{
  "_index": "logstash-mqtt-2022.09.11",
  "_type": "_doc",
  "_id": "OuGuLIMBfTCdXV7awT1A",
  "_version": 1,
  "_score": null,
  "_source": {
    "input": {
      "type": "log"
    },
    "proto": "TCP",
    "log": {
      "offset": 1581354006,
      "file": {
        "path": "/var/log/suricata/eve-0.json"
      }
    },
    "src_port": 64194,
    "see_id": "2a3cf4a31cad",
    "mqtt": {
      "publish": {
        "qos": 0,
        "dup": false,
        "message": "\u0003\\xabv\u001cq\\abc:\\xbc\u0017\\x95\\x9c\\x87H\\x88xx\\xa4c2826a4e-3238-1250-212a-c18b8ghe5928\\x90\\xcc\\x911\\xe8\\xf2\\xa8\\xd8\\u0003\\xb66\\xa3%2\\xd3\\xb5\\xd7\\xabWfo\\xe0\\xfdGx\\xf9f\\x9a\\xf3\u001b&p\f\u0011",
        "retain": false,
        "topic": "qdbc"
      }
    },
    "src_ip": "xx.xx.xx.xx",
    "net_info": {},
    "@version": "1",
    "@timestamp": "2022-09-11T13:13:17.009Z",
    "vlan": [
      147
    ],
    "host": "SSProbe-1",
    "ecs": {
      "version": "1.12.0"
    },
    "dest_port": 1883,
    "type": "json-log",
    "tags": [
      "beats_input_codec_json_applied"
    ],
    "timestamp": "2022-09-11T15:13:17.009712+0200",
    "see_name": "stamus-security-platform",
    "dest_ip": "xx.xx.xx.xx",
    "event_type": "mqtt",
    "agent": {
      "version": "7.16.1",
      "hostname": "SSProbe-1",
      "id": "9f305fa4-6db1-485c-81f9-598dce1469e3",
      "type": "filebeat",
      "ephemeral_id": "da6efa0f-f749-4bb3-8918-c3514cb604ff",
      "name": "SSProbe-1"
    },
    "in_iface": "tppdummy0",
    "flow_id": 1611851678444043
  },
  "fields": {
    "@timestamp": [
      "2022-09-11T13:13:17.009Z"
    ],
    "Evebox": [
      1611851678444043
    ],
    "timestamp": [
      "2022-09-11T13:13:17.009Z"
    ]
  },
  "sort": [
    1662901997009
  ]
}