[Bluecoat] updating bluecoat ECS version and adding event.original options

packages/bluecoat/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "0.2.0"
+  changes:
+    - description: update to ECS 1.10.0, add event.original options, and preparing for fleet GA.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/1072
 - version: "0.1.4"
   changes:
     - description: update to ECS 1.9.0

packages/bluecoat/data_stream/director/_dev/test/pipeline/test-common-config.yml

@@ -0,0 +1,5 @@
+dynamic_fields:
+  event.ingested: ".*"
+fields:
+  tags:
+    - preserve_original_event

packages/bluecoat/data_stream/director/_dev/test/pipeline/test-generated.log

@@ -0,0 +1,100 @@
+ntpd[1001]: kernel time sync enabled utl
+restorecond: : Reset file context quasiarc: liqua
+auditd[5699]: Audit daemon rotating log files
+anacron[5066]: Normal exit ehend
+restorecond: : Reset file context vol: luptat
+heartbeat: : <<eumiu.medium> Processing command: accept
+restorecond: : Reset file context nci: ofdeFin
+auditd[6668]: Audit daemon rotating log files
+anacron[1613]: Normal exit mvolu
+ntpd[2959]: ntpd gelit-r tatno
+anacron[654]: Updated timestamp for job rmagni to sit
+dmd: : <<tenima.very-high> Health state for metric"seq3874.mail.domain" "quid" changed to "fug", reason: "success"
+auditd[2067]: Audit daemon rotating log files
+pm[5969]: <<tquovol.very-high> check_license_validity(), tae
+logrotate: : ALERT exited abnormally with temUten
+sshd: : <<dun.medium> error: Bind to port Duisau on psum failed: failure
+configd: : <<end.medium> itaut@rveli: command: accept
+authd: : <<luptat.low> authd_signal_handler(), quam
+xinetd[6547]: Started working: onproide available services
+logrotate: : ALERT exited abnormally with tfug
+heartbeat: : <<urE.medium> Processing command: deny
+rsyslogd: : Warning: rehe
+sshd: : <<stiae.medium> error: Bind to port erc on amqu failed: unknown
+ntpd[4515]: ntpd emp-r aperia
+restorecond: : Reset file context run: vol
+logrotate: : ALERT exited abnormally with mporain
+heartbeat: : <<mpori.very-high> connect: atu
+cmd: : <<texp.medium> cmd starting adeseru
+cli[7108]: <<-uam.low> tmo@::fficiade:10.2.53.125 : CLI launched
+pm[7061]: <<ihilmo.very-high> ntpd will start in tlabo
+poller[795]: <<oluptate.low> Querying content system for job results.
+runner[6134]: <<edo.very-high> Processing command: allow
+epmd: : epmd: epmd running orpor
+runner[602]: <<emvel.very-high> Failed to exec olup
+shutdown[2807]: shutting down non
+configd: : <<ugiatnu.high> sperna@sintocc: command: cancel
+auditd[2986]: Audit daemon rotating log files
+configd: : <<ccaecat.medium> CREATE onsequ
+auditd[1243]: Audit daemon rotating log files
+xinetd[6599]: Started working: naal available services
+xinetd[5850]: Started working: rQu available services
+heartbeat: : <<boree.low> queips: undefined symbol: ncidi
+authd: : <<olor.very-high> authd_close(): npr
+anacron[6373]: Anacron 1.3962 started on epre
+cli[3979]: <<-iduntu.medium> temUt@avol752.www5.test : Processing command accept
+cmd: : <<amc.medium> cmd starting isiuta
+sshd[5227]: dutp(psaquaea:taevita): pam_putenv: ameiusm
+ccd: : <<olab.low> Device elitse6672.internal.localdomain: mquisno
+runner[1859]: <<tasnulap.high> Failed to exec umSe
+shutdown[6110]: shutting down itau
+sshd[2415]: PAM lorsita more authentication failure; dolore
+rsyslogd: : Warning: tio
+cli[802]: <<-gnaaliqu.very-high> velillu@::cteturad:10.18.204.87 : Processing a secure command...
+heartbeat: : <<reprehe.high> connect: inimveni
+authd: : <<litani.low> authd_close(): psumqu
+runner[2558]: <<icabo.high> Failed to exec edquiac
+anacron[4538]: Updated timestamp for job remips to uisaute
+auditd[6837]: Audit daemon rotating log files
+pm[1493]: <<etdolor.high> print_msg(), dic
+configd: : <<avolupt.low> Device "itation4168.api.domain" completed command(s) accept ;; CPL generated by Visual Policy Manager: isciv ;rroqu ; nofd ; dipisci
+epmd: : epmd: invalid packet size (mquae)
+runner[429]: <<corpori.very-high> File reading failed
+shutdown[7595]: shutting down emqu
+heartbeat: : <<leumiur.low> The HB command is accept
+authd: : <<est.very-high> authd_signal_handler(), isetquas
+authd: : <<psaqua.medium> authd_signal_handler(), gnaal
+logrotate: : ALERT exited abnormally with voluptas
+ntpd[627]: ntpd exiting on signal orin
+restorecond: : Reset file context ecillu: mmodoc
+cli[1140]: <<-abore.high> modocon@ipsu3680.mail.test : Processing command: deny
+sshd: : bad username mquisn
+ntpd[1313]: ntpd derit-r orese
+ccd: : <<leumiur.medium> Device Communication Daemon online
+rsyslogd: : Warning: moles
+restorecond: : Reset file context olup: aco
+shutdown[609]: shutting down ser
+ntpd[2991]: ntpd orinrep-r quiavol
+dmd: : <<quin.medium> inserted device id = sBonor2001.www5.example and serial number = amc into DB
+ccd: : <<ame.very-high> ccd_handle_read_failure(), uid
+cmd: : <<scivel.high> cmd starting lmolesti
+dmd: : <<emaperia.high> inserted device id = ersp6625.internal.domain and serial number = seq into DB
+cmd: : <<tanimid.medium> cmd starting uipexe
+heartbeat: : <<ore.low> The HB command is cancel
+anacron[7360]: Normal exit tperspic
+dmd: : <<ict.very-high> Filter on (tetura) things. riosamni
+ccd: : <<umetMa.low> Device eleumiu2454.api.local: tat
+schedulerd: : <<lumqu.very-high> System time changed, recomputing job run times.
+xinetd[3450]: Started working: aconsequ available services
+authd: : <<sequat.high> handle_authd unknown message =utemvel
+rsyslogd: : Warning: iusm
+ntpd[16]: time reset stquido
+ccd: : <<aaliq.high> Device olu5333.www.domain: orumSe
+anacron[80]: Normal exit ici
+ntpd[7612]: kernel time sync enabled nturmag
+cli[7128]: eseruntm(lpaquiof:oloreeu): pam_putenv: olor
+schedulerd: : <<ici.very-high> Executing Job "tquo" execution iatnu
+logrotate: : ALERT exited abnormally with ntut
+poller[7151]: <<ess.high> Querying content system for job results.
+ntpd[2314]: ntpd litanim-r rQuisaut
+heartbeat: : <<metco.high> Processing command: block