 @@ If no metrics_format is defined, the name of the metric will be used as fallback
* Value type is [string](logstash://reference/configuration-file-structure.md#string)
* Default value is `"."`
-When hashes are passed in as values they are broken out into a dotted notation For instance if you configure this plugin with # [source,ruby] metrics ⇒ "mymetrics"
-
-and "mymetrics" is a nested hash of *{a ⇒ 1, b ⇒ { c ⇒ 2 }}* this plugin will generate two metrics: a ⇒ 1, and b.c ⇒ 2 . If you’ve specified a *metrics_format* it will respect that, but you still may want control over the separator within these nested key names. This config setting changes the separator from the *.* default.
+When hashes are passed in as values they are broken out into a dotted notation For instance if you configure this plugin with `metrics ⇒ "mymetrics` and "mymetrics" is a nested hash of *{a ⇒ 1, b ⇒ { c ⇒ 2 }}* this plugin will generate two metrics: a ⇒ 1, and b.c ⇒ 2 . If you’ve specified a *metrics_format* it will respect that, but you still may want control over the separator within these nested key names. This config setting changes the separator from the *.* default.
### `port` [v3.1.6-plugins-outputs-graphite-port]
diff --git a/docs/vpr/v3-2-0-plugins-filters-translate.md b/docs/vpr/v3-2-0-plugins-filters-translate.md
index d35c20c..e2d8cbe 100644
--- a/docs/vpr/v3-2-0-plugins-filters-translate.md
+++ b/docs/vpr/v3-2-0-plugins-filters-translate.md
@@ -30,8 +30,7 @@ Operationally, for each event, the value from the `field` setting is tested agai
Example:
-```
-[source,ruby]
+```ruby
filter {
translate {
field => "[http_status]"
diff --git a/docs/vpr/v3-4-1-plugins-filters-grok.md b/docs/vpr/v3-4-1-plugins-filters-grok.md
index ad6a9ea..508065e 100644
--- a/docs/vpr/v3-4-1-plugins-filters-grok.md
+++ b/docs/vpr/v3-4-1-plugins-filters-grok.md
@@ -124,7 +124,9 @@ Then use the `patterns_dir` setting in this plugin to tell logstash where your c
```ruby
Jan 1 06:25:43 mailserver14 postfix/cleanup[21403]: BEF25A72965: message-id=<20130101142543.5828399CCAF@mailserver14.example.com>
-[source,ruby]
+```
+
+```ruby
filter {
grok {
patterns_dir => ["./patterns"]
diff --git a/docs/vpr/v3-4-2-plugins-filters-grok.md b/docs/vpr/v3-4-2-plugins-filters-grok.md
index 8c75ce4..787fb48 100644
--- a/docs/vpr/v3-4-2-plugins-filters-grok.md
+++ b/docs/vpr/v3-4-2-plugins-filters-grok.md
@@ -124,7 +124,9 @@ Then use the `patterns_dir` setting in this plugin to tell logstash where your c
```ruby
Jan 1 06:25:43 mailserver14 postfix/cleanup[21403]: BEF25A72965: message-id=<20130101142543.5828399CCAF@mailserver14.example.com>
-[source,ruby]
+```
+
+```ruby
filter {
grok {
patterns_dir => ["./patterns"]
diff --git a/docs/vpr/v3-4-3-plugins-filters-grok.md b/docs/vpr/v3-4-3-plugins-filters-grok.md
index 356574e..aad9b8a 100644
--- a/docs/vpr/v3-4-3-plugins-filters-grok.md
+++ b/docs/vpr/v3-4-3-plugins-filters-grok.md
@@ -124,7 +124,9 @@ Then use the `patterns_dir` setting in this plugin to tell logstash where your c
```ruby
Jan 1 06:25:43 mailserver14 postfix/cleanup[21403]: BEF25A72965: message-id=<20130101142543.5828399CCAF@mailserver14.example.com>
-[source,ruby]
+```
+
+```ruby
filter {
grok {
patterns_dir => ["./patterns"]
diff --git a/docs/vpr/v3-4-4-plugins-filters-grok.md b/docs/vpr/v3-4-4-plugins-filters-grok.md
index 4ddc0f0..56a2c30 100644
--- a/docs/vpr/v3-4-4-plugins-filters-grok.md
+++ b/docs/vpr/v3-4-4-plugins-filters-grok.md
@@ -124,7 +124,9 @@ Then use the `patterns_dir` setting in this plugin to tell logstash where your c
```ruby
Jan 1 06:25:43 mailserver14 postfix/cleanup[21403]: BEF25A72965: message-id=<20130101142543.5828399CCAF@mailserver14.example.com>
-[source,ruby]
+```
+
+```ruby
filter {
grok {
patterns_dir => ["./patterns"]
diff --git a/docs/vpr/v4-0-0-plugins-filters-grok.md b/docs/vpr/v4-0-0-plugins-filters-grok.md
index f95fd01..5059543 100644
--- a/docs/vpr/v4-0-0-plugins-filters-grok.md
+++ b/docs/vpr/v4-0-0-plugins-filters-grok.md
@@ -124,7 +124,9 @@ Then use the `patterns_dir` setting in this plugin to tell logstash where your c
```ruby
Jan 1 06:25:43 mailserver14 postfix/cleanup[21403]: BEF25A72965: message-id=<20130101142543.5828399CCAF@mailserver14.example.com>
-[source,ruby]
+```
+
+```ruby
filter {
grok {
patterns_dir => ["./patterns"]
diff --git a/docs/vpr/v4-0-0-plugins-inputs-snmp.md b/docs/vpr/v4-0-0-plugins-inputs-snmp.md
index 01b0881..aeea042 100644
--- a/docs/vpr/v4-0-0-plugins-inputs-snmp.md
+++ b/docs/vpr/v4-0-0-plugins-inputs-snmp.md
@@ -27,7 +27,7 @@ The SNMP input polls network devices using Simple Network Management Protocol (S
The SNMP input plugin supports SNMP v1, v2c, and v3 over UDP and TCP transport protocols.
-::::{admonition} Migrating to `logstash-integration-snmp` from stand-alone `input-snmp`
+::::{admonition} Migrating to logstash-integration-snmp from stand-alone input-snmp
The `logstash-input-snmp` plugin is now a component of the `logstash-integration-snmp` plugin. This integrated plugin package provides better alignment in snmp processing, better resource management, easier package maintenance, and a smaller installation footprint.
For migration information and guidelines, check out the migration guide.
diff --git a/docs/vpr/v4-0-0-plugins-inputs-snmptrap.md b/docs/vpr/v4-0-0-plugins-inputs-snmptrap.md
index 892f60b..9742e4a 100644
--- a/docs/vpr/v4-0-0-plugins-inputs-snmptrap.md
+++ b/docs/vpr/v4-0-0-plugins-inputs-snmptrap.md
@@ -31,7 +31,7 @@ Resulting `message` field resembles:
{"agent_addr":"192.168.1.40", "generic_trap":6, "specific_trap":15511, "enterprise":"1.3.6.1.2.1.1.1", "variable_bindings":{"1.3.6.1.2.1.1.2.0":"test one", "1.3.6.1.2.1.1.1.0":"test two"}, "type":"V1TRAP", "community":"public", "version":1, "timestamp":1500}
```
-::::{admonition} Migrating to `logstash-integration-snmp` from stand-alone `input-snmptrap`
+::::{admonition} Migrating to logstash-integration-snmp from stand-alone input-snmptrap
The `logstash-input-snmptrap` plugin is now a component of the `logstash-integration-snmp` plugin. This integrated plugin package provides better alignment in snmp processing, better resource management, easier package maintenance, and a smaller installation footprint.
For migration information and guidelines, check out the migration guide.
diff --git a/docs/vpr/v4-0-1-plugins-filters-grok.md b/docs/vpr/v4-0-1-plugins-filters-grok.md
index 08ca70e..be06fe8 100644
--- a/docs/vpr/v4-0-1-plugins-filters-grok.md
+++ b/docs/vpr/v4-0-1-plugins-filters-grok.md
@@ -124,7 +124,9 @@ Then use the `patterns_dir` setting in this plugin to tell logstash where your c
```ruby
Jan 1 06:25:43 mailserver14 postfix/cleanup[21403]: BEF25A72965: message-id=<20130101142543.5828399CCAF@mailserver14.example.com>
-[source,ruby]
+```
+
+```ruby
filter {
grok {
patterns_dir => ["./patterns"]
diff --git a/docs/vpr/v4-0-1-plugins-inputs-snmp.md b/docs/vpr/v4-0-1-plugins-inputs-snmp.md
index da1d659..880857e 100644
--- a/docs/vpr/v4-0-1-plugins-inputs-snmp.md
+++ b/docs/vpr/v4-0-1-plugins-inputs-snmp.md
@@ -44,7 +44,7 @@ The SNMP input polls network devices using Simple Network Management Protocol (S
The SNMP input plugin supports SNMP v1, v2c, and v3 over UDP and TCP transport protocols.
-::::{admonition} Migrating to `logstash-integration-snmp` from stand-alone `input-snmp`
+::::{admonition} Migrating to logstash-integration-snmp from stand-alone input-snmp
The `logstash-input-snmp` plugin is now a component of the `logstash-integration-snmp` plugin. This integrated plugin package provides better alignment in snmp processing, better resource management, easier package maintenance, and a smaller installation footprint.
Before you install the new integration, be aware of [behavioral and mapping differences](/lsr/plugins-integrations-snmp.md#plugins-integrations-snmp-migration) between current stand-alone plugins and the new versions included in `integration-snmp`.
diff --git a/docs/vpr/v4-0-1-plugins-inputs-snmptrap.md b/docs/vpr/v4-0-1-plugins-inputs-snmptrap.md
index 9508dec..3a5de8c 100644
--- a/docs/vpr/v4-0-1-plugins-inputs-snmptrap.md
+++ b/docs/vpr/v4-0-1-plugins-inputs-snmptrap.md
@@ -48,7 +48,7 @@ Resulting `message` field resembles:
{"agent_addr":"192.168.1.40", "generic_trap":6, "specific_trap":15511, "enterprise":"1.3.6.1.2.1.1.1", "variable_bindings":{"1.3.6.1.2.1.1.2.0":"test one", "1.3.6.1.2.1.1.1.0":"test two"}, "type":"V1TRAP", "community":"public", "version":1, "timestamp":1500}
```
-::::{admonition} Migrating to `logstash-integration-snmp` from stand-alone `input-snmptrap`
+::::{admonition} Migrating to logstash-integration-snmp from stand-alone input-snmptrap
The `logstash-input-snmptrap` plugin is now a component of the `logstash-integration-snmp` plugin. This integrated plugin package provides better alignment in snmp processing, better resource management, easier package maintenance, and a smaller installation footprint.
Before you install the new integration, be aware of [behavioral and mapping differences](/lsr/plugins-integrations-snmp.md#plugins-integrations-snmp-migration) between current stand-alone plugins and the new versions included in `integration-snmp`.
diff --git a/docs/vpr/v4-0-2-plugins-filters-grok.md b/docs/vpr/v4-0-2-plugins-filters-grok.md
index 3a10c5f..d1a68a0 100644
--- a/docs/vpr/v4-0-2-plugins-filters-grok.md
+++ b/docs/vpr/v4-0-2-plugins-filters-grok.md
@@ -124,7 +124,9 @@ Then use the `patterns_dir` setting in this plugin to tell logstash where your c
```ruby
Jan 1 06:25:43 mailserver14 postfix/cleanup[21403]: BEF25A72965: message-id=<20130101142543.5828399CCAF@mailserver14.example.com>
-[source,ruby]
+```
+
+```ruby
filter {
grok {
patterns_dir => ["./patterns"]
diff --git a/docs/vpr/v4-0-2-plugins-inputs-snmp.md b/docs/vpr/v4-0-2-plugins-inputs-snmp.md
index 2aba509..cc22c46 100644
--- a/docs/vpr/v4-0-2-plugins-inputs-snmp.md
+++ b/docs/vpr/v4-0-2-plugins-inputs-snmp.md
@@ -44,7 +44,7 @@ The SNMP input polls network devices using Simple Network Management Protocol (S
The SNMP input plugin supports SNMP v1, v2c, and v3 over UDP and TCP transport protocols.
-::::{admonition} Migrating to `logstash-integration-snmp` from stand-alone `input-snmp`
+::::{admonition} Migrating to logstash-integration-snmp from stand-alone input-snmp
The `logstash-input-snmp` plugin is now a component of the `logstash-integration-snmp` plugin. This integrated plugin package provides better alignment in snmp processing, better resource management, easier package maintenance, and a smaller installation footprint.
Before you install the new integration, be aware of [behavioral and mapping differences](/lsr/plugins-integrations-snmp.md#plugins-integrations-snmp-migration) between current stand-alone plugins and the new versions included in `integration-snmp`.
diff --git a/docs/vpr/v4-0-2-plugins-inputs-snmptrap.md b/docs/vpr/v4-0-2-plugins-inputs-snmptrap.md
index 724758d..3f23aa0 100644
--- a/docs/vpr/v4-0-2-plugins-inputs-snmptrap.md
+++ b/docs/vpr/v4-0-2-plugins-inputs-snmptrap.md
@@ -48,7 +48,7 @@ Resulting `message` field resembles:
{"agent_addr":"192.168.1.40", "generic_trap":6, "specific_trap":15511, "enterprise":"1.3.6.1.2.1.1.1", "variable_bindings":{"1.3.6.1.2.1.1.2.0":"test one", "1.3.6.1.2.1.1.1.0":"test two"}, "type":"V1TRAP", "community":"public", "version":1, "timestamp":1500}
```
-::::{admonition} Migrating to `logstash-integration-snmp` from stand-alone `input-snmptrap`
+::::{admonition} Migrating to logstash-integration-snmp from stand-alone input-snmptrap
The `logstash-input-snmptrap` plugin is now a component of the `logstash-integration-snmp` plugin. This integrated plugin package provides better alignment in snmp processing, better resource management, easier package maintenance, and a smaller installation footprint.
Before you install the new integration, be aware of [behavioral and mapping differences](/lsr/plugins-integrations-snmp.md#plugins-integrations-snmp-migration) between current stand-alone plugins and the new versions included in `integration-snmp`.
diff --git a/docs/vpr/v4-0-3-plugins-filters-grok.md b/docs/vpr/v4-0-3-plugins-filters-grok.md
index 8b4465c..23a8a61 100644
--- a/docs/vpr/v4-0-3-plugins-filters-grok.md
+++ b/docs/vpr/v4-0-3-plugins-filters-grok.md
@@ -124,7 +124,9 @@ Then use the `patterns_dir` setting in this plugin to tell logstash where your c
```ruby
Jan 1 06:25:43 mailserver14 postfix/cleanup[21403]: BEF25A72965: message-id=<20130101142543.5828399CCAF@mailserver14.example.com>
-[source,ruby]
+```
+
+```ruby
filter {
grok {
patterns_dir => ["./patterns"]
diff --git a/docs/vpr/v4-0-3-plugins-inputs-snmp.md b/docs/vpr/v4-0-3-plugins-inputs-snmp.md
index 77f96c3..d6f620f 100644
--- a/docs/vpr/v4-0-3-plugins-inputs-snmp.md
+++ b/docs/vpr/v4-0-3-plugins-inputs-snmp.md
@@ -44,7 +44,7 @@ The SNMP input polls network devices using Simple Network Management Protocol (S
The SNMP input plugin supports SNMP v1, v2c, and v3 over UDP and TCP transport protocols.
-::::{admonition} Migrating to `logstash-integration-snmp` from stand-alone `input-snmp`
+::::{admonition} Migrating to logstash-integration-snmp from stand-alone input-snmp
The `logstash-input-snmp` plugin is now a component of the `logstash-integration-snmp` plugin. This integrated plugin package provides better alignment in snmp processing, better resource management, easier package maintenance, and a smaller installation footprint.
Before you install the new integration, be aware of [behavioral and mapping differences](/lsr/plugins-integrations-snmp.md#plugins-integrations-snmp-migration) between current stand-alone plugins and the new versions included in `integration-snmp`.
diff --git a/docs/vpr/v4-0-3-plugins-inputs-snmptrap.md b/docs/vpr/v4-0-3-plugins-inputs-snmptrap.md
index 431e193..fd59ec1 100644
--- a/docs/vpr/v4-0-3-plugins-inputs-snmptrap.md
+++ b/docs/vpr/v4-0-3-plugins-inputs-snmptrap.md
@@ -48,7 +48,7 @@ Resulting `message` field resembles:
{"agent_addr":"192.168.1.40", "generic_trap":6, "specific_trap":15511, "enterprise":"1.3.6.1.2.1.1.1", "variable_bindings":{"1.3.6.1.2.1.1.2.0":"test one", "1.3.6.1.2.1.1.1.0":"test two"}, "type":"V1TRAP", "community":"public", "version":1, "timestamp":1500}
```
-::::{admonition} Migrating to `logstash-integration-snmp` from stand-alone `input-snmptrap`
+::::{admonition} Migrating to logstash-integration-snmp from stand-alone input-snmptrap
The `logstash-input-snmptrap` plugin is now a component of the `logstash-integration-snmp` plugin. This integrated plugin package provides better alignment in snmp processing, better resource management, easier package maintenance, and a smaller installation footprint.
Before you install the new integration, be aware of [behavioral and mapping differences](/lsr/plugins-integrations-snmp.md#plugins-integrations-snmp-migration) between current stand-alone plugins and the new versions included in `integration-snmp`.
diff --git a/docs/vpr/v4-0-4-plugins-filters-grok.md b/docs/vpr/v4-0-4-plugins-filters-grok.md
index 62c510d..8a16f3a 100644
--- a/docs/vpr/v4-0-4-plugins-filters-grok.md
+++ b/docs/vpr/v4-0-4-plugins-filters-grok.md
@@ -133,7 +133,9 @@ Then use the `patterns_dir` setting in this plugin to tell logstash where your c
```ruby
Jan 1 06:25:43 mailserver14 postfix/cleanup[21403]: BEF25A72965: message-id=<20130101142543.5828399CCAF@mailserver14.example.com>
-[source,ruby]
+```
+
+```ruby
filter {
grok {
patterns_dir => ["./patterns"]
diff --git a/docs/vpr/v4-0-4-plugins-inputs-snmp.md b/docs/vpr/v4-0-4-plugins-inputs-snmp.md
index 203cf21..565f603 100644
--- a/docs/vpr/v4-0-4-plugins-inputs-snmp.md
+++ b/docs/vpr/v4-0-4-plugins-inputs-snmp.md
@@ -20,7 +20,7 @@ To learn more about Logstash, see the [Logstash Reference](logstash://reference/
For questions about the plugin, open a topic in the [Discuss](http://discuss.elastic.co) forums. For bugs or feature requests, open an issue in [Github](https://github.com/logstash-plugins/logstash-integration-snmp). For the list of Elastic supported plugins, please consult the [Elastic Support Matrix](https://www.elastic.co/support/matrix#matrix_logstash_plugins).
-::::{admonition} Migrating to `logstash-integration-snmp` from stand-alone `input-snmp`
+::::{admonition} Migrating to logstash-integration-snmp from stand-alone input-snmp
The `logstash-input-snmp` plugin is now a component of the `logstash-integration-snmp` plugin which is bundled with {{ls}} 8.15.0 by default. This integrated plugin package provides better alignment in snmp processing, better resource management, easier package maintenance, and a smaller installation footprint.
Before you upgrade to {{ls}} 8.15.0, be aware of [behavioral and mapping differences](/lsr/plugins-integrations-snmp.md#plugins-integrations-snmp-migration) between current stand-alone plugins and the new versions included in `integration-snmp`.
diff --git a/docs/vpr/v4-0-4-plugins-inputs-snmptrap.md b/docs/vpr/v4-0-4-plugins-inputs-snmptrap.md
index 07642cc..fe41d74 100644
--- a/docs/vpr/v4-0-4-plugins-inputs-snmptrap.md
+++ b/docs/vpr/v4-0-4-plugins-inputs-snmptrap.md
@@ -20,7 +20,7 @@ To learn more about Logstash, see the [Logstash Reference](logstash://reference/
For questions about the plugin, open a topic in the [Discuss](http://discuss.elastic.co) forums. For bugs or feature requests, open an issue in [Github](https://github.com/logstash-plugins/logstash-integration-snmp). For the list of Elastic supported plugins, please consult the [Elastic Support Matrix](https://www.elastic.co/support/matrix#matrix_logstash_plugins).
-::::{admonition} Migrating to `logstash-integration-snmp` from stand-alone `input-snmptrap`
+::::{admonition} Migrating to logstash-integration-snmp from stand-alone input-snmptrap
The `logstash-input-snmptrap` plugin is now a component of the `logstash-integration-snmp` plugin which is bundled with {{ls}} 8.15.0 by default. This integrated plugin package provides better alignment in snmp processing, better resource management, easier package maintenance, and a smaller installation footprint.
Before you upgrade to {{ls}} 8.15.0, be aware of [behavioral and mapping differences](/lsr/plugins-integrations-snmp.md#plugins-integrations-snmp-migration) between current stand-alone plugins and the new versions included in `integration-snmp`. If you need to maintain current mappings for the `input-snmptrap` plugin, you have options to [preserve existing behavior](/lsr/plugins-integrations-snmp.md#plugins-integrations-snmp-input-snmptrap-compat).
diff --git a/docs/vpr/v4-0-5-plugins-inputs-snmp.md b/docs/vpr/v4-0-5-plugins-inputs-snmp.md
index d231864..b5514df 100644
--- a/docs/vpr/v4-0-5-plugins-inputs-snmp.md
+++ b/docs/vpr/v4-0-5-plugins-inputs-snmp.md
@@ -20,7 +20,7 @@ To learn more about Logstash, see the [Logstash Reference](logstash://reference/
For questions about the plugin, open a topic in the [Discuss](http://discuss.elastic.co) forums. For bugs or feature requests, open an issue in [Github](https://github.com/logstash-plugins/logstash-integration-snmp). For the list of Elastic supported plugins, please consult the [Elastic Support Matrix](https://www.elastic.co/support/matrix#matrix_logstash_plugins).
-::::{admonition} Migrating to `logstash-integration-snmp` from stand-alone `input-snmp`
+::::{admonition} Migrating to logstash-integration-snmp from stand-alone input-snmp
The `logstash-input-snmp` plugin is now a component of the `logstash-integration-snmp` plugin which is bundled with {{ls}} 8.15.0 by default. This integrated plugin package provides better alignment in snmp processing, better resource management, easier package maintenance, and a smaller installation footprint.
Before you upgrade to {{ls}} 8.15.0, be aware of [behavioral and mapping differences](/lsr/plugins-integrations-snmp.md#plugins-integrations-snmp-migration) between current stand-alone plugins and the new versions included in `integration-snmp`.
diff --git a/docs/vpr/v4-0-5-plugins-inputs-snmptrap.md b/docs/vpr/v4-0-5-plugins-inputs-snmptrap.md
index c88b02d..ea4464b 100644
--- a/docs/vpr/v4-0-5-plugins-inputs-snmptrap.md
+++ b/docs/vpr/v4-0-5-plugins-inputs-snmptrap.md
@@ -20,7 +20,7 @@ To learn more about Logstash, see the [Logstash Reference](logstash://reference/
For questions about the plugin, open a topic in the [Discuss](http://discuss.elastic.co) forums. For bugs or feature requests, open an issue in [Github](https://github.com/logstash-plugins/logstash-integration-snmp). For the list of Elastic supported plugins, please consult the [Elastic Support Matrix](https://www.elastic.co/support/matrix#matrix_logstash_plugins).
-::::{admonition} Migrating to `logstash-integration-snmp` from stand-alone `input-snmptrap`
+::::{admonition} Migrating to logstash-integration-snmp from stand-alone input-snmptrap
The `logstash-input-snmptrap` plugin is now a component of the `logstash-integration-snmp` plugin which is bundled with {{ls}} 8.15.0 by default. This integrated plugin package provides better alignment in snmp processing, better resource management, easier package maintenance, and a smaller installation footprint.
Before you upgrade to {{ls}} 8.15.0, be aware of [behavioral and mapping differences](/lsr/plugins-integrations-snmp.md#plugins-integrations-snmp-migration) between current stand-alone plugins and the new versions included in `integration-snmp`. If you need to maintain current mappings for the `input-snmptrap` plugin, you have options to [preserve existing behavior](/lsr/plugins-integrations-snmp.md#plugins-integrations-snmp-input-snmptrap-compat).
diff --git a/docs/vpr/v4-0-6-plugins-inputs-snmp.md b/docs/vpr/v4-0-6-plugins-inputs-snmp.md
index 43cc297..691ceab 100644
--- a/docs/vpr/v4-0-6-plugins-inputs-snmp.md
+++ b/docs/vpr/v4-0-6-plugins-inputs-snmp.md
@@ -20,7 +20,7 @@ To learn more about Logstash, see the [Logstash Reference](logstash://reference/
For questions about the plugin, open a topic in the [Discuss](http://discuss.elastic.co) forums. For bugs or feature requests, open an issue in [Github](https://github.com/logstash-plugins/logstash-integration-snmp). For the list of Elastic supported plugins, please consult the [Elastic Support Matrix](https://www.elastic.co/support/matrix#matrix_logstash_plugins).
-::::{admonition} Migrating to `logstash-integration-snmp` from stand-alone `input-snmp`
+::::{admonition} Migrating to logstash-integration-snmp from stand-alone input-snmp
The `logstash-input-snmp` plugin is now a component of the `logstash-integration-snmp` plugin which is bundled with {{ls}} 8.15.0 by default. This integrated plugin package provides better alignment in snmp processing, better resource management, easier package maintenance, and a smaller installation footprint.
Before you upgrade to {{ls}} 8.15.0, be aware of [behavioral and mapping differences](/lsr/plugins-integrations-snmp.md#plugins-integrations-snmp-migration) between current stand-alone plugins and the new versions included in `integration-snmp`.
diff --git a/docs/vpr/v4-0-6-plugins-inputs-snmptrap.md b/docs/vpr/v4-0-6-plugins-inputs-snmptrap.md
index 6a5660c..597da2d 100644
--- a/docs/vpr/v4-0-6-plugins-inputs-snmptrap.md
+++ b/docs/vpr/v4-0-6-plugins-inputs-snmptrap.md
@@ -20,7 +20,7 @@ To learn more about Logstash, see the [Logstash Reference](logstash://reference/
For questions about the plugin, open a topic in the [Discuss](http://discuss.elastic.co) forums. For bugs or feature requests, open an issue in [Github](https://github.com/logstash-plugins/logstash-integration-snmp). For the list of Elastic supported plugins, please consult the [Elastic Support Matrix](https://www.elastic.co/support/matrix#matrix_logstash_plugins).
-::::{admonition} Migrating to `logstash-integration-snmp` from stand-alone `input-snmptrap`
+::::{admonition} Migrating to logstash-integration-snmp from stand-alone input-snmptrap
The `logstash-input-snmptrap` plugin is now a component of the `logstash-integration-snmp` plugin which is bundled with {{ls}} 8.15.0 by default. This integrated plugin package provides better alignment in snmp processing, better resource management, easier package maintenance, and a smaller installation footprint.
Before you upgrade to {{ls}} 8.15.0, be aware of [behavioral and mapping differences](/lsr/plugins-integrations-snmp.md#plugins-integrations-snmp-migration) between current stand-alone plugins and the new versions included in `integration-snmp`. If you need to maintain current mappings for the `input-snmptrap` plugin, you have options to [preserve existing behavior](/lsr/plugins-integrations-snmp.md#plugins-integrations-snmp-input-snmptrap-compat).
diff --git a/docs/vpr/v4-1-0-plugins-filters-grok.md b/docs/vpr/v4-1-0-plugins-filters-grok.md
index d3763ee..e75a55d 100644
--- a/docs/vpr/v4-1-0-plugins-filters-grok.md
+++ b/docs/vpr/v4-1-0-plugins-filters-grok.md
@@ -133,7 +133,9 @@ Then use the `patterns_dir` setting in this plugin to tell logstash where your c
```ruby
Jan 1 06:25:43 mailserver14 postfix/cleanup[21403]: BEF25A72965: message-id=<20130101142543.5828399CCAF@mailserver14.example.com>
-[source,ruby]
+```
+
+```ruby
filter {
grok {
patterns_dir => ["./patterns"]
diff --git a/docs/vpr/v6-2-1-plugins-codecs-cef.md b/docs/vpr/v6-2-1-plugins-codecs-cef.md
index 0a5dc04..b0ee090 100644
--- a/docs/vpr/v6-2-1-plugins-codecs-cef.md
+++ b/docs/vpr/v6-2-1-plugins-codecs-cef.md
@@ -86,12 +86,12 @@ The following is a mapping between these fields.
| CEF Field Name (optional CEF Key) | ECS Field |
| --- | --- |
| `agentAddress` (`agt`) | `[agent][ip]` |
-| `agentDnsDomain` | `[cef][agent][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
+| `agentDnsDomain` | `[cef][agent][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
| `agentHostName` (`ahost`) | `[agent][name]` |
| `agentId` (`aid`) | `[agent][id]` |
| `agentMacAddress` (`amac`) | `[agent][mac]` |
-| `agentNtDomain` | `[cef][agent][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
-| `agentReceiptTime` (`art`) | `[event][created]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `agentNtDomain` | `[cef][agent][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
+| `agentReceiptTime` (`art`) | `[event][created]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `agentTimeZone` (`atz`) | `[cef][agent][timezone]` |
| `agentTranslatedAddress` | `[cef][agent][nat][ip]` |
| `agentTranslatedZoneExternalID` | `[cef][agent][translated_zone][external_id]` |
@@ -108,12 +108,12 @@ The following is a mapping between these fields.
| `customerExternalID` | `[organization][id]` |
| `customerURI` | `[organization][name]` |
| `destinationAddress` (`dst`) | `[destination][ip]` |
-| `destinationDnsDomain` | `[destination][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
+| `destinationDnsDomain` | `[destination][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
| `destinationGeoLatitude` (`dlat`) | `[destination][geo][location][lat]` |
| `destinationGeoLongitude` (`dlong`) | `[destination][geo][location][lon]` |
| `destinationHostName` (`dhost`) | `[destination][domain]` |
| `destinationMacAddress` (`dmac`) | `[destination][mac]` |
-| `destinationNtDomain` (`dntdom`) | `[destination][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
+| `destinationNtDomain` (`dntdom`) | `[destination][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
| `destinationPort` (`dpt`) | `[destination][port]` |
| `destinationProcessId` (`dpid`) | `[destination][process][pid]` |
| `destinationProcessName` (`dproc`) | `[destination][process][name]` |
@@ -128,8 +128,8 @@ The following is a mapping between these fields.
| `destinationZoneExternalID` | `[cef][destination][zone][external_id]` |
| `destinationZoneURI` | `[cef][destination][zone][uri]` |
| `deviceAction` (`act`) | `[event][action]` |
-| `deviceAddress` (`dvc`) | `[observer][ip]`
When plugin configured with `device => observer` |
-| `[host][ip]`
When plugin configured with `device => host` |
+| `deviceAddress` (`dvc`) | `[observer][ip]`
When plugin configured with `device => observer` |
+| `[host][ip]`
When plugin configured with `device => host` |
| `deviceCustomFloatingPoint1` (`cfp1`) | `[cef][device_custom_floating_point_1][value]` |
| `deviceCustomFloatingPoint1Label` (`cfp1Label`) | `[cef][device_custom_floating_point_1][label]` |
| `deviceCustomFloatingPoint2` (`cfp2`) | `[cef][device_custom_floating_point_2][value]` |
@@ -165,23 +165,23 @@ The following is a mapping between these fields.
| `deviceCustomString6` (`cs6`) | `[cef][device_custom_string_6][value]` |
| `deviceCustomString6Label` (`cs6Label`) | `[cef][device_custom_string_6][label]` |
| `deviceDirection` | `[network][direction]` |
-| `deviceDnsDomain` | `[observer][registered_domain]`
When plugin configured with `device => observer`. |
-| `[host][registered_domain]`
When plugin configured with `device => host`. |
+| `deviceDnsDomain` | `[observer][registered_domain]`
When plugin configured with `device => observer`. |
+| `[host][registered_domain]`
When plugin configured with `device => host`. |
| `deviceEventCategory` (`cat`) | `[cef][category]` |
-| `deviceExternalId` | `[observer][name]`
When plugin configured with `device => observer`. |
-| `[host][id]`
When plugin configured with `device => host`. |
+| `deviceExternalId` | `[observer][name]`
When plugin configured with `device => observer`. |
+| `[host][id]`
When plugin configured with `device => host`. |
| `deviceFacility` | `[log][syslog][facility][code]` |
-| `deviceHostName` (`dvchost`) | `[observer][hostname]`
When plugin configured with `device => observer`. |
-| `[host][name]`
When plugin configured with `device => host`. |
+| `deviceHostName` (`dvchost`) | `[observer][hostname]`
When plugin configured with `device => observer`. |
+| `[host][name]`
When plugin configured with `device => host`. |
| `deviceInboundInterface` | `[observer][ingress][interface][name]` |
-| `deviceMacAddress` (`dvcmac`) | `[observer][mac]`
When plugin configured with `device => observer`. |
-| `[host][mac]`
When plugin configured with `device => host`. |
+| `deviceMacAddress` (`dvcmac`) | `[observer][mac]`
When plugin configured with `device => observer`. |
+| `[host][mac]`
When plugin configured with `device => host`. |
| `deviceNtDomain` | `[cef][nt_domain]` |
| `deviceOutboundInterface` | `[observer][egress][interface][name]` |
| `devicePayloadId` | `[cef][payload_id]` |
| `deviceProcessId` (`dvcpid`) | `[process][pid]` |
| `deviceProcessName` | `[process][name]` |
-| `deviceReceiptTime` (`rt`) | `@timestamp`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `deviceReceiptTime` (`rt`) | `@timestamp`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `deviceTimeZone` (`dtz`) | `[event][timezone]` |
| `deviceTranslatedAddress` | `[host][nat][ip]` |
| `deviceTranslatedZoneExternalID` | `[cef][translated_zone][external_id]` |
@@ -189,25 +189,25 @@ The following is a mapping between these fields.
| `deviceVersion` | `[observer][version]` |
| `deviceZoneExternalID` | `[cef][zone][external_id]` |
| `deviceZoneURI` | `[cef][zone][uri]` |
-| `endTime` (`end`) | `[event][end]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `endTime` (`end`) | `[event][end]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `eventId` | `[event][id]` |
| `eventOutcome` (`outcome`) | `[event][outcome]` |
| `externalId` | `[cef][external_id]` |
| `fileCreateTime` | `[file][created]` |
| `fileHash` | `[file][hash]]` |
| `fileId` | `[file][inode]` |
-| `fileModificationTime` | `[file][mtime]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `fileModificationTime` | `[file][mtime]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `fileName` (`fname`) | `[file][name]` |
| `filePath` | `[file][path]` |
| `filePermission` | `[file][group]` |
| `fileSize` (`fsize`) | `[file][size]` |
| `fileType` | `[file][extension]` |
-| `managerReceiptTime` (`mrt`) | `[event][ingested]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `managerReceiptTime` (`mrt`) | `[event][ingested]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `message` (`msg`) | `[message]` |
-| `oldFileCreateTime` | `[cef][old_file][created]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `oldFileCreateTime` | `[cef][old_file][created]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `oldFileHash` | `[cef][old_file][hash]` |
| `oldFileId` | `[cef][old_file][inode]` |
-| `oldFileModificationTime` | `[cef][old_file][mtime]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `oldFileModificationTime` | `[cef][old_file][mtime]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `oldFileName` | `[cef][old_file][name]` |
| `oldFilePath` | `[cef][old_file][path]` |
| `oldFilePermission` | `[cef][old_file][group]` |
@@ -221,12 +221,12 @@ The following is a mapping between these fields.
| `requestMethod` | `[http][request][method]` |
| `requestUrl` (`request`) | `[url][original]` |
| `sourceAddress` (`src`) | `[source,shell][ip]` |
-| `sourceDnsDomain` | `[source,shell][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
+| `sourceDnsDomain` | `[source,shell][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
| `sourceGeoLatitude` (`slat`) | `[source,shell][geo][location][lat]` |
| `sourceGeoLongitude` (`slong`) | `[source,shell][geo][location][lon]` |
| `sourceHostName` (`shost`) | `[source,shell][domain]` |
| `sourceMacAddress` (`smac`) | `[source,shell][mac]` |
-| `sourceNtDomain` (`sntdom`) | `[source,shell][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
+| `sourceNtDomain` (`sntdom`) | `[source,shell][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
| `sourcePort` (`spt`) | `[source,shell][port]` |
| `sourceProcessId` (`spid`) | `[source,shell][process][pid]` |
| `sourceProcessName` (`sproc`) | `[source,shell][process][name]` |
@@ -240,7 +240,7 @@ The following is a mapping between these fields.
| `sourceUserPrivileges` (`spriv`) | `[source,shell][user][group][name]` |
| `sourceZoneExternalID` | `[cef][source,shell][zone][external_id]` |
| `sourceZoneURI` | `[cef][source,shell][zone][uri]` |
-| `startTime` (`start`) | `[event][start]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `startTime` (`start`) | `[event][start]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `transportProtocol` (`proto`) | `[network][transport]` |
| `type` | `[cef][type]` |
diff --git a/docs/vpr/v6-2-2-plugins-codecs-cef.md b/docs/vpr/v6-2-2-plugins-codecs-cef.md
index 50f814e..dcb70d6 100644
--- a/docs/vpr/v6-2-2-plugins-codecs-cef.md
+++ b/docs/vpr/v6-2-2-plugins-codecs-cef.md
@@ -86,12 +86,12 @@ The following is a mapping between these fields.
| CEF Field Name (optional CEF Key) | ECS Field |
| --- | --- |
| `agentAddress` (`agt`) | `[agent][ip]` |
-| `agentDnsDomain` | `[cef][agent][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
+| `agentDnsDomain` | `[cef][agent][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
| `agentHostName` (`ahost`) | `[agent][name]` |
| `agentId` (`aid`) | `[agent][id]` |
| `agentMacAddress` (`amac`) | `[agent][mac]` |
-| `agentNtDomain` | `[cef][agent][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
-| `agentReceiptTime` (`art`) | `[event][created]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `agentNtDomain` | `[cef][agent][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
+| `agentReceiptTime` (`art`) | `[event][created]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `agentTimeZone` (`atz`) | `[cef][agent][timezone]` |
| `agentTranslatedAddress` | `[cef][agent][nat][ip]` |
| `agentTranslatedZoneExternalID` | `[cef][agent][translated_zone][external_id]` |
@@ -108,12 +108,12 @@ The following is a mapping between these fields.
| `customerExternalID` | `[organization][id]` |
| `customerURI` | `[organization][name]` |
| `destinationAddress` (`dst`) | `[destination][ip]` |
-| `destinationDnsDomain` | `[destination][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
+| `destinationDnsDomain` | `[destination][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
| `destinationGeoLatitude` (`dlat`) | `[destination][geo][location][lat]` |
| `destinationGeoLongitude` (`dlong`) | `[destination][geo][location][lon]` |
| `destinationHostName` (`dhost`) | `[destination][domain]` |
| `destinationMacAddress` (`dmac`) | `[destination][mac]` |
-| `destinationNtDomain` (`dntdom`) | `[destination][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
+| `destinationNtDomain` (`dntdom`) | `[destination][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
| `destinationPort` (`dpt`) | `[destination][port]` |
| `destinationProcessId` (`dpid`) | `[destination][process][pid]` |
| `destinationProcessName` (`dproc`) | `[destination][process][name]` |
@@ -128,8 +128,7 @@ The following is a mapping between these fields.
| `destinationZoneExternalID` | `[cef][destination][zone][external_id]` |
| `destinationZoneURI` | `[cef][destination][zone][uri]` |
| `deviceAction` (`act`) | `[event][action]` |
-| `deviceAddress` (`dvc`) | `[observer][ip]`
When plugin configured with `device => observer` |
-| `[host][ip]`
When plugin configured with `device => host` |
+| `deviceAddress` (`dvc`) | `[observer][ip]`
When plugin configured with `device => observer`
`[host][ip]`
When plugin configured with `device => host` |
| `deviceCustomFloatingPoint1` (`cfp1`) | `[cef][device_custom_floating_point_1][value]` |
| `deviceCustomFloatingPoint1Label` (`cfp1Label`) | `[cef][device_custom_floating_point_1][label]` |
| `deviceCustomFloatingPoint2` (`cfp2`) | `[cef][device_custom_floating_point_2][value]` |
@@ -251,23 +250,19 @@ The following is a mapping between these fields.
| `deviceCustomString15` (`cs15`) | `[cef][device_custom_string_15][value]` |
| `deviceCustomString15Label` (`cs15Label`) | `[cef][device_custom_string_15][label]` |
| `deviceDirection` | `[network][direction]` |
-| `deviceDnsDomain` | `[observer][registered_domain]`
When plugin configured with `device => observer`. |
-| `[host][registered_domain]`
When plugin configured with `device => host`. |
+| `deviceDnsDomain` | `[observer][registered_domain]`
When plugin configured with `device => observer`.
`[host][registered_domain]`
When plugin configured with `device => host`. |
| `deviceEventCategory` (`cat`) | `[cef][category]` |
-| `deviceExternalId` | `[observer][name]`
When plugin configured with `device => observer`. |
-| `[host][id]`
When plugin configured with `device => host`. |
+| `deviceExternalId` | `[observer][name]`
When plugin configured with `device => observer`.
`[host][id]`
When plugin configured with `device => host`. |
| `deviceFacility` | `[log][syslog][facility][code]` |
-| `deviceHostName` (`dvchost`) | `[observer][hostname]`
When plugin configured with `device => observer`. |
-| `[host][name]`
When plugin configured with `device => host`. |
+| `deviceHostName` (`dvchost`) | `[observer][hostname]`
When plugin configured with `device => observer`.
`[host][name]`
When plugin configured with `device => host`. |
| `deviceInboundInterface` | `[observer][ingress][interface][name]` |
-| `deviceMacAddress` (`dvcmac`) | `[observer][mac]`
When plugin configured with `device => observer`. |
-| `[host][mac]`
When plugin configured with `device => host`. |
+| `deviceMacAddress` (`dvcmac`) | `[observer][mac]`
When plugin configured with `device => observer`.
`[host][mac]`
When plugin configured with `device => host`. |
| `deviceNtDomain` | `[cef][nt_domain]` |
| `deviceOutboundInterface` | `[observer][egress][interface][name]` |
| `devicePayloadId` | `[cef][payload_id]` |
| `deviceProcessId` (`dvcpid`) | `[process][pid]` |
| `deviceProcessName` | `[process][name]` |
-| `deviceReceiptTime` (`rt`) | `@timestamp`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `deviceReceiptTime` (`rt`) | `@timestamp`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `deviceTimeZone` (`dtz`) | `[event][timezone]` |
| `deviceTranslatedAddress` | `[host][nat][ip]` |
| `deviceTranslatedZoneExternalID` | `[cef][translated_zone][external_id]` |
@@ -275,25 +270,25 @@ The following is a mapping between these fields.
| `deviceVersion` | `[observer][version]` |
| `deviceZoneExternalID` | `[cef][zone][external_id]` |
| `deviceZoneURI` | `[cef][zone][uri]` |
-| `endTime` (`end`) | `[event][end]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `endTime` (`end`) | `[event][end]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `eventId` | `[event][id]` |
| `eventOutcome` (`outcome`) | `[event][outcome]` |
| `externalId` | `[cef][external_id]` |
| `fileCreateTime` | `[file][created]` |
| `fileHash` | `[file][hash]` |
| `fileId` | `[file][inode]` |
-| `fileModificationTime` | `[file][mtime]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `fileModificationTime` | `[file][mtime]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `fileName` (`fname`) | `[file][name]` |
| `filePath` | `[file][path]` |
| `filePermission` | `[file][group]` |
| `fileSize` (`fsize`) | `[file][size]` |
| `fileType` | `[file][extension]` |
-| `managerReceiptTime` (`mrt`) | `[event][ingested]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `managerReceiptTime` (`mrt`) | `[event][ingested]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `message` (`msg`) | `[message]` |
-| `oldFileCreateTime` | `[cef][old_file][created]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `oldFileCreateTime` | `[cef][old_file][created]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `oldFileHash` | `[cef][old_file][hash]` |
| `oldFileId` | `[cef][old_file][inode]` |
-| `oldFileModificationTime` | `[cef][old_file][mtime]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `oldFileModificationTime` | `[cef][old_file][mtime]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `oldFileName` | `[cef][old_file][name]` |
| `oldFilePath` | `[cef][old_file][path]` |
| `oldFilePermission` | `[cef][old_file][group]` |
@@ -307,12 +302,12 @@ The following is a mapping between these fields.
| `requestMethod` | `[http][request][method]` |
| `requestUrl` (`request`) | `[url][original]` |
| `sourceAddress` (`src`) | `[source,shell][ip]` |
-| `sourceDnsDomain` | `[source,shell][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
+| `sourceDnsDomain` | `[source,shell][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
| `sourceGeoLatitude` (`slat`) | `[source,shell][geo][location][lat]` |
| `sourceGeoLongitude` (`slong`) | `[source,shell][geo][location][lon]` |
| `sourceHostName` (`shost`) | `[source,shell][domain]` |
| `sourceMacAddress` (`smac`) | `[source,shell][mac]` |
-| `sourceNtDomain` (`sntdom`) | `[source,shell][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
+| `sourceNtDomain` (`sntdom`) | `[source,shell][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
| `sourcePort` (`spt`) | `[source,shell][port]` |
| `sourceProcessId` (`spid`) | `[source,shell][process][pid]` |
| `sourceProcessName` (`sproc`) | `[source,shell][process][name]` |
@@ -326,7 +321,7 @@ The following is a mapping between these fields.
| `sourceUserPrivileges` (`spriv`) | `[source,shell][user][group][name]` |
| `sourceZoneExternalID` | `[cef][source,shell][zone][external_id]` |
| `sourceZoneURI` | `[cef][source,shell][zone][uri]` |
-| `startTime` (`start`) | `[event][start]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `startTime` (`start`) | `[event][start]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `transportProtocol` (`proto`) | `[network][transport]` |
| `type` | `[cef][type]` |
diff --git a/docs/vpr/v6-2-3-plugins-codecs-cef.md b/docs/vpr/v6-2-3-plugins-codecs-cef.md
index 7fd2ad3..2bc534c 100644
--- a/docs/vpr/v6-2-3-plugins-codecs-cef.md
+++ b/docs/vpr/v6-2-3-plugins-codecs-cef.md
@@ -86,12 +86,12 @@ The following is a mapping between these fields.
| CEF Field Name (optional CEF Key) | ECS Field |
| --- | --- |
| `agentAddress` (`agt`) | `[agent][ip]` |
-| `agentDnsDomain` | `[cef][agent][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
+| `agentDnsDomain` | `[cef][agent][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
| `agentHostName` (`ahost`) | `[agent][name]` |
| `agentId` (`aid`) | `[agent][id]` |
| `agentMacAddress` (`amac`) | `[agent][mac]` |
-| `agentNtDomain` | `[cef][agent][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
-| `agentReceiptTime` (`art`) | `[event][created]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `agentNtDomain` | `[cef][agent][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
+| `agentReceiptTime` (`art`) | `[event][created]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `agentTimeZone` (`atz`) | `[cef][agent][timezone]` |
| `agentTranslatedAddress` | `[cef][agent][nat][ip]` |
| `agentTranslatedZoneExternalID` | `[cef][agent][translated_zone][external_id]` |
@@ -108,12 +108,12 @@ The following is a mapping between these fields.
| `customerExternalID` | `[organization][id]` |
| `customerURI` | `[organization][name]` |
| `destinationAddress` (`dst`) | `[destination][ip]` |
-| `destinationDnsDomain` | `[destination][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
+| `destinationDnsDomain` | `[destination][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
| `destinationGeoLatitude` (`dlat`) | `[destination][geo][location][lat]` |
| `destinationGeoLongitude` (`dlong`) | `[destination][geo][location][lon]` |
| `destinationHostName` (`dhost`) | `[destination][domain]` |
| `destinationMacAddress` (`dmac`) | `[destination][mac]` |
-| `destinationNtDomain` (`dntdom`) | `[destination][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
+| `destinationNtDomain` (`dntdom`) | `[destination][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
| `destinationPort` (`dpt`) | `[destination][port]` |
| `destinationProcessId` (`dpid`) | `[destination][process][pid]` |
| `destinationProcessName` (`dproc`) | `[destination][process][name]` |
@@ -128,8 +128,7 @@ The following is a mapping between these fields.
| `destinationZoneExternalID` | `[cef][destination][zone][external_id]` |
| `destinationZoneURI` | `[cef][destination][zone][uri]` |
| `deviceAction` (`act`) | `[event][action]` |
-| `deviceAddress` (`dvc`) | `[observer][ip]`
When plugin configured with `device => observer` |
-| `[host][ip]`
When plugin configured with `device => host` |
+| `deviceAddress` (`dvc`) | `[observer][ip]`
When plugin configured with `device => observer`
`[host][ip]`
When plugin configured with `device => host` |
| `deviceCustomFloatingPoint1` (`cfp1`) | `[cef][device_custom_floating_point_1][value]` |
| `deviceCustomFloatingPoint1Label` (`cfp1Label`) | `[cef][device_custom_floating_point_1][label]` |
| `deviceCustomFloatingPoint2` (`cfp2`) | `[cef][device_custom_floating_point_2][value]` |
@@ -251,23 +250,19 @@ The following is a mapping between these fields.
| `deviceCustomString15` (`cs15`) | `[cef][device_custom_string_15][value]` |
| `deviceCustomString15Label` (`cs15Label`) | `[cef][device_custom_string_15][label]` |
| `deviceDirection` | `[network][direction]` |
-| `deviceDnsDomain` | `[observer][registered_domain]`
When plugin configured with `device => observer`. |
-| `[host][registered_domain]`
When plugin configured with `device => host`. |
+| `deviceDnsDomain` | `[observer][registered_domain]`
When plugin configured with `device => observer`.
`[host][registered_domain]`
When plugin configured with `device => host`. |
| `deviceEventCategory` (`cat`) | `[cef][category]` |
-| `deviceExternalId` | `[observer][name]`
When plugin configured with `device => observer`. |
-| `[host][id]`
When plugin configured with `device => host`. |
+| `deviceExternalId` | `[observer][name]`
When plugin configured with `device => observer`.
`[host][id]`
When plugin configured with `device => host`. |
| `deviceFacility` | `[log][syslog][facility][code]` |
-| `deviceHostName` (`dvchost`) | `[observer][hostname]`
When plugin configured with `device => observer`. |
-| `[host][name]`
When plugin configured with `device => host`. |
+| `deviceHostName` (`dvchost`) | `[observer][hostname]`
When plugin configured with `device => observer`.
`[host][name]`
When plugin configured with `device => host`. |
| `deviceInboundInterface` | `[observer][ingress][interface][name]` |
-| `deviceMacAddress` (`dvcmac`) | `[observer][mac]`
When plugin configured with `device => observer`. |
-| `[host][mac]`
When plugin configured with `device => host`. |
+| `deviceMacAddress` (`dvcmac`) | `[observer][mac]`
When plugin configured with `device => observer`.
`[host][mac]`
When plugin configured with `device => host`. |
| `deviceNtDomain` | `[cef][nt_domain]` |
| `deviceOutboundInterface` | `[observer][egress][interface][name]` |
| `devicePayloadId` | `[cef][payload_id]` |
| `deviceProcessId` (`dvcpid`) | `[process][pid]` |
| `deviceProcessName` | `[process][name]` |
-| `deviceReceiptTime` (`rt`) | `@timestamp`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `deviceReceiptTime` (`rt`) | `@timestamp`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `deviceTimeZone` (`dtz`) | `[event][timezone]` |
| `deviceTranslatedAddress` | `[host][nat][ip]` |
| `deviceTranslatedZoneExternalID` | `[cef][translated_zone][external_id]` |
@@ -275,25 +270,25 @@ The following is a mapping between these fields.
| `deviceVersion` | `[observer][version]` |
| `deviceZoneExternalID` | `[cef][zone][external_id]` |
| `deviceZoneURI` | `[cef][zone][uri]` |
-| `endTime` (`end`) | `[event][end]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `endTime` (`end`) | `[event][end]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `eventId` | `[event][id]` |
| `eventOutcome` (`outcome`) | `[event][outcome]` |
| `externalId` | `[cef][external_id]` |
| `fileCreateTime` | `[file][created]` |
| `fileHash` | `[file][hash]` |
| `fileId` | `[file][inode]` |
-| `fileModificationTime` | `[file][mtime]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `fileModificationTime` | `[file][mtime]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `fileName` (`fname`) | `[file][name]` |
| `filePath` | `[file][path]` |
| `filePermission` | `[file][group]` |
| `fileSize` (`fsize`) | `[file][size]` |
| `fileType` | `[file][extension]` |
-| `managerReceiptTime` (`mrt`) | `[event][ingested]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `managerReceiptTime` (`mrt`) | `[event][ingested]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `message` (`msg`) | `[message]` |
-| `oldFileCreateTime` | `[cef][old_file][created]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `oldFileCreateTime` | `[cef][old_file][created]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `oldFileHash` | `[cef][old_file][hash]` |
| `oldFileId` | `[cef][old_file][inode]` |
-| `oldFileModificationTime` | `[cef][old_file][mtime]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `oldFileModificationTime` | `[cef][old_file][mtime]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `oldFileName` | `[cef][old_file][name]` |
| `oldFilePath` | `[cef][old_file][path]` |
| `oldFilePermission` | `[cef][old_file][group]` |
@@ -307,12 +302,12 @@ The following is a mapping between these fields.
| `requestMethod` | `[http][request][method]` |
| `requestUrl` (`request`) | `[url][original]` |
| `sourceAddress` (`src`) | `[source][ip]` |
-| `sourceDnsDomain` | `[source][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
+| `sourceDnsDomain` | `[source][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
| `sourceGeoLatitude` (`slat`) | `[source][geo][location][lat]` |
| `sourceGeoLongitude` (`slong`) | `[source][geo][location][lon]` |
| `sourceHostName` (`shost`) | `[source][domain]` |
| `sourceMacAddress` (`smac`) | `[source][mac]` |
-| `sourceNtDomain` (`sntdom`) | `[source][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
+| `sourceNtDomain` (`sntdom`) | `[source][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
| `sourcePort` (`spt`) | `[source][port]` |
| `sourceProcessId` (`spid`) | `[source][process][pid]` |
| `sourceProcessName` (`sproc`) | `[source][process][name]` |
@@ -326,7 +321,7 @@ The following is a mapping between these fields.
| `sourceUserPrivileges` (`spriv`) | `[source][user][group][name]` |
| `sourceZoneExternalID` | `[cef][source][zone][external_id]` |
| `sourceZoneURI` | `[cef][source][zone][uri]` |
-| `startTime` (`start`) | `[event][start]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `startTime` (`start`) | `[event][start]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `transportProtocol` (`proto`) | `[network][transport]` |
| `type` | `[cef][type]` |
diff --git a/docs/vpr/v6-2-4-plugins-codecs-cef.md b/docs/vpr/v6-2-4-plugins-codecs-cef.md
index 69bcde8..4461ca2 100644
--- a/docs/vpr/v6-2-4-plugins-codecs-cef.md
+++ b/docs/vpr/v6-2-4-plugins-codecs-cef.md
@@ -86,12 +86,12 @@ The following is a mapping between these fields.
| CEF Field Name (optional CEF Key) | ECS Field |
| --- | --- |
| `agentAddress` (`agt`) | `[agent][ip]` |
-| `agentDnsDomain` | `[cef][agent][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
+| `agentDnsDomain` | `[cef][agent][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
| `agentHostName` (`ahost`) | `[agent][name]` |
| `agentId` (`aid`) | `[agent][id]` |
| `agentMacAddress` (`amac`) | `[agent][mac]` |
-| `agentNtDomain` | `[cef][agent][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
-| `agentReceiptTime` (`art`) | `[event][created]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `agentNtDomain` | `[cef][agent][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
+| `agentReceiptTime` (`art`) | `[event][created]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `agentTimeZone` (`atz`) | `[cef][agent][timezone]` |
| `agentTranslatedAddress` | `[cef][agent][nat][ip]` |
| `agentTranslatedZoneExternalID` | `[cef][agent][translated_zone][external_id]` |
@@ -108,12 +108,12 @@ The following is a mapping between these fields.
| `customerExternalID` | `[organization][id]` |
| `customerURI` | `[organization][name]` |
| `destinationAddress` (`dst`) | `[destination][ip]` |
-| `destinationDnsDomain` | `[destination][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
+| `destinationDnsDomain` | `[destination][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
| `destinationGeoLatitude` (`dlat`) | `[destination][geo][location][lat]` |
| `destinationGeoLongitude` (`dlong`) | `[destination][geo][location][lon]` |
| `destinationHostName` (`dhost`) | `[destination][domain]` |
| `destinationMacAddress` (`dmac`) | `[destination][mac]` |
-| `destinationNtDomain` (`dntdom`) | `[destination][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
+| `destinationNtDomain` (`dntdom`) | `[destination][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
| `destinationPort` (`dpt`) | `[destination][port]` |
| `destinationProcessId` (`dpid`) | `[destination][process][pid]` |
| `destinationProcessName` (`dproc`) | `[destination][process][name]` |
@@ -128,8 +128,7 @@ The following is a mapping between these fields.
| `destinationZoneExternalID` | `[cef][destination][zone][external_id]` |
| `destinationZoneURI` | `[cef][destination][zone][uri]` |
| `deviceAction` (`act`) | `[event][action]` |
-| `deviceAddress` (`dvc`) | `[observer][ip]`
When plugin configured with `device => observer` |
-| `[host][ip]`
When plugin configured with `device => host` |
+| `deviceAddress` (`dvc`) | `[observer][ip]`
When plugin configured with `device => observer`
`[host][ip]`
When plugin configured with `device => host` |
| `deviceCustomFloatingPoint1` (`cfp1`) | `[cef][device_custom_floating_point_1][value]` |
| `deviceCustomFloatingPoint1Label` (`cfp1Label`) | `[cef][device_custom_floating_point_1][label]` |
| `deviceCustomFloatingPoint2` (`cfp2`) | `[cef][device_custom_floating_point_2][value]` |
@@ -251,23 +250,19 @@ The following is a mapping between these fields.
| `deviceCustomString15` (`cs15`) | `[cef][device_custom_string_15][value]` |
| `deviceCustomString15Label` (`cs15Label`) | `[cef][device_custom_string_15][label]` |
| `deviceDirection` | `[network][direction]` |
-| `deviceDnsDomain` | `[observer][registered_domain]`
When plugin configured with `device => observer`. |
-| `[host][registered_domain]`
When plugin configured with `device => host`. |
+| `deviceDnsDomain` | `[observer][registered_domain]`
When plugin configured with `device => observer`.
`[host][registered_domain]`
When plugin configured with `device => host`. |
| `deviceEventCategory` (`cat`) | `[cef][category]` |
-| `deviceExternalId` | `[observer][name]`
When plugin configured with `device => observer`. |
-| `[host][id]`
When plugin configured with `device => host`. |
+| `deviceExternalId` | `[observer][name]`
When plugin configured with `device => observer`.
`[host][id]`
When plugin configured with `device => host`. |
| `deviceFacility` | `[log][syslog][facility][code]` |
-| `deviceHostName` (`dvchost`) | `[observer][hostname]`
When plugin configured with `device => observer`. |
-| `[host][name]`
When plugin configured with `device => host`. |
+| `deviceHostName` (`dvchost`) | `[observer][hostname]`
When plugin configured with `device => observer`.
`[host][name]`
When plugin configured with `device => host`. |
| `deviceInboundInterface` | `[observer][ingress][interface][name]` |
-| `deviceMacAddress` (`dvcmac`) | `[observer][mac]`
When plugin configured with `device => observer`. |
-| `[host][mac]`
When plugin configured with `device => host`. |
+| `deviceMacAddress` (`dvcmac`) | `[observer][mac]`
When plugin configured with `device => observer`.
`[host][mac]`
When plugin configured with `device => host`. |
| `deviceNtDomain` | `[cef][nt_domain]` |
| `deviceOutboundInterface` | `[observer][egress][interface][name]` |
| `devicePayloadId` | `[cef][payload_id]` |
| `deviceProcessId` (`dvcpid`) | `[process][pid]` |
| `deviceProcessName` | `[process][name]` |
-| `deviceReceiptTime` (`rt`) | `@timestamp`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `deviceReceiptTime` (`rt`) | `@timestamp`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `deviceTimeZone` (`dtz`) | `[event][timezone]` |
| `deviceTranslatedAddress` | `[host][nat][ip]` |
| `deviceTranslatedZoneExternalID` | `[cef][translated_zone][external_id]` |
@@ -275,25 +270,25 @@ The following is a mapping between these fields.
| `deviceVersion` | `[observer][version]` |
| `deviceZoneExternalID` | `[cef][zone][external_id]` |
| `deviceZoneURI` | `[cef][zone][uri]` |
-| `endTime` (`end`) | `[event][end]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `endTime` (`end`) | `[event][end]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `eventId` | `[event][id]` |
| `eventOutcome` (`outcome`) | `[event][outcome]` |
| `externalId` | `[cef][external_id]` |
| `fileCreateTime` | `[file][created]` |
| `fileHash` | `[file][hash]` |
| `fileId` | `[file][inode]` |
-| `fileModificationTime` | `[file][mtime]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `fileModificationTime` | `[file][mtime]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `fileName` (`fname`) | `[file][name]` |
| `filePath` | `[file][path]` |
| `filePermission` | `[file][group]` |
| `fileSize` (`fsize`) | `[file][size]` |
| `fileType` | `[file][extension]` |
-| `managerReceiptTime` (`mrt`) | `[event][ingested]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `managerReceiptTime` (`mrt`) | `[event][ingested]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `message` (`msg`) | `[message]` |
-| `oldFileCreateTime` | `[cef][old_file][created]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `oldFileCreateTime` | `[cef][old_file][created]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `oldFileHash` | `[cef][old_file][hash]` |
| `oldFileId` | `[cef][old_file][inode]` |
-| `oldFileModificationTime` | `[cef][old_file][mtime]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `oldFileModificationTime` | `[cef][old_file][mtime]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `oldFileName` | `[cef][old_file][name]` |
| `oldFilePath` | `[cef][old_file][path]` |
| `oldFilePermission` | `[cef][old_file][group]` |
@@ -307,12 +302,12 @@ The following is a mapping between these fields.
| `requestMethod` | `[http][request][method]` |
| `requestUrl` (`request`) | `[url][original]` |
| `sourceAddress` (`src`) | `[source][ip]` |
-| `sourceDnsDomain` | `[source][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
+| `sourceDnsDomain` | `[source][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
| `sourceGeoLatitude` (`slat`) | `[source][geo][location][lat]` |
| `sourceGeoLongitude` (`slong`) | `[source][geo][location][lon]` |
| `sourceHostName` (`shost`) | `[source][domain]` |
| `sourceMacAddress` (`smac`) | `[source][mac]` |
-| `sourceNtDomain` (`sntdom`) | `[source][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
+| `sourceNtDomain` (`sntdom`) | `[source][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
| `sourcePort` (`spt`) | `[source][port]` |
| `sourceProcessId` (`spid`) | `[source][process][pid]` |
| `sourceProcessName` (`sproc`) | `[source][process][name]` |
@@ -326,7 +321,7 @@ The following is a mapping between these fields.
| `sourceUserPrivileges` (`spriv`) | `[source][user][group][name]` |
| `sourceZoneExternalID` | `[cef][source][zone][external_id]` |
| `sourceZoneURI` | `[cef][source][zone][uri]` |
-| `startTime` (`start`) | `[event][start]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `startTime` (`start`) | `[event][start]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `transportProtocol` (`proto`) | `[network][transport]` |
| `type` | `[cef][type]` |
diff --git a/docs/vpr/v6-2-5-plugins-codecs-cef.md b/docs/vpr/v6-2-5-plugins-codecs-cef.md
index 3d2c321..af80b00 100644
--- a/docs/vpr/v6-2-5-plugins-codecs-cef.md
+++ b/docs/vpr/v6-2-5-plugins-codecs-cef.md
@@ -86,12 +86,12 @@ The following is a mapping between these fields.
| CEF Field Name (optional CEF Key) | ECS Field |
| --- | --- |
| `agentAddress` (`agt`) | `[agent][ip]` |
-| `agentDnsDomain` | `[cef][agent][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
+| `agentDnsDomain` | `[cef][agent][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
| `agentHostName` (`ahost`) | `[agent][name]` |
| `agentId` (`aid`) | `[agent][id]` |
| `agentMacAddress` (`amac`) | `[agent][mac]` |
-| `agentNtDomain` | `[cef][agent][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
-| `agentReceiptTime` (`art`) | `[event][created]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `agentNtDomain` | `[cef][agent][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
+| `agentReceiptTime` (`art`) | `[event][created]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `agentTimeZone` (`atz`) | `[cef][agent][timezone]` |
| `agentTranslatedAddress` | `[cef][agent][nat][ip]` |
| `agentTranslatedZoneExternalID` | `[cef][agent][translated_zone][external_id]` |
@@ -108,12 +108,12 @@ The following is a mapping between these fields.
| `customerExternalID` | `[organization][id]` |
| `customerURI` | `[organization][name]` |
| `destinationAddress` (`dst`) | `[destination][ip]` |
-| `destinationDnsDomain` | `[destination][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
+| `destinationDnsDomain` | `[destination][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
| `destinationGeoLatitude` (`dlat`) | `[destination][geo][location][lat]` |
| `destinationGeoLongitude` (`dlong`) | `[destination][geo][location][lon]` |
| `destinationHostName` (`dhost`) | `[destination][domain]` |
| `destinationMacAddress` (`dmac`) | `[destination][mac]` |
-| `destinationNtDomain` (`dntdom`) | `[destination][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
+| `destinationNtDomain` (`dntdom`) | `[destination][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
| `destinationPort` (`dpt`) | `[destination][port]` |
| `destinationProcessId` (`dpid`) | `[destination][process][pid]` |
| `destinationProcessName` (`dproc`) | `[destination][process][name]` |
@@ -128,8 +128,7 @@ The following is a mapping between these fields.
| `destinationZoneExternalID` | `[cef][destination][zone][external_id]` |
| `destinationZoneURI` | `[cef][destination][zone][uri]` |
| `deviceAction` (`act`) | `[event][action]` |
-| `deviceAddress` (`dvc`) | `[observer][ip]`
When plugin configured with `device => observer` |
-| `[host][ip]`
When plugin configured with `device => host` |
+| `deviceAddress` (`dvc`) | `[observer][ip]`
When plugin configured with `device => observer`
`[host][ip]`
When plugin configured with `device => host` |
| `deviceCustomFloatingPoint1` (`cfp1`) | `[cef][device_custom_floating_point_1][value]` |
| `deviceCustomFloatingPoint1Label` (`cfp1Label`) | `[cef][device_custom_floating_point_1][label]` |
| `deviceCustomFloatingPoint2` (`cfp2`) | `[cef][device_custom_floating_point_2][value]` |
@@ -251,23 +250,19 @@ The following is a mapping between these fields.
| `deviceCustomString15` (`cs15`) | `[cef][device_custom_string_15][value]` |
| `deviceCustomString15Label` (`cs15Label`) | `[cef][device_custom_string_15][label]` |
| `deviceDirection` | `[network][direction]` |
-| `deviceDnsDomain` | `[observer][registered_domain]`
When plugin configured with `device => observer`. |
-| `[host][registered_domain]`
When plugin configured with `device => host`. |
+| `deviceDnsDomain` | `[observer][registered_domain]`
When plugin configured with `device => observer`.
`[host][registered_domain]`
When plugin configured with `device => host`. |
| `deviceEventCategory` (`cat`) | `[cef][category]` |
-| `deviceExternalId` | `[observer][name]`
When plugin configured with `device => observer`. |
-| `[host][id]`
When plugin configured with `device => host`. |
+| `deviceExternalId` | `[observer][name]`
When plugin configured with `device => observer`.
`[host][id]`
When plugin configured with `device => host`. |
| `deviceFacility` | `[log][syslog][facility][code]` |
-| `deviceHostName` (`dvchost`) | `[observer][hostname]`
When plugin configured with `device => observer`. |
-| `[host][name]`
When plugin configured with `device => host`. |
+| `deviceHostName` (`dvchost`) | `[observer][hostname]`
When plugin configured with `device => observer`.
`[host][name]`
When plugin configured with `device => host`. |
| `deviceInboundInterface` | `[observer][ingress][interface][name]` |
-| `deviceMacAddress` (`dvcmac`) | `[observer][mac]`
When plugin configured with `device => observer`. |
-| `[host][mac]`
When plugin configured with `device => host`. |
+| `deviceMacAddress` (`dvcmac`) | `[observer][mac]`
When plugin configured with `device => observer`.
`[host][mac]`
When plugin configured with `device => host`. |
| `deviceNtDomain` | `[cef][nt_domain]` |
| `deviceOutboundInterface` | `[observer][egress][interface][name]` |
| `devicePayloadId` | `[cef][payload_id]` |
| `deviceProcessId` (`dvcpid`) | `[process][pid]` |
| `deviceProcessName` | `[process][name]` |
-| `deviceReceiptTime` (`rt`) | `@timestamp`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `deviceReceiptTime` (`rt`) | `@timestamp`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `deviceTimeZone` (`dtz`) | `[event][timezone]` |
| `deviceTranslatedAddress` | `[host][nat][ip]` |
| `deviceTranslatedZoneExternalID` | `[cef][translated_zone][external_id]` |
@@ -275,25 +270,25 @@ The following is a mapping between these fields.
| `deviceVersion` | `[observer][version]` |
| `deviceZoneExternalID` | `[cef][zone][external_id]` |
| `deviceZoneURI` | `[cef][zone][uri]` |
-| `endTime` (`end`) | `[event][end]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `endTime` (`end`) | `[event][end]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `eventId` | `[event][id]` |
| `eventOutcome` (`outcome`) | `[event][outcome]` |
| `externalId` | `[cef][external_id]` |
| `fileCreateTime` | `[file][created]` |
| `fileHash` | `[file][hash]` |
| `fileId` | `[file][inode]` |
-| `fileModificationTime` | `[file][mtime]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `fileModificationTime` | `[file][mtime]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `fileName` (`fname`) | `[file][name]` |
| `filePath` | `[file][path]` |
| `filePermission` | `[file][group]` |
| `fileSize` (`fsize`) | `[file][size]` |
| `fileType` | `[file][extension]` |
-| `managerReceiptTime` (`mrt`) | `[event][ingested]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `managerReceiptTime` (`mrt`) | `[event][ingested]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `message` (`msg`) | `[message]` |
-| `oldFileCreateTime` | `[cef][old_file][created]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `oldFileCreateTime` | `[cef][old_file][created]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `oldFileHash` | `[cef][old_file][hash]` |
| `oldFileId` | `[cef][old_file][inode]` |
-| `oldFileModificationTime` | `[cef][old_file][mtime]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `oldFileModificationTime` | `[cef][old_file][mtime]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `oldFileName` | `[cef][old_file][name]` |
| `oldFilePath` | `[cef][old_file][path]` |
| `oldFilePermission` | `[cef][old_file][group]` |
@@ -307,12 +302,12 @@ The following is a mapping between these fields.
| `requestMethod` | `[http][request][method]` |
| `requestUrl` (`request`) | `[url][original]` |
| `sourceAddress` (`src`) | `[source][ip]` |
-| `sourceDnsDomain` | `[source][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
+| `sourceDnsDomain` | `[source][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
| `sourceGeoLatitude` (`slat`) | `[source][geo][location][lat]` |
| `sourceGeoLongitude` (`slong`) | `[source][geo][location][lon]` |
| `sourceHostName` (`shost`) | `[source][domain]` |
| `sourceMacAddress` (`smac`) | `[source][mac]` |
-| `sourceNtDomain` (`sntdom`) | `[source][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
+| `sourceNtDomain` (`sntdom`) | `[source][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
| `sourcePort` (`spt`) | `[source][port]` |
| `sourceProcessId` (`spid`) | `[source][process][pid]` |
| `sourceProcessName` (`sproc`) | `[source][process][name]` |
@@ -326,7 +321,7 @@ The following is a mapping between these fields.
| `sourceUserPrivileges` (`spriv`) | `[source][user][group][name]` |
| `sourceZoneExternalID` | `[cef][source][zone][external_id]` |
| `sourceZoneURI` | `[cef][source][zone][uri]` |
-| `startTime` (`start`) | `[event][start]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `startTime` (`start`) | `[event][start]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `transportProtocol` (`proto`) | `[network][transport]` |
| `type` | `[cef][type]` |
diff --git a/docs/vpr/v6-2-6-plugins-codecs-cef.md b/docs/vpr/v6-2-6-plugins-codecs-cef.md
index 68805bf..c985a03 100644
--- a/docs/vpr/v6-2-6-plugins-codecs-cef.md
+++ b/docs/vpr/v6-2-6-plugins-codecs-cef.md
@@ -86,12 +86,12 @@ The following is a mapping between these fields.
| CEF Field Name (optional CEF Key) | ECS Field |
| --- | --- |
| `agentAddress` (`agt`) | `[agent][ip]` |
-| `agentDnsDomain` | `[cef][agent][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
+| `agentDnsDomain` | `[cef][agent][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
| `agentHostName` (`ahost`) | `[agent][name]` |
| `agentId` (`aid`) | `[agent][id]` |
| `agentMacAddress` (`amac`) | `[agent][mac]` |
-| `agentNtDomain` | `[cef][agent][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
-| `agentReceiptTime` (`art`) | `[event][created]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `agentNtDomain` | `[cef][agent][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
+| `agentReceiptTime` (`art`) | `[event][created]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `agentTimeZone` (`atz`) | `[cef][agent][timezone]` |
| `agentTranslatedAddress` | `[cef][agent][nat][ip]` |
| `agentTranslatedZoneExternalID` | `[cef][agent][translated_zone][external_id]` |
@@ -108,12 +108,12 @@ The following is a mapping between these fields.
| `customerExternalID` | `[organization][id]` |
| `customerURI` | `[organization][name]` |
| `destinationAddress` (`dst`) | `[destination][ip]` |
-| `destinationDnsDomain` | `[destination][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
+| `destinationDnsDomain` | `[destination][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
| `destinationGeoLatitude` (`dlat`) | `[destination][geo][location][lat]` |
| `destinationGeoLongitude` (`dlong`) | `[destination][geo][location][lon]` |
| `destinationHostName` (`dhost`) | `[destination][domain]` |
| `destinationMacAddress` (`dmac`) | `[destination][mac]` |
-| `destinationNtDomain` (`dntdom`) | `[destination][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
+| `destinationNtDomain` (`dntdom`) | `[destination][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
| `destinationPort` (`dpt`) | `[destination][port]` |
| `destinationProcessId` (`dpid`) | `[destination][process][pid]` |
| `destinationProcessName` (`dproc`) | `[destination][process][name]` |
@@ -128,8 +128,7 @@ The following is a mapping between these fields.
| `destinationZoneExternalID` | `[cef][destination][zone][external_id]` |
| `destinationZoneURI` | `[cef][destination][zone][uri]` |
| `deviceAction` (`act`) | `[event][action]` |
-| `deviceAddress` (`dvc`) | `[observer][ip]`
When plugin configured with `device => observer` |
-| `[host][ip]`
When plugin configured with `device => host` |
+| `deviceAddress` (`dvc`) | `[observer][ip]`
When plugin configured with `device => observer`
`[host][ip]`
When plugin configured with `device => host` |
| `deviceCustomFloatingPoint1` (`cfp1`) | `[cef][device_custom_floating_point_1][value]` |
| `deviceCustomFloatingPoint1Label` (`cfp1Label`) | `[cef][device_custom_floating_point_1][label]` |
| `deviceCustomFloatingPoint2` (`cfp2`) | `[cef][device_custom_floating_point_2][value]` |
@@ -251,23 +250,19 @@ The following is a mapping between these fields.
| `deviceCustomString15` (`cs15`) | `[cef][device_custom_string_15][value]` |
| `deviceCustomString15Label` (`cs15Label`) | `[cef][device_custom_string_15][label]` |
| `deviceDirection` | `[network][direction]` |
-| `deviceDnsDomain` | `[observer][registered_domain]`
When plugin configured with `device => observer`. |
-| `[host][registered_domain]`
When plugin configured with `device => host`. |
+| `deviceDnsDomain` | `[observer][registered_domain]`
When plugin configured with `device => observer`.
`[host][registered_domain]`
When plugin configured with `device => host`. |
| `deviceEventCategory` (`cat`) | `[cef][category]` |
-| `deviceExternalId` | `[observer][name]`
When plugin configured with `device => observer`. |
-| `[host][id]`
When plugin configured with `device => host`. |
+| `deviceExternalId` | `[observer][name]`
When plugin configured with `device => observer`.
`[host][id]`
When plugin configured with `device => host`. |
| `deviceFacility` | `[log][syslog][facility][code]` |
-| `deviceHostName` (`dvchost`) | `[observer][hostname]`
When plugin configured with `device => observer`. |
-| `[host][name]`
When plugin configured with `device => host`. |
+| `deviceHostName` (`dvchost`) | `[observer][hostname]`
When plugin configured with `device => observer`.
`[host][name]`
When plugin configured with `device => host`. |
| `deviceInboundInterface` | `[observer][ingress][interface][name]` |
-| `deviceMacAddress` (`dvcmac`) | `[observer][mac]`
When plugin configured with `device => observer`. |
-| `[host][mac]`
When plugin configured with `device => host`. |
+| `deviceMacAddress` (`dvcmac`) | `[observer][mac]`
When plugin configured with `device => observer`.
`[host][mac]`
When plugin configured with `device => host`. |
| `deviceNtDomain` | `[cef][nt_domain]` |
| `deviceOutboundInterface` | `[observer][egress][interface][name]` |
| `devicePayloadId` | `[cef][payload_id]` |
| `deviceProcessId` (`dvcpid`) | `[process][pid]` |
| `deviceProcessName` | `[process][name]` |
-| `deviceReceiptTime` (`rt`) | `@timestamp`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `deviceReceiptTime` (`rt`) | `@timestamp`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `deviceTimeZone` (`dtz`) | `[event][timezone]` |
| `deviceTranslatedAddress` | `[host][nat][ip]` |
| `deviceTranslatedZoneExternalID` | `[cef][translated_zone][external_id]` |
@@ -275,25 +270,25 @@ The following is a mapping between these fields.
| `deviceVersion` | `[observer][version]` |
| `deviceZoneExternalID` | `[cef][zone][external_id]` |
| `deviceZoneURI` | `[cef][zone][uri]` |
-| `endTime` (`end`) | `[event][end]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `endTime` (`end`) | `[event][end]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `eventId` | `[event][id]` |
| `eventOutcome` (`outcome`) | `[event][outcome]` |
| `externalId` | `[cef][external_id]` |
| `fileCreateTime` | `[file][created]` |
| `fileHash` | `[file][hash]` |
| `fileId` | `[file][inode]` |
-| `fileModificationTime` | `[file][mtime]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `fileModificationTime` | `[file][mtime]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `fileName` (`fname`) | `[file][name]` |
| `filePath` | `[file][path]` |
| `filePermission` | `[file][group]` |
| `fileSize` (`fsize`) | `[file][size]` |
| `fileType` | `[file][extension]` |
-| `managerReceiptTime` (`mrt`) | `[event][ingested]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `managerReceiptTime` (`mrt`) | `[event][ingested]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `message` (`msg`) | `[message]` |
-| `oldFileCreateTime` | `[cef][old_file][created]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `oldFileCreateTime` | `[cef][old_file][created]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `oldFileHash` | `[cef][old_file][hash]` |
| `oldFileId` | `[cef][old_file][inode]` |
-| `oldFileModificationTime` | `[cef][old_file][mtime]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `oldFileModificationTime` | `[cef][old_file][mtime]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `oldFileName` | `[cef][old_file][name]` |
| `oldFilePath` | `[cef][old_file][path]` |
| `oldFilePermission` | `[cef][old_file][group]` |
@@ -307,12 +302,12 @@ The following is a mapping between these fields.
| `requestMethod` | `[http][request][method]` |
| `requestUrl` (`request`) | `[url][original]` |
| `sourceAddress` (`src`) | `[source][ip]` |
-| `sourceDnsDomain` | `[source][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
+| `sourceDnsDomain` | `[source][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
| `sourceGeoLatitude` (`slat`) | `[source][geo][location][lat]` |
| `sourceGeoLongitude` (`slong`) | `[source][geo][location][lon]` |
| `sourceHostName` (`shost`) | `[source][domain]` |
| `sourceMacAddress` (`smac`) | `[source][mac]` |
-| `sourceNtDomain` (`sntdom`) | `[source][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
+| `sourceNtDomain` (`sntdom`) | `[source][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
| `sourcePort` (`spt`) | `[source][port]` |
| `sourceProcessId` (`spid`) | `[source][process][pid]` |
| `sourceProcessName` (`sproc`) | `[source][process][name]` |
@@ -326,7 +321,7 @@ The following is a mapping between these fields.
| `sourceUserPrivileges` (`spriv`) | `[source][user][group][name]` |
| `sourceZoneExternalID` | `[cef][source][zone][external_id]` |
| `sourceZoneURI` | `[cef][source][zone][uri]` |
-| `startTime` (`start`) | `[event][start]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `startTime` (`start`) | `[event][start]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `transportProtocol` (`proto`) | `[network][transport]` |
| `type` | `[cef][type]` |
diff --git a/docs/vpr/v6-2-7-plugins-codecs-cef.md b/docs/vpr/v6-2-7-plugins-codecs-cef.md
index 38abd19..a8e83ef 100644
--- a/docs/vpr/v6-2-7-plugins-codecs-cef.md
+++ b/docs/vpr/v6-2-7-plugins-codecs-cef.md
@@ -86,12 +86,12 @@ The following is a mapping between these fields.
| CEF Field Name (optional CEF Key) | ECS Field |
| --- | --- |
| `agentAddress` (`agt`) | `[agent][ip]` |
-| `agentDnsDomain` | `[cef][agent][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
+| `agentDnsDomain` | `[cef][agent][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
| `agentHostName` (`ahost`) | `[agent][name]` |
| `agentId` (`aid`) | `[agent][id]` |
| `agentMacAddress` (`amac`) | `[agent][mac]` |
-| `agentNtDomain` | `[cef][agent][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
-| `agentReceiptTime` (`art`) | `[event][created]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `agentNtDomain` | `[cef][agent][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
+| `agentReceiptTime` (`art`) | `[event][created]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `agentTimeZone` (`atz`) | `[cef][agent][timezone]` |
| `agentTranslatedAddress` | `[cef][agent][nat][ip]` |
| `agentTranslatedZoneExternalID` | `[cef][agent][translated_zone][external_id]` |
@@ -108,12 +108,12 @@ The following is a mapping between these fields.
| `customerExternalID` | `[organization][id]` |
| `customerURI` | `[organization][name]` |
| `destinationAddress` (`dst`) | `[destination][ip]` |
-| `destinationDnsDomain` | `[destination][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
+| `destinationDnsDomain` | `[destination][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
| `destinationGeoLatitude` (`dlat`) | `[destination][geo][location][lat]` |
| `destinationGeoLongitude` (`dlong`) | `[destination][geo][location][lon]` |
| `destinationHostName` (`dhost`) | `[destination][domain]` |
| `destinationMacAddress` (`dmac`) | `[destination][mac]` |
-| `destinationNtDomain` (`dntdom`) | `[destination][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
+| `destinationNtDomain` (`dntdom`) | `[destination][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
| `destinationPort` (`dpt`) | `[destination][port]` |
| `destinationProcessId` (`dpid`) | `[destination][process][pid]` |
| `destinationProcessName` (`dproc`) | `[destination][process][name]` |
@@ -128,8 +128,7 @@ The following is a mapping between these fields.
| `destinationZoneExternalID` | `[cef][destination][zone][external_id]` |
| `destinationZoneURI` | `[cef][destination][zone][uri]` |
| `deviceAction` (`act`) | `[event][action]` |
-| `deviceAddress` (`dvc`) | `[observer][ip]`
When plugin configured with `device => observer` |
-| `[host][ip]`
When plugin configured with `device => host` |
+| `deviceAddress` (`dvc`) | `[observer][ip]`
When plugin configured with `device => observer`
`[host][ip]`
When plugin configured with `device => host` |
| `deviceCustomFloatingPoint1` (`cfp1`) | `[cef][device_custom_floating_point_1][value]` |
| `deviceCustomFloatingPoint1Label` (`cfp1Label`) | `[cef][device_custom_floating_point_1][label]` |
| `deviceCustomFloatingPoint2` (`cfp2`) | `[cef][device_custom_floating_point_2][value]` |
@@ -251,23 +250,19 @@ The following is a mapping between these fields.
| `deviceCustomString15` (`cs15`) | `[cef][device_custom_string_15][value]` |
| `deviceCustomString15Label` (`cs15Label`) | `[cef][device_custom_string_15][label]` |
| `deviceDirection` | `[network][direction]` |
-| `deviceDnsDomain` | `[observer][registered_domain]`
When plugin configured with `device => observer`. |
-| `[host][registered_domain]`
When plugin configured with `device => host`. |
+| `deviceDnsDomain` | `[observer][registered_domain]`
When plugin configured with `device => observer`.
`[host][registered_domain]`
When plugin configured with `device => host`. |
| `deviceEventCategory` (`cat`) | `[cef][category]` |
-| `deviceExternalId` | `[observer][name]`
When plugin configured with `device => observer`. |
-| `[host][id]`
When plugin configured with `device => host`. |
+| `deviceExternalId` | `[observer][name]`
When plugin configured with `device => observer`.
`[host][id]`
When plugin configured with `device => host`. |
| `deviceFacility` | `[log][syslog][facility][code]` |
-| `deviceHostName` (`dvchost`) | `[observer][hostname]`
When plugin configured with `device => observer`. |
-| `[host][name]`
When plugin configured with `device => host`. |
+| `deviceHostName` (`dvchost`) | `[observer][hostname]`
When plugin configured with `device => observer`.
`[host][name]`
When plugin configured with `device => host`. |
| `deviceInboundInterface` | `[observer][ingress][interface][name]` |
-| `deviceMacAddress` (`dvcmac`) | `[observer][mac]`
When plugin configured with `device => observer`. |
-| `[host][mac]`
When plugin configured with `device => host`. |
+| `deviceMacAddress` (`dvcmac`) | `[observer][mac]`
When plugin configured with `device => observer`.
`[host][mac]`
When plugin configured with `device => host`. |
| `deviceNtDomain` | `[cef][nt_domain]` |
| `deviceOutboundInterface` | `[observer][egress][interface][name]` |
| `devicePayloadId` | `[cef][payload_id]` |
| `deviceProcessId` (`dvcpid`) | `[process][pid]` |
| `deviceProcessName` | `[process][name]` |
-| `deviceReceiptTime` (`rt`) | `@timestamp`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `deviceReceiptTime` (`rt`) | `@timestamp`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `deviceTimeZone` (`dtz`) | `[event][timezone]` |
| `deviceTranslatedAddress` | `[host][nat][ip]` |
| `deviceTranslatedZoneExternalID` | `[cef][translated_zone][external_id]` |
@@ -275,25 +270,25 @@ The following is a mapping between these fields.
| `deviceVersion` | `[observer][version]` |
| `deviceZoneExternalID` | `[cef][zone][external_id]` |
| `deviceZoneURI` | `[cef][zone][uri]` |
-| `endTime` (`end`) | `[event][end]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `endTime` (`end`) | `[event][end]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `eventId` | `[event][id]` |
| `eventOutcome` (`outcome`) | `[event][outcome]` |
| `externalId` | `[cef][external_id]` |
| `fileCreateTime` | `[file][created]` |
| `fileHash` | `[file][hash]` |
| `fileId` | `[file][inode]` |
-| `fileModificationTime` | `[file][mtime]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `fileModificationTime` | `[file][mtime]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `fileName` (`fname`) | `[file][name]` |
| `filePath` | `[file][path]` |
| `filePermission` | `[file][group]` |
| `fileSize` (`fsize`) | `[file][size]` |
| `fileType` | `[file][extension]` |
-| `managerReceiptTime` (`mrt`) | `[event][ingested]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `managerReceiptTime` (`mrt`) | `[event][ingested]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `message` (`msg`) | `[message]` |
-| `oldFileCreateTime` | `[cef][old_file][created]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `oldFileCreateTime` | `[cef][old_file][created]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `oldFileHash` | `[cef][old_file][hash]` |
| `oldFileId` | `[cef][old_file][inode]` |
-| `oldFileModificationTime` | `[cef][old_file][mtime]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `oldFileModificationTime` | `[cef][old_file][mtime]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `oldFileName` | `[cef][old_file][name]` |
| `oldFilePath` | `[cef][old_file][path]` |
| `oldFilePermission` | `[cef][old_file][group]` |
@@ -307,12 +302,12 @@ The following is a mapping between these fields.
| `requestMethod` | `[http][request][method]` |
| `requestUrl` (`request`) | `[url][original]` |
| `sourceAddress` (`src`) | `[source][ip]` |
-| `sourceDnsDomain` | `[source][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
+| `sourceDnsDomain` | `[source][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
| `sourceGeoLatitude` (`slat`) | `[source][geo][location][lat]` |
| `sourceGeoLongitude` (`slong`) | `[source][geo][location][lon]` |
| `sourceHostName` (`shost`) | `[source][domain]` |
| `sourceMacAddress` (`smac`) | `[source][mac]` |
-| `sourceNtDomain` (`sntdom`) | `[source][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
+| `sourceNtDomain` (`sntdom`) | `[source][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
| `sourcePort` (`spt`) | `[source][port]` |
| `sourceProcessId` (`spid`) | `[source][process][pid]` |
| `sourceProcessName` (`sproc`) | `[source][process][name]` |
@@ -326,7 +321,7 @@ The following is a mapping between these fields.
| `sourceUserPrivileges` (`spriv`) | `[source][user][group][name]` |
| `sourceZoneExternalID` | `[cef][source][zone][external_id]` |
| `sourceZoneURI` | `[cef][source][zone][uri]` |
-| `startTime` (`start`) | `[event][start]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `startTime` (`start`) | `[event][start]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `transportProtocol` (`proto`) | `[network][transport]` |
| `type` | `[cef][type]` |
diff --git a/docs/vpr/v6-2-8-plugins-codecs-cef.md b/docs/vpr/v6-2-8-plugins-codecs-cef.md
index 291a70d..508d348 100644
--- a/docs/vpr/v6-2-8-plugins-codecs-cef.md
+++ b/docs/vpr/v6-2-8-plugins-codecs-cef.md
@@ -86,12 +86,12 @@ The following is a mapping between these fields.
| CEF Field Name (optional CEF Key) | ECS Field |
| --- | --- |
| `agentAddress` (`agt`) | `[agent][ip]` |
-| `agentDnsDomain` | `[cef][agent][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
+| `agentDnsDomain` | `[cef][agent][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
| `agentHostName` (`ahost`) | `[agent][name]` |
| `agentId` (`aid`) | `[agent][id]` |
| `agentMacAddress` (`amac`) | `[agent][mac]` |
-| `agentNtDomain` | `[cef][agent][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
-| `agentReceiptTime` (`art`) | `[event][created]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `agentNtDomain` | `[cef][agent][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
+| `agentReceiptTime` (`art`) | `[event][created]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `agentTimeZone` (`atz`) | `[cef][agent][timezone]` |
| `agentTranslatedAddress` | `[cef][agent][nat][ip]` |
| `agentTranslatedZoneExternalID` | `[cef][agent][translated_zone][external_id]` |
@@ -108,12 +108,12 @@ The following is a mapping between these fields.
| `customerExternalID` | `[organization][id]` |
| `customerURI` | `[organization][name]` |
| `destinationAddress` (`dst`) | `[destination][ip]` |
-| `destinationDnsDomain` | `[destination][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
+| `destinationDnsDomain` | `[destination][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
| `destinationGeoLatitude` (`dlat`) | `[destination][geo][location][lat]` |
| `destinationGeoLongitude` (`dlong`) | `[destination][geo][location][lon]` |
| `destinationHostName` (`dhost`) | `[destination][domain]` |
| `destinationMacAddress` (`dmac`) | `[destination][mac]` |
-| `destinationNtDomain` (`dntdom`) | `[destination][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
+| `destinationNtDomain` (`dntdom`) | `[destination][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
| `destinationPort` (`dpt`) | `[destination][port]` |
| `destinationProcessId` (`dpid`) | `[destination][process][pid]` |
| `destinationProcessName` (`dproc`) | `[destination][process][name]` |
@@ -128,8 +128,7 @@ The following is a mapping between these fields.
| `destinationZoneExternalID` | `[cef][destination][zone][external_id]` |
| `destinationZoneURI` | `[cef][destination][zone][uri]` |
| `deviceAction` (`act`) | `[event][action]` |
-| `deviceAddress` (`dvc`) | `[observer][ip]`
When plugin configured with `device => observer` |
-| `[host][ip]`
When plugin configured with `device => host` |
+| `deviceAddress` (`dvc`) | `[observer][ip]`
When plugin configured with `device => observer`
`[host][ip]`
When plugin configured with `device => host` |
| `deviceCustomFloatingPoint1` (`cfp1`) | `[cef][device_custom_floating_point_1][value]` |
| `deviceCustomFloatingPoint1Label` (`cfp1Label`) | `[cef][device_custom_floating_point_1][label]` |
| `deviceCustomFloatingPoint2` (`cfp2`) | `[cef][device_custom_floating_point_2][value]` |
@@ -251,23 +250,19 @@ The following is a mapping between these fields.
| `deviceCustomString15` (`cs15`) | `[cef][device_custom_string_15][value]` |
| `deviceCustomString15Label` (`cs15Label`) | `[cef][device_custom_string_15][label]` |
| `deviceDirection` | `[network][direction]` |
-| `deviceDnsDomain` | `[observer][registered_domain]`
When plugin configured with `device => observer`. |
-| `[host][registered_domain]`
When plugin configured with `device => host`. |
+| `deviceDnsDomain` | `[observer][registered_domain]`
When plugin configured with `device => observer`.
`[host][registered_domain]`
When plugin configured with `device => host`. |
| `deviceEventCategory` (`cat`) | `[cef][category]` |
-| `deviceExternalId` | `[observer][name]`
When plugin configured with `device => observer`. |
-| `[host][id]`
When plugin configured with `device => host`. |
+| `deviceExternalId` | `[observer][name]`
When plugin configured with `device => observer`.
`[host][id]`
When plugin configured with `device => host`. |
| `deviceFacility` | `[log][syslog][facility][code]` |
-| `deviceHostName` (`dvchost`) | `[observer][hostname]`
When plugin configured with `device => observer`. |
-| `[host][name]`
When plugin configured with `device => host`. |
+| `deviceHostName` (`dvchost`) | `[observer][hostname]`
When plugin configured with `device => observer`.
`[host][name]`
When plugin configured with `device => host`. |
| `deviceInboundInterface` | `[observer][ingress][interface][name]` |
-| `deviceMacAddress` (`dvcmac`) | `[observer][mac]`
When plugin configured with `device => observer`. |
-| `[host][mac]`
When plugin configured with `device => host`. |
+| `deviceMacAddress` (`dvcmac`) | `[observer][mac]`
When plugin configured with `device => observer`.
`[host][mac]`
When plugin configured with `device => host`. |
| `deviceNtDomain` | `[cef][nt_domain]` |
| `deviceOutboundInterface` | `[observer][egress][interface][name]` |
| `devicePayloadId` | `[cef][payload_id]` |
| `deviceProcessId` (`dvcpid`) | `[process][pid]` |
| `deviceProcessName` | `[process][name]` |
-| `deviceReceiptTime` (`rt`) | `@timestamp`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `deviceReceiptTime` (`rt`) | `@timestamp`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `deviceTimeZone` (`dtz`) | `[event][timezone]` |
| `deviceTranslatedAddress` | `[host][nat][ip]` |
| `deviceTranslatedZoneExternalID` | `[cef][translated_zone][external_id]` |
@@ -275,25 +270,25 @@ The following is a mapping between these fields.
| `deviceVersion` | `[observer][version]` |
| `deviceZoneExternalID` | `[cef][zone][external_id]` |
| `deviceZoneURI` | `[cef][zone][uri]` |
-| `endTime` (`end`) | `[event][end]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `endTime` (`end`) | `[event][end]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `eventId` | `[event][id]` |
| `eventOutcome` (`outcome`) | `[event][outcome]` |
| `externalId` | `[cef][external_id]` |
| `fileCreateTime` | `[file][created]` |
| `fileHash` | `[file][hash]` |
| `fileId` | `[file][inode]` |
-| `fileModificationTime` | `[file][mtime]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `fileModificationTime` | `[file][mtime]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `fileName` (`fname`) | `[file][name]` |
| `filePath` | `[file][path]` |
| `filePermission` | `[file][group]` |
| `fileSize` (`fsize`) | `[file][size]` |
| `fileType` | `[file][extension]` |
-| `managerReceiptTime` (`mrt`) | `[event][ingested]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `managerReceiptTime` (`mrt`) | `[event][ingested]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `message` (`msg`) | `[message]` |
-| `oldFileCreateTime` | `[cef][old_file][created]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `oldFileCreateTime` | `[cef][old_file][created]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `oldFileHash` | `[cef][old_file][hash]` |
| `oldFileId` | `[cef][old_file][inode]` |
-| `oldFileModificationTime` | `[cef][old_file][mtime]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `oldFileModificationTime` | `[cef][old_file][mtime]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `oldFileName` | `[cef][old_file][name]` |
| `oldFilePath` | `[cef][old_file][path]` |
| `oldFilePermission` | `[cef][old_file][group]` |
@@ -307,12 +302,12 @@ The following is a mapping between these fields.
| `requestMethod` | `[http][request][method]` |
| `requestUrl` (`request`) | `[url][original]` |
| `sourceAddress` (`src`) | `[source][ip]` |
-| `sourceDnsDomain` | `[source][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
+| `sourceDnsDomain` | `[source][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
| `sourceGeoLatitude` (`slat`) | `[source][geo][location][lat]` |
| `sourceGeoLongitude` (`slong`) | `[source][geo][location][lon]` |
| `sourceHostName` (`shost`) | `[source][domain]` |
| `sourceMacAddress` (`smac`) | `[source][mac]` |
-| `sourceNtDomain` (`sntdom`) | `[source][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
+| `sourceNtDomain` (`sntdom`) | `[source][registered_domain]`
Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
| `sourcePort` (`spt`) | `[source][port]` |
| `sourceProcessId` (`spid`) | `[source][process][pid]` |
| `sourceProcessName` (`sproc`) | `[source][process][name]` |
@@ -326,7 +321,7 @@ The following is a mapping between these fields.
| `sourceUserPrivileges` (`spriv`) | `[source][user][group][name]` |
| `sourceZoneExternalID` | `[cef][source][zone][external_id]` |
| `sourceZoneURI` | `[cef][source][zone][uri]` |
-| `startTime` (`start`) | `[event][start]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `startTime` (`start`) | `[event][start]`
This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
| `transportProtocol` (`proto`) | `[network][transport]` |
| `type` | `[cef][type]` |
diff --git a/docs/vpr/v7-2-11-plugins-filters-geoip.md b/docs/vpr/v7-2-11-plugins-filters-geoip.md
index 39843fe..aeac220 100644
--- a/docs/vpr/v7-2-11-plugins-filters-geoip.md
+++ b/docs/vpr/v7-2-11-plugins-filters-geoip.md
@@ -164,7 +164,7 @@ When this plugin is run with [`ecs_compatibility`](v7-2-11-plugins-filters-geoip
| `continent_code` | `[geo][continent_code]` | `NA` |
| `continent_name` | `[geo][continent_name]` | `North America` |
| `country_code2` | `[geo][country_iso_code]` | `US` |
-| `country_code3` | *N/A* | `US`
*maintained for legacy support, but populated with 2-character country code* |
+| `country_code3` | *N/A* | `US`
*maintained for legacy support, but populated with 2-character country code* |
| `postal_code` | `[geo][postal_code]` | `98106` |
| `region_name` | `[geo][region_name]` | `Washington` |
| `region_code` | `[geo][region_code]` | `WA` |
diff --git a/docs/vpr/v7-2-12-plugins-filters-geoip.md b/docs/vpr/v7-2-12-plugins-filters-geoip.md
index 6c9e8f8..5be29a9 100644
--- a/docs/vpr/v7-2-12-plugins-filters-geoip.md
+++ b/docs/vpr/v7-2-12-plugins-filters-geoip.md
@@ -168,7 +168,7 @@ When this plugin is run with [`ecs_compatibility`](v7-2-12-plugins-filters-geoip
| `continent_code` | `[geo][continent_code]` | `NA` |
| `continent_name` | `[geo][continent_name]` | `North America` |
| `country_code2` | `[geo][country_iso_code]` | `US` |
-| `country_code3` | *N/A* | `US`
*maintained for legacy support, but populated with 2-character country code* |
+| `country_code3` | *N/A* | `US`
*maintained for legacy support, but populated with 2-character country code* |
| `postal_code` | `[geo][postal_code]` | `98106` |
| `region_name` | `[geo][region_name]` | `Washington` |
| `region_code` | `[geo][region_code]` | `WA` |
diff --git a/docs/vpr/v7-2-13-plugins-filters-geoip.md b/docs/vpr/v7-2-13-plugins-filters-geoip.md
index 0416c7a..5a3850c 100644
--- a/docs/vpr/v7-2-13-plugins-filters-geoip.md
+++ b/docs/vpr/v7-2-13-plugins-filters-geoip.md
@@ -179,7 +179,7 @@ When this plugin is run with [`ecs_compatibility`](v7-2-13-plugins-filters-geoip
| `continent_code` | `[geo][continent_code]` | `NA` |
| `continent_name` | `[geo][continent_name]` | `North America` |
| `country_code2` | `[geo][country_iso_code]` | `US` |
-| `country_code3` | *N/A* | `US`
*maintained for legacy support, but populated with 2-character country code* |
+| `country_code3` | *N/A* | `US`
*maintained for legacy support, but populated with 2-character country code* |
| `postal_code` | `[geo][postal_code]` | `98106` |
| `region_name` | `[geo][region_name]` | `Washington` |
| `region_code` | `[geo][region_code]` | `WA` |
diff --git a/docs/vpr/v7-3-0-plugins-filters-geoip.md b/docs/vpr/v7-3-0-plugins-filters-geoip.md
index 703d94d..3cb0f91 100644
--- a/docs/vpr/v7-3-0-plugins-filters-geoip.md
+++ b/docs/vpr/v7-3-0-plugins-filters-geoip.md
@@ -186,7 +186,7 @@ When this plugin is run with [`ecs_compatibility`](v7-3-0-plugins-filters-geoip.
| `continent_code` | `[geo][continent_code]` | `NA` |
| `continent_name` | `[geo][continent_name]` | `North America` |
| `country_code2` | `[geo][country_iso_code]` | `US` |
-| `country_code3` | *N/A* | `US`
*maintained for legacy support, but populated with 2-character country code* |
+| `country_code3` | *N/A* | `US`
*maintained for legacy support, but populated with 2-character country code* |
| `postal_code` | `[geo][postal_code]` | `98106` |
| `region_name` | `[geo][region_name]` | `Washington` |
| `region_code` | `[geo][region_code]` | `WA` |
diff --git a/docs/vpr/v7-3-1-plugins-filters-geoip.md b/docs/vpr/v7-3-1-plugins-filters-geoip.md
index 5be9bc2..474772f 100644
--- a/docs/vpr/v7-3-1-plugins-filters-geoip.md
+++ b/docs/vpr/v7-3-1-plugins-filters-geoip.md
@@ -186,7 +186,7 @@ When this plugin is run with [`ecs_compatibility`](v7-3-1-plugins-filters-geoip.
| `continent_code` | `[geo][continent_code]` | `NA` |
| `continent_name` | `[geo][continent_name]` | `North America` |
| `country_code2` | `[geo][country_iso_code]` | `US` |
-| `country_code3` | *N/A* | `US`
*maintained for legacy support, but populated with 2-character country code* |
+| `country_code3` | *N/A* | `US`
*maintained for legacy support, but populated with 2-character country code* |
| `postal_code` | `[geo][postal_code]` | `98106` |
| `region_name` | `[geo][region_name]` | `Washington` |
| `region_code` | `[geo][region_code]` | `WA` |
diff --git a/docs/vpr/v8-16-0-plugins-filters-elastic_integration.md b/docs/vpr/v8-16-0-plugins-filters-elastic_integration.md
index 484c14d..0161081 100644
--- a/docs/vpr/v8-16-0-plugins-filters-elastic_integration.md
+++ b/docs/vpr/v8-16-0-plugins-filters-elastic_integration.md
@@ -30,7 +30,7 @@ Use of this plugin requires an active Elastic Enterprise [subscription](https://
Use this filter to process Elastic integrations powered by {{es}} Ingest Node in {{ls}}.
-::::{admonition} Extending Elastic integrations with {ls}
+::::{admonition} Extending Elastic integrations with {{ls}}
This plugin can help you take advantage of the extensive, built-in capabilities of [Elastic {{integrations}}\]\(([^:]+)://reference/index.md)—such as managing data collection, transformation, and visualization—and then use {{ls}} for additional data processing and output options. For more info about extending Elastic integrations with {{ls}}, check out [Using {{ls}} with Elastic Integrations](logstash://reference/using-logstash-with-elastic-integrations.md).
::::
@@ -52,7 +52,7 @@ Events that *fail* ingest pipeline processing will be tagged with `_ingest_pipel
* This plugin requires Java 17 minimum with {{ls}} `8.x` versions and Java 21 minimum with {{ls}} `9.x` versions.
* When you upgrade the {{stack}}, upgrade {{ls}} (or this plugin specifically) *before* you upgrade {{kib}}. (Note that this requirement is a departure from the typical {{stack}} [installation order](docs-content://get-started/the-stack.md#installation-order).)
- The {{es}}-{ls}-{{kib}} installation order ensures the best experience with {{agent}}-managed pipelines, and embeds functionality from a version of {{es}} Ingest Node that is compatible with the plugin version (`major`.`minor`).
+ The {{es}}-{{ls}}-{{kib}} installation order ensures the best experience with {{agent}}-managed pipelines, and embeds functionality from a version of {{es}} Ingest Node that is compatible with the plugin version (`major`.`minor`).
diff --git a/docs/vpr/v8-16-1-plugins-filters-elastic_integration.md b/docs/vpr/v8-16-1-plugins-filters-elastic_integration.md
index ccbcae2..3ca7d97 100644
--- a/docs/vpr/v8-16-1-plugins-filters-elastic_integration.md
+++ b/docs/vpr/v8-16-1-plugins-filters-elastic_integration.md
@@ -30,7 +30,7 @@ Use of this plugin requires an active Elastic Enterprise [subscription](https://
Use this filter to process Elastic integrations powered by {{es}} Ingest Node in {{ls}}.
-::::{admonition} Extending Elastic integrations with {ls}
+::::{admonition} Extending Elastic integrations with {{ls}}
This plugin can help you take advantage of the extensive, built-in capabilities of [Elastic {{integrations}}\]\(([^:]+)://reference/index.md)—such as managing data collection, transformation, and visualization—and then use {{ls}} for additional data processing and output options. For more info about extending Elastic integrations with {{ls}}, check out [Using {{ls}} with Elastic Integrations](logstash://reference/using-logstash-with-elastic-integrations.md).
::::
diff --git a/docs/vpr/v8-17-0-plugins-filters-elastic_integration.md b/docs/vpr/v8-17-0-plugins-filters-elastic_integration.md
index 5d2d107..2b81390 100644
--- a/docs/vpr/v8-17-0-plugins-filters-elastic_integration.md
+++ b/docs/vpr/v8-17-0-plugins-filters-elastic_integration.md
@@ -30,7 +30,7 @@ Use of this plugin requires an active Elastic Enterprise [subscription](https://
Use this filter to process Elastic integrations powered by {{es}} Ingest Node in {{ls}}.
-::::{admonition} Extending Elastic integrations with {ls}
+::::{admonition} Extending Elastic integrations with {{ls}}
This plugin can help you take advantage of the extensive, built-in capabilities of [Elastic {{integrations}}\]\(([^:]+)://reference/index.md)—such as managing data collection, transformation, and visualization—and then use {{ls}} for additional data processing and output options. For more info about extending Elastic integrations with {{ls}}, check out [Using {{ls}} with Elastic Integrations](logstash://reference/using-logstash-with-elastic-integrations.md).
::::
diff --git a/docs/vpr/v8-17-1-plugins-filters-elastic_integration.md b/docs/vpr/v8-17-1-plugins-filters-elastic_integration.md
index 05c0ec4..158323b 100644
--- a/docs/vpr/v8-17-1-plugins-filters-elastic_integration.md
+++ b/docs/vpr/v8-17-1-plugins-filters-elastic_integration.md
@@ -30,7 +30,7 @@ Use of this plugin requires an active Elastic Enterprise [subscription](https://
Use this filter to process Elastic integrations powered by {{es}} Ingest Node in {{ls}}.
-::::{admonition} Extending Elastic integrations with {ls}
+::::{admonition} Extending Elastic integrations with {{ls}}
This plugin can help you take advantage of the extensive, built-in capabilities of [Elastic {{integrations}}\]\(([^:]+)://reference/index.md)—such as managing data collection, transformation, and visualization—and then use {{ls}} for additional data processing and output options. For more info about extending Elastic integrations with {{ls}}, check out [Using {{ls}} with Elastic Integrations](logstash://reference/using-logstash-with-elastic-integrations.md).
::::