{
  "_index": "logstash-nfs-2022.09.11",
  "_type": "_doc",
  "_id": "gAsELoMBfTCdXV7aHC3Y",
  "_version": 1,
  "_score": null,
  "_source": {
    "input": {
      "type": "log"
    },
    "proto": "UDP",
    "log": {
      "file": {
        "path": "/var/log/suricata/eve-0.json"
      },
      "offset": 1373876321
    },
    "src_port": 2049,
    "see_id": "2a1cf4c77cbd",
    "src_ip": "xx.xx.xx.xx",
    "net_info": {},
    "@version": "1",
    "@timestamp": "2022-09-11T19:26:07.331Z",
    "ether": {
      "dest_mac": "00:c0:95:f8:4d:d3",
      "src_mac": "00:c0:95:e0:19:be"
    },
    "host": "SSProbe-1",
    "ecs": {
      "version": "1.12.0"
    },
    "dest_port": 1022,
    "type": "json-log",
    "tags": [
      "beats_input_codec_json_applied"
    ],
    "timestamp": "2022-09-11T21:26:07.331727+0200",
    "see_name": "stamus-security-platform",
    "dest_ip": "xx.xx.xx.xx",
    "event_type": "nfs",
    "rpc": {
      "xid": 1378261631,
      "auth_type": "UNIX",
      "creds": {
        "gid": 0,
        "machine_name": "warmaltoqes",
        "uid": 0
      },
      "status": "ACCEPTED"
    },
    "nfs": {
      "version": 3,
      "hhash": "42a4c9g6",
      "id": 55,
      "procedure": "REMOVE",
      "filename": "balnlds",
      "type": "response",
      "file_tx": false,
      "status": "OK"
    },
    "agent": {
      "version": "7.16.1",
      "hostname": "SSProbe-1",
      "id": "9f305fa4-6db1-485c-81f9-598dce1469e3",
      "type": "filebeat",
      "ephemeral_id": "da6efa0f-f749-4bb3-8918-c3514cb604ff",
      "name": "SSProbe-1"
    },
    "in_iface": "tppdummy0",
    "flow_id": 2054209259436438
  },
  "fields": {
    "@timestamp": [
      "2022-09-11T19:26:07.331Z"
    ],
    "EveBox": [
      2054209259436438
    ],
    "timestamp": [
      "2022-09-11T19:26:07.331Z"
    ]
  },
  "sort": [
    1662924367331
  ]
}