From fe609016f144f5b99d683629d5a58b606a9fc6fc Mon Sep 17 00:00:00 2001 From: Andrew Kroh Date: Sat, 8 Dec 2018 23:12:00 -0500 Subject: [PATCH 1/2] Update ECS fields Updating schema to commit 349406f59e5c7c80a20c9f213370d2601b73f040. Some fields were removed so I added placeholder fields with TODO statements. Those fields can be removed after modules using the fields are updated accordingly. --- auditbeat/docs/fields.asciidoc | 1610 ++++++++++++---- auditbeat/include/fields.go | 2 +- filebeat/_meta/fields.common.yml | 7 - filebeat/docs/fields.asciidoc | 1673 ++++++++++++---- filebeat/include/fields.go | 2 +- filebeat/module/system/_meta/fields.yml | 21 - heartbeat/docs/fields.asciidoc | 1602 ++++++++++++---- heartbeat/include/fields.go | 2 +- journalbeat/docs/fields.asciidoc | 1602 ++++++++++++---- journalbeat/include/fields.go | 2 +- libbeat/_meta/fields.ecs.yml | 1704 +++++++++++++---- .../add_host_metadata/_meta/fields.yml | 9 +- metricbeat/docs/fields.asciidoc | 1608 ++++++++++++---- metricbeat/include/fields/fields.go | 2 +- packetbeat/include/fields.go | 2 +- winlogbeat/docs/fields.asciidoc | 1610 ++++++++++++---- winlogbeat/include/fields.go | 2 +- x-pack/functionbeat/docs/fields.asciidoc | 1606 ++++++++++++---- x-pack/functionbeat/include/fields.go | 2 +- 19 files changed, 10309 insertions(+), 2759 deletions(-) diff --git a/auditbeat/docs/fields.asciidoc b/auditbeat/docs/fields.asciidoc index 6f6bf90ba26..8154ed625da 100644 --- a/auditbeat/docs/fields.asciidoc +++ b/auditbeat/docs/fields.asciidoc @@ -2730,7 +2730,7 @@ ECS fields. [float] == agent fields -The agent fields contain the data about the agent/client/shipper that created the event. +The agent fields contain the data about the software entity, if any, that collects, detects, or observes events on a host, or takes measurements on a host. Examples include Beats. Agents may also run on observers. ECS agent.* fields shall be populated with details of the agent running on the host or observer where the event happened or the measurement was taken. @@ -2746,24 +2746,29 @@ Version of the agent. -- -*`agent.type`*:: +*`agent.name`*:: + -- type: keyword -example: filebeat +example: foo Name of the agent. +This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. +If no name is given, the name is often left empty. -- -*`agent.hostname`*:: +*`agent.type`*:: + -- type: keyword -Hostname of the agent. +example: filebeat + +Type of the agent. +The agent type stays always the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine. -- @@ -2834,7 +2839,7 @@ List of keywords used to tag each event. -- type: object -example: {'key2': 'value2', 'key1': 'value1'} +example: {'application': 'foo-bar', 'env': 'production'} Key/value pairs. Can be used to add meta information to events. Should not contain nested objects. All values are stored as keyword. @@ -2854,6 +2859,183 @@ For log events the message field contains the log message. In other use cases the message field can be used to concatenate different values which are then freely searchable. If multiple messages exist, they can be combined into one message. +-- + +[float] +== client fields + +A client is defined as the initiator of a network connection for events regarding sessions, connections, or bidirectional flow records. For TCP events, the client is the initiator of the TCP connection that sends the SYN packet(s). For other protocols, the client is generally the initiator or requestor in the network transaction. Some systems use the term "originator" to refer the client in TCP connections. The client fields describe details about the system acting as the client in the network event. Client fields are usually populated in conjuction with server fields. Client fields are generally not populated for packet-level events. + + + +*`client.ip`*:: ++ +-- +type: ip + +IP address of the client. +Can be one or multiple IPv4 or IPv6 addresses. + + +-- + +*`client.port`*:: ++ +-- +type: long + +Port of the client. + + +-- + +*`client.mac`*:: ++ +-- +type: keyword + +MAC address of the client. + + +-- + +*`client.domain`*:: ++ +-- +type: keyword + +Client domain. + + +-- + +*`client.bytes`*:: ++ +-- +type: long + +example: 184 + +Bytes sent from the client to the server. + + +-- + +*`client.packets`*:: ++ +-- +type: long + +example: 12 + +Packets sent from the client to the server. + + +-- + +[float] +== geo fields + +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + + + +*`client.geo.location`*:: ++ +-- +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +Longitude and latitude. + + +-- + +*`client.geo.continent_name`*:: ++ +-- +type: keyword + +example: North America + +Name of the continent. + + +-- + +*`client.geo.country_name`*:: ++ +-- +type: keyword + +example: Canada + +Country name. + + +-- + +*`client.geo.region_name`*:: ++ +-- +type: keyword + +example: Quebec + +Region name. + + +-- + +*`client.geo.city_name`*:: ++ +-- +type: keyword + +example: Montreal + +City name. + + +-- + +*`client.geo.country_iso_code`*:: ++ +-- +type: keyword + +example: CA + +Country ISO code. + + +-- + +*`client.geo.region_iso_code`*:: ++ +-- +type: keyword + +example: CA-QC + +Region ISO code. + + +-- + +*`client.geo.name`*:: ++ +-- +type: keyword + +example: boston-dc + +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. + + -- [float] @@ -3018,7 +3200,7 @@ Image labels. [float] == destination fields -Destination fields describe details about the destination of a packet/event. +Destination fields describe details about the destination of a packet/event. Destination fields are usually populated in conjunction with source fields. @@ -3063,161 +3245,154 @@ Destination domain. -- -[float] -== geo fields - -Geolocation for destination. - - -*`destination.geo.continent_name`*:: +*`destination.bytes`*:: + -- -type: keyword +type: long -Name of the continent. +example: 184 + +Bytes sent from the destination to the source. -- -*`destination.geo.country_iso_code`*:: +*`destination.packets`*:: + -- -type: keyword +type: long -Country ISO code. +example: 12 + +Packets sent from the destination to the source. -- +[float] +== geo fields + +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + + + *`destination.geo.location`*:: + -- type: geo_point +example: { "lon": -73.614830, "lat": 45.505918 } + Longitude and latitude. -- -*`destination.geo.region_name`*:: +*`destination.geo.continent_name`*:: + -- type: keyword -Region name. +example: North America + +Name of the continent. -- -*`destination.geo.city_name`*:: +*`destination.geo.country_name`*:: + -- type: keyword -City name. +example: Canada + +Country name. -- -*`destination.geo.region_iso_code`*:: +*`destination.geo.region_name`*:: + -- type: keyword -Region ISO code. - - --- - -[float] -== device fields +example: Quebec -Device fields are used to provide additional information about the device that is the source of the information. This could be a firewall, network device, etc. +Region name. +-- -*`device.mac`*:: +*`destination.geo.city_name`*:: + -- type: keyword -MAC address of the device +example: Montreal - --- - -*`device.ip`*:: -+ --- -type: ip - -IP address of the device. +City name. -- -*`device.hostname`*:: +*`destination.geo.country_iso_code`*:: + -- type: keyword -Hostname of the device. - - --- - -*`device.vendor`*:: -+ --- -type: text +example: CA -Device vendor information. +Country ISO code. -- -*`device.version`*:: +*`destination.geo.region_iso_code`*:: + -- type: keyword -Device version. +example: CA-QC + +Region ISO code. -- -*`device.serial_number`*:: +*`destination.geo.name`*:: + -- type: keyword -Device serial number. +example: boston-dc +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. --- -*`device.timezone.offset.sec`*:: -+ -- -type: long -example: -5400 +[float] +== ecs fields -Timezone offset of the host in seconds. -Number of seconds relative to UTC. If the offset is -01:30 the value will be -5400. +Meta-information specific to ECS. --- -*`device.type`*:: +*`ecs.version`*:: + -- type: keyword -example: firewall +example: 1.0.0-beta1 + +required: True -The type of the device the data is coming from. -There is no predefined list of device types. Some examples are `endpoint`, `firewall`, `ids`, `ips`, `proxy`. +ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. +When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. +The current version is 1.0.0-beta1 . -- @@ -3262,7 +3437,7 @@ Error code describing the error. [float] == event fields -The event fields are used for context information about the data itself. +The event fields are used for context information about the log or metric event itself. A log is defined as an event containing details of something that happened. Log events must include the time at which the thing happened. Examples of log events include a process starting on a host, a network packet being sent from a source to a destination, or a network connection between a client and a server being initiated or closed. A metric is defined as an event containing one or more numerical or categorical measurements and the time at which the measurement was taken. Examples of metric events include memory pressure measured on a host, or vulnerabilities measured on a scanned host. @@ -3276,6 +3451,19 @@ example: 8a4f500d Unique ID to describe the event. +-- + +*`event.kind`*:: ++ +-- +type: keyword + +example: state + +The kind of the event. +This gives information about what type of information the event contains, without being specific to the contents of the event. Examples are `event`, `state`, `alarm`. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. + + -- *`event.category`*:: @@ -3283,36 +3471,47 @@ Unique ID to describe the event. -- type: keyword -example: metrics +example: user-management Event category. -This can be a user defined category. +This contains high-level information about the contents of the event. It is more generic than `event.action`, in the sense that typically a category contains multiple actions. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. -- -*`event.type`*:: +*`event.action`*:: + -- type: keyword -example: nginx-stats-metrics +example: user-password-change -A type given to this kind of event which can be used for grouping. -This is normally defined by the user. +The action captured by the event. +This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer. -- -*`event.action`*:: +*`event.outcome`*:: + -- type: keyword -example: reject +example: success + +The outcome of the event. +If the event describes an action, this fields contains the outcome of that action. Examples outcomes are `success` and `failure`. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. + + +-- + +*`event.type`*:: ++ +-- +type: keyword -The action captured by the event. The type of action will vary from system to system but is likely to include actions by security services, such as blocking or quarantining; as well as more generic actions such as login events, file i/o or proxy forwarding events. -The value is normally defined by the user. +Reserved for future usage. +Please avoid using this field for user data. -- @@ -3382,29 +3581,24 @@ Hash (perhaps logstash fingerprint) of raw field to be able to demonstrate log i -- -*`event.version`*:: +*`event.duration`*:: + -- -type: keyword - -example: 0.1.0 - -required: True +type: long -The version field contains the version an event for ECS adheres to. -This field should be provided as part of each event to make it possible to detect to which ECS version an event belongs. -event.version is a required field and must exist in all events. It describes which ECS version the event adheres to. -The current version is 0.1.0. +Duration of the event in nanoseconds. +If event.start and event.end are known this value should be the difference between the end and start time. -- -*`event.duration`*:: +*`event.timezone`*:: + -- -type: long +type: keyword -Duration of the event in nanoseconds. +This field should be populated when the event's timestamp does not include timezone information already (e.g. default Syslog timestamps). It's optional otherwise. +Acceptable timezone formats are: a canonical ID (e.g. "Europe/Amsterdam"), abbreviated (e.g. "EST") or an HH:mm differential (e.g. "-05:00"). -- @@ -3421,12 +3615,32 @@ In case the two timestamps are identical, @timestamp should be used. -- -*`event.risk_score`*:: +*`event.start`*:: + -- -type: float +type: date -Risk score or priority of the event (e.g. security solutions). Use your system's original value here. +event.start contains the date when the event started or when the activity was first observed. + + +-- + +*`event.end`*:: ++ +-- +type: date + +event.end contains the date when the event ended or when the activity was last observed. + + +-- + +*`event.risk_score`*:: ++ +-- +type: float + +Risk score or priority of the event (e.g. security solutions). Use your system's original value here. -- @@ -3445,45 +3659,25 @@ This is mainly useful if you use more than one system that assigns risk scores, [float] == file fields -File fields provide details about each file. +A file is defined as a set of information that has been created on, or has existed on a filesystem. File objects can be associated with host events, network events, and/or file events (e.g., those produced by File Integrity Monitoring [FIM] products or services). File fields provide details about the affected file associated with the event or metric. *`file.path`*:: + -- -type: text - -Path to the file. - -*`file.path.raw`*:: -+ --- type: keyword -Path to the file. This is a non-analyzed field that is useful for aggregations. - - --- +Path to the file. -- *`file.target_path`*:: + -- -type: text - -Target path for symlinks. - -*`file.target_path.raw`*:: -+ --- type: keyword -Path to the file. This is a non-analyzed field that is useful for aggregations. - - --- +Target path for symlinks. -- @@ -3603,193 +3797,284 @@ Last time file metadata changed. -- [float] -== geo fields +== group fields -Geo fields can carry data about a specific location related to an event or geo information for an IP field. +The group fields are meant to represent groups that are relevant to the event. -*`geo.continent_name`*:: +*`group.id`*:: + -- type: keyword -Name of the continent. +Unique identifier for the group on the system/platform. -- -*`geo.country_iso_code`*:: +*`group.name`*:: + -- type: keyword -Country ISO code. +Name of the group. -- -*`geo.location`*:: +[float] +== host fields + +A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or on which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes. + + + +*`host.hostname`*:: + -- -type: geo_point +type: keyword -Longitude and latitude. +Hostname of the host. +It normally contains what the `hostname` command returns on the host machine. -- -*`geo.region_name`*:: +*`host.name`*:: + -- type: keyword -Region name. +Name of the host. +It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. -- -*`geo.city_name`*:: +*`host.id`*:: + -- type: keyword -City name. +Unique host id. +As hostname is not always unique, use values that are meaningful in your environment. +Example: The current usage of `beat.name`. + + +-- + +*`host.ip`*:: ++ +-- +type: ip + +Host ip address. + + +-- + +*`host.mac`*:: ++ +-- +type: keyword + +Host mac address. + + +-- + +*`host.type`*:: ++ +-- +type: keyword + +Type of host. +For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. + + +-- + +*`host.architecture`*:: ++ +-- +type: keyword + +example: x86_64 + +Operating system architecture. -- [float] -== host fields +== os fields -Host fields provide information related to a host. A host can be a physical machine, a virtual machine, or a Docker container. -Normally the host information is related to the machine on which the event was generated/collected, but they can be used differently if needed. +The OS fields contain information about the operating system. -*`host.timezone.offset.sec`*:: +*`host.os.platform`*:: + -- -type: long +type: keyword -example: -5400 +example: darwin -Timezone offset of the host in seconds. -Number of seconds relative to UTC. If the offset is -01:30 the value will be -5400. +Operating system platform (such centos, ubuntu, windows). -- -*`host.name`*:: +*`host.os.name`*:: + -- type: keyword -host.name is the hostname of the host. -It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. +example: Mac OS X + +Operating system name. -- -*`host.id`*:: +*`host.os.family`*:: + -- type: keyword -Unique host id. -As hostname is not always unique, use values that are meaningful in your environment. -Example: The current usage of `beat.name`. +example: debian + +OS family (such as redhat, debian, freebsd, windows). -- -*`host.ip`*:: +*`host.os.version`*:: + -- -type: ip +type: keyword -Host ip address. +example: 10.12.6-rc2 + +Operating system version as a raw string. -- -*`host.mac`*:: +*`host.os.kernel`*:: + -- type: keyword -Host mac address. +example: 4.4.0-112-generic + +Operating system kernel version as a raw string. -- -*`host.type`*:: +[float] +== geo fields + +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + + + +*`host.geo.location`*:: ++ +-- +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +Longitude and latitude. + + +-- + +*`host.geo.continent_name`*:: + -- type: keyword -Type of host. -For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. +example: North America + +Name of the continent. -- -*`host.os.platform`*:: +*`host.geo.country_name`*:: + -- type: keyword -example: darwin +example: Canada -Operating system platform (centos, ubuntu, windows, etc.) +Country name. -- -*`host.os.name`*:: +*`host.geo.region_name`*:: + -- type: keyword -example: Mac OS X +example: Quebec -Operating system name. +Region name. -- -*`host.os.family`*:: +*`host.geo.city_name`*:: + -- type: keyword -example: debian +example: Montreal -OS family (redhat, debian, freebsd, windows, etc.) +City name. -- -*`host.os.version`*:: +*`host.geo.country_iso_code`*:: + -- type: keyword -example: 10.12.6 +example: CA -Operating system version. +Country ISO code. -- -*`host.architecture`*:: +*`host.geo.region_iso_code`*:: + -- type: keyword -example: x86_64 +example: CA-QC -Operating system architecture. +Region ISO code. + + +-- + +*`host.geo.name`*:: ++ +-- +type: keyword + +example: boston-dc + +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. -- @@ -3797,7 +4082,7 @@ Operating system architecture. [float] == http fields -Fields related to HTTP requests and responses. +Fields related to HTTP activity. @@ -3811,6 +4096,18 @@ example: GET, POST, PUT Http request method. +-- + +*`http.request.referrer`*:: ++ +-- +type: keyword + +example: https://blog.example.com/ + +Referrer for this HTTP request. + + -- *`http.response.status_code`*:: @@ -3828,7 +4125,7 @@ Http response status code. *`http.response.body`*:: + -- -type: text +type: keyword example: Hello world @@ -3889,186 +4186,448 @@ Field is not indexed. [float] == network fields -Fields related to network data. +The network is defined as the communication path over which a host or network event happens. The network.* fields should be populated with details about the network activity associated with an event. *`network.name`*:: + -- -type: text +type: keyword example: Guest Wifi Name given by operators to sections of their network. -*`network.name.raw`*:: +-- + +*`network.type`*:: + -- type: keyword -Name given by operators to sections of their network. +example: IPv4 +In the OSI Model this would be the Network Layer. IPv4, IPv6, IPSec, PIM, etc --- -- -*`network.protocol`*:: +*`network.iana_number`*:: + -- type: keyword -example: http +example: 6 -Network protocol name. +IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Standardized list of protocols. This aligns well with NetFlow and sFlow related logs which use the IANA Protocol Number. -- -*`network.direction`*:: +*`network.transport`*:: + -- type: keyword -example: inbound +example: TCP -Direction of the network traffic. -Recommended values are: - * inbound - * outbound - * unknown +Same as network.iana_number, but instead using the Keyword name of the transport layer (UDP, TCP, IPv6-ICMP, etc.) -- -*`network.forwarded_ip`*:: +*`network.application`*:: + -- -type: ip +type: keyword -example: 192.1.1.2 +example: AIM -Host IP address when the source IP address is the proxy. +A name given to an application. This can be arbitrarily assigned for things like microservices, but also apply to things like skype, icq, facebook, twitter. This would be used in situations where the vendor or service can be decoded such as from the source/dest IP owners, ports, or wire format. -- -*`network.inbound.bytes`*:: +*`network.protocol`*:: + -- -type: long +type: keyword -example: 184 +example: http -Network inbound bytes. +L7 Network protocol name. ex. http, lumberjack, transport protocol -- -*`network.inbound.packets`*:: +*`network.direction`*:: + -- -type: long +type: keyword -example: 12 +example: inbound + +Direction of the network traffic. +Recommended values are: + * inbound + * outbound + * internal + * external + * unknown -Network inbound packets. +When mapping events from a host-based monitoring context, populate this field from the host's point of view. +When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of your network perimeter. -- -*`network.outbound.bytes`*:: +*`network.forwarded_ip`*:: + -- -type: long +type: ip -example: 184 +example: 192.1.1.2 -Network outbound bytes. +Host IP address when the source IP address is the proxy. -- -*`network.outbound.packets`*:: +*`network.community_id`*:: + -- -type: long +type: keyword -example: 12 +example: 1:hO+sN4H+MG5MY/8hIrXPqc4ZQz0= -Network outbound packets. +A hash of source and destination IPs and ports, as well as the protocol used in a communication. This is a tool-agnostic standard to identify flows. +Learn more at https://github.com/corelight/community-id-spec. -- -*`network.total.bytes`*:: +*`network.bytes`*:: + -- type: long example: 368 -Network total bytes. The sum of inbound.bytes + outbound.bytes. +Total bytes transferred in both directions. +If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. -- -*`network.total.packets`*:: +*`network.packets`*:: + -- type: long example: 24 -Network outbound packets. The sum of inbound.packets + outbound.packets +Total packets transferred in both directions. +If `source.packets` and `destination.packets` are known, `network.packets` is their sum. -- [float] -== organization fields +== observer fields -The organization fields enrich data with information about the company or entity the data is associated with. These fields help you arrange or filter data stored in an index by one or multiple organizations. +An observer is defined as a special network, security, or application device used to detect, observe, or create network, security, or application-related events and metrics. This could be a custom hardware appliance or a server that has been configured to run special network, security, or application software. Examples include firewalls, intrusion detection/prevention systems, network monitoring sensors, web application firewalls, data loss prevention systems, and APM servers. The observer.* fields shall be populated with details of the system, if any, that detects, observes and/or creates a network, security, or application event or metric. Message queues and ETL components used in processing events or metrics are not considered observers in ECS. -*`organization.name`*:: +*`observer.mac`*:: + -- -type: text +type: keyword -Organization name. +MAC address of the observer -- -*`organization.id`*:: +*`observer.ip`*:: + -- -type: keyword +type: ip -Unique identifier for the organization. +IP address of the observer. -- -[float] -== os fields +*`observer.hostname`*:: ++ +-- +type: keyword -The OS fields contain information about the operating system. These fields are often used inside other prefixes, such as `host.os.*` or `user_agent.os.*`. +Hostname of the observer. +-- -*`os.platform`*:: +*`observer.vendor`*:: + -- type: keyword -example: darwin +observer vendor information. -Operating system platform (such centos, ubuntu, windows). + +-- + +*`observer.version`*:: ++ +-- +type: keyword + +Observer version. + + +-- + +*`observer.serial_number`*:: ++ +-- +type: keyword + +Observer serial number. + + +-- + +*`observer.type`*:: ++ +-- +type: keyword + +example: firewall + +The type of the observer the data is coming from. +There is no predefined list of observer types. Some examples are `forwarder`, `firewall`, `ids`, `ips`, `proxy`, `poller`, `sensor`, `APM server`. + + +-- + +[float] +== os fields + +The OS fields contain information about the operating system. + + + +*`observer.os.platform`*:: ++ +-- +type: keyword + +example: darwin + +Operating system platform (such centos, ubuntu, windows). + + +-- + +*`observer.os.name`*:: ++ +-- +type: keyword + +example: Mac OS X + +Operating system name. + + +-- + +*`observer.os.family`*:: ++ +-- +type: keyword + +example: debian + +OS family (such as redhat, debian, freebsd, windows). + + +-- + +*`observer.os.version`*:: ++ +-- +type: keyword + +example: 10.12.6-rc2 + +Operating system version as a raw string. + + +-- + +*`observer.os.kernel`*:: ++ +-- +type: keyword + +example: 4.4.0-112-generic + +Operating system kernel version as a raw string. + + +-- + +[float] +== geo fields + +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + + + +*`observer.geo.location`*:: ++ +-- +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +Longitude and latitude. + + +-- + +*`observer.geo.continent_name`*:: ++ +-- +type: keyword + +example: North America + +Name of the continent. + + +-- + +*`observer.geo.country_name`*:: ++ +-- +type: keyword + +example: Canada + +Country name. + + +-- + +*`observer.geo.region_name`*:: ++ +-- +type: keyword + +example: Quebec + +Region name. + + +-- + +*`observer.geo.city_name`*:: ++ +-- +type: keyword + +example: Montreal + +City name. + + +-- + +*`observer.geo.country_iso_code`*:: ++ +-- +type: keyword + +example: CA + +Country ISO code. + + +-- + +*`observer.geo.region_iso_code`*:: ++ +-- +type: keyword + +example: CA-QC + +Region ISO code. + + +-- + +*`observer.geo.name`*:: ++ +-- +type: keyword + +example: boston-dc + +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. + + +-- + +[float] +== organization fields + +The organization fields enrich data with information about the company or entity the data is associated with. These fields help you arrange or filter data stored in an index by one or multiple organizations. + + + +*`organization.name`*:: ++ +-- +type: keyword + +Organization name. + + +-- + +*`organization.id`*:: ++ +-- +type: keyword + +Unique identifier for the organization. + + +-- + +[float] +== os fields + +The OS fields contain information about the operating system. + + + +*`os.platform`*:: ++ +-- +type: keyword + +example: darwin + +Operating system platform (such centos, ubuntu, windows). -- @@ -4128,12 +4687,45 @@ These fields contain information about a process. These fields can help you corr +*`process.pid`*:: ++ +-- +type: long + +Process id. + + +-- + +*`process.name`*:: ++ +-- +type: keyword + +example: ssh + +Process name. +Sometimes called program name or similar. + + +-- + +*`process.ppid`*:: ++ +-- +type: long + +Process parent id. + + +-- + *`process.args`*:: + -- type: keyword -example: ['-l', 'user', '10.0.0.16'] +example: ['ssh', '-l', 'user', '10.0.0.16'] Process arguments. May be filtered to protect sensitive information. @@ -4141,46 +4733,255 @@ May be filtered to protect sensitive information. -- -*`process.name`*:: +*`process.executable`*:: + -- type: keyword -example: ssh +example: /usr/bin/ssh -Process name. -Sometimes called program name or similar. +Absolute path to the process executable. -- -*`process.pid`*:: +*`process.title`*:: ++ +-- +type: keyword + +Process title. +The proctitle, some times the same as process name. Can also be different: for example a browser setting its title to the web page currently opened. + + +-- + +*`process.thread.id`*:: + -- type: long -Process id. +example: 4242 + +Thread ID. -- -*`process.ppid`*:: +*`process.start`*:: ++ +-- +type: date + +example: 2016-05-23T08:05:34.853Z + +The time the process started. + + +-- + +*`process.working_directory`*:: ++ +-- +type: keyword + +example: /home/alice + +The working directory of the process. + + +-- + +[float] +== related fields + +This field set is meant to facilitate pivoting around a piece of data. Some pieces of information can be seen in many places in ECS. To facilitate searching for them, append values to their corresponding field in `related.`. A concrete example is IP addresses, which can be under host, observer, source, destination, client, server, and network.forwarded_ip. If you append all IPs to `related.ip`, you can then search for a given IP trivially, no matter where it appeared, by querying `related.ip:a.b.c.d`. + + + +*`related.ip`*:: ++ +-- +type: ip + +All of the IPs seen on your event. + + +-- + +[float] +== server fields + +A Server is defined as the responder in a network connection for events regarding sessions, connections, or bidirectional flow records. For TCP events, the server is the receiver of the initial SYN packet(s) of the TCP connection. For other protocols, the server is generally the responder in the network transaction. Some systems actually use the term "responder" to refer the server in TCP connections. The server fields describe details about the system acting as the server in the network event. Server fields are usually populated in conjunction with client fields. Server fields are generally not populated for packet-level events. + + + +*`server.ip`*:: ++ +-- +type: ip + +IP address of the server. +Can be one or multiple IPv4 or IPv6 addresses. + + +-- + +*`server.port`*:: + -- type: long -Process parent id. +Port of the server. + + +-- + +*`server.mac`*:: ++ +-- +type: keyword + +MAC address of the server. + + +-- + +*`server.domain`*:: ++ +-- +type: keyword + +Server domain. + + +-- + +*`server.bytes`*:: ++ +-- +type: long + +example: 184 + +Bytes sent from the server to the client. + + +-- + +*`server.packets`*:: ++ +-- +type: long + +example: 12 + +Packets sent from the server to the client. + + +-- + +[float] +== geo fields + +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + + + +*`server.geo.location`*:: ++ +-- +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +Longitude and latitude. + + +-- + +*`server.geo.continent_name`*:: ++ +-- +type: keyword + +example: North America + +Name of the continent. + + +-- + +*`server.geo.country_name`*:: ++ +-- +type: keyword + +example: Canada + +Country name. + + +-- + +*`server.geo.region_name`*:: ++ +-- +type: keyword + +example: Quebec + +Region name. + + +-- + +*`server.geo.city_name`*:: ++ +-- +type: keyword + +example: Montreal + +City name. + + +-- + +*`server.geo.country_iso_code`*:: ++ +-- +type: keyword + +example: CA + +Country ISO code. + + +-- + +*`server.geo.region_iso_code`*:: ++ +-- +type: keyword + +example: CA-QC + +Region ISO code. -- -*`process.title`*:: +*`server.geo.name`*:: + -- type: keyword -Process title. -The proctitle, often the same as process name. +example: boston-dc + +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. -- @@ -4211,11 +5012,12 @@ Example: If you are experiencing issues with one redis instance, you can filter -- type: keyword -example: elasticsearch +example: elasticsearch-metrics Name of the service data is collected from. -The name can be used to group and correlate logs and metrics from one service. -Example: If logs or metrics are collected from Redis, `service.name` would be `redis`. +The name of the service is normally user given. This allows if two instances of the same service are running on the same machine they can be differentiated by the `service.name`. +Also it allows for distributed services that run on multiple hosts to correlate the related instances based on the name. +In the case of Elasticsearch the service.name could contain the cluster name. For Beats the service.name is by default a copy of the `service.type` field if no name is specified. -- @@ -4225,7 +5027,11 @@ Example: If logs or metrics are collected from Redis, `service.name` would be `r -- type: keyword -Service type. +example: elasticsearch + +The type of the service data is collected from. +The type can be used to group and correlate logs and metrics from one service type. +Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. -- @@ -4269,7 +5075,7 @@ This id normally changes across restarts, but `service.id` does not. [float] == source fields -Source fields describe details about the source of the event. +Source fields describe details about the source of a packet/event. Source fields are usually populated in conjunction with destination fields. @@ -4312,40 +5118,71 @@ type: keyword Source domain. +-- + +*`source.bytes`*:: ++ +-- +type: long + +example: 184 + +Bytes sent from the source to the destination. + + +-- + +*`source.packets`*:: ++ +-- +type: long + +example: 12 + +Packets sent from the source to the destination. + + -- [float] == geo fields -Geolocation for source. +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. -*`source.geo.continent_name`*:: + +*`source.geo.location`*:: + -- -type: keyword +type: geo_point -Name of the continent. +example: { "lon": -73.614830, "lat": 45.505918 } + +Longitude and latitude. -- -*`source.geo.country_iso_code`*:: +*`source.geo.continent_name`*:: + -- type: keyword -Country ISO code. +example: North America + +Name of the continent. -- -*`source.geo.location`*:: +*`source.geo.country_name`*:: + -- -type: geo_point +type: keyword -Longitude and latitude. +example: Canada + +Country name. -- @@ -4355,6 +5192,8 @@ Longitude and latitude. -- type: keyword +example: Quebec + Region name. @@ -4365,9 +5204,23 @@ Region name. -- type: keyword +example: Montreal + City name. +-- + +*`source.geo.country_iso_code`*:: ++ +-- +type: keyword + +example: CA + +Country ISO code. + + -- *`source.geo.region_iso_code`*:: @@ -4375,15 +5228,31 @@ City name. -- type: keyword +example: CA-QC + Region ISO code. +-- + +*`source.geo.name`*:: ++ +-- +type: keyword + +example: boston-dc + +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. + + -- [float] == url fields -URL fields provide a complete URL, with scheme, host, and path. The URL object can be reused in other prefixes, such as `host.url.*` for example. Keep the structure consistent whenever you use URL fields. +URL fields provide a complete URL, with scheme, host, and path. @@ -4392,11 +5261,24 @@ URL fields provide a complete URL, with scheme, host, and path. The URL object c -- type: keyword -example: https://elastic.co:443/search?q=elasticsearch#top +example: https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch + + +Unmodified original url as seen in the event source. +Note that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path. +This field is meant to represent the URL as it was observed, complete or not. + + +-- + +*`url.full`*:: ++ +-- +type: keyword + +example: https://www.elastic.co:443/search?q=elasticsearch#top -Full url. The field is stored as keyword. -`url.href` is a [multi field](https://www.elastic.co/guide/en/ elasticsearch/reference/6.2/ multi-fields.html#_multi_fields_with_multiple_analyzers). The data is stored as keyword `url.href` and test `url.href.analyzed`. These fields enable you to run a query against part of the url still works splitting up the URL at ingest time. -`href` is an analyzed field so the parsed information can be accessed through `href.analyzed` in queries. +If full URLs are important to your use case, they should be stored in `url.full`, whether this field is reconstructed or present in the event source. -- @@ -4414,15 +5296,15 @@ Note: The `:` is not part of the scheme. -- -*`url.hostname`*:: +*`url.domain`*:: + -- type: keyword -example: elastic.co +example: www.elastic.co -Hostname of the request, such as "elastic.co". -In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `hostname` field. +Domain of the request, such as "www.elastic.co". +In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field. -- @@ -4442,42 +5324,22 @@ Port of the request, such as 443. *`url.path`*:: + -- -type: text - -Path of the request, such as "/search". - - -*`url.path.raw`*:: -+ --- type: keyword -URL path. A non-analyzed field that is useful for aggregations. - +Path of the request, such as "/search". --- -- *`url.query`*:: + -- -type: text +type: keyword The query field describes the query string of the request, such as "q=elasticsearch". The `?` is excluded from the query string. If a URL contains no `?`, there is no query field. If there is a `?` but no query, the query field exists with an empty string. The `exists` query can be used to differentiate between the two cases. -*`url.query.raw`*:: -+ --- -type: keyword - -URL query part. A non-analyzed field that is useful for aggregations. - - --- - -- *`url.fragment`*:: @@ -4533,8 +5395,21 @@ One or multiple unique identifiers of the user. -- type: keyword -Name of the user. -The field is a keyword, and will not be tokenized. +example: albert + +Short name or login of the user. + + +-- + +*`user.full_name`*:: ++ +-- +type: keyword + +example: Albert Einstein + +User's full name, if available. -- @@ -4558,6 +5433,16 @@ Unique user hash to correlate information for a user in anonymized form. Useful if `user.id` or `user.name` contain confidential information and cannot be used. +-- + +*`user.group`*:: ++ +-- +type: keyword + +Group the user is a part of. This field can contain a list of groups, if necessary. + + -- [float] @@ -4570,19 +5455,25 @@ The user_agent fields normally come from a browser request. They often show up i *`user_agent.original`*:: + -- -type: text +type: keyword + +example: Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1 Unparsed version of the user_agent. +Field is not indexed. + -- -*`user_agent.device`*:: +*`user_agent.name`*:: + -- type: keyword -Name of the physical device. +example: Safari + +Name of the user agent. -- @@ -4592,27 +5483,116 @@ Name of the physical device. -- type: keyword -Version of the physical device. +example: 12.0 + +Version of the user agent. + + +-- + +*`user_agent.device.name`*:: ++ +-- +type: keyword + +example: iPhone + +Name of the device. -- -*`user_agent.major`*:: +[float] +== os fields + +The OS fields contain information about the operating system. + + + +*`user_agent.os.platform`*:: + -- -type: long +type: keyword -Major version of the user agent. +example: darwin + +Operating system platform (such centos, ubuntu, windows). -- -*`user_agent.minor`*:: +*`user_agent.os.name`*:: + -- -type: long +type: keyword -Minor version of the user agent. +example: Mac OS X + +Operating system name. + + +-- + +*`user_agent.os.family`*:: ++ +-- +type: keyword + +example: debian + +OS family (such as redhat, debian, freebsd, windows). + + +-- + +*`user_agent.os.version`*:: ++ +-- +type: keyword + +example: 10.12.6-rc2 + +Operating system version as a raw string. + + +-- + +*`user_agent.os.kernel`*:: ++ +-- +type: keyword + +example: 4.4.0-112-generic + +Operating system kernel version as a raw string. + + +-- + +*`beat.name`*:: ++ +-- +type: alias + +alias to: agent.type + +-- + +*`beat.hostname`*:: ++ +-- +type: alias + +alias to: agent.hostname + +-- + +*`agent.hostname`*:: ++ +-- +type: keyword + +Hostname of the agent. -- @@ -4627,34 +5607,32 @@ Patch version of the user agent. -- -*`user_agent.name`*:: +*`user_agent.minor`*:: + -- type: keyword -example: Chrome - -Name of the user agent. +Minor version of the user agent. -- -*`user_agent.os.name`*:: +*`user_agent.major`*:: + -- type: keyword -Name of the operating system. +Major version of the user agent. -- -*`user_agent.os.version`*:: +*`user_agent.device`*:: + -- type: keyword -Version of the operating system. +Name of the physical device. -- @@ -4679,21 +5657,13 @@ Minor version of the operating system. -- -*`beat.name`*:: +*`url.hostname`*:: + -- -type: alias - -alias to: agent.type - --- +type: keyword -*`beat.hostname`*:: -+ --- -type: alias +Hostname of the request, such as "elastic.co". -alias to: agent.hostname -- @@ -4860,18 +5830,6 @@ XX64 hash of the file. Info collected for the host machine. - - -*`host.os.kernel`*:: -+ --- -type: keyword - -The operating system's kernel version. - - --- - [[exported-fields-kubernetes-processor]] == Kubernetes fields diff --git a/auditbeat/include/fields.go b/auditbeat/include/fields.go index ea7a4cfcf5b..72646032a2b 100644 --- a/auditbeat/include/fields.go +++ b/auditbeat/include/fields.go @@ -31,5 +31,5 @@ func init() { // Asset returns asset data func Asset() string { - return "eJzkvXtzG7m1IP7/fAqUp+o34/wkWpJtjUe3cu9V7HmoMh67LPsmu0mKBLtBElETaANoUpy9+923cPBooBtNNUh5slU7qYptdvc5B8DBwXnjFN2R3RUihfwKIUVVRa7QD69vv0KoJLIQtFaUsyv0718hhPQDtKCkKuXkK2T/dgVP4P9OEcNrcoXwkjAFv3iQ18FPS8Gb+gpd2H8m8Oj/Pq6IAWTxoIIzhSlDakVQiRVGeM4bBf+E954VFdV/yBWtayKQWmHloRWCYEVKeJtsCFMT+2jBuWJckRD1D/d4XVdEXqEbg67AkiC+QH8iWEm04AJVfClPWtwTPXBEJVrQiswJVhP0Ixfo+v3bE0SVfqBWxMM3wxINY5QtkR0SrutnkogNLcgkGDxlCy7WWM8OKjmRiHGFihVmS4LowoOECaESSf2NWgneLFfoc0MajUHupCJriSp6R9Cf8eIOn6APpKTyBHGBasELImXwoocqm2KFsES/8KVUWK6QGRO6JWJDhJtCtavJlVlVN6kBZ4SMsSFCUs787+7bO7LbclEGvw8whf7vvwwQvR7t/LdMaP4jZgmv0OXkbHJ2KoqLHjEa9XGU/KoXfRwZji96VKy4VPpvx1Hys4XSoaaHjZbH4fnE6OeGIFoSpuiCEmEQUmm59Vu6QJwRRO6pVPJpbz783rqC/WH2E3y/5U1VojlBsHtoOUnN4iv8YvHy7KzsjYvUK7ImAlfTY0f4g4N0zCA/6pdpiZjeulW1sxtWIlwILiUSRCoslDxB80ahmVktWs78Dt83+kVf4M6xJLG8/VP7ixW35w+LWw0GSaKcqJUIV5UTv9sV1cJAEMSNwFK8RhXZkArElSTuRf1KwddrztxwNRS9FFJPJEhfmS87nvynoms9b+v6SW+JS6zCHSTI54YKUl4hJZrwQb3Cklyh56npfXJxdn55evby9OL5x7NXV2cvr56/mLx6+fx/PhnHOW+wIs80jWi7Iqw9aRAXdEmZPn4SrPKjOUzstBg2M8cFDCoJcIslWhJGhIZ5gjArI5D6hIAvqHlVEJzC/MFOkplxONX0QoXr05eZeClH7K92Tv/29ye14GVT6Bn7+5MT9PcnhG0u/v7kHyNn9RcqlWYbi0SiRupjnGtSEMHFKjzOe/RWeE6qPsV8/k9SqBTB/+uO7M6v0AZXDTk/0Vgv7L8u/vc4gv9Mds/gA1RjKroTqf97jZkWdG4guCzRmujjOzjqFXcLgW5XIBrh3LcqECNSkXjRzZDkBF1XlSHY7ESpuF5jLN0M7pPJs5IXd0TMNEuh2d0rObMzODC9ayIlXvbPLkXuVX/XnSc55GdSVRz9hYuqHMkSvS1DHCGWlb340o/0m/ZxYug3DHG1IkKvBqh5SXjxghWcFVgRFsschEq6WBChN6id/1ZkKr0dF4KQaockwaJY4XlFJuhmgdZNpWhdxaAsfmnOGFA0d46Mgq/nlJESUaY4HET94bkFKirelPHJ8Dr4aZwm/qOR64JURoXmRifWcLRCSNlCYKlEU6jGDNWuTKvvmhNBa5gLwdcjVe8FekuUoIVWCLRIdPqyPlcY+uH1BehOwKoLoooVkUYL1igQDdDr104CmvU+i3kkMieoRGtcrCgz69MS4QGKhkkgAwmy5oq49xFvlKQlCXClqcPIavohyNAYgI8NzR2WNmBbUMCtFn1oY1gE8cTln7q14BtaEpHauiRQqo/Wn824HLqJY4RQlJHi4gQtC6Ktls7GW1KFK14QzAYkFd5gWuE5rajaTX/jjKQG1MhTgqU6PS+OG9d1gAxpZHpZjTAA9gK+bRdmgGRBluNspT7948j8AAgOoo0yqTAryGSUuu0JpKfnF89fvLz87tX3Z3helGRxNo7UG4sP3bxxDAOEuo36AJXHG1iegNDKGkGCezrS2PQzpS4ma1LSZj2OvLdOAuzqHOpwUfAGTI8c2i4vL7/77rtXr159//3348j72MpDg1GfG1wsMaO/GX2Hlv54tXbXrj1PI1j6oaJEar7F5vQ81YcxU4iwDRWcrVOWeHi0XP/l1hNCyxP0E+fLipiTEb378BO6KcEzYjUDsHkjUK1pmDpzjaj2MtOdu52fx529/qvQuoKZ0vp6T21sXWKyJgVd0KJHDgLHmLMxJG9EASwTgOkYdCtS1ajgwigA5uzRpmLLHB6HtOcb22kBom2X/CPHfnjcfv1ggKA1ZnipDz8Qbp7OpH1tlN++FHkcn4nHjULnhkey1grc8XIqPFIBpjlcPW5tD84bWqlAG+hSofDyOCJaprUk4GUf1/FjbdFoWH0MY40/88P0kFMBhtczkRwBJZFKG/7tMW5lwZveg3HSIPjObU7z5pygkihMKxmIgAC9ZgnswdS4uCPqWeQHH78/ad2b0uinffP1Xlu7gkjpeDSgcdhS1hqUlnbWUkI37zcv9A837zeXDiCRCXdnzYXqEVtxthxH7nsuVJLQ1DF/HC+/vX69d2p6GEu+xnSMdpgwvvc5sQKeMSgSuJeE9xCHnNPFEWH4ifCKF5aHuehzgPmvy33x+UoZYWraESHDc7B3yB07xEEPxh3ibpgSuymVfFrw8lGwvzYw0c3tO6RhJhG7KUsgXBI+rTntqEl7Uf7C2ZKqpiRgn1ZYwT+SiI0V8mhTbW0OI7BTE6zts8dC9lrbX4Oo7Mgecynt6Dor2R4HgcnvT4Lgt7GHABj2XX1QcWc9a0FC9Ve4GlAOI0qGFEJQIWKlEFQoG6fBaEEF2eKqOkGMqC0XdxbuCSKqyD9XvowMjQb6hY4wiNn2kHyZyN4Qtg1hZeQWSXpi90p+YCsDJ1r4BK5HCON6fACrj0QSQXE1Zc16TvrjOgSVgYgMxD5CbS/8xhmZ8MVCEjWRpM+P43WHjxYaMtAio5wyJEnBWZmKDvwK5On37TvG8Uo3RG/xTx9fg1dSw7KQqUSnZ+dXz88i/5/+z4QhtrSq9IY9ffni7Cxp+MCT/nwcHR/XZn/okTC823pcQZx03MJdAAJcmEwLN1KSBTi+KxsTcvB2NZETdMvXxI0J5GIEakZYCafk7ATNnOTSf6elhD9q+KMW/H43S86S+6iv5xMheMfa/yH4aXS+S2tyF5ghQWpBIJ8D4IO80Yb1HWXlBH2SMJFr0KHsC1HGywrXNQHXXkWMC1pPtI2ZwA638Y4tTHIbXaRKkmoRxICZgR+tT4a58OgpB3rEQG6PquzI1L5EAA19IHLUqoPlkVvEYNFwnCVnnBX90Xlm2/SSq37YHJJcZVY75VbSS0/u1ZDyAFsXmOQA4/FxuOHmjRaG3vbtZXWhvVkjCaPIryhWZMnF7shVhal1sIYSRGw8D+uJ13aQEW7xV52hrCEYJdPceLzAvjbiekk3hJk4H5Ugb3zihg0VhBFRzTGw9P1wgR8qiHCbC+MGOt/BuunBJ8fKlpTdn0qFlTzdO25cqKO1EUi4AziowLVqREugYazoMLNvwsm6wWIH51cEz2TS6Tm0f5s3cFJX9I5UO3Bzs6ICCwxgSY1NkqIR2maxwTt5EsO02Xjzihd3ENAT6HODBdYWK2XLf9MPt6Sq9J9rLohJEqGFx6EhRCCxRBVfUmbPhRPIU0P0GbeJgfc7vbxbLMr28Eif01bZOGShBfEOub4c52VTPaJP1MAzjD1WB9H8G0jC+IsAqs1NoczmtXHhEyfTm3knP1fpYWvSJOn7rg4etwU4sHYFZwWpQafCaGbfnaFvNTdoFfOZEzxEPdXjj8eJZeBbNIw6tyqvnZgJulFxxD2cUCNS9LQ2QhCmql0MzWSwUNYSYdJtMSuDn+zKcoEs1ZPYKxxMPMiU9MRLsiF6Cz6k+e9NafluZCLLrUXmDzJrgruf7dpZAfQXbaXDWibjYv4rGzFfE8xATm+ICGJpaE7UlhDWJrzoxflGoqZGikcQTQyhrsiaMEWEFlprfEeQbIQnkhKX8McklUojsEl/e/PIbEpcNYLBEzP9Nfqk2Uc1DCuQpnqL2uk3EkghueJbZqJWhap2aEeUZtT/RiU3CXJc3EUgKUMKz/Uu1iI0enQj0f/39fnFi39zThKvmnvn+n9Dsh0Xd5oQ2EugSLUKdgTQOGxocSeT/PnkltTo/Ht09urq4vLq/MxYja9/+PHqzNBxaw8K869o0fSyCYIVBL6IMG+cT+yH52dnyW+2XKz16VAQKReNFt5S8bompfvM/ClF8cfzs4n+33kHQinVHy8m55OLyYWs1R/PL55fjNwFCH3AW1DMfdqV1jaYosLz/ifr4SrJmjOpBFYmsYsyRZZ6JhKCzYpukz9juYKyktwTk5ZT8mIaZJeUVOrlL42swky/PicdiCZ3i5QmcZcqpwgJLYbIRmtD+kyYTY0bLTIkAfcVWuBKhmBbMsJnvR2zwnJ12G5p2apNvkj97fpPr9+MXrKfsVyhb2siVrgGHcLUBywoWxJRC8rUU72KAm/tAigOuu5cH768yzsjVzXf/zSYCPyAKmgxpPIJ3SPMnAXFBRTG4FLvc4kUH9IiDDS5ci5U66+F7Mwam1hTm9Lq5S1VqOZS0nknSRD2gyIFvGkOUU1Hj8A50YdXSm8zu8t9QCVktEVZwXDGNlKZRETIuWhzhNFNKuYw95mPITWtf+GBeSJODUABXWeT80nadwVPBpSoRnRjJrlevDcWRHQU61lgmPG0D89bkqbiqIe8k6q+B7lZHVe51E1YTGaF25eHGNBn0Os5LalUlBXKiKz/DJ4xExEIfnLIe/qBLR6C48y+PHEJukCqJEhtefvUm71pLQab8XWIMWKhoswofZ2BU5Pibjxhhi8imPMd+tGW34Ckh4MA3EkFriZo1o5zZng9rDTzz+KluVcCF8rJ+5DCk866eWL9EGiYkh8yvtRarQmw4Lo2ZmKNizt9JBqrVFsdxl+XWJye/7d9JUGvi9k4BHpi05T3mfIBXrsxrkUzf/Hi6/n3c38SjqIVi1o7GsqJpPJuKgsu+ibhouJ4pGvvA5V3CKAYM5fynrqNviWT5SSwyHnVgA39NF62T5KgHW+ENfO/kV61tQaxXqwHBzPVNvMxI/oVbG76GykB6gODOzHJy7LAFehaZ5rRzl1wIOm9WWPKqp1emkVTIbrQgwYTAvwMaoUZZGk4t4cWH1hKuuyIjJY4CXUrAGaLzWEnCUHYug9gKGYGgyIiW5+Y8Ipqm89i6nhArY/0x/aFwTT3yvvfXSQ1TqqBs1ljGuv39HkoWLXKW8IRHVH0HquVS7IPkSGTADMdzJvD2+P8BT3EfvX1qrBTzHC1+82rBi5qbHgiggS1RMulIEs4PeMjsq0lEkuipllz8xG+gfkEJHK3rigLzaj0HA3N0sGR/sebq5GzRe4VYZHWm6Z8kGpgbw+lt9WBfCuDcVXxLSJY7vTYFIFjZ74zzkEPIph0r43VVrHqLnXomR5BN9AKzlZwQZ2gkgrIyLXr/TQ5Rd2shofxvHEByaH8h3b/dXBRFoZ+RqC60R+0jgMX5TH+Vub/biRcEmUTxE4y1/6jdb+imzfo2083b57CXLqzLQitfXsLD9vBI75lRCTpgSfZqwpffQM7QbQOug7oZd5Q3wu6xmJnBDGM8afOMNJYopS1bDxhVsYgjvXDbNKaMpcvztKI32reCVeFMsQLhauOJypJgqS/dUmIDKD+GukvNIr5ThGpt6D1oHCtAuCydLrhTEObIRqf8TNN4Sy9RddRZnfCIIqI+QVLBcqjGTSEJa3yueal5tgyiaU4BsuaKAyRAVOzXSaUjTb/0SoXP/kfxoVffyI8jPQXWIhdWISG2/R9nysZlN85y97D40LTFDnV4VBh6Oa9QZQfqR1Mszy20KtNsOyjHMyuPCg9vJtX2cWXSKocTqncV6M8kE7ZxZfOpTykuiHMouzNYiKF8pDpa5MnUXcDrLjspCD83P4ybgvoD7radsi/IbsDvgm6Nn5wFzb3oOrVTmpz0hU7nSCMNlSoJvxJbwf0Bio8umUgHtCvLnIZZGpFcb9OCawv+2wr6EhnZ0al+s8KXlWkUM5/HFb1QkjA+0SqnbaxGCElOWDr/j+XybbP690mt/Xm6fhNAozpev+4WemWCKY8JIaNnaNpqxXQmft2hgRRjTA1xp8YvXd2ry0IbqpOhPRzgys4DW3KPgzMsjwQY0+TTize+JwIi8t79XgLWnonrpl6xfU3g3Pem9pReT55pQk29cfwXcrtdC3b6bfxHlxt8U7aEr4TcFjYkI9xUQgCcVLKll2zjDLj1xlVU3gV+a0bF8OaQS8bWNJErdXhOcggO2ntEpGHS0+PY+6fbQHpA3geIU/UptUMbJYfubC1ma483PZJsaIzKoHXoKDP1cyX0M5il93NAm3WJ64g0Pocoyq5k9CVHFSCBqdBBLFloWG2Mf+lN83X6F2tTwhtFN4aD1oKlTe85KSusFqkfIZZ895itX47BxZ9WxCmuDxBzbxhqjlBW8pKvpUmtf9pSs6WWGxtQVKK4pGytg1WvsUFeneL/joyJNkbS8+4jMhZ4DWtxmT5tQSVZE4xG0vOLTIo0LeClCusTpD5/gTagMxlmZzTFKnjo51BpPdscn4xuTx07qKk/B5NWBQrqgi0+8ii6v7V5fTyxaFEhWhTOqlSdUcn/fjxfZZO2m90okFASJRIJUG7F0TWnEG5YTjsUYXNBs5kTdSKH5kH+7NStQOIDMBkePSnHz6eoPfvbvX/f/qYIMmMZiIVVo1MW13jVUVLlYGJDMyO7RXQ9uLsxTBBc172t+f47O2PVlECtmhJ0lCTtJguRFsuqn5zuUcpd4Gp6RW7BBScT877TF3xZczTv/gf9vNw23rIexIUD7om5XMvtHo7bg5+4UsDxmnHnp7Eqd8r50Czv1x/+HV2gmY/fPig/7j59cd36VKNHz586EvSo1LOhnOzKl7gCpTStzs9oFC8ZaX8DE5fh7HbBnE+1Bj0uAIhFeUKwDYI3ojAzcmCA5NUVIGwpQo1EHX31dY1Fsmk3xtjvwhwnxmDeGZRzGzYo00Wd5YOZkEsWkOOQAZsYSFZPS2Rh+MGf9Ib4CRlaq3whiBcCYLLHZKat4wL0XiAJATcKdQW3RFEWMFLm2HNSBwwqigjEho/bWw7sIpgBumTD3YbOyghDUluM82+6WWkfW6IALPO1mYYY21UUlokZ2wyQCxrfo1+PPQI9bWhWOF8qZNUG8cfA+B4NOUM8x3ioFJApRRHktikeMN0VDhK0+coHLR/oQsaPB2KNQ5HG/fFGx+IOB4zmN601oIrXvAj5fmvLoXEQkODGdeBchbE66ggj1C68caBceLDcZwSeLGgRWIffiAFX68JK12SAey4q86M/wFRNucN6y7THxBvVPpBw+4Y37LUFISwelNhiyxIOT3WLRDUJ/vMIxvTDB7ZAwQqPNLayPcXk/PJ+eQipvdr2w5P9kZghzeBmNERKqTjKQvPxKDSJL7qq4+OCtPh5DHpsBDTlPSbSzsOebT5cAAzJ8TT8Xgz4inJnBLFFa4ebT4Amp0M48hs1qaNVTDv6P/vLESS1ueXrwaI/YKTlqLZPgup7lPgyb540T/Hw55q8WH+rv9kfKlo1KrNBm0IE1q5g6jllqrVQLVowdc1ZjutSUHnttaoC8vAsZS8oCbrkKpVqgHZjjcICwGN702RjyLCAGgrhDAzGhUckHHXII83HMwBdtCRGkm4Dvt8VF+ubDoc/yTmHtnhmY5XMptv3t12L29IMwnv+HomIZS4szhfKFO8pNcbmq0a32wtyILeE3niyyQhnjLhcvKHmeaDWSOJmJpW6/Bj/tJ/ca8rkD7gen2a7lnXel0fZNLfx9sakvE7elndqj/kbX16TDuTnoP1VBRjy5yGnKxQPgmFMlIJX0Id0ndHBBvlemnJezF5MTk7PT+/OLUlwIcSaXDvpzWSIbYgIBYk76MfD+mHMSg+sMM4IDPA9nfnR9vE0taNxnWo+hTz8BAtn0XbyHZuDi18I+VmjoKaljMroKTCO+kS+wwy11hDm/pBylTBa9qmFCwrPsdV0JLfkdx1x4+XWliM6tm/LzHYzggWy2Y9UAL+Fu/QnNhj2bejguokSZikEPZPdhUK+PZvT06rJyfoiRbV+k9Xa3j55B+HirgRw0qcwsg6IKE8ARW4qghEH5cCr23in0CSrmmF0zXtMqjW81sjcaZnNCP0bBkj3IPvcRDWGKLavZB7m22ijq3Qd6gA1EBVmN5k8PzEbjHlKmaw9Ht2IF8p7rZuhdJt9ON4pcZ1Vu824FThM+hvbERGmxpkdGUc7n2bDzSk8C4oK61H10kuKKyC7D7v2vfwHHr9RSqG96/s2mOdM64ZvbvqKrXY5vIcm4xucjeqXdsXGjzCwVVZUJ5yR+S+QsnO/AWtA8xasSBQMkyaT/e4WVh7hCByXxNBCSvAey4lXPygTxINU5ASukeY5uEn+qMIoD6drCXDbdUdLV0tjCMQkgrdqsM7krIlZAHb/uZdSlv18Pl35CWZL8gZJpfFi++/uyjn5PvF2fl3L/D55fPv5vNXFy++W1wG3+7P6xkpdfdGUEiFpaKFqaUeqZiEGaSOy9v+HXYX7WkjZoR25yIPk8ed2F4Re+g9HF8YgEayCMAybbrNQkKjhJBYdw3bzAE0+V/uMqwI8gyYaXZcFk5eypUVkQBtAK9UcT3r4yB+bVOpAHpn3Y9R4Pfy5fPJxWRsdkLnEjrHkqGUH8OXVJpiG2mis/wOYa3SGq8GUSbjPhb2XhePWjqjLlOG8/M73Y7mJuHR70dzAxt/Q1p8+oP7u3P4h78NDNi8M6LRdlwzZAPaI4/cRDoghMivUFTl2osEDC5Sv0GpIS/qgXtYY+1kW+1haoerTEJ6wybbHUpTmYzD6EZXQyX6xA4g7jTZfgTclqc6rbVTjbX7jDPYVLvbUtuNxj3/F5Z4JHB+2RqPHsIvXeTRQ/hlqjz6E/noZR5DI3mcpdrfG7sRVSygP334Zb90/vThl279CIZoQ0UU0U9PjBouC31kndhbwDCEYGyEIUDiboFocydcj7P97uVGVJM/zPSu84DsaTRBfybEJIW0l6MFbbK2K8LIhghfSd8O6ECbLSPDac86/dhUlV4OM0M+WWXMPYIz/dlKkMXMFEL/DQ4WA+Mf366UquXVs2fb7XZiTYBJwZ8tG1qSZ4Q9i0BFNsIzQaAspiDPLicX8YvmAiA7byu1rr6ehmkZU80DU3fATW1ZtpBPzfCsCRGrUd2RhuPS/KOIVOlxT1zZ96xj0BMGnY/0UiuubWCEIXdnh/ASazNuMBeqERWSilaV7S7WZmrZjCPNNtps1PqTqWNMrUy7Kgx1atOl8TzWWBiObx2irtKqMC1eYpva3jE9i8etd4xJSpKRwhFlgmguaDng6sWL58/MQv/H5z9GC/+14v20EbOhj2PyW4DhfRImj7bd20+Ayiepmia4rxC8vlczl8TlejfBXgfIg0kw/cSJL9Mmvj+kdsKfRCsDiXyQEGe61WHgqDXeIdh1tt5Ua5WsfMYFKH82dafaGRkLfvgIZFCHNDGXqEO5hiSmhClMUgFTd8l9CmFbBRUVrkYz2Y6lN53JK1+goVhU5bTPGRkopL1pfPHieTqX+cXzPilhZ4v8SDG0mBhcTrtjnoTU/M75aJpPzFl6nd3zYqjrRUgsCMgjJlDvUiNkDUFxl03zxMSxutMcnwduyjvCKSUeQDD8BwgGcg/9fYOOSyFGKH00Wy3ZW4txDQd2i++AH4zFVU6aZxhwalPZvXXSkdXxRBjD3Ma7GCLrWrV0wRDMG7MIioHQcaH5ilWKFfG9RV3jJ9Nf9F/LoYZsLaK/FJ8uBF6u40Zmh8RAuAiTGPW5jxfQdlUvyNezYO8rXg8y39fJU8mR2Cfe9eE4jvhPFkpnI/XR1VjKDtiDOhUZKEl0X3WH1zEsZOYVjL55StcRlM5lgVcdTwlSkQ0OWENxFPb0/TEIUuONccgQsGhDt4z+hUKj3tDlB4hWrtW3b8FFy5PWIGKQMrWz9JiO46aVFl+0NK3ajJvfL0L0ruN7aroRI++ciRuHP178N3RZtDh6W8qbQNiBN2YkVKObLrFI8TvC6G8kcbMjWWN6YNHJAxvOgI6rc9GjtIx9OLDnmG8VB9d6HUjMi5CZx9luDW3d9CuJuf7ke8tBqhZ4e13elo2LuDSQgrOFYZTuFVednGzfx7fbVDCUDyYprC8lUPh7nqwwIJ3EaN3cWs22eSRzwbcaiZNd+tudCW17cHLFt7YcZ0vm3sEOcaVuD3prvzWe8E4+0SP4EcarXp+YJWcTx0mCHLwe2k77rqO3tG8LMnxl1iPU9XUCQQ8iXeN/Jq7pGp+V8VZ/n5pWNDCta8qOQ6i/z0FYY1WMkTv7TZ9ilYMzN9/x9Urw9cg2vN1jYoiG8UXuI5ENZ8UeVB0+nolHIf4ijDwO85fg6D7mrxD6Gn0k65oLuOKF3kPOAFHou8kZKrFczTkWpQTHnBW0X9t0lEYqtOQu/48UcrJbw7Us4E3eUknAiyhRydk35uKAOBXbdw6JpDeuqM8e0pb3leVFCP73v++4lvbD8C9/9dWp5h4D4yt/Iv7J/Csxr69dWWbB12vO4Dufsr3BtALfZ9g6HEgBjSU8gyLaXQ+jh89b96bJ/lWNCO6c6a5q3KpJDyn0/trcpE5o4knbpPhJNJNBS7lkn3mjlkTveQF03Sw1j1xcqhW6ODu/PEHnF1fPX169fD55/nyEktH2Te40w674EglSaOMo6j3VGZTCPil0AMu1mFMFnK/fNRaENf4lUagmwswfRFS0ySMwk52rmEzeSITYLHg0j9GF3Hsu4x4g1LMfCGdQDZeNAJ5z4ZSIgui2vp5SNIDE3NMWZyNrtupctepu1YNO/nAp3+QBZev47jmGNDPVdueajdju3dfu3yN2b+bG/SrRg7k7q/0Ok1gpQeeNr8hKiQFJVNvy1ICcc14RzLqbKdhzEapborQ54btmrmx3+ZkBPUNzqjSaCXq3pkqRshXPHZ6RRC2/HC3LLFqMeh7REijmg4xy7XwBfGEtA+/KAEb2qZPQ4VdojjaYouAmcvX4FTF9/n2XJBeLoqZBZ8m3rOLYOUAn6B2LKkFkU9dcKHuxEy7e3Z6gDcUA5u7tmxtF1n9ZEUF+FHwtW34JnYluoujCUdpp1wcdwBwfuy9TLsiU8zEzsSOj/XPPpWhyP0MxYMdjauY7nFhR1tyPk1/6pLj94Rf9gXWstJ3gw9bi6dkIfGejpgMqBbeszfU1snzSnWReZaXPfPSQvpF+NBpIF3AnW+dQ0DZ25WVqjCRug5LG0VYBDPTzTeIFyK0Ir3hTBhI86n/mm9SmRfpb18IWnANFp3WaaeBrFSRcllN4Yer73tpcenP5aCDmA5OSKDyBryYObFcMkuIBJSbKF4oonKD3ThIF3TBIcXGCloVpx1bSJVW44gXBbDJIm0uPbrMeB2i5sS+imzdRd0vbVG4EhkDLfggH63SHfBiLfWEaqArtceOa3O3H/jZsj5eF3MpPWlG1mwYKuaegkacES3V6XjygTwaAEOjrtNXFqbR9HeWAEh6zHKiIflXb7vPmyen9eNazn2hafuJ8WRGz04axm5yo/QhsqtMD47MbvYSetO1Of+P+nQBu+9fC/YXdTHLzTO9ZueJCTY0i3DYYwqxYceHwnfpdPmCEebJQlu+wba37SBUkHmBU+JRAt05d93yw7wXAxV0hQa2ZN7RSKHVffUvKIyTleZzputoWV4XnpOqX90UmFdpvVj1Ayw3MhMHjmdY2gI6bPyeA3GibKGBUW4Iei56WN/XvD3Jm2Hx6vE9bTkaX0T6QUtD1KXwjO1Wyfpbumrl+YBpe2Ln6c/hbAlP7vO1EH53YLVAUztT+Td9+9OD0RkTnTXLNy0dg/mAGal4a124SVXOsiAkwvecl+nTzpo9I/7+s8bGBiQBVC7GPjJfkcWcQbh1JT+FY0TEOkYGG1rjuY4IgnDF1HgtdADKN8zHFcYC3iCTzPrSPcCAl8Rq4VsLgpqQqMBOu3b+75oYkoEWrlU9J9Z5BbwrAt/bK5gEXjzcJu0IhJUlw132zx51nbiG3d9REUDKApD4nGd+TxYIUUKiegrSQGaDAx2N9zilgObCkaSreB9J1Se2B4a7GiecmA0A7N0lQMgOUJCoNZJEDJZzhJDT9/1MtG0KAI1y9Nws0E0TyaqMtRwn5VJpkxcG554I63tGs7PWmDM0cyjZxDpJEfPNLLapqm2/YUOcdggPB5b9azGUc0jS3EeoNhU7/HQnO1dP9vhuceVtUsP8CxP09OArYEBiSCaezHxMQwz05CmRvXyaA5sJs92cCWOZVVu3VUt25ywTU3a+pcWaCbPdtciUyofX3r4f66L5OXCguHtfZiQuoZEOymVs3NHh1Gy0IFI1Kzg51fGqSOi7PDsTDPJ4wG7+/w7OL1vo7Y2wFVmTJg7TvA8fk4CBoobOusVC2c81X6V5Fe2NWvgHOiLAVuSdjj7DrOVwrS8x9lq58+J4UjWojFn5mtqOPxvAyEpucYCs2uNhFMxCURu+dAFu2CnEMJehyaXr8tNXOQ7MR1ECMILttbQ0z0ukKiDBq4DYcXtwRFY2jJFJR1m66vYN5077sy1D+rx2Z1/DH6dySfG4IK2IWDFJj9va1MZ8i5u9tatMKsLT3+QaOCHB6TNBtjBLZ743bvi2mw6ihTD2/cPqT9ZlA9w3MtHSr+MYl4bbDkUF2U0ZSgBkQfIxu3rS0w3VioOxM0LW/yT6+bQwee0gOCmhykKTtGw9BeCImWBDZVGoPva2obKCsDtoEtRnCvX1sAPqDTHMDKZ0PijNofKfhPNNAnnaDhc16jb0wHduKAGRpRwAP16G34tdxeJsBH28oID7cVn0SQtlMA9KHT4IH3XUW0IBOEG1Nd4iEffVpfNXPzZsJulFt7rdpXAGDcuF9k4ZiG1pA9ZwpIbYaQ9+ba25HO2Cwhsntxw8OcFfTAnevDgubaKl2tk4QuS9IrUCp8RlGvuIAqn9mspl1j++ON+dB3klF0KF4aGW779uq7DmBHAVwIje1ia10ZPQ+Zjo+yeY6fOhmGK5t0395AvQ+0dQbS83cWmzEeVyLpefw1MqURC/KA9n+yZPH4yoPq3W4H5cV0dbdrfjWsSaIVCxRTcSCizUpJ+iTbOztiy0jtNoUMvecFny9hiJsPfcQkQHWMFoTKfcc5L3Te9jBHY3nFypB/sInvZO7x4UD7V1y74umxnMLR2lX6yebHEgmE93EnbFEC2hDTRl61sIJtu801xDqsYsGkmvqJIHkWzdJMGMMmAehqMwbzPswDnFUmGya0PUXaBqZbACtqQwrhBd+Q1sp6DhaEXPD89MOIv3/ucO/owyK88wovLJi9qrv5lB25+gQF4KZo8gDGGy7tmv1KIgmXk/hBj7pyS24KHvEjrjZOwKt30eLCi8h3Qu32ZIDVQxjxw/7mjKEN4WMZZxNEELjfCdtwlCrq9k+twNJrIG+2E36fYBwRpTtemj626OSyppLmnCaxMn+48UdfJeWn7joqSj7XT3OE+N8Pgn3l7Yjc3ejIGuuSMcEdWoW9DVkjBTKVXl1MBa0XuVJapd5VIhdrbgFgCQxwfnuzsnaiWUjjIJmJshqvx2Qtow1i2RvitqPneLXchC4SjqYtPjJQSOJ2BDo2FpUFJrdMjdLXnh1USSu1d8vEsnOXKwPXZ33A5f1AR5o1wO3JwSxCOqxRvImNKoOLlw0kqsHeFnkAm5X1HeTdlfa35NiAy5hbaZ0xUBUbZQhBqDKKCkGGkazxIDxVZfhd201xTxP3+mwb0qiKCLWURXmmAm235itHsoS13bX9rDWZ1AH31JgprjI2p41Xtt4MVygJvhG42g1/K7i2rvwacxChtc7PbBvgm5BI9mxq5t4c8TnbFuXS3d1VJaLWqkdaixL5i1LvB3GMqr+xG01ymwwqFsqxAtwEneHFqgN49zvH/9HWIDgA0Lx3Q95WkF8PVkrBLLEjWUWaPdYLbmgarUeOu7qRR7jEwEzau/t0sa2IMUORVe7hkpoFvRYToLD2CihMvJ7dKXx2VEGCj4/7vOL4z5/ftTnvSZaI2fZ3xefqXxVUZupUfH1Qotld2Fe+7U353IhWu0R2nElzzdyn32+gdjQ36Gg36Pf0FnC1W4+rfUsKFvCpqY9nq1y9eZ4Hq3q3NOeDlqc4ZkscG0T17NkBJf0vv2W9vRhFt3McaT+ZJ2NKKE7MbI9NQ0Is5RKRrYg263bntnLSAl0H+xuX/3OdI6Lu4ovpxVd57GeQeHTaS0c9LkhDUGBoh0oEvkqBBe7lJ5V4Hqa59xwinabYtEyCGoTjkJHQd75TYpGACz9pVVMwOWuTYcN7ckORrbTOmt36rV1w6i10ggZDHuHwavyEC6qBQHrZCwn8dzMJV9H1U8hjIjPglnZe0E7YOaYMZKnIttPzPpxZqQg3H287AlYgqMr9UcZlRBEtV9aVjHWd1cL2axPC3WfK242ej8WnGkFz5aN9nTuA9dr0F6VRLNk1iy7tA/gZYityGDf9OBHUdosBNf/9RqVpKAQEgaTiZTPSsJoD4uWuiJoSZHpqecLJNjSBb5K30gQo01XGdE7k5Gs4bhdGbZCD2PkPRySLslmql/odijfL8roEszR1KlK80DtCYjwqpwStuCioHkTrve5ngLzMVm7Kyea7lGtp3hT1M0hc9ye2K/ff4Lm8V3ocKllDmifGYZsalgAIMhEyFMn9+YZxGkG3dO/LDNVCz8l+iAyoYeSqJRhtsBZDnyrBTmejoxQvzMrdneaKbVqWhpyVUXZnXNbS8LKHjfKZv7PLO1T1jV8ZMTiXmGL/3Z2+vwfuUK8qykmPWxFHKYf5f1Rpv2bCb5QpiEvuszdKbsafah9I32LnvSmL/g6izV4O8MmhFxRlvS8acmdKU9DOWpF9j5p6o6pTdau99mt4AZoYYShKL+aFZa5+9/k+MGX+8mHhMqs+aFyaj6aKizv4iwpv9NpDkSIfXkqKVsRQR/UYWPNKFNU2Y+NuOrq+DLr3DF5gLuK4zKSuNbN07V2Ht01oDlcktxIv5bVjgeDb9vzfIMrWk6tADuEs+NP/fgz/X52+MGe7FJa3+du8Jv3f/Veh7Q2k2m20LpoJVLaaFnjAhyhOWCJWkHJmDuh9Cfo5o2J3HYl6AHnlLslY98hRTPP1pv34HOGuzVdo+IgRyHBu3nO2rDSINSnU6Jts87VDMBCGrRlwLuQJdj89bPjRJrWTHNN5lqQDeWNNAVFKUOXyzzt0XNym3Pble75mR3ul6EAHs1MF4m23EDCiOauksq7LLONyrsHGcvcopp7SIRGj29ZYe5jTeSPVCQrslYRtvQ57H7lFxXOs6FqwrzvOBUlbjK5E6NPn/r7KDPbRpJCKxwu0zDhzgYrYCky3WZG/bf1SgO+4mmepxx4faQTTrPnOi+lSZ/aeA1pGXyB1mTNxU7rj3/+U9duAbfLIcd263Wx26AkBS3B39XBcZCVrkcwykrXs1OscG5mnIavP8OFIsI5YUZo8Vr0PpaHR+ssm30+nkbRRda2bBRceyIWuBhwmxTrrH3pzKY44bYDc8V5luxsY776SxOGs6pLgW2z7MQqZ+d06jUWDYuq2Tzj556f0jbaHHQ3S5rFFfu8ZHFkZYupmiqaF+gciK5oWCiA5U8q8FBnWQb2k5QxrTdJpsRyjrNRUitXZvkGjD2hlfAU86rM1N54VeZqcPENuqPXs8RkzVmnDN0Y1tCbJoDqdTBojpiPquLLb2T8dRh6ylTD9FZ02ldHzHaAqwNMSagewWJJFBTyhF6fPSbLGmeZQg8nl22jJujZubzm+wF3QNwnP+/U6cDK1H8Gq7/nnOeJY3sAOg0ibqbqFfxiXYdd78YxgG1xpz92CcwJpq14kXlQbY2lBGntNt4WAIlERntojT0ETVqI4Gsqi0bLiUANb/OWs+bYXNtn8s61ruEcfHt1GpqrD4d5GJCV0Dk/ohh1ligNY9QjRWlJFrip1OkBcsN+Copm2g0FtliusPOCzvWV00C0ZNqypGdDH/JwR1K2SDXMueACQu3uniUtu5d9eQerkZmxus1NfHCpdocsh9P5ndQOmTYuCo4Mr02e3hJ6hsJEnf2Rh8DyzhPtvUXInBKz2Yb9mkFqyLhAi63S0d81uKK/jarSAZdWXqAoP9MkOyTqlEbfLSMdEhWZnmQrM/eqKRDpz6U3dKanaOXzfx4ja6JC3Fazz/QmBwdTKh9XL9QRzrLI5u2dRMbwWWBaZebEdMwdCyEVJKMsz6aGDuN7TepN1rlv953rhJmSEaFDbRTM9RrXe91x4PfKjKr7sLflg8E0jKM98/t5QmPI9Ex7X7fUYj3h6pbkc2ZOS9wno7tgv8sR9Hm+U3nz0Dq/JfrcYN8pIATUTkluaLCbkGLuSSp6EggO6fzD05/+IzUPLZFz03W0QH44VUdzYLbziVfloPMJ7IWs0zR0MYw8UcvcNGsbQm3vaU4d0Zk13r0Tut/PivJCVZluyY/t/Z8+0cU10wN4A/kuMjOqbJLEh5UvXNdYrPOK1Nw3tiAnuL6iK1W+/J7RrDRd47zTvOtJ0993WzA4Z0aqZiVTmBuf62CMEaRLfhbJ2Ejr/J/TQxoh7lHIBMEyrxoucGGhkjCuzN0tBpDvr52svquozPakdXUp46rXkIYzMXM9K04ujPGuzJu88mHrZpLN3GkZjYTwSqjaV5wtJfKacSSZs/ZdKJkzTqpcQRqZDn0h+oW8T43I2lmfPtygmlMGDApph2m/kFHzDygsCFlTfiNtWcGzkkqoqB1M4z3MwxIz6Ugvi1FXc3Wp7jmZSLWq8yBWLkorOcNBGZOXwgf62UcmrarsZMTWgW/TjTQAuki31cxUuMPoyUM5poxkdT4yzGEMGUmgi0Bc0+FJzivrhlbdtLDwUx2Ihgqi6Xp5cNUHWOrmHoz9BSBVeUjU3bF5L/L+UMx9mjl7rhOmP1/2Bx1sonsOhu0K0u7MnrCm9xZLB2rRVIgLxHjao3y4TvGQQ9ka01mHgbeASlIRNZDuarLsO3Dj/PHhOyJE2O0/TVJCxQ+SWRMd9CL7JgOqwNtuyYBUooGWF300B2OJGr304XZK5Ycht5cuMXq/D6MdkwGMvtWvnyBab17A/1+eOI9OqgNd29c0Y5B5/U1DfK7H0FchvocvNLxmiIsSDIzKNmhTdkEdRCRIQaj3JgVNR7WF4iFtiTDXw5ur7JlhANOFruQFGJS2jaLp106lF150AZ1LghtFkW+r4FRB1xIDGixxARfcU1ZUTUmmAm+nllzXZ97DifrMx3O2xYJRtoznLF6jgWnTzOG+7l8BARe62l4+FreZjaDpYaflYnu3hNW8AJiLpmFWwjNfvVqSDal4DUa6fliSedPmytSNqLm0fciiNrhLwm1ositskgPVw4RP/HWmmkCyoMw1oy042xBGwZHnLm3d8camrrXWAGHCXRcMC9hIY3E56GAQUYZ+4UupsFzpFb5hSyIV+pWXpN8/OMxp1NoxYSq8Pm6UlI5bLMZ3ynmovdbaVO0eFxNVu97ljnD12aOiMSB7o+ENU2I3pZJPc5NDQ2yvDRx0c/sOskR77c95pHR6/iN8CubNuPFoE5OqpiTA9BVW8A9/UZQ+Y6faOloKo53b61zgrtyb4PeuoB9xrUsMO3G9S5C8h+Vq/B77GcsVkdF1ojDWO7Iz+61tusLghgvTtjO81dHJrxVBK3KPCNMrUKKSwv4x79nGncmLwit8Ry7m04uXl2Ml4Z9+uf7zDxfz04uXlzDc+DbUJPTnr17kQn/+6sVY6C/PL3Khvzy/eAj6unw5FurbNy8fgiZXvjnMg+Buf74+HwHv4mL0pN7+fH1x8eB8apjj2UDDfJgD5ApnLP7tz9cj1l3DnOaNHt4fBzdrBuD9UXAzZ2E6dh4ymB/gjuB8ucJ5UEfDzFy1l+cXz8atG8DOWjmA/fDa3d+vLkeT/Ne/XqaI/T8BAAD//1lyIsQ=" + return "eJzsvXlzIzeSKP6/PwVCE/GzvY+ijj7coxf73mq627Zi3LbW6t6ZvUICq0ASVhVQBlBi0/v2u/8CmQAKqIOqoiTPbITsCLVEViUSQCKRdx6SW7Y9IyzTXxBiuCnYGXn/9uoLQnKmM8Urw6U4I//nC0KI/YIsOStyPf+CuN/O4Bv4cUgELdkZoSsmDHwSQJ5HH62UrKszcur+7BnH/vdxzRCQG4dkUhjKBTFrRnJqKKELWRv4U8ul2VDFCBOGm+2M8CWhYjsjZk0NyWRRsMzoGcmZwV+kInKhmbpjmrA7JowmUhBK1lIb+NbQW6ZJyaiuFSvTB+bk/WdaVgXThIusqHNG/sSo0XOcpSYl3RJaaElULexrbiil57CCMKv5P/h56TUtCrJgpJJVXVDDcrLhZm2RpbzQRC5hjrgWqhaCi5WFaj+06ESTUWSzZorBVzAtsqZVxQTLYU5rFs+IbKiGeYq5W/SllEZIw+Jt8FM9Ixc4ZEY1szjBlMlSKlLIlZ41OM4tERCuyZIXbMGomZNvpSLnlx9mhBv7hVmzAD+dltteWlVHdkI8Y/OIELhYSlVSSykkl0wTIQ3J1lSsGOHLABKIg2ui7TtmrWS9WpNfa1bbEfRWG1ZqUvBbRv5Ml7d0Rn5mOUeiqJTMmNbRgwGqrrM1oZr8IFfaUL0mOCdyBQvvl9BsK3aGFO4XtX1K4pNiiYJLET4npGB3rDgjmVQs+hTB3rLtRqo8+nzg7Nj//gVBJ+QzT7EghOHunpHX8+P58aHKTvvxtD+fAskfLansxNAyAq7tdlLAwh1pKuyJWfE7JoiRhAr3Oj7tvl6zolrWRUwbSObKT5yYjSTfOjolXGhDRcY0sbykddS0HdyetwTWojaWK9QlFUQxmtNFwYhmFVVIplwTwVhuD6AgmzXP1t3hEoCeeDNZ2sGXSpY9a3KxJEISf9BgGfAE+o/k0jBBCrY0hJWV2c77Nn0pZf922518iu3+uK1GbLc/7nYAog3dakKLjf0n7AMVOdFrWRd5QwaLbcQna83yebpkIrCusAPN8xuA5YZZsOYR4ON8aQklATdMNAnBlDRbc8H6l9+B6N8Dnj/FDnwS/NeaEZ7bm3LJmcLtsMcL1uErviRSMMI+c2301z37896jb5k6XgLw/sbvBrB8nvdO+Q19uXx1fJz3T5lVa1YyRYvrvsmzz4aJnOUPW4D3foyHrAGypJwIex0VxdZdQprQTEmtiWLaUGUFDcsfbpDUeX4Tbq1di7PsClQLqlkqT/2p+cSJUyf3i1MWDNHMeFHKnqvCiyHInCwNO/o1ssKlhytYM/+gfSSTZWnlIZyuhWK3AmQVFKfG3YfxHA/+yfDSrltZHXS2OKfmfoak2K81Vyw/I0bVrG+FD06PT14fHr86PH3x8fjN2fGrsxcv529evfi3g3HE844admTRtHKWiMQsqfiKCyu79VDLtygjeUHTuPvMybH9AK1stmKCKQtzZvldAtIKPvAGx0ft1dMz8s9uRXDR4eKzexVvUZf305Xem/M0K/3v/3FQKZnXmV3H/ziYkf84YOLu9D8O/nPkWv/ArWi79INoYOn2rjd0RRjN1jiNgVkUdMGKsfOQi19YZvqm8V9M3J2RZiIzK5oWPKOI8VLKwwVV/z1uRn9m26M7WtSMVJSr9vrb/96i3OJnSvOclMzKA5Hga6TfP3KFNyBIwU45EkwbltIKzs5qJ0VBYHw8w9pISxpU+yXexexvcpndMnUDN+/N7Rt945Z4YP1LpjVdjRUiDPvcu/wH37OikOQvUhX5SLLpHDbmcXGHIPA++5V90n3dJ2UJIs2aKbshIDz0wkv3LJMio4aJlGERkvPlkil7tN0WNPzW2IO8VIwVW6IZVdnaSpFzK+SVdWF4VaSg3PgaLyiQ+7YejUyWC271PS6MhFusOz2/R1nBO3r62/izcYr6uQNkeVrOljA6xZXightOjYQblhLBzEaqW7tGgsF5Qlkct0qxFVU5qF5WBZNCz6InUT9b8Jwr/IAWZFnIDVEss+wBlcyPby8dOBSHG8w66NgP7OMRMqBaaCZyfPzqX38kFc1umflKf43wkRwqJY3MZNEZBDm2FQhawym4nJg9cl7H9YthFBWaAgJzciVLFlRUS3VwETNVkgN/xUh1YOlMsSVTyfCiNR2NqrP72l3euIcLFqwLkREFhiUWFbHyO9gAj3FGzuuIJZYLal3D9BtTBhcWpV+QfaJhw5kqnCGJ9IBp1tHytgaYpRbckUNgJ4ET7qd982okf0oe3MF8Li4tz1ZMB6sNrt8wq7cnVKpwzsnF5d1L+8HF5d1rD4sNMdlKKjNyBoUUq3FzuJTK7MQ+sHiaPYWG8uH87ahF9GjksqT8SSwoji5xgNbofyAfmFE80x18FlvDxgoerV0J997Jm5fjUPyTHQwNXUsly/jIWknJnurIPNUlIDhLD8b2dCRl4Wij0O2gumKx/u1uq++SD1vX1T3YfMdksCxTQTKq1Da2K1OiK5bxJc9IIVHgI4ohH0KLEzCfVNRSFs/UTskUv7Osy86XCssiYNR5Z3ljtkUi1hV9FKRbh1AyeP/WBehMXleStxDesT6E/CDFips6R3NLQQ38kVpVAhF8+V/koJDi4IwcfvNi/vrk5ZsXxzNyUFBzcEZevpq/On71x5M35L+/7JuPlcm4YMJctwyN982qe57vmVNscAyjDkzpR6nMmpyXTPGM9qNdC6O2T470WxwHRh3A9S0VNO9FUrEVl+LJcfwZhtmF4j/XbMGy3nXk5ndYRG52ruAHKYxitNi10VzL60zmv8tmX1z9ROxYQxt+vmOzfw883Ybfi+bhP7/tw3Rou3usfHuj+EkzdehVkuhJ1EY8E50RZwlGkVIuyUpRURdUWYpxypVieC3Mv+huF5o9g/UduQtXeJlkTBimnKawLKRURNTlgilwUoItyMvkugUaUSxItd5qbn/x3s3Mk7LuoPOjBLu5fbzYolLKBaG1kSXcXCsm/bwHdmwhtZHiMHcntVEWZZ23dcXmo3Gq4rd430bXKEoAsgYHJRdLRbVRdWbq2IvZLIyzPaaekXsdl0snrKG9XseeHSrI+7en6Ee1t9ySmWzNNO4d3Nk8Gh7dww3O9qJPDQqJY5rrYP9PkQgAVS2cY1mxUprgLyCyNprnLBqrHztKnJ80Bhm7UuFlR32p/QPBNqDAtOGGjz20boB04abbdysl73jOVFfY7DnygRpZdvowIT658GHGHpHgxo+NYiw7nZFVxmZEqpTR8BU3tJAZo21dIIQ93FFe0AUv7HX2mxQ91q9dU631IaPaHJ5kD5vxeYQGsWhYUkBrE5Ak0HqzmQOTwZtk1AzuNQaHmY2bgLtZ9sHaO+PmD3QgBdT54cnpi5evXn/z5o/HdJHlbHk8bhIXDhNy8c6TH0whcQgO49/vcH8cF1hALbquxiDnv+33Du+zuuZ0XrKc1+U4xD947hS5kUfgTTOQ3x6NJl6/fv3NN9+8efPmj3/84zjEPzZcHHGBmB21ooL/5uIE8mBBdn7JbWMyTi9qKwRwiD0iFA1Hh4YJKgxh4o4rKcp+i1NzIZ7/5SogwvMZ+U7KVcHwPic//fwducgxRAqN3+AyTkA1rtM+szJeMIHTe2mh9fE4iSG8lVoZnS2w4xyJrJleeW+jQ9DM60zCWtYqA2KKwLQcnmtWVFZsRrEFb8wF1RHRhDG01/O3llEZ3mgbE02T7u2nYgE/I3hSUkFX9kYHHhum0eueRg/QAN96ymCFgBbhbR9VGL+kq6dlmrEcAaMFEwKitqGaLGpemCAcDSBp6OqpcGwOi8OQDt2TT7lSDRaNtt1BYMg/O4hCx0eLH1zvc//B4nTcl8GgzLThIravOQ72rvPFOB4WvTfCDRMND3pqAIPG2iPne+kButsBI2IPDHK9JpSX/F06T6Kl+J/qQRmewu/vRrkfl6fzpcTk+j/NoRKfSO+mgAP0d+xV2YFzB99n18qza6U7q2fXyrNrZewiPrtWnl0rz66VfV0rLAg9Sf4dGa1gfGCGHsY3Y7hejbTA/kbJSYPx2LvC899e+XFxBzEcOpMwO02MnJMblum5e+gGM4NUGuhsL9Wy1gYjJGGbhsKe7X9/WTNBfq2Z2kLkGwa1B4WCi5xnTJPDQ2ePLunWI2QXWBd8tTbFNj08IdwzmhHAgFkhmoWV27gwbIXZQprQ/BeLNkpsCUCdrVlJw9q4e3ZwSmBxrBUGnLp3uCYnkOa1YIaekF4jT/RAAzQQqlKyZdV7H300Oq+zMa1lkDZVKQbSK8AHdYWKLbnlIp9bRmNnWmKkKD5g1pELDTMc7dYUDB1kdhN9UieEW2Lobjs1khvNimWUCyEQfrKa4/1bv1e+ztJlcnZxfaTo612n0445EDDdXOj5k+SO4dgWuufqaLfsrkQg17tOePP7u33SkJFe+gzQlnjYZzNggy7kiqCVWvEsobo5OYdv05Bpr/h4mrQTjLKAtSyZWeOsaZPaOyc/NPHuwPV8VjIED/OS2VvYu9LspxZE83ZIZpbLOHLeA6E+KZZATpP3mztfeBPUjVovWTCM4PbKKPXGJqvYxWopeBh6Y8IXzGwYs2O42EDLzqkPG8YBXGw1JjZnhdR2Jud+qe9fVm81kopZoQH0kAJgUcNWEv9M0r8tEv0L2p9TnaxrTALN0paslGpLLPuzADygvJWLflcXgin06PImK909pjMq7EQhM32/i/5JWdfFO7v1weAZ+O8e+YH2Ruhi+jhWa3vOLfzkZh1K/VvxO3DAtQ/9xp5L751MknY8xASWv3pmYJW1ANzpicQ3r03jdRbj1nj0EqCWP93AEzczcqMNNcz+Qguqyps5+QtV9gBAOv+yhjibIJ3IpZVWZmSTih5VQcGI5AInrPDscrNolrHKQM6zi6HA28lLODNSFYxqYJgJSLBCZ7RuC8uBEADvgQsGT+j2SS4Z5BNuhKHtDyLDmq/WLhOh/wYY2LmLlA64RkYEaQ9229dUuD2cY2bIzczH82gmtEuCb5QRmpKVQ7/BM8iy1GeGjCCDdMPYI5BBArHWrIcM+mihtromeCqBx/ZTBc7sKWgCEtLxZspoZYDzulzznUwi6J4uGaihDy5SYggE0Bz8NU0tkI4a/NbeRNcLHHjg9Yc0z+1Zdxf2IVzYLL9Jt/JmyQt2mClmr88bTBLCtESum4xmf3+6mXI7VgkKd+95hT2qqNZ2XQ8xHbp/o2RtMvl03kc7GzfEfaz8Ivo62i0q3HbPIhLWaZhfM0JqTLHH0udyNfc/Pux2SteZ3RyXSbmkvKgVSxlzAnOYSU85kSnIQSY98kS6OfRv8FMVj/iZgQSIgrdblXogc/MSZ0TvJATWhAiHJg/aEiyYkYZUKJnXxZPXPMFRnK1qVOUPLD0QM5PkjQiqDjYqrNIgVahd03uEy63+tehfDIuaZmM9pXuvhhtmyJwhhSVqtDDeuGdvyFeWnWlmyJGTsjUzX9tVSWdv9YDUoFIv7FtWOMflAk6cnPJ4mVHct4uNVpWWvcclU3PRIIF1kMAUFT5y+20JGLGet83miQQ0cMI0u2OKm7ES0JCH8eCbkTnVV2681pXm0WgJN39ZO6Nvf/xaeMuJCiUDF6GwHC6KeQtaYMi9tvvzpSZ1RYxscd3kfrIcsaS3jIBO5YbjzBeuEJprA1ol2vl2FkNwSbfF3pT/B/LJEpGpBTUM8oK5DsWHOFaw0mu5ERhglpliS7bMWHL9fySXWOhBqtsEpJUfLG/XZMOKIvnqQpP/7w8npy//tw9wC9a1EFHy/6BohFS3FhE4UWDJaGxkCUCMSuTZre6l0oMrVpGTP5LjN2enr89OjjEe8+37b8+OEY8rltV2u/GvZN/szlkpBEU7hU+czN2LJ8fHve9spCr9BbSsraiijawqlvvX8F+tsn88OZ7b/09aEHJt/vF0fjI/nZ/qyvzjyemL05EHgZCf6QbsZaEIgFyC70AF8v/kwjhzVkqhjaIGDUFo5+WmT6twbB1vJ0cVXOTsM0Nbdi6z6yhIPefabn+OHIsK+/iCtSBiJQGWYw0aHmpmKcuMWPCb31yjfeYm3l4Y+4wsaZEI7Q0a8XedQ7Omev0g8a6hrib4uu+38z+9fTd6576nek2+qpha00pDzTqo4rbkYsVUpbgwX9vNVHTj9sFIu1wgQ7UYDhm9ueECrVU7quBxYo3eOcAJD7YMQlAhNcukyPvcAxeuTs8cVASgMfybiRxI7FZYngTcCnWDptpW2zPhWXbGAs8GTATSLo7QhMJ25UVestHZEntpBOFoNZOIai0mhXe+1CSUIWpqDDqDXXrrOLRTzb9QjOZb8hWbr+ZWh6J1YcjVVlsiCYD113iXJfBk5apaQNT1hus+ufa8kevD+Dg6cIYzQu0xlwLMlxfvHB4H72slK3Z0XmrDVE7Lg69TlZAuFordoT3Vv3L18eBrMNEK8v33Z2XZXM2cFv6pw+NXZ8fHB+0aWcFUg0rmSKpvFXnasaVOGUbonQSs3mJK7uEhibrZdCuJc224yJwF+5+i71yNkOgjP3hHInFKONye7uG5r04DqGqsPthQhefQ/XKTK8jRQgbZT8EFSpqtiXOsDBVXPExgLrZRoTvFkNbB1ZTRYk5umnneoGchrsEavku35rNRNDP+eokxnLX2LSAbpsDjSlbN/rhaehnW6KsqK0dJcDjYGxiNMlYBQg9fz+Z0eFbzSA++sUfDDtBwxzbmXaK8h9Z8EUJYv3Tz7fqHtZ/Fs2i4VlPVsKsTWDY7gYVOPWzIxu89as7kZBlH7yLRzPA7K/3bdVpypY2vXTs0MTbJ5j91WvaWundSMFQ8pTCNBKKdUkHvn5Hi+vZat1jgLsa4LCQd6aH9metbArCxnC2XHQ3N8W7tBHOiZQHmHl/p0P/3STOylbVyhYG+1EEbciKBPW33TvFaSFVO2MAJc/0RbJX8N5bDePdMexbcZQVI7ceWh5wcH++oOFtSLjDUB6vI2uUAfRSMtWCltxewK5yExj+t+ap1GzTIaajkB2A2FIueaMYIdWZXmAqubVRZ0ZWD6nFwL3nRKgLpndnO3f1t88DQOp4DlLbHlDjTSOrDAqezJgsr4nlW6By59nMItvFuSbBvAOZzQMOXofOXHNVaZrypdg16oy/dldSZwkU7cjYT70MFIp4Rs5aauQJ9aK2GwS68PE4+SMGNhOvh37+9+PCfvpgf2MNcajNU94LwETT1entqNzmDLpcMLwv7eHsOcT1IZ/SZ5JFtAshNo0ANHZh+STjZ5ktqkZIu+btID2tT71GtmLl+rDE/AjiYAogdelsWXNzq3rFhgCTG7AEjx8wBdjNA7xxxOODuWqVFITeEUb21a2QYkMpi64jNg4isH0E7rZyS1l7Q2P79gPnAHMCZDCbOGcm5grPmlvTr3iXNWVIN4AHjvwNIA9mSO0mKizgG6AEoXFhAjQnLB/wgxxLhd8dn+lCpo9iGR6ItK4+C98DqV58u3n2NnMTdplGk1ldX8GWzWERuRKsWVzA0buIM1YdSDUD7EkzgqpOEF9I+HmdpLhUvqdoib4M1+a417f7Rk5SMRxs/TmkfHLvcnzzD4T9+/fK4H6EPlmbjXeeCyMzQomWL7UVN89/GopYYibo0YCHZoSF9yrIQZ1uUVqShee7VmBsL7YbwVGYBJ/FNP4spk8zk3Ugm8niC5A9WUoZgKlgkFykBQnQpc3uC8t7Rs6cYvWSGYkw5eK7zHmErJlifIxV9ND6aEAk1iiYsmZMFm0hYeEY7kVJZFliwOyo6kcFJJNUjRH09jsVtOGgV5+4L5APbPqoKaqyU+TdIVY6dj4Baz75HLR/ctn/ffDK2Qq6vXpLI2K7KKclkWdUGoxpd+Q+IGoeIvqhNTI/tMu4T00ip2BVGRCGKaTMYLO4g7g9htDN1ld19zOKaqnxDFZuRO65MTQtffEPPyDuoEBBVQ0B158/1ginBDBhTc7ZvwrGdVT8xPNwL/b2DHVcV6TPfmKjkv7cabLy/88ZjeAP18e3UFTO1whJPI4uVPNUMfxw1O0jXdDY+mFc0p2gunwT/7PVSl35TFy2P+K81LYCLu3xfmJkP+rXIuGCnJsbISisYjqTt2W7VX2IZz0PZbFSSjbTvDFVbeMqgVjzPfRa+cx0I1XvyXFcRrKMyAwOCc+YF/m6vAC5Wy7pIgHGBFphRhV3OkqSP2nsnb6AfB2zhvLtIj53EDxyDVz71/PfNef/eHa97Rn/q7jYDx+tbqVyJHV+BzPWCcBaRpP6aBQUtqm5CjaSb1Dx3sSR35cwXboky5QL7ncV2/6igT2TUSSA2RDiC8ELcpcrW3DCo2Lf3ojYO389vXl+/fjnSqftTxRQ1TbOuBJmeRHcZy7juMm9gXAGM6IlpSe/28P101W5W1x8WLFuIxzurWA3e/bMEupHVtVvTtlfeLl8FVqn0lcPQFa71caeJ1SGw3uu4bR/ZJ3feS3IJ8CdIPu3sux+YfAVd2jImjNQzUi9qYeoZ2XCRy03bvt0UNqJqw8UTZtI25P2BZpZI/nrwgMmiQt+D7ZKWvHUJPxTfnC04FVOwvXJouK2A3jT5mpoZQVgz6HSx0Hm8LT2T6SafPnw2J8fzk9P560OVnT5kA3w+JQjxim6INgpKEvZM49ZKvsWjzuLl/OX8+PDk5PTQ5Qs8ZC6I34gpPRcL6dnd52Ihz8VCUlyfi4U8Fwt5LhbSQvG5WMjjFQtZG9OyQn//8eOl+2TfKuwWRIhp2bdiKTa4mpfMrOWTmZa/N6byQxEcqjcu/bv3H2fk8qcr+/PTx90YQystNbIy+V6JSwi/ybuC9fbD96Fvd1mfHR0tCrmau0/nmSyPhmaiKyk0m2tDTa3bPOe+2YwPN3bLj6MRHK3DdsIsXh6/vAffhcx7slgeLxNwWRcFLGaDtB2yF1vsNbiRqhhIPx+sh/OIpO3GGKjN0lOTpZCrlB38ED7Yffyb/oNxunlTAGJPNgBL0l2ih1vXfpCr5mbwUaNDqZ3QR48lGbJ/Of/5x5sZuXn/88/2n4sfv/3ppneZ3//8c//UHpwMNJw1AxcMGJU/bO3EYpVuUjLG4DK2jkbTgjYE9UW9MEHRSMIi4SBFTyTgFmyJ2csFN+jHMqSGAOWQeF5R1Vun6AL9DYqGqkfkxg1x44L2kVBjz4TV+ULYbpXGvZKYPBykOJG3lcfrJj/rTLBlbEXXyJresRDjry2Noas68+WbqqrgLEfLLROZhHaWVtRgm1TI4oJp6Plx59qGFowKyG27tyvpXqlCREuXA/RlJ1fo15opcMM46yQ6V0alCyWsyEXtpezox+TD8V5yHwLYbSqaybKshVtzDDSTd0x5hua8nyoNInS+T9cT0321l3PVgw2RzO0oQG+R2JOBPrm/O3TLRys0FNSSRLumoY3Y7BepV7wC+esvfMn7J/FULpYL9KP+dHUBYTZFq/W8/c4RHPmBbpmaQznoGRSDtj+vWDYjlxcfZoSZrG9i9vH+KXEq6DWqDE+1PYRcnP94Ti5de1nyI4xGvvLS4GazmVs05lKtjjDSGGoTHfmGtIeIX/eD+ee1KYuWAZyQK0NFTlUOgce+dkDobjtHVkMLvhKYaooE/iMz3xZy02lKToj+Fjvy4gGCRBc8lb6Vbd/8egns9QBdKSr0hKLdk5b/CvK1dSD8aMddEqXQhtGmoAAjf0b4scKZKsweX1JYciRffXp3OSMf314iSR5evP1wCbQ4/7pvFT6+vexfh6gL+VMR4zlOCrkFGlqjUR1t+GButeBGUcWLrYuAxzIN6VqsuVhpvBtLninpo69xcWmhZZPcEz+sb7cVmxGe/ZpmrS1pxhZS3s6I2XBjMHggZgde7dbc1O6GbooA3jGRtzBsIsJDKhazyk1OvC8j5AjhLXiUWzZ4cYkBlzpFz247dq3ecOXT9HqJ/fziQ/82+6P4JPL0N4FV+mHQLEfY5znoTDNSAPH/QjO7xoGUe7BKFNf+uYTG3U8xmXceuJf+ou7ay6UPw29p5VaQwNSeRmA6a3G0fyBcLGTd4XT/QGRt+r/gwjCVqgn4hT2XvV/UAtJtuzhCYdKSVlVU0tJV1bNSziF0oSFlk+Lg6hHOghgDF2R6arAEiidkC+dLTcAlYRfvjrPNUInUfkz8UktFKqZ4yQxTw5i1jkiEZRuzBCX7L0QkhOQ8P1TviYo3rUOJS6k2VOUsv36a8JeokUVIGHOR89FXTv2qlPzcb484+ePp/GR+Mj/tn4UTg832+ukCOc8hlx9rTwL+oGFErQUuLrEwouN11IkJNMytzShIYwtNBfl5UEopMVIWh3QlpDY8I9oJKXFvrJSiC7np0y1/YFQJzNWiJpjUVtys6wUY0+xWQ/Heo7CYhzw/1BXLenfky5Oz9U//S//48vv/9eG7Vx/+9ejN+kL99fLX7OW//fNvx//4ZYrCk3S02GXvkoYWLtwbmDVYHWGtF9KqMp5HDhQEuHENIgCCK08Vtwzxn/vqADNy4yUl9xWSNFdE12XvAr54/WbgontIy4x718RBf9CqOBg969J807My4ct71+b0ZVejbgXw+JCl9NORMcgiQOsm+1Us47TwvHUWslkwXLOR+lx2UWhVlzPDMjPzkOFxTAy8H9ahVxPcbRIVSvLCpZfjKMlqbWQZgo8RDvQwhHhSN69WhqIUS76Ccn1GElWLCfPUcmnsQFEVNx8AveSKbWhR6Jm96VWtcV0MUtFRpWA+AMQHyPo7K7oONRNaKj0jG7ZIRo7Ag9+qkFqTPqB2vc4vP7i5O8OG3+LYskGLYodhw8lLCBZ8YVRsZ7iUOCsd9lf7REzcY91c/juWsp0QST44G+OvNasRJHn/8QeIgpcCSMFfEa6EQlrP29FIqFcAFZ1yBvVw3eyhN+L7t1fzPcp4/37tmDrReb9jZ61AJ53Bf88o+2EsOsrZo+EQmCAOkbR97EHjYR0QdsWuNni0PD5NlTfFafHEJqeABo7mfOJdZJ4sZnqdtnMN2+PrAY6piGhVejCFW0bpbzZvzmogbium513XUALsxisH6mZGbjwztr/zXMM/lXYlVj9v4RdZFPgwsnT7W8OW+z1MHuxzhPJzhPJzhPJzhPJzhPKOuTxHKD+E4T1HKD9HKKe4PkcoP0coP0cot1B8jlB+vAhlqVZU8N96Gqj/1P1mfEBQDNZfx0wonq1x+cCqNdSFpayo2NpLFxcmAI61zFYczzztVLdmRQWF26hSVKx8DXfjughEBeCpwIAsCLFJm5OHcePJ7Btp+ZSBQvFOkU4Fob9tDZF47eYp5bX6aA5ozuNp7qHacldTHtSS+zTkXv24ox336MYTKalHK35canoEbbitC/dO5MFHYrcePGWKOw5NRwt+CJ5d/XcXlnvpvr2TeIxg+Hv13ikLPqgg9qLf0Xofgv1OfXfKHO7TdUnbQeg8JCnbu0w+3Kcr6yCzC80g5wNvUtHclNDRAsI7vM8maagCsbKhuSTPj5LT64JL4lBo5Mm+u9W84vkNkUvDBNGGbrWvCOh7QGJ7V6uQRhEwmaw4quVQ86mQC1pEXYE8ypHQM5WXjq47M96LfRnWKOWIrlGM67bwuwoIHqUeNkdc/gUUsCZWvGRQ8mSlaOnkXkU0L3lB+4N3BidU9S7uI6Q1+dlUFGrndAr7NMVOVj0xCo+7olSt6nKgq/MHurUKBMqdSMaVkoZlBhzK3PA71u/Ripb33w+0Xh/MyMFhYX9a4cH+65ulvD74z/7Js88sq6H3wFMtwfkCalEzDOp3Z9QziGb43lkd1VodLbg4GqQe4I5PvXswyEADKzsT+H6GuSN4QIwvb091mCvGYb6lAqNi454AqQclKvBDKFkoudHgy/NpOA4hv5YbtiAV1Mz3Tays6CoGK5VDf558/pBT1yQDnr4c7aeCpgUX756m1H1zb58en7w+PH51ePri4/Gbs+NXZy9ezt+8evFvI6/vj74bcEymrgD+AOobqW65WF1j1FFvE9N9JJCjtSzZES3iyr/3ou5wIQEXb+1MrvhE3HBW7VTc+Dn5cKy40fRkYdj/0hfBXNKMF9xYsaHidxIImSpZQw/oijOsP9x07iM+3Q++0+2q5S6QWzMGfTdLKrZW/chYEyTyMR40wMT+SeB3RsWznBHIIQrhwniouJMadCUFpHu51KxGNL5xyzaPvMHn0M5OMcPibmBNoAbTsyjxbcFILXKmfE9opxXOXFjmjCR9tbFr9oz4h6wI5OPR4tjXObnAkvZuWrQoIKDTyAZlXt3MUJijIF0Jty6wKNRlB1xcEqP4HadFsZ0RIUlJjYGMLPDMGxiAKuhFtYV0s61dqGiQMzpfzLN5frNvLdOekJnBgzQ2bOa8CLmmdlmAhKQvjNZKPI2CNjrxeld7ROu5l3rS3xylQR23/v7pcClgvJRiK6pyDDjTUMd8Fj2J2QkLHmIgrSyMGTyZVLnGfjUf316GQvzY9s9jhuhkjNu/3UphY/aCXP3rjy7u8isdqkFbUM3wCB5r0oWko/YYrkhqse1OvhXnL7TvvArswAXKEZqZ2ps4se8KUyU5CJAOsPLu0sWc+JFFC1ntK1PC107d8fbYnjRBX5EuQwamW8Bj3F3juKsENIXupoh5E7rHIazxl1pkjQ7lmuTje31gmiUU0kTALJ3gFrke1g9K/P4dotbiaLHk0bfII1vWVkjmsx9cXN69bhjrwNU8IatsgmIhldmJ/e8fdrgTDSzV+hSYOLLEAVqjP0mkfJNH8eblOBT/BKHzUH+7yfNysWOuET8ctSECekgMe4PtSCH50sW0j0G3g+pziMRziER3Vs8hEs8hEmMX8TlE4jlE4jlEYt8QCZdl3lUTmw/HO6l9ynpbJzHxd1bRUnhvNl0fMG6Cxt6RogAv9FDww5K7rr6NbweqPKA1wN/xkQ0Fh7dvtPIcHqFZyaNV84+CDNxtpmohUGuGCQxV4eGhpTAW9y9C/yfX6d2/j4+X9JZpwq0OpjVftJqxGtle1SglDndQRMW6hlEL/QC8eUcxCC9QnIkM7MJa10yj9mhhKpbbybjmI2DvSQBakc7Fuvg+gDz3zQtDPpbIG1qAZzQXK2h/5JqatDFtXPovvmGv2GLJjil7nb384zen+YL9cXl88s1LevL6xTeLxZvTl98sB2qCPChbqTEGs4JqwzM0bx26WY20BMeCkKf5JnnFnakd+SsxrwsAIKPFNRuBfmNgbAtFWQq50cD1Nmlzcr/cjcIHzTb8SVQNcfs2PPZ713ggJUjk1mlPYgyQch07bjwRiqa9RALivMC6Uw5dSxo510bxRW3B+AogSC+qBvtaUN/XUhvd7r3eHBG0B3m7iJ80Fh5wUxvwTroqQtCJVy7J+3jn4y2Aabk01LjzcVbU2rSSVtBl861U5E+MGt0Fw7VdNd8SnJJMVsHiHtYRenElcJ01eUmEJB5O6JzyFA0uBk7EFJ9IlM+112kAAN7u7VKNsXNUz9WTMEl7v8kWGXsULNR7uCUAbOWYphinxDJr7VwoPZOMcJMsZPuYRF4t8yQpdm9dRxgYoLUvU4N7JtPQi/npfGw7j39xYS8t0okllTH003BHqGcpb61ISl2UJjPYAC8VWELEjZVl+4hnYJ1YtWYlU7R4whoc7/0YHTGlkS/IV3wJNzm04O3EbJFIXmn6V0GnO+07DSsGnktXjCmQNc9vSC6hc1d/7aI39OXy1fHxshkxEDT4ploybvzZOBEXXxljcQ/NSZstRJvckbewJ6DGW9jjiifOzL6nFPs72MixXEWXAP5n2Mj7sP8b2Mh3ofGENnKkz/9xNnJE2xmd49IoA1T092AoH8a5g++ztfzZWt6d1bO1/NlaPnYRn63lz9byZ2v5FGt5oknUqkjViE8//7Bbafj08w/+hnXNNrHeYFUww+y3M5TsdWaVq5mLq4NKhtSs95Tuh/sDPFZKnG+M3hTtrxVUW/ThjU2v50E94EcJtjNq7PPdymSzuAxPDgtZYtQ5xRr5dvESgBDlRyGckmYQA1vIlaM6+zrXLkvjl1qbpse5Lz7XLHhXXw1V7ntapHvwFCzqG6oD0rOw020JaUiJTdc5LrftTDfzTJ69fPniCE04//fXf0xMOn8wsrLgB77upxa7mE9FKRfLsFeo5/LSqm5uDSGAsdZoAJ0hm2kK4IdE1gTiTa2KuYV5M7MbDjF7JtkixTIptFE1WGekIn6jkCzTE98h0daG7LUF/euMR/ypVvoKoAe3Ebb0mYV60QcwkYOBY4gdm2/Obnwjh4pGqjBAHl6dacrp48z2HXbyHpxtul19074QmPtgSc+efs9fXACmdHqKqzMI5aYxOrXYIssG/Si9h5v24nM07UNhckfaSTVeoPGVDJ1G8NWbrloUljqd0YA+22sVGQ4/FoatEu/BSONIZ71fvnzR33fp5Yshzdusn4o2LqERxxBluGPbJgmPGMSEPxVm9pDBAI5ZBaEHcMVvMMOyjX8CJsylxXr6yBzO9f+Fc80+Q93QqLB1PCLE4OMx8I1pEkBCWjhAyaHIXTQXeD18R2HMRW3CU+kMTGsh0FrcdC0pK9PgBVPAJ1KPFEJouWcS/yBZMLNhrvK12Ug87UPZ0IquytSa8bh0KZWJvAogMC2Ni/a++cNNRKRGVoOb+YdeJu2RH5hbrZl6yizMTw5+i24H7W5at2A/MgdA+MPYxOvSkuj1xAwJuyngFW87BvorNMCjKPVC50N2RyOSM5I0ovPcd0gLHZ/AswKacWw5t59wpvEEB1Aw0JpqrDtu1lTA6zyfNZqIgCIiWy+FA38ApxWRywan9cg6EkbV95WRwEDg5KPI5Jl83iku0VOAIvXs/D0E8vzU8mrU7cCeYNq3+zNwPh4nkIQWC5bIA7ukx7W93n1OdCFXjXC1A08rhrdtVg9IHjwHhMl76G6TyI73cJ4vNWoZFhWsHH1HedFk6HYQZyXlT6cd24MHI3h5bwCLNdVPJgS5gDLPBNZpUFfMmtABDQ9CzSAptiW0YbKP9FxCnzRb1oVd5RsgDSh+oNwfEH4TQlSg8DlQPi1SdtjqVpJRYS80d40PLFfbN/Co6/UdRHUEBs3RIAD36zw2ASTd/0JpX0BNW9JLZSaWMa2p2g7cPGmpnOb+IfHn024hBOnvosbHblUdV8nCJ2f7W9G+u0XLSACn13LjOidu2CJ49yEsJSqCjFm6VFnZqw6IJ1VC/jbGq6FWlbsOjJvHXRr80Sxqr4Zz8EH+xouCHr2aH5Ov+OVaCva/ydvLTwR/Jz9dkZPT6xNsIOVr+XxNzquqYH9hiz9zc/T6+NX8ZH7yinz15+8/fvhhhs9+x7Jb+bWPRTk6OZ0fkw9ywQt2dPLq/cnLN+SKLqniR6+PX85PDqbcJPswZxxs3FrGDqaGLCZUNX+cM/0v3Z1sY5K4cefH/YuIvSbmj7eWSBrT19Ih8lyt+7la93O17udq3c/VunfMZVS17j+Qj6yspKJgifoM4b3MkG/mxySner2QVOXa1yeZ+1cgg6LWhqxkcHVler4twQMGZQQ2XDNimDaa5FJ8aUjTwDZESzFq4jsFV4gWPKTBVNSsz9yNBZHU3fdbTVJ2wwgPxxMJnZuhBIn/5qd3P531NSpz9sYjlukjTN44OvnmTYJXa6zh7R/Yz3ZvFndjO8yu2B2EoHZl3Q1TLDSyxgjp9oQ+VbnVfpa8YHb1jjjXR85TSLNMQn2KYjsfkNPnFTXZevqELu1rfWJlLIz0DFdyETrPTBjug31tn+HoL3sNZ1/bYziUZaaPF8tDISjAC0YDY0ndM7sonG/K1PolnIFBOzs4YtC+7esO6ui6VkU4auB6HnUArmrFM2ooKWVeY1GuWoNFeh6HfEZRD494nrsumcRR98WhBYvs7YsgzP4J/+oZ4q3vop/JspQC3guB1d4MBJaNwtUVcf13vkj10IStGl6y3xoRfYfO7Z9EecDUSjRJSe1dI1JEOY92SnFBSJcMNU+5/ME/QXE2Q8vqIFn7qJaYXVGuWJ5YYFE6T55rDG31yl5fp6/Nmpwen7yekZPTsxevzl69mL94McLQEFBq2oriyhZy5Ur2ADFivRcoQpZMytBQvXCo7JDr47yFZ9E+HQpoGVIxzG7CQBmm4qo7AQam2SQD44Yn6ygXv7DMKwf4x/UE6g7kByzPd/oDmvMB+gkGTKkWS4jVkIFB3tuXWgoYFPPJc+6qJVl1DFIGXCoZjBOyA4Z6zLXys/ZJCgHUcKndycWD2Jzdt/7vEad34sH9It5al8XaXtVk1G95wQg1Lu/PrU8fG9DM1MFDgCAXUhaMivZhis5cMtQVMxjdhgIHuGJcip0FfUMW3Nhh5uSnkhsIVfGS47ydpG1WT4fLahIuaJ1LcDHss9lNv9D0Ez1Ncukk8OAoA0IOicihN7UbqdW83UX6FC7D0U08CvHCAKxcbkQhqXd2z8lPItEfdV1VUrksm5JmP13NyB2nAOb2w7sLw8q/rJli3ypZ6oZeYjXbLxRfekxji4iTqlt+CIJ+oev0OIa4Vbr5YvdJHFzepmOxkOKQClpswYIPJmvvbKzRcA/2/tVKsZXrRC/bYVFuPljZsEWJBRf153H8y94UV+9/sC84/5cJeaawhb3MqcczO2o5oDPDRjSZ88jL5+1FllGy+1iwAOlLHWZjgbQBt+Kd9gXtYogCT00HAQ37njGa6sXHE8YFyA0LL2SdRxzc/um9xpCUSi1x9LP0D+5bFEGz5FVtr6xGQKJ5fg0PXHuQvuSnVC02HyVfMUPn8Nbcg22zQZbdI8QkGRAJhnNy6TlR04vfApyRVYZ9hXO+4oYWMmNUzAdx84ngTULmAC4X7kFy8c6jZIVtnwg/YoRILr9vjFgQHzeKe+A6EhWa6+Z0XrKc1+V9ehSASNKxxw3u+CcvuNleRwJ5wKDWh4xqc3iS3SNPRoAIyOu8kcW5RnS4HhDCU5IDETHsakDFfXP4eYL+iq9YXL6TclUwPGnDo2Nqw+4BXE7CPfNzBz2X2S2cH3fS3/m/e4Djd5C93U5/dt/ZM6vXUplrFIQbkz4V2VoqP95hOOUDSlhAi9zrPyStFCrKBTilHybWOvd5AJhUvO8ZrqSrBwrSMV0AuJCehQhYsWZR88KQvha9DSoty/4+afphzDRTqDtWQRes0J3REpWK7Far7sHlAlYCxwlE69w8jmS/x796gFxYnSgiVNe2J2U9DW3az/sok/zXf/uRb+sFU4Jhmqsb/8/xZz1YNN+HizO9BRugJB5990FqXrr3MCVITztQlcwfgaCiFahkThoTdHuo+qHHNhrpUubk08W77kCQM1TR7PEm1UDsDibzjuP4gYPJnA0s4djjOG4ghEZKWnVHgnAdVB8ea7gIZP+Yj8nionGzhNvtGvYRmHzvuAjXcRha59xEove5/7stwmssoYTKFBhNgrUtiNfwrjPyDphNgprVZgp9nIS2TSI7TGQYQwhWsYt3CZQJQPpeZxPeZ8sly6AXSR+kpZ4ACuwmzo7bB2wKLMhG6gPSNvPsgIFliNprMwFAsza9oPQEUJqZfiDLKVDiFe6FZn9eW94QAxxhPr1YkhvFtCzurDamIX7eomwkGMy8DzcYb8GCAy0GbvyQTeLBhhdFFAFY0qpy+Ro19xYXuBB8bo8bOU9jLr5i89UcDhQ5/D9ESWm+3m0PofHlOMK6EJ2/aODuGRwFbAgMmwindR57IMZnchTIzrnsAToVZnM+e4CtpsFCSu5bu4mA2ue1b54TQTbntncnJkLrnt8A9dHthzQzUj2uAZFmUOGA6HrhTLtgKa0tIzA8qTWyrzGxxlj12IzYgrifFRFW4/c3IraHdTbEdLSMGraK+wvtOScPh0BzvLKiyrjmZJE0E3ch3OkHCj3ORriC2OfRXu+0b5ij1Xa/sLAym9FXo10Q1ymr2y0pWYEoI2bnArgKT+AbMIqvVtjGLaQeDa5GlLk5Am10S2CUuFm3OxsTSmrBPxMts1tmknm0s4J2TuZdVBbNp9j+3c4sSPjjZG7Nfq2ZaEXK3B9GgvWY8VVXbCPQI/hSKfSZ5qsoXgFD5ubkKh2SuPfRFO6y8iGerubCvDj18pOLuIPKmFRY7lbI0OCjmY6Ooh8nONpxQvAyuXjX4G4kNufkYg59kkK/oaZKFX4dIHkoIMlBWl0oPgsm/xRhxXRdmB34NqyyxlAyqciySS/qnGMEGC4ySw0s97EiUkB4qYVzZIF83XbA1WVJAzO9z5ATSM7yiRYDTqOf+9mvp/AmZzE9UIB8fKy6KMS8mUeoD98E98aiO0ADMkFyNP0lEqqUpJRg/7t4NycXBolBSOOqUcKkvMscQztclUqoDICtopzE0LWQapZJke8xWSRy9/K9E/QlbpL5mKiLo2lWa0bY54xVBoSaELUTckQhe/pG1zft67tlzbmXdvq80pB8DQ3spHIAyYKB3x8Ms3Ul05ox9xPTwwNXztvFkOzom7Urg3QA+B5Y7FFTs8LtzLHzNJfdruGh4ylfd2lhT7I/OHg8qgqwQuKhfFikQVO3YC03njSBpVJNKqaWUpUsn5NPrqipiQihkaYIlsLJZFnaOwP4C3g5gDRQamL5jou8c3sPG7iT+fzgsvbglc7N3aHCfp7KRVxbbMQqcrTcwlXalvrZ3RRIGO2KvlyqyRJaUnJBjho40fG9nqoIdcjFApmq6vQCma7d9IIZo8DcCyXhIHvB2MdQgREqsekvkjQmkkGTERYXZP4KKnZCL/GCaagx/XVrIPtz6vRvuYByCjiLIKzgWYWaOVZizNtrtI8JAdcosQBGxy7OZBsBEX3g9i2oe+/QzaTKO8iWEw+0fZ4sC7qCECraRCAOpFmNnT+cay4Ivct0yuNc0A0ZZztpgnAaWc11sB8IDI3kxXYg7T2IC2ZcXw6sqUtyriupeY/RJA6Kn8Lu4L1+/kmzjoiy29TjLTHe5tNj/rJ65NTTqFgpDWupoFFKuW/i6bKnWyNmvFpP49Q+midT28pIB4Bohg7v9smZdBLzWqGAhgvkpN8WSFd4ZBLKQRV1L0c9SB0FxZ3dgw+bi4mWTWg/aMULbErKhV+lwLzaQ2j+2zSWyLbEvgMi9T3AdbWHBdp38u4wwVDLbwJtsmIJ73HDMlMrx7k6gFfZVMDNjlK1qsEm52tDf2bZHZiErZrSZgNRQs4kNgBJOb1soBZ8EhtAW3Uev9dkKCymyTst8u3jKIapMilsMGaB3Tt41GNe4nvnVEquFC3tHdQab6WoMFJNOp4VLZ2/WBNaQVCkWEUSfltw9f2aJ22kfyliXUPnRlZTybEtmwR1JMRBO5NLe3fMJBO1MVtSO5Kcti3pcRhLqPYVf9S4cM6gdvqNzMBI3J5aJDaMM79//Nc4qD84hNIs7GlSgeuq3WECk9iNIxbok1CspOJmXQ5dd9VyGuEzBSvq2tJbZVuxbEtKZtayc5UaVk6CnvJJMBi7zuaJ3aPNjY8fpKDQk4e9fvqw11886PVWvuHoVQ7JkBOFryKpnTnKv55ZtuzKFkdvB3VuKkQnPUKp0d77jX2efL8B27DvkagUejjQk5irO3xW6llysYJDzTs0W0yVm9N1dKJzR3raa3OGVzKjlQsGn8QjpOafm3d5Rx4WVK0ewBdS+ckZG0mP7CTY5pAJK2dMEioF2wBvd2Z7BEA0M/ZQtI+vfeZ6QbPbQq6uC15OIz0cAgWsLzVxcMivNasZiQTtSJCYLkJI1w6iu7nX04wbXtBuQiwaAiFNwFFsKJh2f7OshkL68KYTTMDkblWHO97hHYJtrqtJp9PurZ9GZYVGiGDYOQ1Z5PtQka+mPZaS5NTIpZCb1A0hTJCfBLPI0bnXArOgQrBpIrJ7BfdPCuSCLCdVEx0aGCyjVtWaplSCE9W96UgFte+2FHJXHmbm81R2c2fPYyaFFfBcKmZH5t5zvwb1Vc0sSU5aZR/2AbQMvhUdnZsO/MRLO2mA8395S3KWcXAJg8rE8qOcCd4ZxXJdFbWAmmipl0uixMo7vvJQiJmSu7YwYk+mYJOm409l3EMs9pF3xtB8xe6u7QNyEivjK1BH+25VPg3UDoeILPJrJpZSZXzagttzbpcAX2albzdZt69qu8R3WVXvs8bNjf328hOUZW1DV/a8TgEdIsOICw2LAESRCNPEyZ1xBmmYQfv2z/OJokVYEnsRoeshZ6ZPMVvSSQZ8JwV5mk6U0HAyC3F7OJFrVTxHdE3Bxa03W2sm8g416nrxyyTpU1cVvIRscSezpf9+fPjiP6cy8bak2Gthy1I3/Sjrj8FCseh84cJCXraJu1X5a/Sl9qUOZW36D30my0mkIZsVRhdywUWv5c1y7on8NOajjmXv4qb+mrqbdOpDdCuYARoYsSsq7GZB9dTzjzF+8OZu9CGgctL6cH2NL10bqm/TKKlw0vkUiOD7ClhysWaK3yvDppLRRFblXkZ21Zbx9aR7B+MAt4WkecJxnZmnre08umnAUrhmUz39lld7Gozebe7zO1rw/NoxsH0oO301zH+i3c9NPzqTbUyrz1MP+MXlX4PVoV+amai28CprOFK/0lLSDAyhU8BChyPBjL+h7Cvk4h16btscdI97ysVj7byk+MS79eISbM4rRcvQmCKKUeih3WnG2jjTIJan+1jbXTlVMgANaVCXAevCJMbmQY1kaVYynaoyV4rdcVlrTCjqU3SlniY9BkpuYm7b3H16ZIf/ZMiBxyeGiyRHbiBgxFJXzvXtJLWN69t7CauiKq4qPPKSiJWeUAYCIPXFjxRskmetYGIVYtjDzi8LOk2HqpgItuM+L3E9kTop+fSpe44mRttollmBw0ca9pizQQtYqYlmMxT/Xb7SgK34epqlHGh9pBHOkmc5LaTJ3tq0hLAMuSQlK6XaWvnxz39q6y1gdtnn2m6sLu4Y5CzjOdi7WmPspaXbGYzS0u3qZGs6NTLOwrev0cww5Y0wI6R4y3ofy8KTFOLss/HUJuoWMeZY1gY6tqklzQbMJlk56Vx6tSkNuG3BXEs5iXc2Pl/7JrrhnOiSUdeEomeXJ8d02j1WtUiy2QLhT70/tSteOWhu1nwSVeyykqWelQ3l5trwaY7OAe+KhUUiWOGmAgv1JM3AvdKnTNtDMpFjecPZKK41lWeFooYdptVjKZZFPlF6k0U+VYKzrGyP/cwpK6VopaGjYg01ZCOoQQaDgoPThyrk6kudvh27niaKYfYoeumrxWZbwM0eqiRkj1C1YgYSeWKrzw6VpaSTVKH7g8s2UfHvPWJ58f0Bc0BcCnvqrdOCNVH+Gcz+Xkg5jR27C9BLEGmB0iDgZ2UVV5IbRwCubJx92Qcw9xBtIbOJF9UGNSUIa3f+tghIwjKaS2vsJYhhIUqWXGe15RORGN7ELU9aY1eqHuLOrazhDXw7ZRo+VR6O4zCwSXx6fyQ+6kmsNPZRj2SlOVvSujCHe/AN9yoImv1mKNDFpjK7wOh8rTYLxHKmjei1bNhLHvpdTmapSJxLqcDV7ntmWt696vI72I2JEaubqYEPPtRun+3wMr/n2jHRpknBieJ1N01uiS1DcaDObs9DpHlPY+2dTZi4JHjYhu2aUWjIOEeLy9Kx79W04L+NytIBk9Y0R9H0SJPJLlEvNIZqGf0uUTXRkux45k4xBTz9U/GNjel9uMrFLw/hNUkibiPZT7QmRxdTXzyu3agHGMsSnbdzE6His6S8mBgT01J3HIQ+JxkX03RqqNq9U6W+m3Tvu3Pnq0v28YjYoDYKZlnSaqc5DuxeE73qwe3t6GAwDOPBlvndNGFHmGiZDrZubdl6j6lbs18nxrSkdTLaG/a7XEG/LrZm2jo0xm9Nfq1pqBQQA2qWZKprsB2Qgh19sg4Hgkt6+uUZbv+RkoflyFPDdSxDvj9Ux1LgZOOTLPJB4xPoC5Nu09jEMPJGzaeGWTsX6sXlgKQBV/TEHO/ODd2tZ8VlZoqJZsmPTZOgEOjii+kBvIF4Fz3Rq4xB4sPCF60qqsppSWr+HZeQE7WEaHOVpz8zlpSuSzrtNm9b0uz77RIM3pjRl7MykZmjzXXQxwjcZXoUyVhP6+KX630KIe4QyBSjelo2XGTCIjkT0mA/FAQUalb3Zt8VXE+2pLVlKTTVQx/rwUjMqZYVzxfGWFcW9bT0YWdm0vXCSxm1BvdKLNoXUqw0CZJxwpknnbuYM0+4qaYy0kR16DLRJ7I+1WrSyfr08wWpJBdAoBB22G8XQjF/j8SCmDT1l9qlFRzlHLoGD4fx7mdhSYl0pJUFxdWpslT7nuwJtaqmQSy8l1ZLQaM0psCF97SzjwxaNZODERsDvgs3sgD4sr+s5kSBO/ae3BdjKtikykdIHKjIaAZVBNKcjoDytLRu19/Wwe+rQDSUEM3L1d5ZH6CpY2+J3QkgRb6P192Tecfzfp/P/Xri6vlKmOF+2e10cIHuU0bYrCHsDs+EU703VHtQy7ogUhEh+y3K+8sU9xmUnTI96TIIGlDOCmYGwl0xyr4FN40fH+4Robq91dso9Yj4UTBrTwW9RL+ZABVaPKcpA9qoGkpedIfZe5Sk0EsXbqdh+RDkppGR4J93jejm5FuQ28dnhFd3L+Hn65m36PRVoGvqmk6Y5LT6pvF4vsbQF/F49zcJPBdEqhwUjMIVaDNuQz1EoljGeLAmRUVHrYYSIEEnaEjPM9JyOiQArEKXywwUSldGEeu1cx2YF19C5ZKoSycJZRW8KOhLYkCBJansOzdcZEWds2tFN9cOXV9nPsBJ6syna7ahSnCxStcs3aOBZbPE4d/utoCAJqmulo8bG1cjKnrYKrnY9JZwkhcA8940KnL4LmSv5uyOFbICJd1+mbNF3cTKVLWqpHZ1yJIyuCsmnWuyzWx6J2qnCa+EFqEWQbbkwhejzaS4Y4KDIc83Qt3K2oWuNdoAE8q34IUNrDVqXB46KERckB/kShuq13aHL8SKaUN+lDnr1g+OYxqtdMyEiVuyjeLSaYnFtE9bgNoprc3N9nFH4mbbaZgI7cQedRgE2ZmNrIVR22uu5fXU4NB4tLcIh1xc/QRRop3y5zIROgP9MXkN6s24+VgVk5s6Z0D0BTXwR2hRZe/Ya6sdrRRK566dC/SfvYg+bzP6EW1dUtg97V2i4D2q1+PP2PdUr5lOWnTCXG/ZFs9bU3RFQIcLLNsZd0r0/GvNyJp9JkzYHchJzuH84HOucGdv8+2C3rLTxfXpq9djOeGffjj/8/vTxeHpq9cw3bTDaC/0F29eToX+4s3LsdBfnZxOhf7q5PQ+6GX+aizUD+9e3QdNr0NxmHvBXX1/fjIC3unp6EW9+v789PTe9bQwx5OBhXk/Beg1nbD5V9+fj9h3C/N62uzh+XFwJ60APD8K7sRVuB67DhOIH+COoHy9ptOgjoY5cddenZwejds3gD1p5wD2/Xv3+fP69WiU//rX133I/v8BAAD//4SZZJA=" } diff --git a/filebeat/_meta/fields.common.yml b/filebeat/_meta/fields.common.yml index 288e42531a0..d793c67f2f4 100644 --- a/filebeat/_meta/fields.common.yml +++ b/filebeat/_meta/fields.common.yml @@ -101,13 +101,6 @@ - name: full_name type: keyword - # Temporary fix until ECS includes the HTTP object again - - name: http.request.referrer - type: keyword - description: > - Referrer for this HTTP request. - example: https://blog.example.com/ - # Temporary fix to get 7.0 dashboards working - name: fileset.name type: alias diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index c80741bcc34..a0b88a87e2e 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -746,7 +746,7 @@ ECS fields. [float] == agent fields -The agent fields contain the data about the agent/client/shipper that created the event. +The agent fields contain the data about the software entity, if any, that collects, detects, or observes events on a host, or takes measurements on a host. Examples include Beats. Agents may also run on observers. ECS agent.* fields shall be populated with details of the agent running on the host or observer where the event happened or the measurement was taken. @@ -762,24 +762,29 @@ Version of the agent. -- -*`agent.type`*:: +*`agent.name`*:: + -- type: keyword -example: filebeat +example: foo Name of the agent. +This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. +If no name is given, the name is often left empty. -- -*`agent.hostname`*:: +*`agent.type`*:: + -- type: keyword -Hostname of the agent. +example: filebeat + +Type of the agent. +The agent type stays always the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine. -- @@ -850,7 +855,7 @@ List of keywords used to tag each event. -- type: object -example: {'key2': 'value2', 'key1': 'value1'} +example: {'application': 'foo-bar', 'env': 'production'} Key/value pairs. Can be used to add meta information to events. Should not contain nested objects. All values are stored as keyword. @@ -870,6 +875,183 @@ For log events the message field contains the log message. In other use cases the message field can be used to concatenate different values which are then freely searchable. If multiple messages exist, they can be combined into one message. +-- + +[float] +== client fields + +A client is defined as the initiator of a network connection for events regarding sessions, connections, or bidirectional flow records. For TCP events, the client is the initiator of the TCP connection that sends the SYN packet(s). For other protocols, the client is generally the initiator or requestor in the network transaction. Some systems use the term "originator" to refer the client in TCP connections. The client fields describe details about the system acting as the client in the network event. Client fields are usually populated in conjuction with server fields. Client fields are generally not populated for packet-level events. + + + +*`client.ip`*:: ++ +-- +type: ip + +IP address of the client. +Can be one or multiple IPv4 or IPv6 addresses. + + +-- + +*`client.port`*:: ++ +-- +type: long + +Port of the client. + + +-- + +*`client.mac`*:: ++ +-- +type: keyword + +MAC address of the client. + + +-- + +*`client.domain`*:: ++ +-- +type: keyword + +Client domain. + + +-- + +*`client.bytes`*:: ++ +-- +type: long + +example: 184 + +Bytes sent from the client to the server. + + +-- + +*`client.packets`*:: ++ +-- +type: long + +example: 12 + +Packets sent from the client to the server. + + +-- + +[float] +== geo fields + +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + + + +*`client.geo.location`*:: ++ +-- +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +Longitude and latitude. + + +-- + +*`client.geo.continent_name`*:: ++ +-- +type: keyword + +example: North America + +Name of the continent. + + +-- + +*`client.geo.country_name`*:: ++ +-- +type: keyword + +example: Canada + +Country name. + + +-- + +*`client.geo.region_name`*:: ++ +-- +type: keyword + +example: Quebec + +Region name. + + +-- + +*`client.geo.city_name`*:: ++ +-- +type: keyword + +example: Montreal + +City name. + + +-- + +*`client.geo.country_iso_code`*:: ++ +-- +type: keyword + +example: CA + +Country ISO code. + + +-- + +*`client.geo.region_iso_code`*:: ++ +-- +type: keyword + +example: CA-QC + +Region ISO code. + + +-- + +*`client.geo.name`*:: ++ +-- +type: keyword + +example: boston-dc + +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. + + -- [float] @@ -1034,7 +1216,7 @@ Image labels. [float] == destination fields -Destination fields describe details about the destination of a packet/event. +Destination fields describe details about the destination of a packet/event. Destination fields are usually populated in conjunction with source fields. @@ -1079,161 +1261,154 @@ Destination domain. -- -[float] -== geo fields - -Geolocation for destination. - - -*`destination.geo.continent_name`*:: +*`destination.bytes`*:: + -- -type: keyword +type: long -Name of the continent. +example: 184 + +Bytes sent from the destination to the source. -- -*`destination.geo.country_iso_code`*:: +*`destination.packets`*:: + -- -type: keyword +type: long -Country ISO code. +example: 12 + +Packets sent from the destination to the source. -- +[float] +== geo fields + +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + + + *`destination.geo.location`*:: + -- type: geo_point +example: { "lon": -73.614830, "lat": 45.505918 } + Longitude and latitude. -- -*`destination.geo.region_name`*:: +*`destination.geo.continent_name`*:: + -- type: keyword -Region name. +example: North America + +Name of the continent. -- -*`destination.geo.city_name`*:: +*`destination.geo.country_name`*:: + -- type: keyword -City name. +example: Canada + +Country name. -- -*`destination.geo.region_iso_code`*:: +*`destination.geo.region_name`*:: + -- type: keyword -Region ISO code. - - --- +example: Quebec -[float] -== device fields - -Device fields are used to provide additional information about the device that is the source of the information. This could be a firewall, network device, etc. +Region name. +-- -*`device.mac`*:: +*`destination.geo.city_name`*:: + -- type: keyword -MAC address of the device - - --- - -*`device.ip`*:: -+ --- -type: ip +example: Montreal -IP address of the device. +City name. -- -*`device.hostname`*:: +*`destination.geo.country_iso_code`*:: + -- type: keyword -Hostname of the device. - - --- - -*`device.vendor`*:: -+ --- -type: text +example: CA -Device vendor information. +Country ISO code. -- -*`device.version`*:: +*`destination.geo.region_iso_code`*:: + -- type: keyword -Device version. +example: CA-QC + +Region ISO code. -- -*`device.serial_number`*:: +*`destination.geo.name`*:: + -- type: keyword -Device serial number. +example: boston-dc +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. --- -*`device.timezone.offset.sec`*:: -+ -- -type: long -example: -5400 +[float] +== ecs fields -Timezone offset of the host in seconds. -Number of seconds relative to UTC. If the offset is -01:30 the value will be -5400. +Meta-information specific to ECS. --- -*`device.type`*:: +*`ecs.version`*:: + -- type: keyword -example: firewall +example: 1.0.0-beta1 + +required: True -The type of the device the data is coming from. -There is no predefined list of device types. Some examples are `endpoint`, `firewall`, `ids`, `ips`, `proxy`. +ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. +When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. +The current version is 1.0.0-beta1 . -- @@ -1278,7 +1453,7 @@ Error code describing the error. [float] == event fields -The event fields are used for context information about the data itself. +The event fields are used for context information about the log or metric event itself. A log is defined as an event containing details of something that happened. Log events must include the time at which the thing happened. Examples of log events include a process starting on a host, a network packet being sent from a source to a destination, or a network connection between a client and a server being initiated or closed. A metric is defined as an event containing one or more numerical or categorical measurements and the time at which the measurement was taken. Examples of metric events include memory pressure measured on a host, or vulnerabilities measured on a scanned host. @@ -1292,6 +1467,19 @@ example: 8a4f500d Unique ID to describe the event. +-- + +*`event.kind`*:: ++ +-- +type: keyword + +example: state + +The kind of the event. +This gives information about what type of information the event contains, without being specific to the contents of the event. Examples are `event`, `state`, `alarm`. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. + + -- *`event.category`*:: @@ -1299,36 +1487,47 @@ Unique ID to describe the event. -- type: keyword -example: metrics +example: user-management Event category. -This can be a user defined category. +This contains high-level information about the contents of the event. It is more generic than `event.action`, in the sense that typically a category contains multiple actions. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. -- -*`event.type`*:: +*`event.action`*:: + -- type: keyword -example: nginx-stats-metrics +example: user-password-change -A type given to this kind of event which can be used for grouping. -This is normally defined by the user. +The action captured by the event. +This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer. -- -*`event.action`*:: +*`event.outcome`*:: + -- type: keyword -example: reject +example: success + +The outcome of the event. +If the event describes an action, this fields contains the outcome of that action. Examples outcomes are `success` and `failure`. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. + + +-- + +*`event.type`*:: ++ +-- +type: keyword -The action captured by the event. The type of action will vary from system to system but is likely to include actions by security services, such as blocking or quarantining; as well as more generic actions such as login events, file i/o or proxy forwarding events. -The value is normally defined by the user. +Reserved for future usage. +Please avoid using this field for user data. -- @@ -1398,29 +1597,24 @@ Hash (perhaps logstash fingerprint) of raw field to be able to demonstrate log i -- -*`event.version`*:: +*`event.duration`*:: + -- -type: keyword - -example: 0.1.0 - -required: True +type: long -The version field contains the version an event for ECS adheres to. -This field should be provided as part of each event to make it possible to detect to which ECS version an event belongs. -event.version is a required field and must exist in all events. It describes which ECS version the event adheres to. -The current version is 0.1.0. +Duration of the event in nanoseconds. +If event.start and event.end are known this value should be the difference between the end and start time. -- -*`event.duration`*:: +*`event.timezone`*:: + -- -type: long +type: keyword -Duration of the event in nanoseconds. +This field should be populated when the event's timestamp does not include timezone information already (e.g. default Syslog timestamps). It's optional otherwise. +Acceptable timezone formats are: a canonical ID (e.g. "Europe/Amsterdam"), abbreviated (e.g. "EST") or an HH:mm differential (e.g. "-05:00"). -- @@ -1437,10 +1631,30 @@ In case the two timestamps are identical, @timestamp should be used. -- -*`event.risk_score`*:: +*`event.start`*:: + -- -type: float +type: date + +event.start contains the date when the event started or when the activity was first observed. + + +-- + +*`event.end`*:: ++ +-- +type: date + +event.end contains the date when the event ended or when the activity was last observed. + + +-- + +*`event.risk_score`*:: ++ +-- +type: float Risk score or priority of the event (e.g. security solutions). Use your system's original value here. @@ -1461,45 +1675,25 @@ This is mainly useful if you use more than one system that assigns risk scores, [float] == file fields -File fields provide details about each file. +A file is defined as a set of information that has been created on, or has existed on a filesystem. File objects can be associated with host events, network events, and/or file events (e.g., those produced by File Integrity Monitoring [FIM] products or services). File fields provide details about the affected file associated with the event or metric. *`file.path`*:: + -- -type: text - -Path to the file. - -*`file.path.raw`*:: -+ --- type: keyword -Path to the file. This is a non-analyzed field that is useful for aggregations. - - --- +Path to the file. -- *`file.target_path`*:: + -- -type: text - -Target path for symlinks. - -*`file.target_path.raw`*:: -+ --- type: keyword -Path to the file. This is a non-analyzed field that is useful for aggregations. - - --- +Target path for symlinks. -- @@ -1619,193 +1813,284 @@ Last time file metadata changed. -- [float] -== geo fields +== group fields -Geo fields can carry data about a specific location related to an event or geo information for an IP field. +The group fields are meant to represent groups that are relevant to the event. -*`geo.continent_name`*:: +*`group.id`*:: + -- type: keyword -Name of the continent. +Unique identifier for the group on the system/platform. -- -*`geo.country_iso_code`*:: +*`group.name`*:: + -- type: keyword -Country ISO code. +Name of the group. -- -*`geo.location`*:: +[float] +== host fields + +A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or on which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes. + + + +*`host.hostname`*:: + -- -type: geo_point +type: keyword -Longitude and latitude. +Hostname of the host. +It normally contains what the `hostname` command returns on the host machine. -- -*`geo.region_name`*:: +*`host.name`*:: + -- type: keyword -Region name. +Name of the host. +It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. -- -*`geo.city_name`*:: +*`host.id`*:: + -- type: keyword -City name. +Unique host id. +As hostname is not always unique, use values that are meaningful in your environment. +Example: The current usage of `beat.name`. + + +-- + +*`host.ip`*:: ++ +-- +type: ip + +Host ip address. + + +-- + +*`host.mac`*:: ++ +-- +type: keyword + +Host mac address. + + +-- + +*`host.type`*:: ++ +-- +type: keyword + +Type of host. +For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. + + +-- + +*`host.architecture`*:: ++ +-- +type: keyword + +example: x86_64 + +Operating system architecture. -- [float] -== host fields +== os fields -Host fields provide information related to a host. A host can be a physical machine, a virtual machine, or a Docker container. -Normally the host information is related to the machine on which the event was generated/collected, but they can be used differently if needed. +The OS fields contain information about the operating system. -*`host.timezone.offset.sec`*:: +*`host.os.platform`*:: + -- -type: long +type: keyword -example: -5400 +example: darwin -Timezone offset of the host in seconds. -Number of seconds relative to UTC. If the offset is -01:30 the value will be -5400. +Operating system platform (such centos, ubuntu, windows). -- -*`host.name`*:: +*`host.os.name`*:: + -- type: keyword -host.name is the hostname of the host. -It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. +example: Mac OS X + +Operating system name. -- -*`host.id`*:: +*`host.os.family`*:: + -- type: keyword -Unique host id. -As hostname is not always unique, use values that are meaningful in your environment. -Example: The current usage of `beat.name`. +example: debian + +OS family (such as redhat, debian, freebsd, windows). -- -*`host.ip`*:: +*`host.os.version`*:: + -- -type: ip +type: keyword -Host ip address. +example: 10.12.6-rc2 + +Operating system version as a raw string. -- -*`host.mac`*:: +*`host.os.kernel`*:: + -- type: keyword -Host mac address. +example: 4.4.0-112-generic + +Operating system kernel version as a raw string. -- -*`host.type`*:: +[float] +== geo fields + +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + + + +*`host.geo.location`*:: ++ +-- +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +Longitude and latitude. + + +-- + +*`host.geo.continent_name`*:: + -- type: keyword -Type of host. -For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. +example: North America + +Name of the continent. -- -*`host.os.platform`*:: +*`host.geo.country_name`*:: + -- type: keyword -example: darwin +example: Canada -Operating system platform (centos, ubuntu, windows, etc.) +Country name. -- -*`host.os.name`*:: +*`host.geo.region_name`*:: + -- type: keyword -example: Mac OS X +example: Quebec -Operating system name. +Region name. -- -*`host.os.family`*:: +*`host.geo.city_name`*:: + -- type: keyword -example: debian +example: Montreal -OS family (redhat, debian, freebsd, windows, etc.) +City name. -- -*`host.os.version`*:: +*`host.geo.country_iso_code`*:: + -- type: keyword -example: 10.12.6 +example: CA -Operating system version. +Country ISO code. -- -*`host.architecture`*:: +*`host.geo.region_iso_code`*:: + -- type: keyword -example: x86_64 +example: CA-QC + +Region ISO code. -Operating system architecture. + +-- + +*`host.geo.name`*:: ++ +-- +type: keyword + +example: boston-dc + +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. -- @@ -1813,7 +2098,7 @@ Operating system architecture. [float] == http fields -Fields related to HTTP requests and responses. +Fields related to HTTP activity. @@ -1827,6 +2112,18 @@ example: GET, POST, PUT Http request method. +-- + +*`http.request.referrer`*:: ++ +-- +type: keyword + +example: https://blog.example.com/ + +Referrer for this HTTP request. + + -- *`http.response.status_code`*:: @@ -1844,7 +2141,7 @@ Http response status code. *`http.response.body`*:: + -- -type: text +type: keyword example: Hello world @@ -1905,175 +2202,437 @@ Field is not indexed. [float] == network fields -Fields related to network data. +The network is defined as the communication path over which a host or network event happens. The network.* fields should be populated with details about the network activity associated with an event. *`network.name`*:: + -- -type: text +type: keyword example: Guest Wifi Name given by operators to sections of their network. -*`network.name.raw`*:: +-- + +*`network.type`*:: + -- type: keyword -Name given by operators to sections of their network. +example: IPv4 +In the OSI Model this would be the Network Layer. IPv4, IPv6, IPSec, PIM, etc --- -- -*`network.protocol`*:: +*`network.iana_number`*:: + -- type: keyword -example: http +example: 6 -Network protocol name. +IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Standardized list of protocols. This aligns well with NetFlow and sFlow related logs which use the IANA Protocol Number. -- -*`network.direction`*:: +*`network.transport`*:: + -- type: keyword -example: inbound +example: TCP -Direction of the network traffic. -Recommended values are: - * inbound - * outbound - * unknown +Same as network.iana_number, but instead using the Keyword name of the transport layer (UDP, TCP, IPv6-ICMP, etc.) -- -*`network.forwarded_ip`*:: +*`network.application`*:: + -- -type: ip +type: keyword -example: 192.1.1.2 +example: AIM -Host IP address when the source IP address is the proxy. +A name given to an application. This can be arbitrarily assigned for things like microservices, but also apply to things like skype, icq, facebook, twitter. This would be used in situations where the vendor or service can be decoded such as from the source/dest IP owners, ports, or wire format. -- -*`network.inbound.bytes`*:: +*`network.protocol`*:: + -- -type: long +type: keyword -example: 184 +example: http -Network inbound bytes. +L7 Network protocol name. ex. http, lumberjack, transport protocol -- -*`network.inbound.packets`*:: +*`network.direction`*:: + -- -type: long +type: keyword -example: 12 +example: inbound + +Direction of the network traffic. +Recommended values are: + * inbound + * outbound + * internal + * external + * unknown -Network inbound packets. +When mapping events from a host-based monitoring context, populate this field from the host's point of view. +When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of your network perimeter. -- -*`network.outbound.bytes`*:: +*`network.forwarded_ip`*:: + -- -type: long +type: ip -example: 184 +example: 192.1.1.2 -Network outbound bytes. +Host IP address when the source IP address is the proxy. -- -*`network.outbound.packets`*:: +*`network.community_id`*:: + -- -type: long +type: keyword -example: 12 +example: 1:hO+sN4H+MG5MY/8hIrXPqc4ZQz0= -Network outbound packets. +A hash of source and destination IPs and ports, as well as the protocol used in a communication. This is a tool-agnostic standard to identify flows. +Learn more at https://github.com/corelight/community-id-spec. -- -*`network.total.bytes`*:: +*`network.bytes`*:: + -- type: long example: 368 -Network total bytes. The sum of inbound.bytes + outbound.bytes. +Total bytes transferred in both directions. +If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. -- -*`network.total.packets`*:: +*`network.packets`*:: + -- type: long example: 24 -Network outbound packets. The sum of inbound.packets + outbound.packets +Total packets transferred in both directions. +If `source.packets` and `destination.packets` are known, `network.packets` is their sum. -- [float] -== organization fields +== observer fields -The organization fields enrich data with information about the company or entity the data is associated with. These fields help you arrange or filter data stored in an index by one or multiple organizations. +An observer is defined as a special network, security, or application device used to detect, observe, or create network, security, or application-related events and metrics. This could be a custom hardware appliance or a server that has been configured to run special network, security, or application software. Examples include firewalls, intrusion detection/prevention systems, network monitoring sensors, web application firewalls, data loss prevention systems, and APM servers. The observer.* fields shall be populated with details of the system, if any, that detects, observes and/or creates a network, security, or application event or metric. Message queues and ETL components used in processing events or metrics are not considered observers in ECS. -*`organization.name`*:: +*`observer.mac`*:: + -- -type: text +type: keyword -Organization name. +MAC address of the observer -- -*`organization.id`*:: +*`observer.ip`*:: + -- -type: keyword +type: ip -Unique identifier for the organization. +IP address of the observer. -- -[float] -== os fields - -The OS fields contain information about the operating system. These fields are often used inside other prefixes, such as `host.os.*` or `user_agent.os.*`. +*`observer.hostname`*:: ++ +-- +type: keyword + +Hostname of the observer. + + +-- + +*`observer.vendor`*:: ++ +-- +type: keyword + +observer vendor information. + + +-- + +*`observer.version`*:: ++ +-- +type: keyword + +Observer version. + + +-- + +*`observer.serial_number`*:: ++ +-- +type: keyword + +Observer serial number. + + +-- + +*`observer.type`*:: ++ +-- +type: keyword + +example: firewall + +The type of the observer the data is coming from. +There is no predefined list of observer types. Some examples are `forwarder`, `firewall`, `ids`, `ips`, `proxy`, `poller`, `sensor`, `APM server`. + + +-- + +[float] +== os fields + +The OS fields contain information about the operating system. + + + +*`observer.os.platform`*:: ++ +-- +type: keyword + +example: darwin + +Operating system platform (such centos, ubuntu, windows). + + +-- + +*`observer.os.name`*:: ++ +-- +type: keyword + +example: Mac OS X + +Operating system name. + + +-- + +*`observer.os.family`*:: ++ +-- +type: keyword + +example: debian + +OS family (such as redhat, debian, freebsd, windows). + + +-- + +*`observer.os.version`*:: ++ +-- +type: keyword + +example: 10.12.6-rc2 + +Operating system version as a raw string. + + +-- + +*`observer.os.kernel`*:: ++ +-- +type: keyword + +example: 4.4.0-112-generic + +Operating system kernel version as a raw string. + + +-- + +[float] +== geo fields + +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + + + +*`observer.geo.location`*:: ++ +-- +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +Longitude and latitude. + + +-- + +*`observer.geo.continent_name`*:: ++ +-- +type: keyword + +example: North America + +Name of the continent. + + +-- + +*`observer.geo.country_name`*:: ++ +-- +type: keyword + +example: Canada + +Country name. + + +-- + +*`observer.geo.region_name`*:: ++ +-- +type: keyword + +example: Quebec + +Region name. + + +-- + +*`observer.geo.city_name`*:: ++ +-- +type: keyword + +example: Montreal + +City name. + + +-- + +*`observer.geo.country_iso_code`*:: ++ +-- +type: keyword + +example: CA + +Country ISO code. + + +-- + +*`observer.geo.region_iso_code`*:: ++ +-- +type: keyword + +example: CA-QC + +Region ISO code. + + +-- + +*`observer.geo.name`*:: ++ +-- +type: keyword + +example: boston-dc + +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. + + +-- + +[float] +== organization fields + +The organization fields enrich data with information about the company or entity the data is associated with. These fields help you arrange or filter data stored in an index by one or multiple organizations. + + + +*`organization.name`*:: ++ +-- +type: keyword + +Organization name. + + +-- + +*`organization.id`*:: ++ +-- +type: keyword + +Unique identifier for the organization. + + +-- + +[float] +== os fields + +The OS fields contain information about the operating system. @@ -2144,15 +2703,12 @@ These fields contain information about a process. These fields can help you corr -*`process.args`*:: +*`process.pid`*:: + -- -type: keyword - -example: ['-l', 'user', '10.0.0.16'] +type: long -Process arguments. -May be filtered to protect sensitive information. +Process id. -- @@ -2170,22 +2726,37 @@ Sometimes called program name or similar. -- -*`process.pid`*:: +*`process.ppid`*:: + -- type: long -Process id. +Process parent id. -- -*`process.ppid`*:: +*`process.args`*:: + -- -type: long +type: keyword -Process parent id. +example: ['ssh', '-l', 'user', '10.0.0.16'] + +Process arguments. +May be filtered to protect sensitive information. + + +-- + +*`process.executable`*:: ++ +-- +type: keyword + +example: /usr/bin/ssh + +Absolute path to the process executable. -- @@ -2196,7 +2767,237 @@ Process parent id. type: keyword Process title. -The proctitle, often the same as process name. +The proctitle, some times the same as process name. Can also be different: for example a browser setting its title to the web page currently opened. + + +-- + +*`process.thread.id`*:: ++ +-- +type: long + +example: 4242 + +Thread ID. + + +-- + +*`process.start`*:: ++ +-- +type: date + +example: 2016-05-23T08:05:34.853Z + +The time the process started. + + +-- + +*`process.working_directory`*:: ++ +-- +type: keyword + +example: /home/alice + +The working directory of the process. + + +-- + +[float] +== related fields + +This field set is meant to facilitate pivoting around a piece of data. Some pieces of information can be seen in many places in ECS. To facilitate searching for them, append values to their corresponding field in `related.`. A concrete example is IP addresses, which can be under host, observer, source, destination, client, server, and network.forwarded_ip. If you append all IPs to `related.ip`, you can then search for a given IP trivially, no matter where it appeared, by querying `related.ip:a.b.c.d`. + + + +*`related.ip`*:: ++ +-- +type: ip + +All of the IPs seen on your event. + + +-- + +[float] +== server fields + +A Server is defined as the responder in a network connection for events regarding sessions, connections, or bidirectional flow records. For TCP events, the server is the receiver of the initial SYN packet(s) of the TCP connection. For other protocols, the server is generally the responder in the network transaction. Some systems actually use the term "responder" to refer the server in TCP connections. The server fields describe details about the system acting as the server in the network event. Server fields are usually populated in conjunction with client fields. Server fields are generally not populated for packet-level events. + + + +*`server.ip`*:: ++ +-- +type: ip + +IP address of the server. +Can be one or multiple IPv4 or IPv6 addresses. + + +-- + +*`server.port`*:: ++ +-- +type: long + +Port of the server. + + +-- + +*`server.mac`*:: ++ +-- +type: keyword + +MAC address of the server. + + +-- + +*`server.domain`*:: ++ +-- +type: keyword + +Server domain. + + +-- + +*`server.bytes`*:: ++ +-- +type: long + +example: 184 + +Bytes sent from the server to the client. + + +-- + +*`server.packets`*:: ++ +-- +type: long + +example: 12 + +Packets sent from the server to the client. + + +-- + +[float] +== geo fields + +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + + + +*`server.geo.location`*:: ++ +-- +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +Longitude and latitude. + + +-- + +*`server.geo.continent_name`*:: ++ +-- +type: keyword + +example: North America + +Name of the continent. + + +-- + +*`server.geo.country_name`*:: ++ +-- +type: keyword + +example: Canada + +Country name. + + +-- + +*`server.geo.region_name`*:: ++ +-- +type: keyword + +example: Quebec + +Region name. + + +-- + +*`server.geo.city_name`*:: ++ +-- +type: keyword + +example: Montreal + +City name. + + +-- + +*`server.geo.country_iso_code`*:: ++ +-- +type: keyword + +example: CA + +Country ISO code. + + +-- + +*`server.geo.region_iso_code`*:: ++ +-- +type: keyword + +example: CA-QC + +Region ISO code. + + +-- + +*`server.geo.name`*:: ++ +-- +type: keyword + +example: boston-dc + +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. -- @@ -2227,11 +3028,12 @@ Example: If you are experiencing issues with one redis instance, you can filter -- type: keyword -example: elasticsearch +example: elasticsearch-metrics Name of the service data is collected from. -The name can be used to group and correlate logs and metrics from one service. -Example: If logs or metrics are collected from Redis, `service.name` would be `redis`. +The name of the service is normally user given. This allows if two instances of the same service are running on the same machine they can be differentiated by the `service.name`. +Also it allows for distributed services that run on multiple hosts to correlate the related instances based on the name. +In the case of Elasticsearch the service.name could contain the cluster name. For Beats the service.name is by default a copy of the `service.type` field if no name is specified. -- @@ -2241,7 +3043,11 @@ Example: If logs or metrics are collected from Redis, `service.name` would be `r -- type: keyword -Service type. +example: elasticsearch + +The type of the service data is collected from. +The type can be used to group and correlate logs and metrics from one service type. +Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. -- @@ -2285,7 +3091,7 @@ This id normally changes across restarts, but `service.id` does not. [float] == source fields -Source fields describe details about the source of the event. +Source fields describe details about the source of a packet/event. Source fields are usually populated in conjunction with destination fields. @@ -2328,20 +3134,95 @@ type: keyword Source domain. +-- + +*`source.bytes`*:: ++ +-- +type: long + +example: 184 + +Bytes sent from the source to the destination. + + +-- + +*`source.packets`*:: ++ +-- +type: long + +example: 12 + +Packets sent from the source to the destination. + + -- [float] == geo fields -Geolocation for source. +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + + + +*`source.geo.location`*:: ++ +-- +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +Longitude and latitude. + + +-- + +*`source.geo.continent_name`*:: ++ +-- +type: keyword + +example: North America + +Name of the continent. + + +-- + +*`source.geo.country_name`*:: ++ +-- +type: keyword +example: Canada + +Country name. + + +-- + +*`source.geo.region_name`*:: ++ +-- +type: keyword + +example: Quebec + +Region name. + + +-- -*`source.geo.continent_name`*:: +*`source.geo.city_name`*:: + -- type: keyword -Name of the continent. +example: Montreal + +City name. -- @@ -2351,68 +3232,69 @@ Name of the continent. -- type: keyword +example: CA + Country ISO code. -- -*`source.geo.location`*:: +*`source.geo.region_iso_code`*:: + -- -type: geo_point +type: keyword -Longitude and latitude. +example: CA-QC + +Region ISO code. -- -*`source.geo.region_name`*:: +*`source.geo.name`*:: + -- type: keyword -Region name. +example: boston-dc +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. --- -*`source.geo.city_name`*:: -+ -- -type: keyword -City name. +[float] +== url fields +URL fields provide a complete URL, with scheme, host, and path. --- -*`source.geo.region_iso_code`*:: + +*`url.original`*:: + -- type: keyword -Region ISO code. - +example: https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch --- - -[float] -== url fields -URL fields provide a complete URL, with scheme, host, and path. The URL object can be reused in other prefixes, such as `host.url.*` for example. Keep the structure consistent whenever you use URL fields. +Unmodified original url as seen in the event source. +Note that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path. +This field is meant to represent the URL as it was observed, complete or not. +-- -*`url.original`*:: +*`url.full`*:: + -- type: keyword -example: https://elastic.co:443/search?q=elasticsearch#top +example: https://www.elastic.co:443/search?q=elasticsearch#top -Full url. The field is stored as keyword. -`url.href` is a [multi field](https://www.elastic.co/guide/en/ elasticsearch/reference/6.2/ multi-fields.html#_multi_fields_with_multiple_analyzers). The data is stored as keyword `url.href` and test `url.href.analyzed`. These fields enable you to run a query against part of the url still works splitting up the URL at ingest time. -`href` is an analyzed field so the parsed information can be accessed through `href.analyzed` in queries. +If full URLs are important to your use case, they should be stored in `url.full`, whether this field is reconstructed or present in the event source. -- @@ -2430,15 +3312,15 @@ Note: The `:` is not part of the scheme. -- -*`url.hostname`*:: +*`url.domain`*:: + -- type: keyword -example: elastic.co +example: www.elastic.co -Hostname of the request, such as "elastic.co". -In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `hostname` field. +Domain of the request, such as "www.elastic.co". +In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field. -- @@ -2458,42 +3340,22 @@ Port of the request, such as 443. *`url.path`*:: + -- -type: text - -Path of the request, such as "/search". - - -*`url.path.raw`*:: -+ --- type: keyword -URL path. A non-analyzed field that is useful for aggregations. - +Path of the request, such as "/search". --- -- *`url.query`*:: + -- -type: text +type: keyword The query field describes the query string of the request, such as "q=elasticsearch". The `?` is excluded from the query string. If a URL contains no `?`, there is no query field. If there is a `?` but no query, the query field exists with an empty string. The `exists` query can be used to differentiate between the two cases. -*`url.query.raw`*:: -+ --- -type: keyword - -URL query part. A non-analyzed field that is useful for aggregations. - - --- - -- *`url.fragment`*:: @@ -2549,8 +3411,21 @@ One or multiple unique identifiers of the user. -- type: keyword -Name of the user. -The field is a keyword, and will not be tokenized. +example: albert + +Short name or login of the user. + + +-- + +*`user.full_name`*:: ++ +-- +type: keyword + +example: Albert Einstein + +User's full name, if available. -- @@ -2574,6 +3449,16 @@ Unique user hash to correlate information for a user in anonymized form. Useful if `user.id` or `user.name` contain confidential information and cannot be used. +-- + +*`user.group`*:: ++ +-- +type: keyword + +Group the user is a part of. This field can contain a list of groups, if necessary. + + -- [float] @@ -2586,19 +3471,25 @@ The user_agent fields normally come from a browser request. They often show up i *`user_agent.original`*:: + -- -type: text +type: keyword + +example: Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1 Unparsed version of the user_agent. +Field is not indexed. + -- -*`user_agent.device`*:: +*`user_agent.name`*:: + -- type: keyword -Name of the physical device. +example: Safari + +Name of the user agent. -- @@ -2608,27 +3499,116 @@ Name of the physical device. -- type: keyword -Version of the physical device. +example: 12.0 + +Version of the user agent. -- -*`user_agent.major`*:: +*`user_agent.device.name`*:: + -- -type: long +type: keyword -Major version of the user agent. +example: iPhone + +Name of the device. -- -*`user_agent.minor`*:: +[float] +== os fields + +The OS fields contain information about the operating system. + + + +*`user_agent.os.platform`*:: + -- -type: long +type: keyword -Minor version of the user agent. +example: darwin + +Operating system platform (such centos, ubuntu, windows). + + +-- + +*`user_agent.os.name`*:: ++ +-- +type: keyword + +example: Mac OS X + +Operating system name. + + +-- + +*`user_agent.os.family`*:: ++ +-- +type: keyword + +example: debian + +OS family (such as redhat, debian, freebsd, windows). + + +-- + +*`user_agent.os.version`*:: ++ +-- +type: keyword + +example: 10.12.6-rc2 + +Operating system version as a raw string. + + +-- + +*`user_agent.os.kernel`*:: ++ +-- +type: keyword + +example: 4.4.0-112-generic + +Operating system kernel version as a raw string. + + +-- + +*`beat.name`*:: ++ +-- +type: alias + +alias to: agent.type + +-- + +*`beat.hostname`*:: ++ +-- +type: alias + +alias to: agent.hostname + +-- + +*`agent.hostname`*:: ++ +-- +type: keyword + +Hostname of the agent. -- @@ -2643,34 +3623,32 @@ Patch version of the user agent. -- -*`user_agent.name`*:: +*`user_agent.minor`*:: + -- type: keyword -example: Chrome - -Name of the user agent. +Minor version of the user agent. -- -*`user_agent.os.name`*:: +*`user_agent.major`*:: + -- type: keyword -Name of the operating system. +Major version of the user agent. -- -*`user_agent.os.version`*:: +*`user_agent.device`*:: + -- type: keyword -Version of the operating system. +Name of the physical device. -- @@ -2695,21 +3673,13 @@ Minor version of the operating system. -- -*`beat.name`*:: +*`url.hostname`*:: + -- -type: alias - -alias to: agent.type - --- +type: keyword -*`beat.hostname`*:: -+ --- -type: alias +Hostname of the request, such as "elastic.co". -alias to: agent.hostname -- @@ -3778,18 +4748,6 @@ Total time in milliseconds elapsed between the accept and the last close Info collected for the host machine. - - -*`host.os.kernel`*:: -+ --- -type: keyword - -The operating system's kernel version. - - --- - [[exported-fields-icinga]] == Icinga fields @@ -4860,18 +5818,6 @@ Content length of the HTTP response body. -- type: keyword --- - -*`http.request.referrer`*:: -+ --- -type: keyword - -example: https://blog.example.com/ - -Referrer for this HTTP request. - - -- *`fileset.name`*:: @@ -5916,37 +6862,6 @@ Module for parsing system log files. -*`host.hostname`*:: -+ --- -type: keyword - --- - -*`group.id`*:: -+ --- -type: keyword - -required: False - -ID of the group. - - --- - -*`group.name`*:: -+ --- -type: keyword - -required: False - -Name of the group. - - --- - [float] == system fields diff --git a/filebeat/include/fields.go b/filebeat/include/fields.go index 429c913091d..e834c5db74d 100644 --- a/filebeat/include/fields.go +++ b/filebeat/include/fields.go @@ -31,5 +31,5 @@ func init() { // Asset returns asset data func Asset() string { - return "eJzsvX2T2zaSMP5/PgVqUvWLvT+NPDN2nGS29u6845fMrt/WM948d05KgkhIwg4FMAA4snK33/0pNAASIEGKlDR29jl7qza2SHY3gEaju9Evx+iGbM4RSeRXCCmqMnKOnl1cfYVQSmQiaK4oZ+fo375CCOkHaE5JlsrxV8j+7RyewP8dI4ZX5BzhBWEKfilBPvF+Wghe5OfozP4zgkf/uV4SA8jiQQlnClOG1JKgFCuM8IwXCv4J7z1IMqr/I5c0z4lAaolVCS0RBCuSwtvkljA1to/mnCvGFfFRP/uIV3lG5Dm6NOgSLAnic/RngpVEcy5QxhdyVOEe64EjKtGcZmRGsBqj51ygJ29fjRBV+oFakhK+GZYoGKNsgeyQcJ4/kETc0oSMvcFTNudihfXsoJQTiRhXKFlitiCIzkuQMCFUIqm/UUvBi8US/VqQQmOQG6nISqKM3hD0Vzy/wSP0jqRUjhAXKBc8IVJ6L5ZQZZEsEZboJV9IheUSmTGhKyJuiXBTqDY5OTer6ibV4wyfMW6JkJSz8nf37Q3ZrLlIvd9bmEL/+bsBotejmv+KCc0fYpbwHD0en4xPjkVy1iBGo96Pktd60fuR4fiiQcWSS6X/th8lP1ooNWoa2Gi6H573jP5aEERTwhSdUyIMQiott96jc8QZQeQjlUreb8xHubfOYX+Y/QTfr3mRpWhGEOwemo5js/g9fjT/9uQkbYyL5EuyIgJnk31H+MxB2meQ1/plmiKmt26WbeyGlQgngkuJBJEKCyVHaFYoNDWrRdNpucO7Rj9vCtwZliSUt3+ufrHi9nS7uNVgkCTKiVqJcJY58bteUi0MBEHcCCzFc5SRW5KBuJLEvahfSfhqxZkbroail0LqiQTpK4fLjqP/UHSl522VHzWWOMXK30GC/FpQQdJzpEThP8iXWJJz9DA2vUdnJ6ePj0++PT57eH3y/fnJt+cPH42///bhfx3145ynWJEHmka0XhJWnTSIC7qgTB8/EVZ5bg4TOy2GzcxxAYOKAlxjiRaEEaFhjhBmaQBSnxDwBTWvCoJjmN/ZSTIzDqeaXih/fZoyEy9kj/1VzemHn49ywdMi0TP289EI/XxE2O3Zz0e/9JzVl1QqzTYWiUSF1Mc416QggpOlf5w36M3wjGRNivnsHyRRMYL/+4ZsTs/RLc4KcjrSWM/sv87+2Y/gv5LNA/gA5ZiK+kTqPxeYaUHnBoLTFK2IPr69o15xtxDoagmiEc59qwIxIhUJF90MSY7RkywzBJudKBXXa4ylm8EumTxNeXJDxFSzFJrefC+ndgZbpndFpMSL5tmlyEfV3HWnUQ75kWQZRz9xkaU9WaKxZYgjxLJyKb70I/2mfRwZ+iVDXC2J0KsBal4UXrhgCWcJVoSFMgehlM7nROgNaue/EplKb8e5ICTbIEmwSJZ4lpExupyjVZEpmmchKItfmjMGFM2NIyPhqxllJEWUKQ4HUXN4boGSjBdpeDJceD/108SfG7kuSGZUaG50Yg1HK4SUzQWWShSJKsxQ7cpU+q45EbSGORd81VP1nqNXRAmaaIVAi0SnL+tzhaFnF2egOwGrzolKlkQaLVijQNRDr18beTTrfRbySGBOUIlWOFlSZtanIqIEKAomgQwkyIor4t5HvFCSpsTDFacOI6vp+yB9YwA+NjTXWNqArUABt1r0vo1hEYQTN/zUzQW/pSkRsa1LPKV6b/3ZjMuhGztG8EUZSc5GaJEQbbXUNt6CKpzxhGDWIqnwLaYZntGMqs3kN85IbECFPCZYquPTZL9xPfGQIY1ML6sRBsBewLfVwrSQLMiin63UpL8fme8AwU60USYVZgkZ91K3SwLp8enZw0ffPv7u+x9O8CxJyfykH6mXFh+6fOoYBgh1G3ULlfsbWCUBvpXVgwT3tKexWc6UOhuvSEqLVT/yXjkJsMmHUIeThBdgegyh7fHjx999993333//ww8/9CPvupKHBqM+N7hYYEZ/M/oOTcvj1dpdm+o8DWDph4oSqfkWm9PzWB/GTCHCbqngbBWzxP2j5clPVyUhNB2hF5wvMmJORvTm3Qt0mYJnxGoGYPMGoCrTMHbmGlFdykx37tZ+7nf2ll/51hXMlNbXG2pj5RKTOUnonCYNchA4xpyNIXkhEmAZD0zNoFuSLEcJF0YBMGePNhUr5ihxSHu+sY0WINp2GX7k2A/326/vDBC0wgwv9OEHwq2kM2pfG+W3KUUO4zMpcSPfuVEiWWkFbn855R+pANMcriVubQ/OCpopTxuoU6HwYj8iKqa1JOBFE9f+Y63QaFhNDH2NP/PDZJdTAYbXMJEcASmRShv+1TFuZcHTxoN+0sD7zm1O8+aMoJQoTDPpiQAPvWYJXILJcXJD1IPAD95/f9K8MaXBT13z9VZbu4JI6XjUo7HdUtYalJZ21lJCl29vH+kfLt/ePnYAiYy4O3MuVIPYjLNFP3LfcqGihMaO+f14+dWTi86paWBM+QrTPtphxPjucmJ5PGNQRHAvCG8g9jmnjiPA8ILwjCeWh7locoD5U+e+8HyljDA1qYmQ9jnoHHLNDnHQvXH7uAumxGZCJZ8kPD0I9gsDE11evUEaZhSxm7IIwgXhk5zTmprUifIlZwuqipSAfZphBf+IIjZWyMGm2tocRmDHJljbZ4dCdqHtr1ZUdmSHXEo7utpKVseBZ/KXJ4H3W99DAAz7uj6ouLOetSCh+iuctSiHASVtCiGoEKFSCCqUvafBaE4FWeMsGyFG1JqLGwt3hIhKhp8rdyNDg4He0REGd7YNJHdzs9eG7ZawNHCLRD2xnZIf2MrACRY+gusA17glPoDVRCKJoDibsGI1I81x7YLKQEQGYhOhthd+44yM+XwuiRpL0uTH/rrDtYWGDLTAKKcMSZJwlsZuB14Defp9+45xvNJborf4++sL8EpqWBYylej45PT84Ung/9N/zDXEmmaZ3rDH3z46OYkaPvCkOR97349rs9/3SBjerTyuIE5qbuE6AAEuTKaFG0nJHBzfmb0TcvA2OZFjdMVXxI0J5GIAakpYCqfkdISmTnLpv9NUwn9y+E8u+MfNNDpL7qOmnk+E4DVr/5n3U+94l8rkTjBDguSCQDwHwAd5ow3rG8rSMXovYSJXoEPZF4KIlyXOcwKuvYwYF7SeaHtnAjvc3nesYZKr20WqJMnm3h0wM/CD9RlgLhw85ECPGMhtUDX4ZqorEEBDb7k5qtTBdM8tYrBoOM6SM86K5uhKZrttBFc9u90luMqsdsytpJeefFRtygNsXWCSHYzHw3DD5VMtDEvbtxHVhTqjRiJGUbmiWJEFF5s9VxWm1sFqCxCx93lYT7y2g4xwC7+qDWUFl1Eyzo37C+wnRlwv6C1h5p6PSpA3ZeCGvSrwb0Q1x8DSN68LyqGCCLexMG6gsw2smx58dKxsQdnHY6mwksed48aJ2lsbgYA7gIMSnKtCVAQaxgoOM/smnKy3WGzg/ArgmUg6PYf2b7MCTuqM3pBsA25ulmRggQEsqbFJkhRC2yz28k6OQpg2Gm+W8eQGLvQE+rXAAmuLlbLFH/XDNcky/d8VF8QEidCkxKEhBCCxRBlfUGbPhRHEqSH6gNvAwI8bvbxrLNLq8Iif01bZ2GWhBSkdck05ztMiO6BP1MAzjN1XB9H860nC8AsPqo1NoczGtXFRBk7GN/NG/prFh61Jk6Tpu9p53BZgy9olnCUkB50Ko6l9d4ruaW7QKuYDJ3iIuq/HH44TS8+3aBh1ZlVeOzFjdKnCG3d/Qo1I0dNaCEGYyjYhNBPBQllFhAm3xSz1frIrywWyVI9Dr7A38SBT4hMvyS3RW3Cb5t8Z0vJdz0CWK4usPMisCe5+tmtnBdBP2kqHtYzei5Vf2RvzFcEM5PQtEd5dGpoRtSaEVQEvenG+kajIkeIBRHOHkGdkRZgiQgutFb4hSBaiJJISF/DHJJVKI7BBf51xZDYkLuvB4JGZ/hq91+yjCoYVSFO9Re30GwmkkFzyNTO3VonKNmhDlGbU/0EpNwFyXNwEIClDCs/0LtYiNHh0KdH/9/Xp2aM/OidJqZqXzvX/gWA7Lm40IbCXQJGqFOwAoHHY0ORGRvnz6Irk6PQHdPL9+dnj89MTYzVePHt+fmLouLIHhflXsGh62QTBCi6+iDBvnI7th6cnJ9Fv1lys9OmQECnnhRbeUvE8J6n7zPxXiuRPpydj/b/TGoRUqj+djU/HZ+Mzmas/nZ49POu5CxB6h9egmJdhV1rbYIqKkvffWw9XSlacSSWwMoFdlCmy0DMREWxWdJv4GcsVlKXkIzFhOSlPJl50SUqlXv7UyCrM9OszUoNoYrdIagJ3qXKKkNBiiNxqbUifCdOJcaMFhiTgPkdznEkfbEWG/6yxY5ZYLnfbLRVbVcEXsb89+fPF095L9iOWS3QvJ2KJc9AhTH7AnLIFEbmgTN3Xqyjw2i6A4qDrzvThy+u803NVh/ufWgOBt6iCFkMsntA9wsxZUFxAYgxO9T6XSPE2LcJAk0vnQrX+WojOzLG5a6pCWkt5SxXKuZR0VgsShP2gSAJvmkNU09EgcEb04RXT28zuch9QCRFtQVQwnLGFVCYQEWIuqhhhdBm7c5iVkY8+NZV/Ycs8EacGII+uk/HpOO67gictSlQh6ncmQ714Ty2I4CjWs8Aw43EfXmlJmoyjBvJaqHoHcrM6LnOpHrAYjQq3L7cxYBlBr+c0pVJRligjsv7De8bMjYD3k0Pe0A9s8hAcZ/blsQvQBVIlQWrNq6el2RvXYrAZX40YIxYyyozSVxs4NSHuxhNm+CKAOdug5zb9BiQ9HATgTkpwNkbTapxTw+t+pln5LFyaj0rgRDl571M4qq1bSWw5BOqH5PuML7VWay5YcJ4bMzHHyY0+Eo1Vqq0O46+LLE7D/1u9EqHX3dk4BHpi45Q3mXILr10a16KZv3Dx9fyXcz/yR1GJRa0dtcVEUnkzkQkXTZNwnnHc07X3jsobBFCMmUt5Q91G98h4MfYscp4VYEPfD5ftvSRowwthzfxvZKnaWoNYL9bWwUy0zbzPiF6DzU1/IylA3TK4kQlelgnOQNc60Yx26i4Hot6bFaYs2+ilmRcZonM9aDAhwM+glphBlIZze2jxgaWki5rIqIiTkLcCYNbYHHaSEISt+wCGYmbQSyKy+YkRr6i2+SymmgfU+kifVy+0hrlnpf/d3aSGQTVwNmtMff2eZRwKVpXyFnFEBxS9xWrpgux9ZMgEwExa4+bwej9/QQNxufp6VdgxZjjb/FaqBu7W2PBEAAlyiRYLQRZweoZHZJVLJBZETQbNzTV8A/MJSORmlVHmm1HxOWqbpZ1v+g83Vz1ni3xUhAVab5zyVqqBvUsoja0O5FsZjLOMrxHBcqPHpggcO7ONcQ6WILxJL7Wx3CpW9aX2PdM96AZawdkKLqgRSqmAiFy73vejU1SPatiO56m7kGyLf6j2Xw0XZf7VTw9Ul/qDynHgbnmMv5WVfzcSLoqy8O5OBq79tXW/osun6N77y6f3YS7d2eZdrd27gofV4BFfMyKi9MCTwasKX30DO0FUDroa6MWwob4VdIXFxghiGOOL2jDiWIKQtcF4/KiMVhyr7WxSmTKPH53EEb/SvOOvCmWIJwpnNU9UlARJf6uTEBhAzTXSX2gUs40iUm9B60HhWgXAaep0w6mGNkU0POOnmsJpfIuugsjuiEEUEPMSSwXKoxk0XEta5XPFU82xaRRLsg+WFVEYbgZMznYaUTaq+EerXLwof+h3/fqCcP+mP8FCbPwkNFyF75exkl76nbPsS3hcaJoCpzocKgxdvjWIht/UtoZZ7pvoVQVYNlG2RlfuFB5ej6us44sEVbaHVHblKLeEU9bxxWMpd8lu8KMoG7MYCaHcZfqq4ElU3wBLLmshCD9Wv/TbAvqDurbt86/P7oBvjJ4YP7i7Ni9B5cuN1OakS3YaIYxuqVCF/5PeDugpZHjU00BKQK/dzaUXqRXc+9VSYMu0zyqDjtR2ZpCq/yDhWUYS5fzHflYvXAmUPpFso20sRkhKdti6/+si2bq83lVwW2Oe9t8kwJiu9o+blXqKYMxDYtjYOZrWWgGdum+nSBBVCJNj/J7Rj87utQnBRVa7If21wBmchjZkHwZmWR6IsadJ7S7e+JwIC9N79XgTmpZOXDP1iutvWue8MbW94nyGpSbY0B/DdzG30xNZTb+978HZGm+kTeEbgcPCXvkYF4UgcE9K2aJullFm/Dq9cgrPA7914e6wplDLBpY0kmu1ewwyyE6au0Dk9tTT/Zj7R5tAugXPAeJEbVhNy2Z5zoXNzXTp4bZOihWdQQq8BgV1rqZlCu00dNldztHtauQSAq3PMciSG/muZC8T1DsNAogVC7WzjfkT3zRfoze5PiG0UXhlPGgxVKXhJcd5htU85jMcNO8VVuu3c2DRvYQwxeUIFbOCqWKE1pSlfC1NaP/9mJxNsVjbhKQYxT1lbXVZ+Qon6M0V+j89ryQbY2kYlwE5c7yiWZ8ov4qglMwoZn3JuUIGBbonSLrEaoTM9yMoAzKTaXROY6T2v+30bnpPxqdn48e7zl0QlN+gCYtkSRWBch+DqPr4/ePJ40e7EuWjjemkSuU1nfT6+u0gnbRZ6ESDgCtRIpUE7V4QmXMG6Yb+sHslNhs44xVRS75nHOyPSuUOIDIAo9ejL55dj9DbN1f6/99fR0gyoxlLhVUh41ZXf1XRUmVgIgOzZnt5tD06edRO0Iynze3ZP3r72ipKwBYVSRpqlBZThWjNRdYsLneQdBeYmkayi0fB6fi0ydQZX4Q8/bL8oZuHq9JDpSdBca9q0nDuhVJv+83BS74wYJx2XNITOfUb6Rxo+tOTd6+nIzR99u6d/s/l6+dv4qkaz969a0rSvULO2mOzMp7gDJTSVxs9IF+8DQr5aZ2+GmNXBeLKq0avxhUIqSBWALaB90YAbkbmHJgkowqELVWogFv3Mts6xyIa9Htp7BcB7jNjEE8tiqm99qiCxZ2lg5l3F60hByA9trCQrJ4WicNxgx81BjiOmVpLfEsQzgTB6QZJzVvGhWg8QBIu3CnkFt0QRFjCUxthzUh4YZRRRiQUfrq15cAyghmET26tNrZTQBqS3EaafdOISPu1IALMOpubYYy1XkFpgZyxwQChrHkd/LjrEVrmhmKFh0udqNrY/xgAx6NJZ5htEAeVAjKlOJLEBsUbpqPCURo/R+Gg/YnOqfe07a6x/bax675xy43jPoNpTGsuuOIJ31Oev3YhJBYaao249pQz776OCnKA1I2nDowTH47jlMDzOU0i+/AdSfhqRVjqggxgx53XZvwPiLIZL1h9mf6AeKHiDwp2w/iaxabAh9WYCptkQdLJvm4BLz+5jDyyd5reI3uAQIZHXBv54Wx8Oj4dn4X0fm3L4cnGCOzwxnBntIcK6XjKwjN3UHESv2+qj44KU+HkkHRYiHFKmsWlHYccbD4cwIETUtJxuBkpKRk4JYornB1sPgCanQzjyCxWpoyVN+/o/68tRJTWh4+/byH2DictRrN95lPdpKAk++xR8xz3a6qFh/mb5pP+qaJBqTZ7aUOY0Mod3FquqVq2ZIsmfJVjttGaFFRuq4w6Pw0cS8kTaqIOqVrGCpBteIGwEFD43iT5KCIMgCpDCDOjUcEBGVYNKvH6g9nBDtpTI/HXoctHdXdp0/74xyH3yBrP1LySg/nmzVW9eUOcSXjN1zP2oYSVxflcmeQlvd5QbNX4ZnNB5vQjkaMyTRLuU8Zcjv8w1XwwLSQRE1NqHX4cvvR37nUF0ltcr/fjNesqr+tWJv003lafjE/oZXWrvs3ben+fciYNB+uxSPqmObU5WSF9EhJlpBJlCrVP3w0RrJfrpSLv0fjR+OT49PTs2KYA70qkwd1NayBDbEJAKEjeBj/uUg+jVXxgh7FFZoDt786PqoilzRsN81D1KVbCQzR9EGwjW7nZt/CNlJs6CnKaTq2AkgpvpAvsM8hcYQ1t6nshUwnPaRVSsMj4DGdeSX5Hct0d319qYdGrZn9XYLCdESwWxaolBfwV3qAZscdyWY4KspMkYZLCtX+0qpDHtx+OjrOjETrSolr/1+UaPj76ZVcR12NYkVMYWQckpCegBGcZgdvHhcArG/gnkKQrmuF4Trv0svXKrRE50wcUIyzZMkTYge8wCHMMt9qNK/cq2kTtm6HvUAGolqwwvcng+chuMeUyZrAs92xLvFJYbd0Kpavgx/5KjausXi/AqfxnUN/YiIwqNMjoytjf+zYeqE3hnVOWWo+uk1yQWAXRfaVrv4Tn0OsvYnd4n7Nqj3XOuGL0rtVVbLFN8xwbjG5iN7JNVRcaPMJeqyxIT7khsitRsjZ/XukAs1bMuyhpJ60M97icW3uEIPIxJ4ISloD3XEpo/KBPEg1TkBSqR5ji4SP9UQBQn07WkuE2646mLhfGEQhBhW7V4R1J2QKigG198zqllXr48DvyLZnNyQkmj5NHP3x3ls7ID/OT0+8e4dPHD7+bzb4/e/Td/LH3bXdcT0+p23mDQjIsFU1MLnVPxcSPIHVcXtXvsLuoo4yYEdq1Rh4mjjuyvQL20Hs4bBiAerIIwDJlus1CQqEEn1jXhm3qAJr4L9cMK4A8BWaa7heFMyzkyopIgNaCV6own/UwiC9sKBVAr637Pgp8J18+HJ+N+0Yn1JrQOZb0pXwfvqTSJNtIczvLbxDWKq3xahBlIu5DYV/q4kFJZ1RnSn9+PlF3NDcJB++P5gbWv0NaePqD+7t2+Pu/tQzYvNOj0HaYM2QvtHseuZFwQLgiP0dBlmvjJqB1kZoFSg15QQ3c3QprR8tqt1PbnmXi0+sX2a5RGotkbEfXOxsqUie2BXGtyPYBcFueqpXWjhXWbjJOa1HtekltNxr3/DOmeERw3m2ORwPhXSd5NBDeTZZHcyIPnubRNpLDLFV3bexCZKGAfv/uZbd0fv/uZT1/BMNtQ0YU0U9HRg2XiT6yRrYLGIYrGHvD4CFxXSCq2AlX46zbvVyIbPyHqd51JSB7Go3RXwkxQSFVczSvTNZ6SRi5JaLMpK8GtKPNNiDCqWOdnhdZppfDzFAZrNKnj+BUf7YUZD41idAf4GAxMH65t1Qql+cPHqzX67E1AcYJf7AoaEoeEPYgABXYCA8EgbSYhDx4PD4LXzQNgOy8LdUq+3rih2VMNA9M3AE3sWnZQt43w7MmRKhG1Ufqj0vzjyJSxcc9dmnf05pBTxhUPtJLrbi2gRGG2J0NwguszbjWWKhCZEgqmmW2ulgVqWUjjjTbaLNR608mjzG2MtWqMFTLTZfG85hjYTi+coi6TKvElHgJbWrbY3oajlvvGBOUJAOFI4gE0VxQccD5o0cPH5iF/vdf/xQs/NeKN8NGzIbej8mvAEbpkzBxtNXePgIqj2I5TdCvELy+51MXxOVqN8FeB8itQTDNwIm7KRPfHFI14UfBykAgHwTEmWp1GDhqhTcIdp3NN9VaJUsfcAHKnw3dyTZGxoIfPgDp5SGNTRN1SNeQxKQw+UEqYOoueBlCWGVBBYmrwUxWY2lMZ7TlCxQUC7KcupyRnkLamMZHjx7GY5kfPWyS4le2GH5TDCUmWpfT7pgjn5pPHI+m+cScpU8G17xoq3rhEwsCco8J1LvUCFlDUFhl0zwx91j1aQ7PAzflNeEUEw8gGP4dBAP5CPV9vYpLPkZIfTRbLVpbi3ENB3ZLWQHfG4vLnDTPMODUprJ7a1ST1eFEGMPc3ncxRFa5quiCIZg3pgEUA6HmQiszVilWpKwt6go/mfqin5dDDdlaRN8Vn84FXqzCQma73IFw4Qcx6nMfz6Hsql6Qr6fe3lc8b2W+r6OnkiOxSbyrw7Ef8e8tlNpGaqLLsZQ1sDtVKjJQoui+qg+vZljIgS0Yy+IpdUdQPJYFXnU8JUhGbrHHGoojv6bvc++SGt8ahwwBi9Z3y+hfKBTq9V1+gGjpSn2XJbhoOqoMIgYhUxtLj6k4bkpp8XlF07KKuPl0N0Rvar6non5jVDpnwsLhh7v/9V0WFY7GlipNIOzAGzMSstFNlVik+A1h9DcS6exIVpjumHSyZcMZ0GF2LjpIydjtF3uO+Zbh5VqjAol5ESLzONusoKybfiUy1+/L2nIQqgXeXhe3Ze9FXBhIwtncMEq9xVUtJrus41svKujLBxMU1pQSyP99mKwwIJ3EqNzcWs22cSQzwdcaiZNd+tuNudouwcklX9t0nDWZlQ52uFeq16C39ltREl6LJzqAH6G/6vWeWXJuw3sSLwavgbZWvmvvLV2WBWlvmXWAvL7aRdBWpCv8j0ibrv5RGa/097FpRS3TuqJsP4T6+yEIc6ySPnKn2/RJlkNwDo13vFgKvupZhrd+TLTR0D/JvSey9qjYnbLD+zNxL8R3wsj9MN8FRzcxf4XQ1+iarHIuoMUL/QgxA0Sh78YnKMVyOeNYpBIcc1bQfm3DUQqp0IK7+D+SyPFmBW1ZwJu8ppKAF1GilLNvTOOAMBS7rBwSSG+c0TJ6SFve55YX4fK/+X3NtdQNo3z5q6+ONfcYGF+VJ+Kfzb8i83rh0jITvlpxBt+VIdu3mGbg+/RLhwMpoLH4Z1BAu6thtP28dW+a6F9VCK/nTH1Vw1JNeki+99fGJtWuJo6qIsVHwUx6JeWideaNWhK8VwqgJ8VC88jZY7VEZyenj0fo9Oz84bfn3z4cP3zYQ8mo6ibXimFnfIEESbRxFNSeqg1K4TIotAXLEzGjCjhfv2ssCGv8S6JQToSZP7hR0SaPwEzWWjGZuJEAsVnwYB6DhtwdzbhbCC3ZD4QzqIaLQgDPueuUgIKgW19DKWpBYvq0hdHImq1qrVZdVz2o5A9N+cZblK39q+cY0sxU251rygZUJQOC+olbNnHmXodEZ3+PBrOY8cUYql56Xs4Y8dXO8DPdOzgbcNcCJ6Fs+hrbuul+GnWQEo5nUKabmPrA0RLKz6vCPudo+uAWiwcZXzywMj/ji+m4OU57n15GX9SCMQYN8arMxayP0dVCKAeKHiBo/2iihxpUmaJpAUneGbjbvNtCbLbHDRcKMuIZ1PIQSiKsaoSENQUaZgJdMC7IBM/4LTlHJ13SsoM0V/jTlQegEFmJa8X3zUIH1EklCF4dijv1RjIQjdDVJGgZUNaNAsNs5KTkN1KlvFDfaCNW/50I8U1IHmV5YQ/v3SYGAJiaVzVuqjipOgFq5QdgoblXNqCsElficCljttArByKcVmOQyzD3umy0YORwbFH0tE3qbRVaBul3ErA3nDnNCXAAWJj1dhEBR1i+kSNElbnWrc76oH5G0ALiXqNIMxSHbfZxcPv0vpkRT5GwN1chL24kyEyc0KxKgzzAvrUAYz0eXPX/OCnu6cFIqTcbMHiCgLgaCa5p2STDszLF6SDHyLJYYbNFQRNwiLoX5c7JcIhqZJQJRCbD5JAE+F55Cz5ylsyzrfpg26ELn8ZiH/3CXOOyrhPJcC6JEQBtjNemg5lPzXZ0V02uBpZfmwvK19Aso1Vx0g6KrJSYZIQtaqrMdpou7NFkPnbTYMuGBUWnAgqabseeYaJcBsp1PUCwTcucF1nWHSwWsXYLpmgGTZzKm4NycDZaCqJXYnNrfJoQQSCI6GDolnl9Z7+0RxCVQSm2cd2cclElM83MLgAr4asHg634mrFSdZLcYkQbznd9O6NQgl6m3XDsq1adTzJepJVCH9bCLAuWx/X6V66cORwKSa2Mpinmbo1lnKYTeGFS1kC3gsk0oo7aAfrVMXw1dmDri0OSLQZtEDsaUDhGb21Cj1enRQMcoUViSnOmdEEVznhCMGsopyVtLlWmioBv1TjMi+jyaVDp2BYY7YHBY5ZtOFitUvB2LPaFiac0lvNcFjztxv7KL5U6CLl15pij0nPOlBQU8phgqY5Pky2+BQ8QAt8NrfwyVNoav7LFIROyHLgLylWtOpGYJ8cf+7Oe/UTT8oLzRUbMTmvHbuJjtwmyhdWZu8ZnN3oK9cmrnf7U/TsC3NYyh1629awi80zvWbnkQk2MMl7pDJglSy4cvuNyl7c45Eqy4sdOV3i5KbN+oGzCytCikYtWD90q1vp/Zz88gAsrBIPuPytoppCfytwk5QAB2iVOFi/3X+IC5bWZ6h2411C3i20LLZcwEwZPybS2GUDYCCAC5JLNuc+o1rYMRU/Fm/r3rZzpNyLof78px71LKmwJL6v7l7+RtYoJ5SzdFDP9wBQ/snP1V/+3CKbqedWVJDixK6DIn6nuTV99tHV6A6KHTXLO0wMwvzcDOU/NNV8UVbGviPEwveUpen/5tIlI/7/M8b6X1B6qCmITGU/JYWcQOlDFp7Cv6OiHyEBDK5w3MUFAhomkOxQ6D2Qc5yHFsYc3CSRzF9oDHEhRvAaulTA4x8mSnFXi5eiJ+eUoLl3sU/TKmSWh2LAeyJhYqDChIXcoDqGf5NJRtiTxSsbE8WyZsvJKw17buBPH0aEtyqcWD7hu/UjVzhhVsuKKhKUau5Z1C51Aa0YJC6o3clGmBlR0RcmZ8XQzkdpsrBfXQ22348i7nox9tIVacCyV3V1MqT0vExqimqIVt6P0gzOktjNR1ER2f4ypXAaGRaE2qqz3ARl4LyIQmulqvYkV2TgSWBU6TibNaI7eVMc+rRjWrEY9jW/AlHTWifcxBR6fneY9CqMUC4t6y+h+jOIqv9WXoJ0j2zHVZRBqkReoK7ptO/HRAbTAaQsv2xFLHExbSNmuSKJg2sLIdkQSB9MSN7YjjiiUiMd2ZwRcjmMe3DqiyYFWPxLd1UR1GB6IhHM1UB1mkZrheTVEMeG8G6YuMb8gvEVv2EWqtGbwDyHdhjcsCB9vgdcjiX9nxFsgdqTz74iyFVJ3Iv+O2LqAdaX074iuHdT25P79RtgAGIu7Qrvo8zZZprzdNnq8gTtIf6+3MkH76e6mKJy5Xw77m0QbUpSrDSr/YcloFn8xWEz4XhkKYu5q9bzFSYt1CmlJAuhJWMYXC5J2T0hYrhB12S49MLqSgJdP49jUQbGpJQQktSELrv5CfDuvtYGpx5kWiQtVqc+z8w0UKVWp7xqAH1o8A8YjAPZyjoWEOEd4v9xl/V0FDjEa4imo7/QadtTVpogvDiljXlJWfDT4IVACvYaukplfkjrlCZRFJSmCjNwZSXAhayUIl2RjXt4wvKKJKdGIxQbNNhZ8FRnd3w+RcJFOaiGkPdmnC6mnFWXpBBeNrbIF/nMjkKntU23bNbquRVlqkV8+NXnEzjEDAbwQRIQUbwAFGAA1Tioj60OTysi6JHXszdrl01oedJNYgROC5gVUfXGQeTVK/ROirlmLyWVTVR20exm9aR7JM2KTvgTn6n77gsmh/pyt6yWJhGSJw6/YYWnVC1bROnbNn7yEdUVJrVYFcrm0itcWbLbxgUWHIMmvBWENg3yfo8TfmA689bbFacBJssOJbFKZElC8TSBCrQmDH9AVQ9s8rvsoKE+92/awbHcA+y6BU0VWezk8AYBtN9ExQbRqmTAAjf7KBemylCZYla2Y4REvykBo0wOlRtc4ApVK9xaV6Dci+PEMS5L+EWEb+svn6ATa2EIRXbuZ5lRIBUBb+O5k+OgMTFdI3IlEm5yT4CyLoxK7eKgFkUWmvGBUhwO6BSTWyT7HNCsEaRGnw8z1bU5+dyHxgvDLt0Hi8gJDNY8UwcKYYsAETY3iM9aah9brpw2QthrIG5ZtkI1atseKRfLML1mC8qzQkpP6iVn1nGlk5GFaZ6QD+SLi+m6P2UORiFav0mArWVuN6sNSBNG9bcT0cSkclByDsGN2+npy9qKqWaaxjZ6t7p1Y1caB85O1VHJso6mvp2SvKWqUR7SWW1ByyDPgGkW0IziCd6p73pidVkeD+ptrrY2SIgEMAYAjP8hKv+3XXq7KMt/+9Pov8r8eHjXMuvp8V2k1KfnYjfkSmkTpV+I45zaN5VgRqY4h02Uoftp6sW+x0zSOG795sXi6nr1/N7/4+7ffPblKfp1dLNb90cslFmkn+rJuDrwap+KkP0I4pHY3ujs9dXjTuEsMBwMbWr8VZkBRaTVo64xXJAUtQo1MoipUseMC0Xxi6u8f1bBUM6G/qj9t3/DlhtLYt5rmQL4LxLW2+BIrxJOkEJDmYeqm8EJOTKDCJCWMknSEcKGW2mo08nKi1Rj4ufaW+edCYKb0vxPOmMnYiv7mPlN4lWt1ZFIWnhMFm2APkP23+aB98kL8w6fRLN/2efwJPC9eLajGwqN7zSeuFsu7Z1fX6MnbS/fxfZ9Lyu9MvldC6G2loVWvadOdkez+yHSEnkC01T3jk0u0mq7/Df0hUp/O++1zV8HZed6sM3grC3p+41oiYXPS2gmGpqGPvx+fjh+dxUmu6dJV/hNlCc0bl29NQss30T1Xuey+2TJmA9S2RTutk3JjDZ9cXO9aG6fV18PMJ4ZSzUfkI0mKzslMskIqIs5XnFHFxYMVpo3hbCe1EHQrncD9hKWgVqH37y5biXow+Zjj5OaBJEkhqNo8mHjT3d+9XSlWwFu9BaTjxQGzeJERLK4SwbPsnfl6+BxatJMZTzdbadUvNap20rmtANxBqf4wTltw41LFk+SCtFU23/XoLa3eZHeYCL24cClPtVC/GEofLVQiO5SxbT35ZdsMxTVhgGKoZXt35pqvAb+4cNHxWlJECfWWvxDm3JckaSVtnnG8o510UaOkRAguQwF579Z58xd8i9EtFarAmR/IHydcJqKYTeRmNePZROk9AamgdzUO9BYX0mZwU+byQU3PfltE29CCgJaI96xGONRU+wSE96DblK7dRvea4JuJIHM5sU5RoP8OKb/WNMtc67IVRiADlXXcpTeodtJzLHCWkWwiiEww+1RUe/O9wpAUijJ6S2x4OjhjM4JwnmdWy7D18fO86TTzr/uxlJOCZdyWP/gEIzHYgF8YXIAAET1nP8kLP0u7SWNMKPek0TX8u3j73vC45Rci5lysTFENJ4AiJLaLbFSP4oxPMto60T0Hov/UBsELBX2JIUEHkoFiAwhqEHwGKm3zZI9I1EmlIDj7FGRew52GrRJQJxpqjdoOH8b9W55SYLZAlRq4x6OMymXcpf+P29VEFKxlC7YPpE8UCHX1Pf/y91eWGlO+0+62kemgC+A1lxuVu+tyzwSWyAnc9Uy0lGkTHjtT/gKLGV4Es2mx2hsmjdUuQ0xolIysRSCcLo7mQ0+xJkFxfgMdEoEoS2cnXV6ts5CEnUJvXlxAkI05ehctKJcEH+zW6EeCc+gSl5Q1bt260N8G67L6m8nNrFWoN1sl9CQTlZtXDx7waMa/oRmHBJH2g0afTHdG0nsJYTk47yDGj51YkHj2xQ4L9yZLXcgdVEhKkiLHLNn8/lcQFo/PIfTDG8HvYDlb53T76m54wRaHXN//1AD/xVd4Ux/D72CNO+Y1Tl0VjCNu27u8HF2Z1DRXK655wVHngeY6Vdemq5yzevhuiO4lVCCz74Wencrrw8dknIxX41dE4adY4QtBsCJwQWSbr4Zfth1cUc9NnSJzdMUANrm/y08DTNO1V47MEr64aHd3xV1d/XMgSpnNmgZKSEsdUxcVHZFbpTaxbga6HRxhtZwTfkvEkuC0Y13bmCu20gGicuNkfB0GztZ2jnnu4uJAw33W1sW5wv/h7OT0++OTx8dnP1yfnpyfPD4/fTT64eHDXz5cvn7+Bv3ywdyUGhBjS8QYGrb8gj7cTv7+l+U//v4L+mD6J8N97OPxw/HJsYY7Pnk8Pnv8y4eTX0Al/PBo/O1K/jKCf0yg+pf88Aj+rRXnJVXyw+kPjx5+q3/a5ER++GVkiqfAX4AEuGb68Lf3z9795+T6x2evJ8+fXV/8WMKA21L54VS/D2kPH/775yOg9uej8//++WiFVbKc4Cwz/5xxLtXPR+en45N//vOfv4z2kTcQ1i26hc3CJqK3cUN0sudEhau3XcToCe6gBJR0qko93froqyZEbfQ9PDlZyRgptYyDkg69il2E6OdDtkb7kIFPOlBdKawo7IYh+FrG5fFiF0oT1KHfasNZZ+SBYwYWn9SbcMVEQ/e6DtgkA2YJql1OgtbOMfKe6ddcg2Yv4O4A6+QJmm3bAfaCK0pobdUWCh6dDdyMTrp10WDMMqoOitSIw61oTTfI1MSatBFwNowAwQtFayd0iPudeaNtmeXJ6Y//dfa3P9/88I/1o4Va4OeKDdsetONAvkwPInW2SIDrjq2f8qQLl6vchHPBP268qDL7S0s8mX3aHUlWAUXDY8gamslcQIHNtB4yGUDxb9HcB+geFyiDXrtE3LcBDWX0BhStNz5oG45RBcFEGiHPcHIzhAj7fpSGNZZIElsES3G0wswrL8acA4571TQiFJkHvQnSuporzaG4F97hoTSERZt2mw2/xlSVl0dBBH2A12x7d3PlizzrxbVwXB3pWywoL6QWFAVpFnwBhbVBkRezpMEdjCaX2BIuBZEKzzIqvaLyTBvRdXuzi2KwWSci1OQjRNbrqkCE0Yoqyy5eTmdQkZpKRMxb454EwZTBpN/NSg6iw+0wO++fYx1HtswtJFgR03Gv5xDsbuwxmdXq2uAQl9uxJoJ4ImlG5qarH5XI1sf0qusAor7Euam9e+ospm8kWmR8Zs7+AXTSARLWSFXbgcM0Eg4l/FaZDunPk2amc4DS9NawL7nk2tkG/fjkLZyE9XYfzbGC8thkmLreGtU0wxVakhKt1WfdXPDYriJiRZmNEVFhdFYA94Iz08LEMpjJd9OHAdQsJeHvhKVlLxkUJjgPG47+wARyBae2ZqiypuK964u3iAso1HW/6wxolftlxo0TTZDvAMnx3tcQnXdbsnEkeayvvR7GCN52xqzWt1zCGQT9MhXQxgOimiuiV8owZt1dG9tsKKJbHY7IchkPSKUVKgcgcolZmlXFM52SdkBaGwrBrqSajv+WLXkg+w9Irj3luuh97VPqTlL7HSIfc23bscRNKnQVsVQBmWJjA8Xs13W9dju9rdUyQosr2orX6kkpd9URmgGnQx1xtQDmztuM1mIcNpuTUUXLahxa1IXKijWkas36EboM1oJKdEsxKhj9iCRPboga2f+aLkhUuu4kzX76ZZxV2DO/vfJLUPMFvvoqUo7VSKp4u4E6TAPRSVwWr+8aqe3aDUd/0QCTEqnsidjGRk+rV3xn0R78MnBqPRrHtU9bOLA/PBqpjFpPbx0c6zs4pdVsgTHNm+yIDprGWk9h7TqsO1NX28sgDSmf1TPhchCyDkhb8ikHoIlC2J7POgBDG5BtGbxD5ioKol+C5/CRtJbAWirVuq/eZkRbEjhN/d/7ip4qeC8iMlz1zvajywbLmy7epZ8haGMTkTrDbo3bSofWSAGk5l3IhK16egbejw7dITITHjPhXBWCpJOE8xs6sG7OG3iCM3Skgf0Jaicc2Yb9tliDUTVwoIAscWpOYIPT2RllUdWeFC8JTokYWAjhJZVQAsF+XEKrE4HSgrgZNhK4MjCP7EfVywbaEawTWdmgad8CiC9PYBBGGbWZENSfT5vf7sKmn5RBrE6/9FvXYscmUISFKlnvevSZ+MTkXvVjE/PugbnE4xO8dpmpk4w2IkBqLgAbMOxzCTTw8x1+plqfWvJ0FLQUg49cq+iwoX4H0R2kg7fTGHaT7io05ubQm3pBVpgCh5TuCmsjjJxJIb26MFEvqQusdu3Tqjovs40itcS1MOMVYtrcXYJ7u5QI1e1BbHa2y2WYF3Dla7bnhZqkWOFtUzTUHVxdgUht+mNojBaecyPEuDJqmv5SU7H/mA44jJBms05luTp74NwLhjDj6eY+wnNFRH29/QUeMspyhEmrPqMNWgi1A4NgHxOqlrZUm8uWgK2+ExzbEDhJSK5Chk8yHuhALRdRvwsq7fUuTShbYO929xJ+aLncNQ+773ZLiPF1HFQeJCWzYq9SjW3tHexAAP6gsrC11qwhYTvlClzZjroSraF9uosG1ZLTkmnvFLZWi3UFZg9HXKyz3hHM2tEIHTGuaEL03/yomRE6WmPBKFscoUjR7qNEUEUTnB197rqyJUbXn9JHdTgm0+C/8Nj/ch6DPK/iMG60OJtZDF847X8Zp7mDnEr/FL+86l+3+fLyqkx4kOO2Y52293drodqvk9zAgboiuu6mr5OmYYdOThJS+rEqendN6rGKxoNVzDwnVpyB1pQ9PDs8/p8oS/laoq34nQkdU1j3I6Gs1BJRZlskAlWk3cm7e11+qmwhHq0n07LxbkfGbTy07gC0MC9+xRqinHmxeG4PWX+Rts3Kiv0tLQRiLqo9qbTt0KsKm+CLkqaWWmksQk0bzDZxuv6FOpI1yC7N4d8T6WY39eilZpm3pWZt+yVG7aIwBvp32FBN/y0KDhIObLGWHeA2kx5a73OHTW3j86BWxQ53XN098LobFW690mphhDvv8fbp2tXdZdM9171xKFwu1Tj6bcArX7rTtSL50p3uS3e6L93pWjF96U63A+Iv3em+dKfbzSsxvD3dHbSXvq7uBquo1DanAGBvVXR3cwhY5FApuYfxfeixW0Nq29gt9gOP3SLfOvatyujOw/ejGNp8ma3GXRxrmWv64tn1cIKcRQuEGdxxutrswp2nIsD8/t3L1n4zWyyQPVyDpSeiyzOHJWeTfCnaKuLuxwsGPjLw4yRA7tYdeMHAU+vVzsw5zwDl77EBTymKY9HK6MARy+j/scY7X1rL9G0tc7frZpBE9hgapN3tTYdGsYWKz9pq5wbPb/xwmb/qf7dctcGzqq1r7FbNgUP7x8rs2dTUEJvxBYQ99tZDFV0RqfBqoJB1hVDh0yo0zaGPi/lYS+aqnMVPT969rlfO6nedagB/7kgBFIjFWOm4vY7Vi/Im3qsGYFuF6vlv6z+NG51Bdh081IAHgINIgC6phzrcEbqGpquUdfBbj9M0Mi3oMIKnNkumR2zXPKGt3Iq6Fq0nWQi9sgnuORZVc0lNXTs58yJrd0btQwt0iSyyzE1PfTWdsKYzzHxpbX5oEdfmYXdwYwkR/csK7IMWOv6rmbPtxY7r5QX2xHth86EBrOZGQ0ir3Vrv5mtQm2L9tUfmx0lInGWojC+kwtLvsed+amEq97ibrTy46OCMZQl96REaTsM+rc/d8Ib4rg57ppb2GvSaZsc5Fto40xsjhqhLmdjTai1VCSceLf6RS+wSxqqHnKSXfPHoH+b1li1TKo4HJNHARFzYI2ZdtkSrdcLrKjR/oIWL5+OLgjGTbKNReQTq2d1CXsYXExhH/92+hcYbsrFd+LOCmHDxhSlmVNIeCbYohV6jZOrgDdcE8WVnfdlZn3xnte+q4dS9w2uUFqvcraW7bIwgKW/SwTN2YEejXyrKIOjCrZrdJffhGNutrsJ9ji5ZXig5Qs+h16gcoTeF0r9onrrgKUnaWldwfjOhLFZmdHdH9DOoyAtVRqBfiY01dy7KPtGaji6GWSOC4M7IAmRdVNnlzLHALdGswzn6ynTZKtvkeyQlnM3pwvZF207QJHpI7Xd+Hf9bSFlAEjiTXbUjQ0rkQOv6i1WNV5wteDrzNGP7S/849Ff6g6d/3h6LXuFCQ+LRQ/XVw9YISK+v0Z6HeOTit42CGBVbUiK2Maf9pjpAY4d36Ue7DH5uE3HdjqotFD0vWGJT4BOsyIIL+ptt4rCFuIs3r149ef10IImssaN7KD7ko9pKDmVUYZaaOoODiIqB7aNkWB9Mp/vKk2Jub27kr5m3M19trv72sv++1Kjgk3BnyiUXamKkyTlSomizbh16tGvySAsBqGPHHj5UIyRkeMTGp/SUGxVvQuMK5fBj9wlEm5uRfzv+bnxmFW9XS8BolDQdo+dc2PdsKIFEuaAc0um9LxsYYOZgr5YWh6tmSFuu/bdcB9ikrY6Bdpsan/s+4IBG5BZe1hgGsXIhuwsYxgdqkOlvTW2TBNrYpFXTh5aIF97d/TmOTH/l2pQ7O6cDtVsF2hL60ggv6BPE0OiXfgBCTNKCFgjjQ/clrCoLVNRoHX60V2/CjCc3d0IvXvHCpiCFNK8xhbb91jbQBGjpMyNVWMVYQ2hANVoylXuNV/C1hLSmA4neMPNHQ6+qAFm1vWPzADVaKFJGDnUYRCiSCWb9CGo7BfchBupaVmekwjeEVTJuevXsuno67SKumdLTL3avbG/SIjwOOfNeWc/LpyWTW+xW32MLyj56+t5r/e9h+h58sqO+59CjffS9CAGoQ9+7m4zhipAd8ob/hRIc47LDxbVNtIETJb89Q4kRtebiZjznYo1FStJ6uO7dpp/dTarc7zC7sTNT4y4z1z5d/t2dpxK2p8l1M0pbskw7R35JyGtF8iUh70tC3peEvFZMvWTMl8y8FsRfMvO+ZObto/0P9/YeOAjC9BgyNzj3yHgxNiSNkCs/db/ltvNgtufb0htLmKJzSgS69/byaQtedUCb1/qWHdq2iOmyxObBUF94HTS2oD+8W5j4XaWcYc+lc1E40/6NLPuqRoBao5p8zLlQlX9mauFMu5MTKmxo/6BEQWSRbS/x2rlFVyvO3Aatj8nAR6YNtCSq70Y9fPKanwJlvahLrKoyTebqBIJd4syEk8jRsQdRz7lAlCUCymvjDMoVj9AKixsIU1JLW/O3KimF07ThLkSmtNOK35J0jC4VSjBDMwK93fgcHcE3RyN0ZN85GukPjiTDuVxy1VIfb8mlmlS767Ar4ckqJ8/hXiCoqGW53FiBiEoXJ9UMa3/NxQpn2aYE1MxTKq09Rj+C1/tAouh96OK03AU85LvnkaQssVFnOU+WY/ReWld4wld5oZx7b/ofnkc04VmxarlvSHBGWIpFdDDFzqtjI2YEsWmR5fW/CVDJMtfiiK4I+OCNV8zud7tkpb8z51ItBAkvud+aHwffdFff7ej+DKhBuweohITcdYxK3f/aNg3uz+/mqpuuyG+8u7x/O6rfrPQq0X6a+3RfnYrLj+YNa3W1jdMVZYMutl2oYwNs6UrCCs+aaeQVztXGRHINRhmF3O8K//mT6ycvD32Bn8Zi8bquIit6Hp6MTwaR89QF2fE5wkMvniq8V89ePru4Rn9Az9+9eQVrKP84iI6/wQFXdtj4zJVqBUmDWrXv9L9bZDQ8686dceDQZ8/IMsSW0rKnsDyciXbtBc1cPnWnqaEq1kyxuiQ+dDC8hhjid1VVx+giUBunKywVEdMRmsoM3xL9l2RJs3SK7umT+d3T5w+evHmO1sJ0t4Bn90cx3XSqFQnKSDbtHy90qLyExrAgVUQP5paIGZcwLlNgegp68dQWlW6h9U42YwPqAUOMrlwMERTVNs0/b7XqqU9xwwK3FCPsLgaDvssVmM6mS6shtWd6XaWvVpiliEBQeVv9XHdgjA9Wf/lHmCq2QFRBgA10HTc0WP3X0AVR9onojmc/qPSopEbHYXVDDliSXWO9IZvQJHMToE3R7sXB4pDZrBBWJBaFPiSlaa0VJyrBWaZJsiea3EhFVt6RdgU/9Lc7DIAd7Y1YMdDYJKQkNvYf7Ydu4QFaVZHd2vk2MNMU9Z86ZFMbigS9ncFENQORI9NDqMiyilV+LXCmbfEUpRxaYmgIIAuxcZlI2zqgdOnAZbytjsVST3NNSUJT4tq5m7AtxfX7lvLyQkQLsHG5RWKzIsivBRUkPUdznJVqagujVPvDQI5h27IKg/D5KUoxjCXjoX1CbWLch7pibYqgovL+ScSUFR8BapUJcIjI6m13+N9UTpBvooDvrDpvLvhC4NVAuEEH5CjYlsNgO8j6l330kHaoXdmhEct2eFBOFLKU9Uv5oXefnXE+fWqLLAm6uvoRWFnrorZ6ma1dV1MRj3IspRYMR+AnzYtZRpMbsjmqOx7L8dEFw6oQzeu0XoSVn9cajRvEWkq1IU4Fz/NmBFc1w5EHvUiqqk2CLNBT5ze4B7e5Vid5TpjpzbBakZRiRbKNo6oliK07dbX7/tFwnXHQR33xrVHhfeDGA9d892GjsOQAsMHXLRhiYQJdm6U9VGBAsMC2K9/hAQODQgZ2Qr8Vao/AgR0Qd0DrFz6wA85ugH2CCHaZ4Q5w/UMJdh9tA2j8XClS3vtg2XYVZ1Qfq+omYPndgrXhMkHcFa3GOnVGR7/6VG3BEOZP6U+E7JPXb67h3qhIebMNcE/xHVxRa2gJlsaC1WBLg2mOadYsWFkqb40GXz2xX1//p5dSE2CkbWajJ2XXO57via08lFJBEsXFZg8iIrqQt06C8+ZB0ItGhcWCKJtmxD0btk6gXFOVLCOXnV5+7ypWgrTfVNX8K+AB0iRsCTzXdOM0rsre6Z6ziHfcdkseEWSdfnmXqgaVDLLUu6ZmZG3U3jZdcEkipdV6IEvJHBeZMgA60LXgjQrr7cpJPKzeW/GG4dIbauPLUsvZCWbNY9AWaKnf+iws6jDvyKM7rl/Ds9GYkMNMtufXuKuUVwPa83l8cTPU4P7LuRmsF1YJTOb0xnPDXptfhsV/2I+2VyGp8KF9vG9RfOizpLo5UnZIdruDfhQX/XpRdF7oD78G8e/sXQd1KU1sXEusV2eu2c4XEaC9gWMcSvSsl4ShGZY0qbuXqIxUhA+Iu4v4uktTpOHd8wt0+uj0oY21U5vQu9Sy27/0kRiSpXeHLT0+dw+Lf6EcWdQ3JXHfrhsGdMt9Z2sC4cHKO4LcMcGwpjfmONrAImq7ms/aulowrrzOFlzAD1tE17CMySEjtsN9Xw3XtO841GiDHh479ezYkt950F4d+XIjaYIzi7S9pvesoFkM54FoAvCOqIoVO0qed+YnRmTHAGIAthOgg4jqzGTckygNexeiurNf9145AL8LXS0O4G1kVUXhliLmedlpG/ShtyP79qBbkudEmKozxljtomhLmu4dbINh1H3q/TCIuh0Z8G6XdFvqcEv7BMpS8jGMLRlI8xtXjtdTBEyIzYzMuSClsTzbIMoWRKpj/eaxebNeQhTtnJ7c9yz/0qZrwKyhL226+k7RlzZdHXT8btt0xSkBM3wCXHxAI9crgmYwyCj6ueBMEZa2+4h2i+j297DDAUInbmnj5EYT0ebk2EJDlIJClAX5LXh7GeocHxR8i6YA1Ff/NwAA///zmG1a" + return "eJzsvXtz3DayKP5/PgVKW/WLfe5o9LDsODq19x6vbMc68UNryZu7m02NMCRmBhGHYABQ48ne/e6/QuNBgAQ5nJeT3KucqrPWkOxuAI1Go5+H6I4szxFJxFcISSozco5eXVx/hVBKRMJpISnLz9H//AohpB6gCSVZKoZfIfOvc3gC/+8Q5XhOzhGeklzCLw7kC++nKWdlcY5OzZ8RPOq/mxnRgAwelLBcYpojOSMoxRIjPGalhD8Fm8gF5gSRXFK5HCA6QThfDpCcYYkSlmUkkWKAUiL1PxhHbCwIvycCkXuSS4FYjjCaMSHhqcR3RKA5waLkZB6+MESvPuN5kRGBaJ5kZUrQXwiWYqhHKdAcLxHOBEO8zNVnBhUXQ5hBGNXwP+y4xAxnGRoTVLCizLAkKVpQOVPEYpoJxCYwRj0XvMxzmk8VVPWjIscbDEeLGeEEHsGw0AwXBclJCmOaEX9EaIEFjDMfmkmfMCZzJom/DHao5+hSo0ywIIomGDKaMI4yNhWDisahYgJEBZrQjIwJlkP0mnH04urdAFGpHsgZcfDDYZnlxUVxpAZEEzL0GIHmE8bnWHEKShkRKGcSJTOcTwmiEwcSmIMKJNQ3csZZOZ2hX0pSKgxiKSSZC5TRO4K+x5M7PEAfSUo1UxScJUQI70UHVZTJDGGB3rKpkFjMkB4TuoaJt1MolwU51xxuJ7W+S/ydopiCstz9jlBG7kl2jhLGiferBntHlgvGU+/3lr2j/vubBh2wzzCkAiGiV/ccPRseD48PeXIap1P9/30Q+V6xSieFShBQoZYTAxVmS+Nc7ZgpvSc5kgzh3Hyu3zaPZyQrJmXm84Zmc24HjuSCodeGTxHNhcR5QgRSsqS21YRCrvZbAGtcSiUVyjnOESc4xeOMIEEKzDWbUoFyQlK1AXO0mNFk1kQXALTMm7C5Qj7hbB6Zk8sJyhmyGw2mQe9A+xObSJKjjEwkIvNCLoexRZ8wFl9utZL7WO6bZdFjue12VwiQkHgpEM4W6n/cOuA8RWLGyiyt2GC89ORkKUg6DKcsd6LLrUD1/gJgGTRjUr0CcpxOFKME4NqZJmCYOU5mNCfx6Tcg4mtA032swKec/lISRFN1Uk4o4Xo51PaCeXhEJ4jlBJHPVEjxOLI+ryz5SqjrQwC+X9jVAJFP0+iQn+OzydPj4zQ+ZFLMyJxwnI1igyefJclTkm43Aa8sjm3mQIukFOXqOMqypTmEBMIJZ0IgToTEXCkaSj7calan6a07tbomZ9JUqMZYkFCf+kv1i1GnTlarUwoMEkRaVUrtq8yqIVo4KR42/CtZoacejmBB7IvqlYTN50of0sNVUNRSgK6i1al+56E/xoP/knSu5m1eHDSWOMVytUDi5JeScpKeI8lLEpvhg9Pjk2eHx08PT5/cHD8/P356/uRs+Pzpk38c9GOel1iSI0Wm0rNyT81inE5prnS3CLe81jqSVTSlOc+MHhsHqHSzKckJVzAHSt4FIJXiA19Q/ao6eiKYP5oZ0ZMOB59aK3+JmrIfT8XGkqea6R//eVBwlpaJmsd/HgzQPw9Ifn/6z4Ofes71W6pU24lFIkCkq7Ne4ikiOJnpYbSMIsNjkvUdBxv/TBIZG8a/SH5/jqqBDJRqmtEEa4onjB2OMf93vxF9T5ZH9zgrCSow5fX5V/9daL3FjhSnKZoTpQ94iq9kdv3QtT4BQQs2l6OcCElCXtGjU7eTLEOAX+9hIZliDSzsFHcJ+9uUJXeE38LJe3v3XNyaKW6Z/zkRAk/7KhGSfI5O/8EbkmUM/cB4lvZkm8ZmI5YWswmc7FOP1JvmcUzLyhGTM8LVgoDyEIUXrlnC8gRLkocCC6GUTiaEq61tlqCSt1Jt5AknJFsiQTBPZkqLHColb15mkhZZCMrgF/qAAr1vaclI2HxM1X2P5pLBKdYcnl2jJKONe/qF/1u/i/oLA0jJtJRMADvWM0VzKimWDE5YjHIiF4zfqTnKCewnrYvrpeJkinkKVy91BWO5GHhv6vvZmKaU6x9whiYZWyBOEiUe9CXz5uLKgNPqcEVZgxz1g3rdIwauFoLkqX79+u/vUYGTOyIficcavmaHgjPJEpY1kGiJrRSCGjoOhxNRW87ece1kSI5zgYGAIbpmc+KuqIrr4CAmfI4O7BHD+IHiM04mhAfo89pwhL46m8fm8NZrOCbOuuAZUQAtUqTkU7uCFXCfZi15DbP4ekEpShh+ZcqguSLpZy0+tWHDmCqMIQlFwFTzqGRbBUxxi16RQxAnThJudvumRU/5FLzYIXwur5TM5kQ4q42ev3ZRr3Yo426fo8ur+zP1w+XV/TMLi7QJ2YJx2XMEGcun/cZwxbjspN6JeJzs44by7sVFr0m0ZKRsjuleLCiGLzWCGvY/oXdEcpqIBj3jpSR9FY/aqrhz7+T5WT8S/6KQaUPXhLO5v2WVpqR2tWeeajIQ7KWtqT3tyVkaWy9yG6ROiX//NqfVd8GPteNqBTXfEeYsyzhHCeZ86duVMRIFSeiEJihjWuFDnGg5pC1OIHxCVYsrOkM7JeH0XokuNV6cKxEBWIeN6fXFFvJEl/eT024NQQHy+NI56ISNCkZrBHfMD0JvWT6lsky1uSXDEv4IrSqOCb7+FzrIWH5wjg6/eTJ8dnL2/MnxAB1kWB6co7Onw6fHT789eY7+/XVsPEonoznJ5ahmaFw1quZ+XjEm3+DosLYM6T3jcoZezAmnCY6TXeaSL/dO9IXGA1hbaL3AOU6jRHIypSzfO40fAU0XiX8tyZgk0Xmk8gtMIpWdM/iO5ZITnHUtNBVslLD0iyz25fUHpHC1LfiLjsX+EnSaBV9J5uFfL2KUti13xMq3MYmfBOGH9krivalvI1aIDpCxBGuVkk3QlOO8zDBXHGMuV5zoY2H4VXO5tNnTWd+1dKFcHyYJySXh5qYwyRjjKC/nY8LBSQm2IKuTixpoTWKGitlSUPUP691MLCuLBjnvGdjN1evZUl9KaY5wKdkcTq4pYXbcLSs2ZkKy/DA1O7W6LLIyrd8Vq5/6XRVf6/PWO0a1BsBKcFDSfMKxkLxMZOl7MauJMbbH0DOy0nE5McqattcL37ODc/Tq4lT7UdUpNyEymRGh1w7ObOqh1+7himZ10IcGhcAxTYWz/4dEOIC8zI1jmZM5k85fgFgpBU2JhytOHUbGT+qD9F2p8LHhvtD+ocFWoMC0YdD7HlqDIJy49e27BWf3NCW8qWxGtrzjRpKcbqfEBwc+jNgS4tz4vlGMJKcDNE3IADEeCho6pRJnLCG4fhdwYQ/3mGZ4TDN1nP3K8oj1q2uopTgkWMjDk2S7Eb/wyECKDMUK2toELAm8Xi1my2D0SdJrBCuNwW5k/QZgTpZNqLbOuOGWDiRHOj08OX1y9vTZN8+/PcbjJCWT436DuDSUoMuXlv1gCIFDsJ3+uMN9Ny4wR5p3XPUhzj6Ne4c3mV15OpyTlJbzfoS/s9LJcyP3oBsnoL/tjCeePXv2zTffPH/+/Ntvv+1H+E0lxTUtELPDpzinv5o4gdRZkI1fclmZjMODWikBFGKPENaGo0NJcpxLRPJ7ylk+j1ucqgPxxQ/XjhCaDtB3jE0zos9z9OHjd+gy1SFS2vgNLuMAVOU6jZmV9QHjJL3VFmo/99MY3FehldHYAhvOEc+aaS/vdXKQNvMak7BgJU+AmTwwNYfnjGSFUpu12qJPzDEWHtM4HMLe85dKUEla3TbWNE2ar/clAj5q8GiOczxVJzrIWDeMqHtae4Ba5NY+gxUcWYjWfVQO/xxP9ys0fT0CsDkTgiZtgQUalzSTTjlqIVLi6b5orDaLoRC3nZP7nKmKiuq23SCgzT/bSkLDR6t/GG1y/sHkNNyXzqBMhKS5b18zEuxl40E/GeZ918MN46GHe6oDo421R8b3EgHa7YDJfQ+MlnpVKC/6XTpPvKn4o3pQ2ofw5d0oq2nZny/FZ9c/mkPF35HWTQEb6HfsVemguUHvg2vlwbXSHNWDa+XBtdJ3Eh9cKw+ulQfXyqauFeKUniD/DvW+YLwjEh/6J6M7XiVTwH6j5KTWeOyu8PyLa4tXr6AOh04YjE4gyYboliRiaF661ZlBPAx0VofqvBRSR0jCMrWFPav/fpiRHP1SEr6EyDcd1O4uFDRPaUIEOjw09ug5XlqC1ASLjE5nMluGm8eFe3ojAhgwKk1mpvQ2mksy1dlCAuH0Z0W21tgCgCKZkTl2c2PO2dYhgcWx5Drg1HxDBTqBNK8xkfgERY083gsVUMeonLOaVe+V91PvvM7KtJZA2lTBCWivAB+uKzhfojuap0MlaNRI5zpSVL8gZ54LTWc4qqXJiHaQqUW0SZ0QbqlDd+upkVQKkk28XIhcww9ms79/60vl60xMJmeT1h1FX3ftToWzJWC6OtDTveSOadwKupXq2m7ZnAnHrveN8OZX95ukIWt+iRmgFfOQz7LFBp2xKdJWak6TgOuG6AU8DUOm7cXH8qQaoJcFLNicyJkeNa5Se4fobRXvDlLPZiVD8DCdE3UKW1ea+lWBqL52ycxs4kfOWyDYJsUiyGmyfnPjC6+CuvWtF42JjuC2l1FsjU3qYudfS8HDEI0JHxO5IEThMLGBSpxjGzasEZjYap3YnGRMqJG8sFO9elqt1YhxopQGuIdkAAtLMmX6zyD9WxERn9B4TnUwrz4LVFM7J3PGl0iJPwXAAkpruej3ZZYTrj26tMpKN6+JBOdqoJCZvtlBv1fRdflSLb0zeDr5u0F+oDoRmpTuxmqt9rmCH5ysbal/U3oPDrj6pl+ofWm9k0HSjoUYwLJHzwCssgqA2T2e+mZv0/o482mrPHoBUCWfbuGN2wG6FRJLov6BM8znt0P0A+ZqA0A6/6SEOBunnbCJ0lYGaBGqHkWGwYhkAieU8mxys3CSkEJCzrOJodCnk9VwBqjICBYgMAOQYIVOcFlXlh0jAN0tB4zeocu9HDJaThgMbcvvVIYZnc5MJkL8BGhZucuQD6jQggjSHtSyz3Bu1nCoM0NuBzaeR5BcmCT46jKCQ7Yy5Fd0Ol0W28yQHmwQLhjZARsEEEtBImwQ44VS3TXBUwkyNs4VemT74AlISNcnU4ILCZLX5Jp3Cgl39zTJQBV/0DxkBscA1caf4dACabjBLu2td7zAhgdZf4jTVO11c2AfwoFN0ttwKW8nNCOHCSfq+LzVSUI6LZGKKqPZnp9mpFThmsOFO7pfYY0KLISa10OdDh1fKFbKhO3P+6hGY1CsEuWX3mNvtXBulnvgsbAIw/wqDKExRW1Lm8tVnf/6ZbNSokzU4phMygmmWclJKJgDmO1Cep0dGYJsFdI9d6QZQ3yB91U84iMBDVAr3mZWypbMzSs9InzPILDGRThUedCKYcGM1HaFYmmZ7b3micZibFW9Kn/o0gO+MAm+8KAKZ6PSVRoYd7Vrolt4vhS/ZPHJUKQJ0tdTuvFsGDRt5gyWK6bWFsZb8+4teqTEmSASHRktWxD5WM1KOHp1DwgNKuVYfaWUcz1dIImDXe5Ps1b31WRrq0rN3mOSqWleEaHrIIEpyv1k1lsxsKZ6WDebBxpQyw4T5J5wKvtqQG0exoNveuZUXxt8tSPNklFTbn6YGaNvPH7NfWVUhTkBF2GuJJwX8+ZugS73Wq3P1wKVBZKsJnWD80lJxDm+IwjuVAYdJbZwRS6okHCr1Ha+zmIIJuk225jz/4Q+KSaSZY4lgbxgKlzxIaorWIkZW+Q6wCyR2RItiVTs+n9QynShB8bvApBKf1CyXaAFybLg0aVA/9+fTk7P/tMGuDnrmoso+T9QNILxO0UI7CiwZFQ2sgCgjkqkyZ2IcunBNSnQybfo+Pn56bPzk2Mdj3nx6vX5sabjmiSlWm79V7BuauWUFqJVO67fOBmaD0+Oj6PfLBif2wNoUipVRUhWFCS1n+n/FTz588nxUP3fSQ1CKuSfT4cnw9PhqSjkn09On5z23AgIfcQLsJe5IgBsAr4D7tj/kwnjTMmc5UJyLLUhSNt5qYzdKoxY16eT4Qqap+Qz0bbslCUjL0g9pUItf6olFs7V62NSg6grCZBU16ChrmYWV8KIOL/57UjbZ2795QXc52iCs0Bpr8jwnzU2zQyL2VbqXcVdVfB17F8v/nLxsvfKvcFihh4VhM9wIaBmHVRxm9B8SnjBaS4fq8XkeGHWQTI1XaBD1QQO6r247gAteT2qYDexRi8N4EAGKwGR45wJkrA8jbkHLk2dniFcEYDH9N8kT4HF7nIlk0Ba6btBVW2r7pmwIjshTmYDJbnmXY2hCoVt6ot0TnpnS2x0I3BbqxqEV2sxKLzztUCuDFFVY9AY7MJTx5Ad3vwzTnC6RI/IcDpUdyhcZhJdL4ViEgdYPNZnWQCPFaaqBURdL6iI6bUvKr3e4dfYQTKcI6y2OcvBfHn50tBx8KrkrCBHL+ZCEp7i+cHj8EqIx2NO7rU91X5yfXPwGEy0OXrz5nw+r45mijP71uHx0/Pj44N6jSxnqtGXzJ5cXyvy1LGk5jKsoTcSsKLFlMzLbRp1tehKE6dC0jwxFuz/8p6ZGiHeTxZ5QyMxl3A4Pc3LQ1udBkgVuvpgxRVWQsf1JlOQo0aMFj8ZzbWmWRs41ZWh/IqHAczx0it0x4nmdXA1JTgbottqnLfas+DXYHXPwqX5LDlOpD1efAoHtXVzxLohUL+SVbU+ppZeomv0FYXSoxg4HNQJrI0y6gKkPXyRxWnIrOqVCL2+R0MhqKRjnfImU67gNVuEEOYvXHw1/27uB/4oKqlVVTVs3gmUmF1DhK672bQYX7nVjMlJCY7oJOFE0nul/at5mlAupK1d2zYwspbNf91hqVNq5aAAlT8kN4wAohpShlePiFNxNxI1EdglGCcZwz09tB+puEMAW5ezpaxxQzOyWxjFHAmWgbnHVjq0/30SBC1ZyU1hoK+Fuw0ZlUDttpVDHOWMz9dYwDXG+h5slfRXkgK+FcMeOHdZBlr7sZIhJ8fHHRVn55jmOtRHV5FV0wH3UTDWgpVeHcCmcJI2/glBp7XToCJOQCU/ALPAuuiJIARhY3aFoei59SormnJQEQf3hGa1IpDWmW3c3a+rF9rm8QVAqXtMkTGNhD4scDoLNFYqnhWFxpGrfodgG+uWBPsGUD4EMmwZOnvIYSFYQqtq13BvtKW7gjpTetKOjM3E+lCBiQdIzpggpkCftlYDskurj6N3LKeSwfHw4+vLdz/ZYn5gDzOpzVDdC8JHtKnX2lObyRl4MiH6sFCv18fg14M0Rp+1PLJVALmsLlBtGyauCQfLfIUVUcwkf2fhZq3qPfIpkaNd4bwBcDAEUDvEcp7R/E5EcQOCIMZsC8y+cIDVdNAbWxw2uDlWcZaxBSJYLNUcSQKsMl4aZrMgPOuHu50W5pJWn1Df/r3FeGAM4EwGE+cApZTDXjNT+jg6pSkJqgFsgf8lQGrJluxkKZr7MUBbkHCpAFUmLBvwoyVW7v5t5EyMlNKLbdgRbyl9FLwH6n716fLlYy1JzGnqRWo9uoaH1WQhtshrtbicoXHhZ6huyzUA7WswgfNGEp5L+9jN1FxxOsd8qWUbzMl3tWHHsQcpGTvD76e0t+Keb86ebvMfPzs7jhP0TvGsv+o0RyyROKvZYqOkCfprX9ICI1GTBxQkhRrSp5QIMbZFplQanKb2GnOroN0iGuos4CS+jYuYeZCZ3E1koI8HRL5VmjIEU8EkmUgJUKLnLFU7KI1iT/aBfU4k1jHl4LlOI8qWz7A2R8r7qX80oWZUL5pwTowuWEXCwjvCqJRcicCM3OO8ERkcRFLtIOprNxa39qBVPXZbIB/E9lGRYam0zN8gVdl3PgJpkXX3Wj6YZX9T/dK3Qq6tXhLo2KbKKUrYvCiljmo05T8gahwi+rw2MRHbpd8nptJSdVeY3AtRDJvB6OIO+eoQRjVSU9ndxizOME8XmJMBuqdcljizxTfEAL2ECgFeNQR93fm+HBOeEwnG1JRsmnCsRhVnhu290G8MbL+qSMx8I72S/9ZqsLD+zltL4S3Ux1dD50SWXJd46lmsZF8jfN9rdJCuaWx8MC5vTN5YPuX0s72XmvSbMqt5xH8pcQZS3OT7wshs0K8ixgQ7VTFGSlvR4UhC7e1a/SWS0NSVzdaXZMnUN23VFvYZ1Kr3c8zC90I4RrWePNNVRNdRGYABwTjznHxXRwDNp5MyC4DRXFtgehV2OQ+SPkrrnbyFfhywhMPmJO06iR8kBi1s6vmXzXl/Y7bXCuz77m7Tsr1eM25K7NgKZKYXhLGIBPXXFChoUXXraiTdhua5ywm6nw9s4RYvU86J34Fv9/cK+nhGnQBixYQ9GM/FXfJkRiWBin0bT2rl8P38/Nno2VlPp+6HgnAsq2ZdATGRRHfm67jmMK9gXAMM7431kt7V5vtwXW9WFw8LZjXC/ZXlpATv/nkAXbJiZOa07pVX01eAVSr85NB1hav93GhidQiid+S37UOb5M5bTS4Avofk08a6W8ToEXRpS0gumRigclzmshygBc1Ttqjbt6vCRpgvaL7HTNqKvd/hRDHJ/z7YYrD6Qh+hdoLntHYIb0tvSsYU5+tQe23IMEsBvWnSGZYDpGENoNPFWKT+skQG00w+3X40J8fDk9Phs0OenG6zADafEpR4jhdISA4lCSPDuFOab7bTUZwNz4bHhycnp4cmX2CbsWj6egzpoVhIZHUfioU8FAsJaX0oFvJQLOShWEiNxIdiIbsrFjKTsmaFfnNzc2V+2bQKuwLhYlo2rViqG1wN50TO2N5My2+kLCwqpFFF49K/e3UzQFcfrtX//3TTTTG00uI9K5NvlLik4Vd5VzDfFn2MfLXK4vzoaJyx6dD8OkzY/KhtJKJguSBDIbEsRV3mrBpN/3BjM/0aG9LYGmLHjeLs+GwFvWOWRrJYdpcJOCmzDCazIlqhjFKrew0uGM9a0s9b6+HskLUNjpbaLJGaLBmbhuLgrfuhe/tX/Qf9dPOqAMSGYgCmpDlF21vX3rJpdTLYqNG21E7oo0eCDNkfXnx8fztAt68+flT/c/n+9Yfb6DS/+vgxPrStk4Has2bggAGj8rulGph/pVsrGaN1Gmtbo2pB64L6vF6YcNEIwiJhI3lvBODGZKKzlzMqtR9LohIClF3ieYF5tE7RpfY3cOyqHqFbg+LWBO1rRvU9E+rO58J2izDuFfnsYSD5iby1PF4z+EFjgDVjq3aNzPA9cTH+QvGYdlUntnxTUWSUpNpyS/KEQTtLpWqQRahk0ZwI6Plxb9qGZgTnkNu2sivpRqlCSDCTA/R1I1fol5JwcMMY66R2rvRKFwpEkYnaC8XR++DH/l5yGwLYbCqasPm8zM2c60Azdk+4FWjG+8nDIELj+zQ9Mc2jjZyrFqyLZK5HAVqLxIYCdO/+btctX1uhoaAWQ8I0Da3UZjtJUfUK9K8f6ITGB7EvF8ul9qN+uL6EMJus1npePTMMh97iJeFDKAc9gGLQ6v9fk2SAri7fDRCRSWxg6vX4kCjO8UhfGfa1PAhdvnj/Al2Z9rLoPWBDj6w2uFgshoqMIePTIx1pDLWJjmxD2kNNX/OH4eeZnGc1AzhC1xLnKeYpBB7b2gGuu+1Qixqc0WmuU001g78n8nXGFo2m5AiJ17ojr95AkOiid6VtZRsbX5TBnrXwFce5WKNo91rTfw352sIxvrfiJokyF5LgqqAAQd9r+P6FM7wwW3pRptgRPfr08mqAbi6uNEseXl68uwJeHD6OzcLNxVV8Hrwu5Ptixhd6UFpaaEOrh9Xwhg3m5mMqOeY0W5oIeF2mIZyLGc2nQp+Nc5pwZqOv9eTiTLAqucd/WdwtCzJANPklzFqb4ISMGbsbILmgUurgAV8c2Gu3oLI0J3RVBPCe5GmNwioi3KViEXW5SZH1ZbgcIX0KHqVKDF5e6YBLEZKnll13rV5QbtP0osz+4vJdfJntVtyLPv2NE5UWjTbLIfJ5CHemAcqA+X/GiZpjx8oRqoKLa3wsrnH3Pgbz0gK32p/XXXsysWH4tVu5UiR0ak+lMJ3XJNp/IJqPWdmQdP+BWCnjD2guCQ+vCfqB2pfRB2UO6bZNGqEw6RwXhVfS0lTVU1rOIXShQfMqxcHUIxw4NQYOyHDX6BIolpEVnK8FApeEmrx7ShZtJVLjlNipZhwVhNM5kYS3U1bbIh6VdcoCktT/QkSCS86zqKI7yl+0BidOGF9gnpJ0tJ/wF6+RhUsYM5Hz3iNz/So4+xy3R5x8ezo8GZ4MT+OjMGqwXI72F8j5AnL5de1JoB9uGF5rgcsrXRjRyDps1ATsxlYXFKiyhYaK/NBdSjGSjGWHeJozIWmChFFS/N5YIUdnbBG7W74lmOc6VwtLZ1KbUjkrx2BMU0sNxXuP3GQe0vRQFCSJrsjXJ+ezD/9DvD978z/efff03d+Pns8u+f+++iU5+8dffz3+89chCXvpaNFl72ISZybcG4Q1WB1hrsdMXWWsjGwpCHBrGkQABFOeym8ZYn+31QEG6NZqSuaRZmnKkSjn0Ql88ux5y0G3TcuMlXNioG81KwZGZF6qJ5GZcQ9Xzs3pWfNGXQvgsSFL4a89Y5BzB62Z7FeQhOLMytaBy2bR4ZqV1meyi1yrupRIksiBhQyv68TA1bAO7TXBnCZeoSSrXFo9DqOkFJLNXfCxhgM9DCGe1IyrlqHI8gmdQrk+yRAv8zXGKdhEKkReFTcbAD2hnCxwlomBOul5KfS8SM1FRwWH8QAQGyBrzyzvOBQkF4yLAVqQcYDZAw9+q4wJgWJA1Xy9uHpnxm4MG3aJfcsGzrIOw4bRlzRY8IXhfDnQU6lHJdz6CpuIqddYVId/x1TWEyLRO2Nj/KUkpQaJXt28hSh4lgMr2CPClFAI63kbHnH1CqCiU0qgHq4ZPfRGfHVxPdygjPeXa8fUiM77gp21HJ80kH/JKPt2KhqXs53R4ISgRhG0fYyQsV0HhK7Y1YqOmsenqvLGKc72bHJyZGhsxifeJGZvMdOzsJ2rWx5bD7BPRUR1pQdTuBKU9mSz5qwK4rIgYth0DQXAbu3lgN8O0K0VxurfNBXwP4UwJVY/L+EfLMv0y1qkq39VYjnuYbJgHyKUHyKUHyKUHyKUHyKUO8byEKG8jcB7iFB+iFAOaX2IUH6IUH6IUK6R+BChvLsIZcanOKe/Rhqof2g+6R8Q5IO1xzHJOU1mevrAqtXWhWVe4HypDl09MQ6wf8usxfEMw051M5IVULgNc47zqa3hLk0XAa8APM51QBaE2ITNyR1efzCbRlruM1DIXynUqCD029YQ8eduGHJerY9my825P89te1tu3pRbb8mxG3L0fty4HUfuxmtyUuRWvFtu2sFtuH4Xjg5k6y3RfQ9eZ4gdm6ZxC96Gzub9t4vKje6+0UHsIhh+5b13nQlvvSBGyW/cerehvvO+u84YVt11Ud1BaDwkodi7Cn7cpCtrq7BzzSCHLV/ivDopoaMFhHdYn03QUAViZV1zSZoeBbvXBJf4odBaJtvuVsOCpreITSTJkZB4KWxFQNsDUrd3VRdSLwImYQXV13Ko+ZSxMc68rkCWZE/pWVeW9q4709+LfeXmKJSIplGM6bbwRRUES1JEzCGTfwEFrJFSLwmUPJlyPDd6L0eCzmmG48E7rQMqopO7g7QmO5oCQ+2cRmGfqtjJNBKjsNsZxXxazlu6Or/DS3WB0HqnZuOCM0kSCQ5lKuk9iXu0vOn98UCI2cEAHRxm6v8r5UH9r22W8uzgp/jgyWeSlNB7YF9T8GIMtaiJDuo3e9QKiAp9dFRHpeBHY5oftXIPSMd9rx4gaWlgpUYCzwc6d0RvEGnL22PhxqrjMC9wrqNi/Z4AoQfFK/CDMBpzthDgy7NpOIYgO5cLMkYF1My3TayU6pq3ViqH/jzpcJtdVyUDnp719lNB04LLl/spdV+d26fHJ88Oj58enj65OX5+fvz0/MnZ8PnTJ//oeXzf2G7APpuaAvgtpC8Yv6P5dKSjjqJNTDfRQI5mbE6OcOZX/l1JuqEFOVqstTM44gN1w1i1Q3XjY/BjX3Wj6slCdP9LWwRzghOaUanUhoLeM2BkzFkJPaALSnT94apzH7LpfvBM1KuWm0BuQQj03ZzjfKmuHwmpgkRufKQOpu6fBH5nffGcDxDkELlwYb2pqNEaRMFySPcyqVmVanxrpm3oeYNfQDs7TiTxu4FVgRpEDLzEtzFBZZ4SbntCm1vhwIRlDlDQV1t3zR4g+5JSgWw8mh/7OkSXuqS9GRbOMgjolKwimRa3A63MYdCucjMvMCnYZAdcXiHJ6T3FWbYcoJyhOZYSMrLAMy8BAebQi2oJ6WZLNVEeknM8HA+TYXq7aS3TSMhM60bqGzbzInO5pmpagIWYLYxWSzz1gjYa8XrXG0TrmY8i6W+G06COW7x/OhwKOl6KkynmqQ44E1DHfOC9qbMTxtTFQCpdWGfwJIynQverubm4coX4dds/S5kmJyFU/W1mSjdmz9D139+buMtHwlWDVqAq9Bq8rknnko7qOEyR1GzZHHwtzj8XtvMqiAMTKIdwIktr4tR9VwifowMH6UBX3p2YmBOLOa8RK2xlSnhsrjvWHhtJE7QV6RItwEQNuE+7aRx3HYDG0N1UU16F7lEIa/y5zJPqDmWa5OvvYmCqKcyZ9IApPtFLZHpYb5X4/QWi1vxoseDVCy0ja9ZWSOZTP1xe3T+rBGvL0bxGVtkaFwvGZSf1Xz7ssJMMXap1H5QYttQIatj3Eilf5VE8P+tH4l8gdB7qb1d5XiZ2zDTih63WxkDbxLBX1PZUkq9MTHsfchukPoRIPIRINEf1ECLxECLRdxIfQiQeQiQeQiQ2DZEwWebNa2L1Y38ntU1Zr99JpP9MXbS4Pjerrg86bgL73pEsAy90W/DDhJquvpVvB6o8aGuAPeM9G4pGr76o5TnsoFnJzqr5e0EG5jTjZZ7rWzMMoK0KD3UthXVx/8z1fzKd3u33+vU5viMCUXUHE4KOa81YJavPqpcSp1cw94p1tZPm+gFY8w4nEF7AKckTsAsLURKhb48KJiepGoxpPgL2ngCgUulMrIvtA0hT27zQ5WPlacUL8I6g+RTaH5mmJnVKK5f+k2/IUzKekGNMniVn335zmo7Jt5Pjk2/O8MmzJ9+Mx89Pz76ZtNQE2SpbqTIGkwwLSRNt3jo0o+ppCfYVIcvzVfKK2VMd+Su+rHMAIKPFNBuBfmNgbHNFWTK2ECD1FmFzcjvd1YUPmm3Yncgr5rZteNRz03ggZEgtrcOexDpAynTsuLVMmFftJQIQLzJdd8qQq1gjpUJyOi4VGFsBRPMLL8G+5q7vMyakqPder7aItgdZu4gdtC48YIbW4p00VYSgEy+boFf+yvtLAMMyaah+5+MkK4WsJa1ol81rxtFfCJaiCYYKNWu2JThGCSucxd3NI/TiCuAaa/IE5QxZOK5zyj4aXLTsiHV8Il4+10a7AQBYu7dJNdadoyJHTyAk1fnGamxsSVBQV0hLAFjLMQ0pDpllUFs5V3omwHAbTGR9m3heLbmXFLsL0xEGENTWZd3gnrV56MnwdNi3ncffTNhLjXV8TaUP/1TSEepZsjulkmITpUmkboAXKiwu4kbpsjHmaZknUszInHCc7bEGxyuLo6GmVPoFekQncJJDC95GzBby9JWqfxV0uhO20zAn4Lk0xZgcW9P0FqUMOnfFaxc9x2eTp8fHkwqjY2jwTdV0XP+3fiqu/qSPxd01J62WUNvkjqyFPQDV38LuVzwxZvYNtdgvYCPX5SqaDPDHsJHHqP8NbORdZOzRRq758w9nI9dkG6OzXxqlhYt+D4bydpob9D5Yyx+s5c1RPVjLH6zlfSfxwVr+YC1/sJavYy0PbhIlz8JrxKePb7svDZ8+vrUnrGm2qesNFhmRRD0daM1eJOpyNTBxdVDJEMvZhtp9e3+AXaXE2cboVdH+kkO1RRveWPV6br0HvGdgO8NSvd+sTDbwy/CkMJFzHXWOdY18NXkBQIjywxBOiROIgc3Y1HCd+pwKk6Xxcylk1ePcFp+rJrx5X3VV7iMt0i14DBb1BRaO6IFb6bqG1HaJDefZL7dtTDfDhJ2fnT050iac//XLnwOTzp8kKxT4lsdxblGTuS9OuZy4tdL3XDpXVzczhxDAWAptAB1oMVMVwHeJrAHE25JnQwXzdqAWHGL2ZLBEnCQsF5KXYJ1hHNmF0mwZ7vgGi9YWZKMliM+z3uL7mulrgO7cRrqlz8DViz6AgRy0bEPdsfn2/NY2ciiwdxUGyO2zs97ldDejfak7ebeONlyu2LAvc537oFhP7X4rX0wAJjP3FFNnEMpN6+jUbKlFNtyPwnO4ai8+1KZ9KExuWDuoxgs8PmWu04j+9LZ5LXJTHY6o5T4btYq0hx/nkkwD70FP40hjvs/OnsT7Lp09abt5y9m+eOMKGnG0cYbZtnWWsIRBTPi+KFObDBAYYeWUHqBVP9EZlnX6AzBuLDXRE2Nz2Nf/C/Y1+Qx1Q73C1j5GiMHX28A2pgkA5UzBAU52Re68scDn7hkGnONSurfCEcjaRGhrcdW1ZF7Iii4Ygn4j9EhpCDX3TOAfRGMiF8RUvpYLpnd7WzY0x9N5aM3YLV8yLj2vAihME2mivW//dOsxqWRF62L+KSqkLfEtYysF4fvMwvxk4Nf4ttXuJkQN9o4lgIbfTo0/LzWNXqyZIaEWBbzidcdAvEIDvKq1Xuh8SO6xx3KSoUp1HtoOaa7jE3hW4GbsW87VL5QIvYMdKEA0w0LXHZcznMPnNB1UN5EciogsrRYO8gGcVohNKppmPetISF6uKiOhA4GDnzyTZ/B7o7hEpABF6Nn5PQTyfKh5Ncp6YI8z7av1adkfuwkkwdmYBPpAl/Y4U8e7zYnO2LRSrjroVGp43Wa1RfLgCyAYvYLuNoHuuELyfC30LUORoitH32OaVRm6DcLJHNP93Y7VxgMMVt9roWKGxd6UIBNQZoXALAzq8kWTdkDDi1AziOXLObRhUq9EDqFPgkzKTM3yLbAGFD/g5g8Iv3EhKlD4HDgfZ6E4rHUrSXCuDjRzjLdMV903sNP5+g6iOpyAptogAOfr0DcBBN3/XGlfIE0o1gt1JpIQITBftpw8Yamc6vxB/u/rnUIapD2LKh+7uuqYShY2OdueiurbpbaMOHBixhamc+KCjJ13H8JSvCLIOksXc6V7lY7woErIb2O8amtV2bVhzDjuw+CPalKjN5yDd+xXmmX46OnwGD2iVzOWk/9EF1efkP43+nCNTk5HJ7qBlK3l8xi9KIqM/EDG31N59Oz46fBkePIUPfr+zc27twP97nckuWOPbSzK0cnp8Bi9Y2OakaOTp69Ozp6jazzBnB49Oz4bnhysc5JsIpw1sn5z6TuYKrZYo6r5bvb035orWackcOMOj+OTqHtNDHc3l5o11p9LQ8hDte6Hat0P1bofqnU/VOvuGEuvat1/QjdkXjCOwRL1GcJ7iUTfDI9RisVszDBPha1PMrSfQAZFKSSaMufqSsRwOQcPGJQRWFBBkCRCCpSy/GuJqga2LlqKYOmfKXqGcEZdGkyB5ezcnFgQSd38vtYkpRuGe9kfiOvcDCVI7JMPLz+cxxqVGXvjEUnEkU7eODr55nlAVw1X+/K3rGe9N4s5sQ1l1+QeQlCbuu6CcOIaWesI6fqAPhWpuv1MaEbU7B1RKo6MpxAnCYP6FNly2KKnDwssk9n6A7pSn8XUSl8ZiaCb09x1nlkD3Tv12Sbo8M8boVOfbYBO6zLr4/P1IRcUYBWjFlxMREbnhfOtM7S4htOCtLGCPZDGlq+J1PB1yTO31cD13GsDXJecJlhiNGdpqYtylQIs0kM/5NOLetjhfm66ZAJH3VeHCqwWb185ZfYv+q8IigvbRT9h8znL4TsXWG3NQGDZyExdEdN/56vwHhqIVUnn5NdKRe+4c9s3tT4gS55XSUn1VUMs93Ie1ZD8gpAmGWoYSvmD/4LibBLPi4Ng7r1aYmpGKSdpYIHV2nnwXmVoK6fq+Dp9Jmfo9Pjk2QCdnJ4/eXr+9MnwyZMehgZHUtVWVM9sxqamZA8wo673AkXIgkFJ7KoXtpUdMn2cl/Cutk+7AloSFURnN+lAGcL9qjsOhk6zCRDrBQ/mkY1/Jom9HOg/Rmtwt2M/EHm20x/wnA3QDyggnNdEgn8NaUHySn1Uu4BBMZ80paZakrqOQcqASSUDPC47oK3HXC0/a5OkECBNT7XZuRmbVhv3LZvCeavb7uarNnFmX89oHu7RYBYzNh2q14aeHzlGfLUz/LtlB2cD7lpysiLFyFachsZASzboKbGakUCkw/C6KpJ4jm6P7jE/ytj0yMj0jE1vh81xmuAUl4hRy8tYa4jXrvlvfYzMdDZ0A0VHVaB6hCo2mQgi2862zeZdwzSHRME4tO5Xk68TghCWNUJMPd6ACkk+W7LoNGecjPCY3ZNzdNwlLTtIM4xrjy8gCCbIGUAt09aoE5ITPN8Vd6qNpCFqoatIsO2sMc0JN8FuRkp+LWTKSvk1Yhz+TTj/OiSP5kVp7hWbTQwA0CmSNW6qOKk6AWpxdLDQeo9AEcMqldThsGX2b3VGI9Nhq+bCpZGLsNf6a6PYGzkcWxQ1bSN3fnUP8tKIU41vSoREBS0IcAAYi/XGr07DgCMM34gBolLHslVnve4eYCInb6sj/hY9cnGFanEt+OqcVZADgfRYz4inSJgYopAXlwJkpq4uudzdvjUA1aWf4yo5VVfvpIxTuYyTYp/ujBQL0Gsk66RanASh7pJULkcZHjtTxk6OkVk5x3qLgiZgEXUvyt7JsIhqZLgy5roy9i4J8PV+Az5ylkyylfpg26ELn1oMsaWeSVkMdYlFQYYkw4UgWgCseS97pT/V29GGFZm7DKihFgkUd6VZRpV0YnlDAwwpMlJilJF8WlNlVtN0YY4m/bGdhjc3N1cVNWOW1hd8zS4dUTdDzITepmXGwgRC9vpqTVNcTanPiCC9bGmaQ1IssVJeolD0lbgXHPOqUXuTjJVppfheqD9tpA0k8mOFN67/vjNPtfBMgk+FUvOrSyVO0xG8MLIg7QZmvFVfVq8O4auhBVu/E5JkxcUvyBoLKByiK1NGxhYkhkIvyekATRPdiz2lUypxxhKC84YS52izxTOqJPbWk1m/iC5fWpJmTEhbPKQHBo9ZVuHwhVg/LOaFkadcuXmWp8M5SWk578b+ToMISlj0Q26MHvpI8YwYjoJSHBIs5OFJsuIO7gFCYOOglf2CCk0OFS2Gi5Dl4FrtVtWRYp4cfu7PeuYTRct3jE0zondaO3adDtaNwORxrRif2egpS+5g/5id/tL+HQGun0HFi3rJCPNM7VkxY1yOtNJana04T2aMW3yHbpe3GK4cWX0keph2CveHsLj+5iFH1YXE7xISQTevrm4bYvT5AsC5lFZNgNKRxyXNJIq1Na9I6TybelFy4XCG2ZVNXKDkiQa2wAyFuk1RK2i5hJnQeBzTGte4Ydk3+q8IkMt8wnxGNXewUPRUvKl+j3Em+te/Lea7ckx4TnRpAIP/e/+3CBXVc3dwhqdgBRT52Ls3UvXRys0UEL3ehipYugOG8magYCmq3HZ1VOW229bDdMVS9OnyZRMR5FkWONndoCqITWQsbQTbbImMpaRlCvtux36INDQ0x0UTE4Q46j6Lu0LngYzj3KWI8/AmgbTrQrsDIR/Fq+EaCYMLnMzIaSVeDl7oXw7i0sU8Re+sqh+KDWP9iomFChNax35vEYYle9oEiPZINyatHq60+jQS1mVgpbilQ90QX/o5sn78UJ0sFFjP5kySUVAUqGtZV9AJtOqmAX79IN1dJDxIo+Sou+1IqKtYvfQMaqvagjzXWOyjFdSCUQNS15XeAQDCcvb1i3cn/XARb4Rixa6d9j99/XSh1lGocyJnrL4Kq0Aaq4SOCI5AaGbA9yaWZ8NITG9oEBnFoqJ6Uh37tGJYvRrNShC9p8QYapQKX4omnArThHBeC0lcc96jMIK4mg0YxYYj1JegnSPbMdVlEGqRF6gRPdt43EV8dAAtcKqaXFWAxxZY4mAcEi+gYxskUTBebmwy2x5JHExrAOhGOKJQokHJGyJgYhizHtYRjXa0+rVAoTiq3fBALTwoimo3i8TEinWKCefNMHWJ+SlhLXrDJlKlo1pWf9KNa31K2HAFvF5FkDZEvAJiZ72zjVC2QlpVLmsjbF3AuotfbYSuHVSf+lDbjLABMBbzgzbR500asPOsaj1ew11Lf4cI7d3p7rrov/ZtVpWjJLQ+1p2So1Q0koB3QEaz/qjpRgahYy4MQfsJ1bzFSQsjSkLavMiSNQjL2HRK0u4JCbsJo667Sw+MtgGobVtaxyZ3ik2GPVLryAJ3Wohv47U2UasFZ2mZ2DCJ+jxb20CZUpn6pgH4ocUyoC0Cph8dFxBjB++7XdbfVGARo3UsBfWdXsOOOswGOuwunOItZMxbmpefNX5w0kNVNZxlftHilCXQIZqkCCp/jEmCSxGp3Q8vL3M8p4luwYH5Eo2XBnwVldvfDpEwno5q4Ys92acLqacVZekIl42tsgL+a5c9b/peSpNjARE/WWqQX77U9UqsYQaCRyGApd5lQE8hFRpqnNScLHZNak4WjtShN2uXL2v1VprEcpwQNCllyYmDzKpRqp901T9CuamLIKsi4I8yetc8ksfEJB1zxuTj9gUT69pzVq6X6Va6hxXbLa1qwSpah+hS1gvjSEpq9aqQrRIiWW3BxksfWHQIgvxSkrxxId/mKPE3pgVvrG1xGnCSbHAi6+SUBBRv7dzHQrBE9xOBEkReMFEMbfO47qOgvIx2tW7A3idwKsl8K4MnANBlIromiIbpxj3RqK9cz+qUJlgSYfzx8IiVLghXMomzOl3DCFQq7FtUoF8JZ4fQluU/ETZhp2yCjqGoIxRvNJtpQrmQALSF747XH52GifkUTkwrEk1iSIKzLI6Kb2Kh5kSUmfQCIS0OyF1NjJF9gmlWctIiTte7rq8y8luHxHeEXV4FueNTDFXD0rBfzq1WfIZK81B6/W0DpKk69iHPllWBRz1gjSRsplNkpZKc1E8KqlchQVoepnVG2pEtIq7v9pg9FImmbKnbjda6VO+WIogsbSOmj0lhp+RohB2z09eSsxVV3YWs0TrmnXjx+rXmJ+tRzB5tYCnZaooaNbTNza1eudZe4BrNoCI4gncqP2/sntYskNv7utZ2E4sFMAQADvzAJfW2n+he5cPf//D+v8U/nhw0rnX1+a5SOlLyuRvzpXoFXo/jtLnRh5IIeQhZFuvip62OfYOdpnHc+MN305eL8aePk4u/Pf3mxXXyy/hiuuiPXswwTzvRu4qA8GqciuP+COGQ2vzS3Wmpw8uGLzEcDGxo9VaYfUOF0aCNMV6SFLQIOdBJklDJlnFEi5HupHhQw1LNhPqq/rR9w7sNpbCvvJof+P3ZzF18hiViSVJySDHQlchYKUY6UGGUkpySdIBwKWfq1qjl5UipMfBz7S3955TjXOpK3Hmus4Wiv9nPJJ4XSh0ZuTRlXuYj7AEyf+sP2icvxL/+NOrlWz2PP4DlxUusbiw8etR8YmuBfXx1fYNeXF3ajx/7XOK+07lGCYEmLkZDq15TV/ecZI8HulT/CKKtHmmbXKLUdPU3FItIfToft89dBWfjeTPG4JUs6NmNa0lszUlrJ/jk29PhybPnw5Ph2Wmc5JouXeXe0DyhRcP51iTUvYke2WKuj/WW0Rugti3aaR25jbX+5NYyrNto9fUw/YmmVPER+UySsnMyTVPLc9MK4GiOaWM4q0ktg2JlcTqB+0meglqFPn28bCXqaPS5wMndkSBJyalcHo286e5v3q4UK+Ct3gLS8uIas3iREcyvE86y7KP+ev05NGhHY5YuV9KqXmrUeKATRHJ12eqgVH0Ypy3wuFTxJAUnDV15y6PX3XqTzWEi9N2FTSOqhfrFUPpoixkWcS7a4LJtLPmuc5dkijBAse7Ndn/XNV8D/u7CRpwrSREl1Fv+kutzX5CklbRJxvCG96SLGiUOYVUiyBpv/hvfY3RPuSxx5gfHxwkXCS/HI7Gcj1k2kmpPQBrivsaBrnApTPYwzW0uIkoygqF2RFkgTQsCWiLWsxrhUDfrCxDeg25dIn8V3QuC70acTMTIGEWB/j1SfqNoFoXSZSuMQIaODiTQF7oaVDvpBeY4y0g24kQkOP9SVHvzPceQaIkyek9MeDoYYzOCcFFkRsuATH7JiqJpNPPd/ViIUZlnzKTef4GRaGzALzk4QICInrOfFKWfIdykMSaUe9J4ZZzzF1efNI8bfiF8wvhcF3SwAihCYrvIRvUozvgko5UT3XMg6r/aIFgpBU31ZUSX34sNIMh//w2opHmdSNRJJSc4+xJk3oBPw2So14mG6t2maZg2/7pTCq4tUCEF/Hg0p2IWN+n/fD8f8TJv2YLtA+kTBUJtfen//ts7Q40uH21220BXYATwisu1yt3l3NOBJWIEvp6RkjJtwmNjyr/DfIynwWwarMbDpLCaZYgJjarSCysKOF0szbueYkWCZOxOLbEmytDZSZdXZyskYaPQm+8uIMhGH73TFpQzgnfmNXpDcAEd1BNXNd6uC/11bV1WfTO6G7cK9WY3pJ5kIrd51eABj2L8O5oxSBBpP2jUybQ3kj4JCMvBRQcxfuzElMSzLzZYuA9ZakPuoDpPkpQFzpPl738FYfHYBEI/vBH8DpazdU5Xr+6Slfl0l+v7dwXwD77Cy/oYfgdr3DGvceqqYJxaNfTQPHOtU9NsnbKmg6OtFHpz/EoLYXk9fDdE9xaqX5n3QstOZfVhQzJMhvPhOyLxSyzxBSdYEnAQXetuE+GXbQdX1HJTp0gfXTGATe7vstMA03TtlQO9hN9dtJu74qau/jkQTmbnzQtKSEsdUxcVHZFbTptYNAPddo6wWs4Ruyd8RnBH+fyDNuaKrXSAyG2cjC3CwNnaztHPbVycrqpbd0A38f94enzy/PD42eHptzcnx+fHz85PzgbfPnny04+X719/QD/9qD2lGsTQEDGEfnY/oR/vR3/779nPf/sJ/TgnktME/LHPhk+Gx4cK7vD42fD02U8/Hv8EKuGPZ8Onc/HTAP4YQeUp8eMZ/K0U5xmV4seTb8+ePFU/LQsifvxpoAuSwD+ABHAz/fjXT68+/n108+bV+9HrVzcXbxwM8JaKH0/U+5D28OO//nkA1P7z4Pxf/zyYY5nMRjjL9J9jxoT858H5yfD43//+90+DbeQNhHXzbmEzNYnobdwQnewJkeHqrRYxaoI7KAElnUqnpxsbfdXssI2+J8fHcxEjpZZx4OhQq9hFiHq+ztZoHzLwSQeqa4klhd2wDr6WcXm82IVSB3Wot9pw1hl5zTEDi4/qnUBjoqF7XdfYJGvMElRaHAWd72LkvVKvmbH4AXc7WCdP0KzaDrAXbEE8c1dtoeDsdM3NaKVbFw36WkblTpFqcbgSrVp7SlIda9JGwOl6BHBWSlo7oUPcH/Ubbcssjk/e/OP0r3+5+/bnxdlUTvFrma+3PWjHgXzZ1tpjTUHbLQFuOrZ+ypIuXLYaEi44+7z0osrMLy3xZOZpdyRZBRStH0PW0EwmHIo7pvWQyQCK70WzH6BHjENjOnWNeGwCGlz0BhRM1zZoE45RBcFEGkuNcXK3DhHm/SgNCyyQIKawlGRojnOvZFduDXDMq6YRoUg/6E2Q0tVsaQ7JvPAOD6UmzJUORY0Nv8BUOudREEEf4NXb3nqufJFnrLgGjq1hfI85ZaVQgqIkzYIvoLA2KPJilhS4ndFkE1vCpSBC4nFGhVfQPFeX6Pp9s4tiuLOOeKjJR4is11WBCKM5lYZdvJzOoBoyFYjot4Y9CYIpg0nfz0quRYfdYWbef4t1HJjWv5BgRXQv4Z5DMLuxx2RWq2uCQ2xuB/TtqUTSmEx0v2IqkKk56VXXAUR9ibNTu3/qDKavBZpmbKzP/jXopGtIWC1VTfcHiFurSfiVMh3Sn0fNTOcApe7rYF6yybXjJXrz4gpOwnqrieZYQXlsMkxdb41qmuEKzYhDa/RZOxcstqsIn5t+0iN1fWkd4gXLdfsMw2A6300dBlAHlIS/Q0uzyGzOw8D41cNRH+hAruDUVgzl+sU8urm4QoxDoa7HXWdAq9x3GTdWNEG+AyTHe19DdN69Y+NI8ljf+3oYI3jfGbNa33IJyyHoN5cBbSwgqrkiaqU0Y9bNtbHNhiK61e6IdMu4QyqNUNkBkTOcp1lVPNMqaTukNdKOczNShaRZZtmSBbJ/h+SaU66L3vc+pfYkNd9BX1JOSZ7YSYWOFoYqIJMvTaCY+bqu166mt7VaRnjjirZhNXpSymx1hGbA6bqGuFoAc6c3o7UYh8nmzKmkrhqHEnWhsmIuUsOv6mCDtaAC3VOMypx+RoIld0QOzP/qDjxU2M4YtiNGc1AF4zJyW2xWfglqvsBXX0XKsWpJFS91X4epIVqJm8fru0Zqu3bDUV80wKRESHMitrHRy+oV31i0Bb+sObUejcPapy0c2B8ejVRGrae3rh3ru3ZKq94CQ1o02RHtNI21nsLadVh3pq62l0Fap3xWz4TLtZB1QFqRT7kGmiiE1fmsa2BoA7Iqg3eduYqC6Jfguf5IWktgzaRs3VdXGVE3CZym/u99RU8VvBcRGbZ6Z/vRZYLlOcmwZ2cIWqhEpM56XuO20qE1UgCpfhcyYat+koH1o0N3iMyEx0y4kCUn6Shh7I6uWTfnAzzBGTpQwP4MtRMOEIHcZlOsQasaOFBAZjjVJ7DGae8ZrqhqT4pnBKeEr1kI4S0VUALBfOyg1YlAaUnsDGsJXF0wD8xH1csa2gGsE5mboGn/BhBfnuBCGGXUZkJQfz5tfrsJm35RBjE6/cxvm4otm0ARFiqFHdpvzCc696ofm+h3d8wlHp/ghc1MHWW0EQFSMwGYgGGfS6B5nG/w09X65Iylg6CdFXxk2xDbpukrie4gHayd+mI36q5Coz2H3tRzMscUOMSZK8wdYWCvFMKrCxO1ktrAatu6q6rzMl7KenPiMOMVYtqsL8G+7SRC5T2Izc5quQzzAqZ8xfaslKMUS7xqitY1B1cuEKGu/hiacoXn3AAawYNypb5UVGw/ph0OI6RZr5MrV2cOnEfBEMYsXT5GeCIJr6+3v8DrjNKNMGnVZ9SFFkLt4EKwzRWqlrZUm8uWgK2+ExzbEDhJSCFDhk8yFuhALY6o3wWVxr1LE5pPsefdvYQfWpy7+mG3b9dBjK/jWuVBUjIutyrV2NbewQwE4K9VFrbWFjQkbKNcgWvTzVWgBbTuttGgSnIaMo1PYWW1WFtgdnfExbrVHcCsHQzQQc4kTYj6lx81M0AHC8xzmk8PUKRo90HCqaQJzg5+67qyDiOmW+RHr2QyBf6Bx/4f5zHI8yp3Y0aLs5nB8MBp/49xmj3IqfBP8cvr/nWbLy+vXcKDGLYd67S9v1sL1X6d5AYO1BXRtZ++ToqGDTo5CUjpx7Ls3TWpxypqC1Y59oxYcQZa0PzJ6e7x/0DzlC0EWonfXqFjCut2JLhKLRFltkUiUEnajbyb1+Wn0hTiUXoydc1sOzJu46F1O6Al9+JXzEWU5V4snt1Dxl6k7mauYn9LC4GYiWpLKk0r7qrCJtiihK6l5i6LUNMG58s4XX+gjmQNst11+PdEut5NPXqpGeZtqVnb7sSoOQpjoH+HDdXUv6LgIOHAFGvZAG4z6aHVn7ve1DY+D2pVbODj6u6B192ocKVLq4UR9t7j7cu1q9tn0z3bvXFduEzIYfTbgFceutO1InnoTvfQne6hO10rpofudBsgfuhO99CdbjOrxPrt6fbQXvqm8g1WUaltRgHA3qrobmYQMMihUnKPy/eux24uUqvGbrDveOwG+cqxr1RGNx6+H8XQZstsvdzFsbpc0+9e3axPkL3RAmEad5yutnvhxlMRYP708W1rv5kVN5AtTIPOEtFlmcOC5aNixtsq4m7HCxo+0vDjJEDu1h6sYGCp9WpnFoxlgPL32IDHieJYtDLaccQy+r+s8c5Da5m+rWX2u24aSWSPobW0u63pUChWUPGbttq5w5M7P1zme/V3i6sNnlVtXWNeNQsObR8rs2VTU01sxqYQ9thbD5V0ToTE8zWFrC2ECp9WoWkWfVzMx1oyV+Usfnjx8X29clY/d6oG/FtHCqBALMZKx211rF44T7xXDcC0ClXz39Z/Gjc6g2w6eKgBDwDXIgG6pO7qcEfoBpqu0ryD33qcppFpQbsRPLVZ0j1iu+YJreRW1LVoPclC6J1JcC8wr5pLKurayZmUWbsxahtaoEtkmWV2euqraYU1HePcl9b6hxZxrR92Bzc6iOgPK7B3Wuj4ez1nq4sd18sLbIn3wuRDA1jFjZqQ1ntrvZuvRq2L9dce6R9HIXGGoTI2FRILv8ee/amFqezjbrby4KKdM5Yh9K1HaDgN27Q+t8Nbx3a12zPV3deg13R+WGCuLmdqY8QQdSkTW95anSphxaPBP7CJXVzf6iEn6S2bnv2sX2/ZMk5x3CGJGiZi3BwxC9cSrdYJr6vQ/I4WLp6Pz8s818k2CpVHoJrdFeRlbDqCcfTf7StovCNL04U/K4kOF5/qYkaO9kiwhRN6jZKpa2+4JoiHnfWws774zmrfVetT9xEvUFrOC7uW1tkYQeI86WAZ27Gh0S8VpRF04ZbN7pLbcIzpVlfhPkeXeVFKMUCvodeoGKAPpVS/KJ66YClJ2lpXMHY3onmszOjmhuhXUJEXqoxAvxITa25NlH2iNS1dOc4bEQR7IwuQdVFllrPAHLdEs67P0de6y5Zrk++RlLB8QqemL9pqgkbRQ2q78+vwf4aUBSSBMdlWO9KkRA60rn8Y1XjO8ilLx55mbH7pH4f+Tn3w8i+rY9ErXGidePRQffWwNQLS62u05SEecfy2URCjYkVKxCrmNN9UB2js8HZ2tMvg5zYR122oWkHR6zJPTAp8giWZMk5/NU0cVhB38eHduxfvX65JYt7Y0T0UH/JZriSH5lTiPNV1BtciKga2j5JhbDCd5itPitm9uRS/ZN7OfLe8/uvb/vtSoYJPwp0pZozLkZYm50jysu12a9GjTZNHWghAHTt296EaISHrR2x8SUu5VvFGNK5Qrn/svoBocz3yp8NvhqdG8ba1BLRGSdMhes24ec+EEghUcMognd77soEBZg72qrtx2GqGtMXtv8IdYJK2OgbafdX4rf0BO7xEruBlhWEtVi5FdwHD+EA1MvWtrm2SQBubtGr60BLxwrq7P8eRqa9sm3J7z+lAbVeBtoS+NMIL+gQxNPql74AQnbSgBMJw130Jq8oCFTVKhx9s1ZswY8ndXujFc1aaFKSQ5gWm0Lbf3A0UAUr6jEkVVjFUEBpQtZZMxVbj5WwhIK1pR6I3zPxR0KsqQEZt79g8QI0SijQnuzoMIhSJBOf9CGo7BbchBupaVmekxHckr2Tc7fWrm+rpbRdxzZSefrF7rr1Ji/DY5cx7ZT0vXzomN9iNvpdPaf7Z0/feq7/X0/fgkw31PYsebaPvRQhAHfrefjKGK0I2yBv+AyU4xmWHjWsbqQtOlPz2DKWcyAXjd8MJ4wvMU5LWw3X3m362n1S532F2Y2emxj4z175c/t3eUwnb0+S6GaUtWaadIx8S8lqRPCTkPSTkPSTktWLqJWMeMvNaED9k5j1k5m2j/a9v7d1xEITuMaQ9OI/IcDrUJA2QLT/1uMXbubO755WzxpJc0gklHD26unzZglfu8M5rbMsWbVvEtCuxuTPUF14HjRXod28WJn5XKXuxZ8KaKOzV/oNwfVUjQM2lmnwuGJeVfebWwLntTk6osKHtgxI5EWW2usRr5xadz1luN2h9TBo+0m2gBZF9N+ruk9f8FChjRZ1hWZVp0q4TCHaJMxNOIkfHFkS9ZhzRPOFQXhtnUK54gOaY30GYkpyZmr9VSSmcpg1zIdKlnebsnqRDdClRgnM0JtDbjU3QAXxzMEAH5p2DgfrgQOS4EDMmW+rjzZiQo2p37XYlPFll5Tn4BYKKWobL9S0QUWHjpJph7e8Zn+MsWzpAzTwld9vL6Weweu9IFH0KTZyGu4CHfPM8EjRPTNRZwZLZEH0SxhSesHlRSmveu/0vzyKasKyct/gbEpyRPMU8Ophy49UxETOcmLRI5/7XASpZZlsc0TkBG7y2ipn9bpbM2TsLJuSUk9DJfaV/XNvTXX23ofkzoAZtHqASErLvGJW6/bVtGux/vxtXN52TX1l3ef92VL8a6eXQfhl/uq9OxeVH08NaubZxOqf5Wo5tG+rYAOtMSVjicTONvMI5X+pIrrVRRiH3c+G/fnHz4u2uHfhpLBavyxVZ0fPkeHi8FjkvbZAdmyC8ruOpwnv96u2rixv0H+j1xw/vYA3Ff65Fx1/hgHMdNn7jSrWcpEGt2o/q7xYZDc+6c2csOPSbZ2RpYp207Cksd3dFu/GCZi5f2tNUUxVrplg5iXcdDK8ghvhtVdUhugjUxts5FpLw2wG6FRm+J+ofyYxm6S16pE7mjy9fH7348BotuO5uAc8eD2K66a1SJGhOstv+8UK7yktoDAtSRdRg7gkfMwHj0gWmb0EvvjVFpVto3ctmbEDdYYjRtY0hgqLauvnnvVI91SmuWeCeYoStYzDou1yB6Wy6NF+n9kwvV/p8jvMUEQgqb6ufaw+M4c7qL7+BqcqniEoIsIGu45oGo/9quiDKPuHd8ew7lR6V1Og4rO7IDkuyK6x3ZBleyewEqKto9+JgvstsVggr4tNSHZJCt9aKE5XgLFMkmRNNLIUkc+9Iu4Yf+t87NIAN7xsOO9om3iJGAuoKuCiDsrrbZ5LSvPwMUKtw8F2E165y5H5d3YS/brVQbBBJsLpEa8HZlOP5mnCDNrhRsC0SYTXI+pd9DqN2qF0pgpHrzfqRGVHIQtQ9s+s6wDqDPfoUmJgRdH39BlhZKSSmhJUpYFbTEw4KLIQSVAdgLCvKcUaTO7I8qFuf3PjoNMey5E2fSi/C3Oe1btMasZJmbYhTzoqiGcZTzXDkQS+SqpKDIAvU1PldzsF2qnQKVpBcF+ifz0lKsSTZ0lLVEsnUnb/Y7YTSXKettFGDbGtocB+48egl34bUqC64Btjg6xYMMV9x12Zp9xev4TFe5fdb32u8lt94I/QrofbwHm+AuANaPx/yBji7AfbxJG8ywx3g+vuTNx9tA2j8XClT1vtgWeWP0aqP0K2SElD/70HltOkA1k+nsN5azbNfkaI2j7j+zxmVIAXh/YcbcB6UKWv2gu0pvgM/pYKWYKGvMQqs05onmGbNqoVOeWt0eeqJ/ebm715eRYCRtt0dPCm72PB8T0z5mZRykkjGl1sQEdGFvHXijDUPgl40SsynRJpcE+ZdZOoEigWVySzi8fKSPOexOpT9pqp2yQYzgCJhRfSxohuncVV2r3vOIN5w281YRJB1GmdtvhKks2ep56vMyUKrvW264IxE6mv1QJaSCS4zqQF0oGvBGxXWq5WTeGy1t+KNi0tvqI0vnZazEUzgLx9olEPhrd+ERS3mDXl0w/XTs9KxgDuabM+usa+8Rw3as3k8mBlqcP9wZgZjipMckwm982xxN/qX9YIAzEerS1FU+NA21rcoPvSb5DtZUjbIeNpDU4KLfg0JOr2669vCfcetbaMthA6Qagn46Uw42tgaDdobBJRBnZbFjORojAVN6uYlKiJlwQPi9hFkdakz9T++vkAnZydPTMCVXIbWpZbd/tBMYJ1UrT32dfitGxn8gRIlUd+8tG1bL2jQLU6v1iyyndX4A7mjIyJ1g8RhtItB9O6qP2trbZAz6bU3YBx+WCG61kubW2fEZrifquHqHg67Gm3QyGGjxg0rkvx22rChmC0FTXBmkLYXdh6XNIvh3BFNAN4SVbFiR93rziS1iOxYgxiAbQXoWkR1prNtSZSCvQlR3SmQW68cgN+Ers7MpHayqspgMx6zvGy0DfrQ25GCudMtyQrCdekRfVntomhFruYetsF61H3p/bAWdRsy4H6XdFX+aEsNfZqn5PM5muCsEdHbk+YPtiarpwjo8jhjMmGcuMvyeIloPiVCHqo3D/Wb9TqSaOMc1b5n+UOvpjVmDT30auo7RQ+9mjro+N32aopTAtfwEXDxDi+5XiUsjUFE0U84yyXJ03Yb0WZhvf4etjhA6MRv2ji5U0S0GTlW0BCloOSuKrsBb5yh1vBBwbaoqwB99f8HAAD//3bb0ao=" } diff --git a/filebeat/module/system/_meta/fields.yml b/filebeat/module/system/_meta/fields.yml index 5811e5279ff..a6fb8d16c8b 100644 --- a/filebeat/module/system/_meta/fields.yml +++ b/filebeat/module/system/_meta/fields.yml @@ -4,27 +4,6 @@ Module for parsing system log files. short_config: true fields: - - name: host.hostname - type: keyword - decription: > - Hostname of the host. - - It can contain what `hostname` returns on Unix systems, the fully - qualified domain name, or a name specified by the user. The sender - decides which value to use. - - - name: group.id - type: keyword - required: false - description: > - ID of the group. - - - name: group.name - type: keyword - required: false - description: > - Name of the group. - - name: system type: group description: > diff --git a/heartbeat/docs/fields.asciidoc b/heartbeat/docs/fields.asciidoc index 2301ae01689..c77d503d30f 100644 --- a/heartbeat/docs/fields.asciidoc +++ b/heartbeat/docs/fields.asciidoc @@ -322,7 +322,7 @@ ECS fields. [float] == agent fields -The agent fields contain the data about the agent/client/shipper that created the event. +The agent fields contain the data about the software entity, if any, that collects, detects, or observes events on a host, or takes measurements on a host. Examples include Beats. Agents may also run on observers. ECS agent.* fields shall be populated with details of the agent running on the host or observer where the event happened or the measurement was taken. @@ -338,24 +338,29 @@ Version of the agent. -- -*`agent.type`*:: +*`agent.name`*:: + -- type: keyword -example: filebeat +example: foo Name of the agent. +This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. +If no name is given, the name is often left empty. -- -*`agent.hostname`*:: +*`agent.type`*:: + -- type: keyword -Hostname of the agent. +example: filebeat + +Type of the agent. +The agent type stays always the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine. -- @@ -426,7 +431,7 @@ List of keywords used to tag each event. -- type: object -example: {'key2': 'value2', 'key1': 'value1'} +example: {'application': 'foo-bar', 'env': 'production'} Key/value pairs. Can be used to add meta information to events. Should not contain nested objects. All values are stored as keyword. @@ -446,6 +451,183 @@ For log events the message field contains the log message. In other use cases the message field can be used to concatenate different values which are then freely searchable. If multiple messages exist, they can be combined into one message. +-- + +[float] +== client fields + +A client is defined as the initiator of a network connection for events regarding sessions, connections, or bidirectional flow records. For TCP events, the client is the initiator of the TCP connection that sends the SYN packet(s). For other protocols, the client is generally the initiator or requestor in the network transaction. Some systems use the term "originator" to refer the client in TCP connections. The client fields describe details about the system acting as the client in the network event. Client fields are usually populated in conjuction with server fields. Client fields are generally not populated for packet-level events. + + + +*`client.ip`*:: ++ +-- +type: ip + +IP address of the client. +Can be one or multiple IPv4 or IPv6 addresses. + + +-- + +*`client.port`*:: ++ +-- +type: long + +Port of the client. + + +-- + +*`client.mac`*:: ++ +-- +type: keyword + +MAC address of the client. + + +-- + +*`client.domain`*:: ++ +-- +type: keyword + +Client domain. + + +-- + +*`client.bytes`*:: ++ +-- +type: long + +example: 184 + +Bytes sent from the client to the server. + + +-- + +*`client.packets`*:: ++ +-- +type: long + +example: 12 + +Packets sent from the client to the server. + + +-- + +[float] +== geo fields + +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + + + +*`client.geo.location`*:: ++ +-- +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +Longitude and latitude. + + +-- + +*`client.geo.continent_name`*:: ++ +-- +type: keyword + +example: North America + +Name of the continent. + + +-- + +*`client.geo.country_name`*:: ++ +-- +type: keyword + +example: Canada + +Country name. + + +-- + +*`client.geo.region_name`*:: ++ +-- +type: keyword + +example: Quebec + +Region name. + + +-- + +*`client.geo.city_name`*:: ++ +-- +type: keyword + +example: Montreal + +City name. + + +-- + +*`client.geo.country_iso_code`*:: ++ +-- +type: keyword + +example: CA + +Country ISO code. + + +-- + +*`client.geo.region_iso_code`*:: ++ +-- +type: keyword + +example: CA-QC + +Region ISO code. + + +-- + +*`client.geo.name`*:: ++ +-- +type: keyword + +example: boston-dc + +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. + + -- [float] @@ -610,7 +792,7 @@ Image labels. [float] == destination fields -Destination fields describe details about the destination of a packet/event. +Destination fields describe details about the destination of a packet/event. Destination fields are usually populated in conjunction with source fields. @@ -655,161 +837,154 @@ Destination domain. -- -[float] -== geo fields - -Geolocation for destination. - - -*`destination.geo.continent_name`*:: +*`destination.bytes`*:: + -- -type: keyword +type: long -Name of the continent. +example: 184 + +Bytes sent from the destination to the source. -- -*`destination.geo.country_iso_code`*:: +*`destination.packets`*:: + -- -type: keyword +type: long -Country ISO code. +example: 12 + +Packets sent from the destination to the source. -- +[float] +== geo fields + +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + + + *`destination.geo.location`*:: + -- type: geo_point +example: { "lon": -73.614830, "lat": 45.505918 } + Longitude and latitude. -- -*`destination.geo.region_name`*:: +*`destination.geo.continent_name`*:: + -- type: keyword -Region name. +example: North America + +Name of the continent. -- -*`destination.geo.city_name`*:: +*`destination.geo.country_name`*:: + -- type: keyword -City name. +example: Canada + +Country name. -- -*`destination.geo.region_iso_code`*:: +*`destination.geo.region_name`*:: + -- type: keyword -Region ISO code. - - --- - -[float] -== device fields +example: Quebec -Device fields are used to provide additional information about the device that is the source of the information. This could be a firewall, network device, etc. +Region name. +-- -*`device.mac`*:: +*`destination.geo.city_name`*:: + -- type: keyword -MAC address of the device +example: Montreal - --- - -*`device.ip`*:: -+ --- -type: ip - -IP address of the device. +City name. -- -*`device.hostname`*:: +*`destination.geo.country_iso_code`*:: + -- type: keyword -Hostname of the device. - - --- - -*`device.vendor`*:: -+ --- -type: text +example: CA -Device vendor information. +Country ISO code. -- -*`device.version`*:: +*`destination.geo.region_iso_code`*:: + -- type: keyword -Device version. +example: CA-QC + +Region ISO code. -- -*`device.serial_number`*:: +*`destination.geo.name`*:: + -- type: keyword -Device serial number. +example: boston-dc +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. --- -*`device.timezone.offset.sec`*:: -+ -- -type: long -example: -5400 +[float] +== ecs fields -Timezone offset of the host in seconds. -Number of seconds relative to UTC. If the offset is -01:30 the value will be -5400. +Meta-information specific to ECS. --- -*`device.type`*:: +*`ecs.version`*:: + -- type: keyword -example: firewall +example: 1.0.0-beta1 + +required: True -The type of the device the data is coming from. -There is no predefined list of device types. Some examples are `endpoint`, `firewall`, `ids`, `ips`, `proxy`. +ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. +When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. +The current version is 1.0.0-beta1 . -- @@ -854,7 +1029,7 @@ Error code describing the error. [float] == event fields -The event fields are used for context information about the data itself. +The event fields are used for context information about the log or metric event itself. A log is defined as an event containing details of something that happened. Log events must include the time at which the thing happened. Examples of log events include a process starting on a host, a network packet being sent from a source to a destination, or a network connection between a client and a server being initiated or closed. A metric is defined as an event containing one or more numerical or categorical measurements and the time at which the measurement was taken. Examples of metric events include memory pressure measured on a host, or vulnerabilities measured on a scanned host. @@ -868,6 +1043,19 @@ example: 8a4f500d Unique ID to describe the event. +-- + +*`event.kind`*:: ++ +-- +type: keyword + +example: state + +The kind of the event. +This gives information about what type of information the event contains, without being specific to the contents of the event. Examples are `event`, `state`, `alarm`. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. + + -- *`event.category`*:: @@ -875,36 +1063,47 @@ Unique ID to describe the event. -- type: keyword -example: metrics +example: user-management Event category. -This can be a user defined category. +This contains high-level information about the contents of the event. It is more generic than `event.action`, in the sense that typically a category contains multiple actions. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. -- -*`event.type`*:: +*`event.action`*:: + -- type: keyword -example: nginx-stats-metrics +example: user-password-change -A type given to this kind of event which can be used for grouping. -This is normally defined by the user. +The action captured by the event. +This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer. -- -*`event.action`*:: +*`event.outcome`*:: + -- type: keyword -example: reject +example: success + +The outcome of the event. +If the event describes an action, this fields contains the outcome of that action. Examples outcomes are `success` and `failure`. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. + + +-- + +*`event.type`*:: ++ +-- +type: keyword -The action captured by the event. The type of action will vary from system to system but is likely to include actions by security services, such as blocking or quarantining; as well as more generic actions such as login events, file i/o or proxy forwarding events. -The value is normally defined by the user. +Reserved for future usage. +Please avoid using this field for user data. -- @@ -974,29 +1173,24 @@ Hash (perhaps logstash fingerprint) of raw field to be able to demonstrate log i -- -*`event.version`*:: +*`event.duration`*:: + -- -type: keyword - -example: 0.1.0 - -required: True +type: long -The version field contains the version an event for ECS adheres to. -This field should be provided as part of each event to make it possible to detect to which ECS version an event belongs. -event.version is a required field and must exist in all events. It describes which ECS version the event adheres to. -The current version is 0.1.0. +Duration of the event in nanoseconds. +If event.start and event.end are known this value should be the difference between the end and start time. -- -*`event.duration`*:: +*`event.timezone`*:: + -- -type: long +type: keyword -Duration of the event in nanoseconds. +This field should be populated when the event's timestamp does not include timezone information already (e.g. default Syslog timestamps). It's optional otherwise. +Acceptable timezone formats are: a canonical ID (e.g. "Europe/Amsterdam"), abbreviated (e.g. "EST") or an HH:mm differential (e.g. "-05:00"). -- @@ -1013,12 +1207,32 @@ In case the two timestamps are identical, @timestamp should be used. -- -*`event.risk_score`*:: +*`event.start`*:: + -- -type: float +type: date -Risk score or priority of the event (e.g. security solutions). Use your system's original value here. +event.start contains the date when the event started or when the activity was first observed. + + +-- + +*`event.end`*:: ++ +-- +type: date + +event.end contains the date when the event ended or when the activity was last observed. + + +-- + +*`event.risk_score`*:: ++ +-- +type: float + +Risk score or priority of the event (e.g. security solutions). Use your system's original value here. -- @@ -1037,45 +1251,25 @@ This is mainly useful if you use more than one system that assigns risk scores, [float] == file fields -File fields provide details about each file. +A file is defined as a set of information that has been created on, or has existed on a filesystem. File objects can be associated with host events, network events, and/or file events (e.g., those produced by File Integrity Monitoring [FIM] products or services). File fields provide details about the affected file associated with the event or metric. *`file.path`*:: + -- -type: text - -Path to the file. - -*`file.path.raw`*:: -+ --- type: keyword -Path to the file. This is a non-analyzed field that is useful for aggregations. - - --- +Path to the file. -- *`file.target_path`*:: + -- -type: text - -Target path for symlinks. - -*`file.target_path.raw`*:: -+ --- type: keyword -Path to the file. This is a non-analyzed field that is useful for aggregations. - - --- +Target path for symlinks. -- @@ -1195,193 +1389,284 @@ Last time file metadata changed. -- [float] -== geo fields +== group fields -Geo fields can carry data about a specific location related to an event or geo information for an IP field. +The group fields are meant to represent groups that are relevant to the event. -*`geo.continent_name`*:: +*`group.id`*:: + -- type: keyword -Name of the continent. +Unique identifier for the group on the system/platform. -- -*`geo.country_iso_code`*:: +*`group.name`*:: + -- type: keyword -Country ISO code. +Name of the group. -- -*`geo.location`*:: +[float] +== host fields + +A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or on which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes. + + + +*`host.hostname`*:: + -- -type: geo_point +type: keyword -Longitude and latitude. +Hostname of the host. +It normally contains what the `hostname` command returns on the host machine. -- -*`geo.region_name`*:: +*`host.name`*:: + -- type: keyword -Region name. +Name of the host. +It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. -- -*`geo.city_name`*:: +*`host.id`*:: + -- type: keyword -City name. +Unique host id. +As hostname is not always unique, use values that are meaningful in your environment. +Example: The current usage of `beat.name`. + + +-- + +*`host.ip`*:: ++ +-- +type: ip + +Host ip address. + + +-- + +*`host.mac`*:: ++ +-- +type: keyword + +Host mac address. + + +-- + +*`host.type`*:: ++ +-- +type: keyword + +Type of host. +For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. + + +-- + +*`host.architecture`*:: ++ +-- +type: keyword + +example: x86_64 + +Operating system architecture. -- [float] -== host fields +== os fields -Host fields provide information related to a host. A host can be a physical machine, a virtual machine, or a Docker container. -Normally the host information is related to the machine on which the event was generated/collected, but they can be used differently if needed. +The OS fields contain information about the operating system. -*`host.timezone.offset.sec`*:: +*`host.os.platform`*:: + -- -type: long +type: keyword -example: -5400 +example: darwin -Timezone offset of the host in seconds. -Number of seconds relative to UTC. If the offset is -01:30 the value will be -5400. +Operating system platform (such centos, ubuntu, windows). -- -*`host.name`*:: +*`host.os.name`*:: + -- type: keyword -host.name is the hostname of the host. -It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. +example: Mac OS X + +Operating system name. -- -*`host.id`*:: +*`host.os.family`*:: + -- type: keyword -Unique host id. -As hostname is not always unique, use values that are meaningful in your environment. -Example: The current usage of `beat.name`. +example: debian + +OS family (such as redhat, debian, freebsd, windows). -- -*`host.ip`*:: +*`host.os.version`*:: + -- -type: ip +type: keyword -Host ip address. +example: 10.12.6-rc2 + +Operating system version as a raw string. -- -*`host.mac`*:: +*`host.os.kernel`*:: + -- type: keyword -Host mac address. +example: 4.4.0-112-generic + +Operating system kernel version as a raw string. -- -*`host.type`*:: +[float] +== geo fields + +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + + + +*`host.geo.location`*:: ++ +-- +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +Longitude and latitude. + + +-- + +*`host.geo.continent_name`*:: + -- type: keyword -Type of host. -For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. +example: North America + +Name of the continent. -- -*`host.os.platform`*:: +*`host.geo.country_name`*:: + -- type: keyword -example: darwin +example: Canada -Operating system platform (centos, ubuntu, windows, etc.) +Country name. -- -*`host.os.name`*:: +*`host.geo.region_name`*:: + -- type: keyword -example: Mac OS X +example: Quebec -Operating system name. +Region name. -- -*`host.os.family`*:: +*`host.geo.city_name`*:: + -- type: keyword -example: debian +example: Montreal -OS family (redhat, debian, freebsd, windows, etc.) +City name. -- -*`host.os.version`*:: +*`host.geo.country_iso_code`*:: + -- type: keyword -example: 10.12.6 +example: CA -Operating system version. +Country ISO code. -- -*`host.architecture`*:: +*`host.geo.region_iso_code`*:: + -- type: keyword -example: x86_64 +example: CA-QC -Operating system architecture. +Region ISO code. + + +-- + +*`host.geo.name`*:: ++ +-- +type: keyword + +example: boston-dc + +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. -- @@ -1389,7 +1674,7 @@ Operating system architecture. [float] == http fields -Fields related to HTTP requests and responses. +Fields related to HTTP activity. @@ -1403,6 +1688,18 @@ example: GET, POST, PUT Http request method. +-- + +*`http.request.referrer`*:: ++ +-- +type: keyword + +example: https://blog.example.com/ + +Referrer for this HTTP request. + + -- *`http.response.status_code`*:: @@ -1420,7 +1717,7 @@ Http response status code. *`http.response.body`*:: + -- -type: text +type: keyword example: Hello world @@ -1481,186 +1778,448 @@ Field is not indexed. [float] == network fields -Fields related to network data. +The network is defined as the communication path over which a host or network event happens. The network.* fields should be populated with details about the network activity associated with an event. *`network.name`*:: + -- -type: text +type: keyword example: Guest Wifi Name given by operators to sections of their network. -*`network.name.raw`*:: +-- + +*`network.type`*:: + -- type: keyword -Name given by operators to sections of their network. +example: IPv4 +In the OSI Model this would be the Network Layer. IPv4, IPv6, IPSec, PIM, etc --- -- -*`network.protocol`*:: +*`network.iana_number`*:: + -- type: keyword -example: http +example: 6 -Network protocol name. +IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Standardized list of protocols. This aligns well with NetFlow and sFlow related logs which use the IANA Protocol Number. -- -*`network.direction`*:: +*`network.transport`*:: + -- type: keyword -example: inbound +example: TCP -Direction of the network traffic. -Recommended values are: - * inbound - * outbound - * unknown +Same as network.iana_number, but instead using the Keyword name of the transport layer (UDP, TCP, IPv6-ICMP, etc.) -- -*`network.forwarded_ip`*:: +*`network.application`*:: + -- -type: ip +type: keyword -example: 192.1.1.2 +example: AIM -Host IP address when the source IP address is the proxy. +A name given to an application. This can be arbitrarily assigned for things like microservices, but also apply to things like skype, icq, facebook, twitter. This would be used in situations where the vendor or service can be decoded such as from the source/dest IP owners, ports, or wire format. -- -*`network.inbound.bytes`*:: +*`network.protocol`*:: + -- -type: long +type: keyword -example: 184 +example: http -Network inbound bytes. +L7 Network protocol name. ex. http, lumberjack, transport protocol -- -*`network.inbound.packets`*:: +*`network.direction`*:: + -- -type: long +type: keyword -example: 12 +example: inbound + +Direction of the network traffic. +Recommended values are: + * inbound + * outbound + * internal + * external + * unknown -Network inbound packets. +When mapping events from a host-based monitoring context, populate this field from the host's point of view. +When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of your network perimeter. -- -*`network.outbound.bytes`*:: +*`network.forwarded_ip`*:: + -- -type: long +type: ip -example: 184 +example: 192.1.1.2 -Network outbound bytes. +Host IP address when the source IP address is the proxy. -- -*`network.outbound.packets`*:: +*`network.community_id`*:: + -- -type: long +type: keyword -example: 12 +example: 1:hO+sN4H+MG5MY/8hIrXPqc4ZQz0= -Network outbound packets. +A hash of source and destination IPs and ports, as well as the protocol used in a communication. This is a tool-agnostic standard to identify flows. +Learn more at https://github.com/corelight/community-id-spec. -- -*`network.total.bytes`*:: +*`network.bytes`*:: + -- type: long example: 368 -Network total bytes. The sum of inbound.bytes + outbound.bytes. +Total bytes transferred in both directions. +If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. -- -*`network.total.packets`*:: +*`network.packets`*:: + -- type: long example: 24 -Network outbound packets. The sum of inbound.packets + outbound.packets +Total packets transferred in both directions. +If `source.packets` and `destination.packets` are known, `network.packets` is their sum. -- [float] -== organization fields +== observer fields -The organization fields enrich data with information about the company or entity the data is associated with. These fields help you arrange or filter data stored in an index by one or multiple organizations. +An observer is defined as a special network, security, or application device used to detect, observe, or create network, security, or application-related events and metrics. This could be a custom hardware appliance or a server that has been configured to run special network, security, or application software. Examples include firewalls, intrusion detection/prevention systems, network monitoring sensors, web application firewalls, data loss prevention systems, and APM servers. The observer.* fields shall be populated with details of the system, if any, that detects, observes and/or creates a network, security, or application event or metric. Message queues and ETL components used in processing events or metrics are not considered observers in ECS. -*`organization.name`*:: +*`observer.mac`*:: + -- -type: text +type: keyword -Organization name. +MAC address of the observer -- -*`organization.id`*:: +*`observer.ip`*:: + -- -type: keyword +type: ip -Unique identifier for the organization. +IP address of the observer. -- -[float] -== os fields +*`observer.hostname`*:: ++ +-- +type: keyword -The OS fields contain information about the operating system. These fields are often used inside other prefixes, such as `host.os.*` or `user_agent.os.*`. +Hostname of the observer. +-- -*`os.platform`*:: +*`observer.vendor`*:: + -- type: keyword -example: darwin +observer vendor information. -Operating system platform (such centos, ubuntu, windows). + +-- + +*`observer.version`*:: ++ +-- +type: keyword + +Observer version. + + +-- + +*`observer.serial_number`*:: ++ +-- +type: keyword + +Observer serial number. + + +-- + +*`observer.type`*:: ++ +-- +type: keyword + +example: firewall + +The type of the observer the data is coming from. +There is no predefined list of observer types. Some examples are `forwarder`, `firewall`, `ids`, `ips`, `proxy`, `poller`, `sensor`, `APM server`. + + +-- + +[float] +== os fields + +The OS fields contain information about the operating system. + + + +*`observer.os.platform`*:: ++ +-- +type: keyword + +example: darwin + +Operating system platform (such centos, ubuntu, windows). + + +-- + +*`observer.os.name`*:: ++ +-- +type: keyword + +example: Mac OS X + +Operating system name. + + +-- + +*`observer.os.family`*:: ++ +-- +type: keyword + +example: debian + +OS family (such as redhat, debian, freebsd, windows). + + +-- + +*`observer.os.version`*:: ++ +-- +type: keyword + +example: 10.12.6-rc2 + +Operating system version as a raw string. + + +-- + +*`observer.os.kernel`*:: ++ +-- +type: keyword + +example: 4.4.0-112-generic + +Operating system kernel version as a raw string. + + +-- + +[float] +== geo fields + +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + + + +*`observer.geo.location`*:: ++ +-- +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +Longitude and latitude. + + +-- + +*`observer.geo.continent_name`*:: ++ +-- +type: keyword + +example: North America + +Name of the continent. + + +-- + +*`observer.geo.country_name`*:: ++ +-- +type: keyword + +example: Canada + +Country name. + + +-- + +*`observer.geo.region_name`*:: ++ +-- +type: keyword + +example: Quebec + +Region name. + + +-- + +*`observer.geo.city_name`*:: ++ +-- +type: keyword + +example: Montreal + +City name. + + +-- + +*`observer.geo.country_iso_code`*:: ++ +-- +type: keyword + +example: CA + +Country ISO code. + + +-- + +*`observer.geo.region_iso_code`*:: ++ +-- +type: keyword + +example: CA-QC + +Region ISO code. + + +-- + +*`observer.geo.name`*:: ++ +-- +type: keyword + +example: boston-dc + +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. + + +-- + +[float] +== organization fields + +The organization fields enrich data with information about the company or entity the data is associated with. These fields help you arrange or filter data stored in an index by one or multiple organizations. + + + +*`organization.name`*:: ++ +-- +type: keyword + +Organization name. + + +-- + +*`organization.id`*:: ++ +-- +type: keyword + +Unique identifier for the organization. + + +-- + +[float] +== os fields + +The OS fields contain information about the operating system. + + + +*`os.platform`*:: ++ +-- +type: keyword + +example: darwin + +Operating system platform (such centos, ubuntu, windows). -- @@ -1720,12 +2279,45 @@ These fields contain information about a process. These fields can help you corr +*`process.pid`*:: ++ +-- +type: long + +Process id. + + +-- + +*`process.name`*:: ++ +-- +type: keyword + +example: ssh + +Process name. +Sometimes called program name or similar. + + +-- + +*`process.ppid`*:: ++ +-- +type: long + +Process parent id. + + +-- + *`process.args`*:: + -- type: keyword -example: ['-l', 'user', '10.0.0.16'] +example: ['ssh', '-l', 'user', '10.0.0.16'] Process arguments. May be filtered to protect sensitive information. @@ -1733,46 +2325,255 @@ May be filtered to protect sensitive information. -- -*`process.name`*:: +*`process.executable`*:: + -- type: keyword -example: ssh +example: /usr/bin/ssh -Process name. -Sometimes called program name or similar. +Absolute path to the process executable. -- -*`process.pid`*:: +*`process.title`*:: ++ +-- +type: keyword + +Process title. +The proctitle, some times the same as process name. Can also be different: for example a browser setting its title to the web page currently opened. + + +-- + +*`process.thread.id`*:: ++ +-- +type: long + +example: 4242 + +Thread ID. + + +-- + +*`process.start`*:: ++ +-- +type: date + +example: 2016-05-23T08:05:34.853Z + +The time the process started. + + +-- + +*`process.working_directory`*:: ++ +-- +type: keyword + +example: /home/alice + +The working directory of the process. + + +-- + +[float] +== related fields + +This field set is meant to facilitate pivoting around a piece of data. Some pieces of information can be seen in many places in ECS. To facilitate searching for them, append values to their corresponding field in `related.`. A concrete example is IP addresses, which can be under host, observer, source, destination, client, server, and network.forwarded_ip. If you append all IPs to `related.ip`, you can then search for a given IP trivially, no matter where it appeared, by querying `related.ip:a.b.c.d`. + + + +*`related.ip`*:: ++ +-- +type: ip + +All of the IPs seen on your event. + + +-- + +[float] +== server fields + +A Server is defined as the responder in a network connection for events regarding sessions, connections, or bidirectional flow records. For TCP events, the server is the receiver of the initial SYN packet(s) of the TCP connection. For other protocols, the server is generally the responder in the network transaction. Some systems actually use the term "responder" to refer the server in TCP connections. The server fields describe details about the system acting as the server in the network event. Server fields are usually populated in conjunction with client fields. Server fields are generally not populated for packet-level events. + + + +*`server.ip`*:: ++ +-- +type: ip + +IP address of the server. +Can be one or multiple IPv4 or IPv6 addresses. + + +-- + +*`server.port`*:: ++ +-- +type: long + +Port of the server. + + +-- + +*`server.mac`*:: ++ +-- +type: keyword + +MAC address of the server. + + +-- + +*`server.domain`*:: ++ +-- +type: keyword + +Server domain. + + +-- + +*`server.bytes`*:: ++ +-- +type: long + +example: 184 + +Bytes sent from the server to the client. + + +-- + +*`server.packets`*:: + -- type: long -Process id. +example: 12 + +Packets sent from the server to the client. + + +-- + +[float] +== geo fields + +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + + + +*`server.geo.location`*:: ++ +-- +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +Longitude and latitude. + + +-- + +*`server.geo.continent_name`*:: ++ +-- +type: keyword + +example: North America + +Name of the continent. + + +-- + +*`server.geo.country_name`*:: ++ +-- +type: keyword + +example: Canada + +Country name. + + +-- + +*`server.geo.region_name`*:: ++ +-- +type: keyword + +example: Quebec + +Region name. + + +-- + +*`server.geo.city_name`*:: ++ +-- +type: keyword + +example: Montreal + +City name. + + +-- + +*`server.geo.country_iso_code`*:: ++ +-- +type: keyword + +example: CA + +Country ISO code. -- -*`process.ppid`*:: +*`server.geo.region_iso_code`*:: + -- -type: long +type: keyword -Process parent id. +example: CA-QC + +Region ISO code. -- -*`process.title`*:: +*`server.geo.name`*:: + -- type: keyword -Process title. -The proctitle, often the same as process name. +example: boston-dc + +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. -- @@ -1803,11 +2604,12 @@ Example: If you are experiencing issues with one redis instance, you can filter -- type: keyword -example: elasticsearch +example: elasticsearch-metrics Name of the service data is collected from. -The name can be used to group and correlate logs and metrics from one service. -Example: If logs or metrics are collected from Redis, `service.name` would be `redis`. +The name of the service is normally user given. This allows if two instances of the same service are running on the same machine they can be differentiated by the `service.name`. +Also it allows for distributed services that run on multiple hosts to correlate the related instances based on the name. +In the case of Elasticsearch the service.name could contain the cluster name. For Beats the service.name is by default a copy of the `service.type` field if no name is specified. -- @@ -1817,7 +2619,11 @@ Example: If logs or metrics are collected from Redis, `service.name` would be `r -- type: keyword -Service type. +example: elasticsearch + +The type of the service data is collected from. +The type can be used to group and correlate logs and metrics from one service type. +Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. -- @@ -1861,7 +2667,7 @@ This id normally changes across restarts, but `service.id` does not. [float] == source fields -Source fields describe details about the source of the event. +Source fields describe details about the source of a packet/event. Source fields are usually populated in conjunction with destination fields. @@ -1904,40 +2710,71 @@ type: keyword Source domain. +-- + +*`source.bytes`*:: ++ +-- +type: long + +example: 184 + +Bytes sent from the source to the destination. + + +-- + +*`source.packets`*:: ++ +-- +type: long + +example: 12 + +Packets sent from the source to the destination. + + -- [float] == geo fields -Geolocation for source. +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. -*`source.geo.continent_name`*:: + +*`source.geo.location`*:: + -- -type: keyword +type: geo_point -Name of the continent. +example: { "lon": -73.614830, "lat": 45.505918 } + +Longitude and latitude. -- -*`source.geo.country_iso_code`*:: +*`source.geo.continent_name`*:: + -- type: keyword -Country ISO code. +example: North America + +Name of the continent. -- -*`source.geo.location`*:: +*`source.geo.country_name`*:: + -- -type: geo_point +type: keyword -Longitude and latitude. +example: Canada + +Country name. -- @@ -1947,6 +2784,8 @@ Longitude and latitude. -- type: keyword +example: Quebec + Region name. @@ -1957,9 +2796,23 @@ Region name. -- type: keyword +example: Montreal + City name. +-- + +*`source.geo.country_iso_code`*:: ++ +-- +type: keyword + +example: CA + +Country ISO code. + + -- *`source.geo.region_iso_code`*:: @@ -1967,15 +2820,31 @@ City name. -- type: keyword +example: CA-QC + Region ISO code. +-- + +*`source.geo.name`*:: ++ +-- +type: keyword + +example: boston-dc + +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. + + -- [float] == url fields -URL fields provide a complete URL, with scheme, host, and path. The URL object can be reused in other prefixes, such as `host.url.*` for example. Keep the structure consistent whenever you use URL fields. +URL fields provide a complete URL, with scheme, host, and path. @@ -1984,11 +2853,24 @@ URL fields provide a complete URL, with scheme, host, and path. The URL object c -- type: keyword -example: https://elastic.co:443/search?q=elasticsearch#top +example: https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch + + +Unmodified original url as seen in the event source. +Note that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path. +This field is meant to represent the URL as it was observed, complete or not. + + +-- + +*`url.full`*:: ++ +-- +type: keyword + +example: https://www.elastic.co:443/search?q=elasticsearch#top -Full url. The field is stored as keyword. -`url.href` is a [multi field](https://www.elastic.co/guide/en/ elasticsearch/reference/6.2/ multi-fields.html#_multi_fields_with_multiple_analyzers). The data is stored as keyword `url.href` and test `url.href.analyzed`. These fields enable you to run a query against part of the url still works splitting up the URL at ingest time. -`href` is an analyzed field so the parsed information can be accessed through `href.analyzed` in queries. +If full URLs are important to your use case, they should be stored in `url.full`, whether this field is reconstructed or present in the event source. -- @@ -2006,15 +2888,15 @@ Note: The `:` is not part of the scheme. -- -*`url.hostname`*:: +*`url.domain`*:: + -- type: keyword -example: elastic.co +example: www.elastic.co -Hostname of the request, such as "elastic.co". -In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `hostname` field. +Domain of the request, such as "www.elastic.co". +In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field. -- @@ -2034,42 +2916,22 @@ Port of the request, such as 443. *`url.path`*:: + -- -type: text - -Path of the request, such as "/search". - - -*`url.path.raw`*:: -+ --- type: keyword -URL path. A non-analyzed field that is useful for aggregations. - +Path of the request, such as "/search". --- -- *`url.query`*:: + -- -type: text +type: keyword The query field describes the query string of the request, such as "q=elasticsearch". The `?` is excluded from the query string. If a URL contains no `?`, there is no query field. If there is a `?` but no query, the query field exists with an empty string. The `exists` query can be used to differentiate between the two cases. -*`url.query.raw`*:: -+ --- -type: keyword - -URL query part. A non-analyzed field that is useful for aggregations. - - --- - -- *`url.fragment`*:: @@ -2125,8 +2987,21 @@ One or multiple unique identifiers of the user. -- type: keyword -Name of the user. -The field is a keyword, and will not be tokenized. +example: albert + +Short name or login of the user. + + +-- + +*`user.full_name`*:: ++ +-- +type: keyword + +example: Albert Einstein + +User's full name, if available. -- @@ -2150,6 +3025,16 @@ Unique user hash to correlate information for a user in anonymized form. Useful if `user.id` or `user.name` contain confidential information and cannot be used. +-- + +*`user.group`*:: ++ +-- +type: keyword + +Group the user is a part of. This field can contain a list of groups, if necessary. + + -- [float] @@ -2162,19 +3047,25 @@ The user_agent fields normally come from a browser request. They often show up i *`user_agent.original`*:: + -- -type: text +type: keyword + +example: Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1 Unparsed version of the user_agent. +Field is not indexed. + -- -*`user_agent.device`*:: +*`user_agent.name`*:: + -- type: keyword -Name of the physical device. +example: Safari + +Name of the user agent. -- @@ -2184,129 +3075,196 @@ Name of the physical device. -- type: keyword -Version of the physical device. +example: 12.0 + +Version of the user agent. -- -*`user_agent.major`*:: +*`user_agent.device.name`*:: + -- -type: long +type: keyword -Major version of the user agent. +example: iPhone + +Name of the device. -- -*`user_agent.minor`*:: +[float] +== os fields + +The OS fields contain information about the operating system. + + + +*`user_agent.os.platform`*:: + -- -type: long +type: keyword -Minor version of the user agent. +example: darwin + +Operating system platform (such centos, ubuntu, windows). -- -*`user_agent.patch`*:: +*`user_agent.os.name`*:: + -- type: keyword -Patch version of the user agent. +example: Mac OS X + +Operating system name. -- -*`user_agent.name`*:: +*`user_agent.os.family`*:: + -- type: keyword -example: Chrome +example: debian -Name of the user agent. +OS family (such as redhat, debian, freebsd, windows). -- -*`user_agent.os.name`*:: +*`user_agent.os.version`*:: + -- type: keyword -Name of the operating system. +example: 10.12.6-rc2 + +Operating system version as a raw string. -- -*`user_agent.os.version`*:: +*`user_agent.os.kernel`*:: + -- type: keyword -Version of the operating system. +example: 4.4.0-112-generic + +Operating system kernel version as a raw string. -- -*`user_agent.os.major`*:: +*`beat.name`*:: + -- -type: long +type: alias -Major version of the operating system. +alias to: agent.type + +-- + +*`beat.hostname`*:: ++ +-- +type: alias +alias to: agent.hostname -- -*`user_agent.os.minor`*:: +*`agent.hostname`*:: + -- -type: long +type: keyword -Minor version of the operating system. +Hostname of the agent. -- -*`beat.name`*:: +*`user_agent.patch`*:: + -- -type: alias +type: keyword + +Patch version of the user agent. -alias to: agent.type -- -*`beat.hostname`*:: +*`user_agent.minor`*:: + -- -type: alias +type: keyword + +Minor version of the user agent. -alias to: agent.hostname -- -[[exported-fields-host-processor]] -== Host fields +*`user_agent.major`*:: ++ +-- +type: keyword -Info collected for the host machine. +Major version of the user agent. +-- +*`user_agent.device`*:: ++ +-- +type: keyword -*`host.os.kernel`*:: +Name of the physical device. + + +-- + +*`user_agent.os.major`*:: ++ +-- +type: long + +Major version of the operating system. + + +-- + +*`user_agent.os.minor`*:: ++ +-- +type: long + +Minor version of the operating system. + + +-- + +*`url.hostname`*:: + -- type: keyword -The operating system's kernel version. +Hostname of the request, such as "elastic.co". -- +[[exported-fields-host-processor]] +== Host fields + +Info collected for the host machine. + + [[exported-fields-http]] == HTTP monitor fields diff --git a/heartbeat/include/fields.go b/heartbeat/include/fields.go index 2dd9cb03fc5..70d4213f7b9 100644 --- a/heartbeat/include/fields.go +++ b/heartbeat/include/fields.go @@ -31,5 +31,5 @@ func init() { // Asset returns asset data func Asset() string { - return "eJzsff1zGzey4O/+K1By1SXeo2hJlmVHr/be8/ojUa0duyz59urebongTJPEaghMAIxo5vb+9ys0gBlgBkMNP5zk6k6piiVyprsBNBr9jWNyB+tLApl6RIhmuoBL8vb19SNCclCZZKVmgl+S//aIEGK+IDMGRa7Gj4j77RK/wf8dE06XcEnoHLjGT2qQr4KP5lJU5SU5c38m8JifmwVYQA4PyQTXlHGiF0ByqimhU1Fp/BOfe5oVzPyjFqwsQRK9oLqGlkmgGnJ8Gu6B67H7aiaE5kJDiPrtV7osC1CX5Mqiy6gCImbkL0C1IjMhSSHmatTgHpuBE6bIjBUwBarH5J2Q5NWnDyPCtPlCL6CGb4clK84ZnxM3JFqWTxXIe5bBOBg84zMhl9TMDskFKMKFJtmC8jkQNqtB4oQwRZR5Ry+kqOYL8ksFlcGg1krDUpGC3QH5K53d0RH5DDlTIyIkKaXIQKngwRqqqrIFoYq8F3OlqVoQOyZyDfIepJ9CvS7h0q6qn9SAM0LGuAepmOD15/7dO1ivhMyDz3uYwvz8dwvErEcz/w0T2h+wS3hJLsYn45NjmZ11iDGo96PkZ7Pow8jwfNGhYiGUNr/tR8lPDkqLmg42lu+H5wtnv1RAWA5csxkDaREy5bj1ezYjggOBr0xp9aQzH/XeusT9YfcTvr8SVZGTKRDcPSwfp2bxJT2fPT85yTvjgnIBS5C0uN13hG89pH0GeWMeZjnhZusWxdptWEVoJoVSRILSVGo1ItNKk4ldLZZP6h2+afSzrsCdUgWxvP1L84kTt6cPi1sDhijQXtQqQovCi9/VghlhIIEIK7C0KEkB91CguFLgHzSPZGK5FNwP10AxS6HMRKL0VdvLjqP/0Gxp5m1ZHnWWOKc63EESfqmYhPySaFmFX5QLquCSPEtN79HZyenF8cnz47NnNycvL0+eXz47H798/ux/Hg3jnDdUw1NDI1ktgDcnDRGSzRk3x0+CVd7Zw8RNi2Uze1zgoJIAV1SROXCQBuaIUJ5HIM0JgW8w+6gEmsL82U2SnXE81cxChevTlZl0rgbsr2ZO//PvR6UUeZWZGfv70Yj8/Qj4/dnfj/4xcFbfM6UN2zgkilTKHOPCkEKAZovwOO/QW9ApFF2KxfSfkOkUwf/rDtanl+SeFhWcjgzWM/fX2f8eRvBfYf0UXyAlZbI9kebnNeVG0PmB0DwnSzDHd3DUa+EXglwvUDTiue9UIA5KQ7zodkhqTF4VhSXY7kSlhVljqvwMbpLJk1xkdyAnhqXI5O6lmrgZ7JneJShF592zS8NX3d11p0kO+QmKQpC/CVnkA1mis2XAE+JYuRZf5ivzpPs6MfQrToRegDSrgWpeEl68YJngGdXAY5lDSM5mM5Bmg7r5b0SmNttxJgGKNVFAZbag0wLG5GpGllWhWVnEoBx+Zc8YVDTXnoxMLKeMQ04Y1wIPou7w/AJlhajy+GR4HXw0TBN/Z+W6hMKq0MLqxAaOUQgZn0mqtKwyXdmhupVp9F17IhgNcybFcqDqPSMfQEuWGYXAiESvL5tzhZO3r89Qd0JWnYHOFqCsFmxQEBagN4+NAprNPot5JDInmCJLmi0Yt+vTEFEDlBVXSAaRsBQa/PNEVFqxHAJcaeoocZp+CDI0BvBlS3OLpS3YBhRyq0Mf2hgOQTxx25+6pRT3LAeZ2roQKNV76892XB7d2DNCKMogOxuReQbGamltvDnTtBAZUN4jqeg9ZQWdsoLp9e2vgkNqQJU6Bqr08Wm237heBciIQWaW1QoDZC/k22ZhekiWMB9mK3XpH0bmZ0SwE22MK015BuNB6nZNIDs+PXt2/vzixcsfTug0y2F2MozUK4ePXL3xDIOE+o36AJX7G1g1AaGVNYAE/+1AY7OeKX02XkLOquUw8j54CbAut6GOZpmo0PTYhraLi4sXL168fPnyhx9+GEbeTSMPLUZzbgg5p5z9avUdltfHq7O71s15GsEyX2oGyvAttafnsTmMuSbA75kUfJmyxMOj5dXfrmtCWD4iPwoxL8CejOTj5x/JVY6eEacZoM0bgWpMw9SZa0V1LTP9udv6eNjZW78VWlc4U0Zf76iNjUtMlZCxGcs65BB0jHkbQ4lKZsgyAZiWQbeAoiSZkFYBsGePMRUb5qhxKHe+8bURIMZ22f7IcS/ut18/WyBkSTmdm8MPhVtNZ9K+tspvV4ocxmdS4yahc6NGsjQK3P5yKjxSEaY9XGvcxh6cVqzQgTbQpkLT+X5ENEzrSKDzLq79x9qgMbC6GIYaf/aD211OBRxex0TyBOSgtDH8m2PcyYI3nS+GSYPgPb857ZNTIDloygoViIAAvWEJWoMpaXYH+mnkBx++P1nZmdLoo03z9clYuxKU8jwa0NhvKRsNykg7ZymRq0/35+aDq0/3Fx4gqIS7sxRSd4gtBJ8PI/eTkDpJaOqY34+XP7x6vXFqOhhzsaRsiHaYML43ObECnrEoErjnIDqIQ85p44gw/AiiEJnjYSG7HGB/2twXn6+MA9e3LRHSPwcbh9yyQzz0YNwh7oprub5lStxmIj8I9tcWJrm6/kgMzCRiP2UJhHMQt6VgLTVpI8r3gs+ZrnJA+7SgGv9IIrZWyMGm2tkcVmCnJtjYZ4dC9trYX72o3MgOuZRudK2VbI6DwOSvT4Lgs6GHABr2bX1QC289G0HCzFu06FEOI0r6FEJUIWKlEFUoF6ehZMYkrGhRjAgHvRLyzsEdEdDZ9ufKt5Gh0UC/0RGGMdsOkm8T2evDdg88j9wiSU/sRsmPbGXhRAufwHWAMG6ND2F1kSiQjBa3vFpOoTuuXVBZiMRC7CI09sKvgsNYzGYK9FhBlx+H6w43Dhqx0CKjnHGiIBM8T0UHfkbyzPPuGet4ZfdgtviXm9folTSwHGSmyPHJ6eWzk8j/Z35sGGLFisJs2OPn5ycnScMHv+nOx97xcWP2hx4Jy7uNxxXFScst3AYg0YXJjXCDHGbo+C5cTMjDW5egxuRaLMGPCeViBGoCPMdTcjIiEy+5zO8sV/hPif+UUnxdT5Kz5F/q6vkgpWhZ+2+DjwbnuzQmd0Y5kVBKwHwOhI/yxhjWd4znY/JF4UQuUYdyD0QZLwtaloCuvQKsC9pMtIuZ4A538Y4VTnITXWRaQTELYsDcwo/WZwtz4eApB2bESG6Hqq0jU5sSAQz0nshRow7me24Ri8XA8ZacdVZ0R1cz230nuert/S7JVXa1U24ls/TwVfcpD7h1kUl2MB4Pww1Xb4wwrG3fTlYX2Zg1kjCK6hWlGuZCrvdcVZxaD6svQcTF86iZeGMHWeEWv9UayhKDUSrNjfsL7FdWXM/ZPXAb52MK5U2duOFCBWFE1HAMLn03XFAPFUW4y4XxA52ucd3M4JNj5XPGvx4rTbU63jhumum9tRFMuEM4JKOlrmRDoGWs6DBzT+LJek/lGs+vCJ7NpDNz6H6bVnhSF+wOijW6uXlWoAWGsJTBpiCrpLFZXPBOjWKYLhtvWojsDgN6kvxSUUmNxcr4/N/MlysoCvPvUkiwSSIsq3EYCBFIqkgh5oy7c2GEeWqEPRUuMfDr2izvisq8OTzS57RTNnZZaAm1Q64rx0VeFQf0iVp4lrGH6iCGfwNJGL8RQHW5KYy7vDYh68TJ9GZeq1+K9LANaQq6vqudx+0A9qxdJngGJepUlEzcsxPyveEGo2I+9YIH9BMz/nicVAW+RcuoU6fyuokZkysdR9zDCbUixUxrJSVwXaxjaDaDhfGGCJtuS3kefORWVkjiqB7HXuFg4lGmpCdewT2YLfiQ5r8xpeXFwESWa4esPsicCe4/dmvnBNDfjJWOa5mMi9VvuYj5EihHOX0PMoilkSnoFQBvEl7M4nynSFUSLSKINoZQFrAErkEaobWkd0BUJWsiGfiEP66Y0gaBS/rbmEfmUuKKAQyemOnH5IthH11xqlGami3qpt9KIE3UQqy4jVpluliTNWjDqP8iubAJckLeRSAZJ5pOzS42IjT66kqR//L49Oz837yTpFbNa+f6vzDZTsg7QwjuJVSkGgU7AmgdNiy7U0n+PLqGkpz+QE5eXp5dXJ6eWKvx9dt3lyeWjmt3UNi/okUzyyaBagx8gbRPnI7di6cnJ8l3VkIuzemQgVKzyghvpUVZQu5fs/8qmf359GRs/jttQciV/vPZ+HR8Nj5Tpf7z6dmzs4G7gJDPdIWKeZ12ZbQNrpmsef+L83DlsBRcaUm1TexiXMPczERCsDnRbfNnHFcwnsNXsGk5uchug+ySnCmz/LmVVZSbx6fQgmhztyC3ibtMe0VIGjEE90YbMmfC5Na60SJDEnFfkhktVAi2ISP8rrNjFlQtdtstDVs1yRep31795fWbwUv2E1UL8n0JckFL1CFsfcCM8TnIUjKun5hVlHTlFkAL1HWn5vAVbd4ZuKrb+596E4EfUAUdhlQ+of+Kcm9BCYmFMTQ3+1wRLfq0CAtNLbwL1flrMTuzpDbW1KS01vKWaVIKpdi0lSSI+0FDhk/aQ9TQ0SFwCubwSultdnf5F5jCjLYoKxjP2Eppm4iIORdNjjC5SsUcpnXmY0hN4194YJ7AqwEkoOtkfDpO+67wmx4lqpLtmMm2Xrw3DkR0FJtZ4JSLtA+vtiRtxVEHeStVfQNyuzq+cqmdsJjMCncP9zFgnUFv5jRnSjOeaSuy/iP4jtuIQPCRR97RD1zxEB5n7uGxT9BFUhUQvRLNt7XZm9ZiqB1fixgrFgrGrdLXGjizKe7WE2b5IoI5XZN3rvwGJT0eBOhOymgxJpNmnBPL62GlWf1dvDRftaSZ9vI+pHDUWrea2HoILEzJDxlfGa3WBlhoWVozsaTZnTkSrVVqrA7rr0ssTsf/2zySoNfHbDwCM7FpyrtM+QCvXVnXop2/ePHN/NdzPwpH0YhFox315UQydXerMiG7JuGsEHSga+8zU3cEoVgzl4mOuk2+h/F8HFjkoqjQhn4SL9sXBWQtKunM/O9Urdo6g9gs1oODuTU28z4j+hltbvYr5Aj1gcGNbPKyymiButaJYbRTHxxIem+WlPFibZZmVhWEzcyg0YRAP4NeUI5ZGt7tYcQHVYrNWyKjIU5h3QqCWVF72CkAQp37AIdiZzAoInL1iQmvqLH5HKaWB9T5SN81D/SmuRe1/91HUuOkGjybDaahfs86D4XqRnlLOKIjij5RvfBJ9iEyYhNgbnvz5uhqP39BB3G9+mZV+DHltFj/WqsGPmpseSKChLVE87mEOZ6e8RHZ1BLJOejbrebmBt/B+UQkar0sGA/NqPQc9c3SzpH+w83VwNmCrxp4pPWmKe+lGtm7htLZ6ki+k8G0KMSKAFVrMzYNeOxM19Y5WIMIJr3WxkqnWLWXOvRMD6AbaUVnK7qgRiRnEjNy3Xo/SU5RO6vhYTxvfECyL/+h2X8tXIyHoZ8BqK7MC43jwEd5rL+V179bCZdEWQWxky3X/sa5X8nVG/L9l6s3T3Au/dkWhNa+v8Yvm8ETseIgk/TgN1uvKr71He4E2TjoWqDn2w31k2RLKtdWEOMYf2wNI40lSlnbGk+YldGLY/kwmzSmzMX5SRrxB8M74aowTkSmadHyRCVJUOzXNgmRAdRdI/OGQTFda1BmCzoPijAqAM1zrxtODLQJYfEZPzEUTtJbdBlldicMooiY91RpVB7toDEs6ZTPpcgNx+ZJLNk+WJagKUYGbM12nlA2mvxHp1z8WH8wLPz6I4gw0p9RKddhERpt0vfrXMmg/M5b9jU8IQ1NkVMdDxVOrj5ZRNtHanvTLPct9GoSLLsoe7Mrd0oPb+dVtvElkir7Uyo31Sj3pFO28aVzKXepbgizKDuzmEih3GX6muRJ0t4AC6FaKQg/NZ8M2wLmhba2HfJvyO6Ib0xeWT+4D5vXoMrFWhlz0hc7jQgl90zqKvzIbAfyBis82mUgNaCffeQyyNSK4n6tEti67LOpoIPWzoxK9Z9moigg095/HFb1Ykig9okUa2NjcYAcdti6/89lsm3yejfJbZ152n+TIGP63j9+VtolgikPiWVj72haGQV04t+dEAm6krbG+AtnX73d6wqCq6IVIf2logWehi5lHwfmWB6JcadJKxZvfU7A4/JeM96M5bUT1069Fuad3jnvTO2gPJ/tShNc6o/lu5Tb6ZVqpt/Fe2ixomvlSvhG6LBwIR/ropCAcVLG522zjHHr1xlUU3gZ+a0rH8OaYC8bXNJErdXuOcgoO1npE5H7S0/3Y+6fXAHpA3gOkCfq0mp6Nss7IV1tpi8Pd31SnOiMSuANKOxzNalLaCexy+5qRu6XI18Q6HyOUZXcKHQlB5WgwWkQQWxYqJ9t7E960zwmH0tzQhij8Np60FKoasNLjcuC6lnKZ7jVvDdYnd/OgyXfZ8C1UCNSTSuuqxFZMZ6LlbKp/U9ScjancuUKklIUD5S1TbDyA83Ix2vyPwaGJDtj6RiXETkzumTFkCy/hqAcpozyoeRcE4uCfC8hX1A9Ivb9EbYBmao8OacpUodHO4NI78n49Gx8sevcRUn5HZqozBZMA7b72Iqqry8vbi/OdyUqRJvSSbUuWzrpzc2nrXTSbqMTAwJDoqC0Qu1egioFx3LDcNiDCpstnPES9ELsmQf7k9alB0gswGR49Me3NyPy6eO1+f+XmwRJdjRjpamuVNrqGq4qOqosTGJhtmyvgLbzk/N+gqYi727P4dnbN05RQrZoSDJQk7TYLkQrIYtuc7mDlLvg1HSKXQIKTsenXaYuxDzm6ff1B5t5uGk9VHsStAi6Jm3Pvdjqbb85eC/mFozXjmt6Eqd+p5yDTP726vPPkxGZvP382fxz9fO7j+lSjbefP3cl6V4pZ/25WYXIaIFK6Ye1GVAo3rZK+emdvhZjNw3i6lBj0OMKhVSUK4DbIHgiAjeFmUAmKZhGYcs0qTDqXldbl1Qmk36vrP0i0X1mDeKJQzFxYY8mWdxbOpQHsWgDOQIZsIWD5PS0RB6OH/yoM8BxytRa0HsgtJBA8zVRhresC9F6gBQG3BnWFt0BAZ6J3GVYc4gDRgXjoLDx071rB1YA5Zg++WC3sZ0S0ogSLtPsu05G2i8VSDTrXG2GNdYGJaVFcsYlA8Sy5ufow12P0Lo2lGq6vdRJqo3DjwF0PNpyhumaCFQpsFJKEAUuKd4yHZOe0vQ5igft39iMBd/2xRr7o42b4o0PRBz3GUxnWksptMjEnvL8Z59C4qCR3ozrQDkL4nVMwgFKN954MF58eI7Tks5mLEvsw8+QieUSeO6TDHDHXbZm/E+E8amoeHuZ/kREpdNfVPyOixVPTUEIqzMVrsgC8tt93QJBfXKdeeRimsFX7gDBCo+0NvLD2fh0fDo+i+l97Nrhqc4I3PDGGDPaQ4X0POXg2RhUmsSXXfXRU2E7nBySDgcxTUm3ubTnkIPNhwe45YTUdBxuRmpKtpwSLTQtDjYfCM1NhnVkVkvbxiqYd/JfWwuRpPXZxcseYr/hpKVodt+FVHcpqMk+O++e42FPtfgw/9j9ZnipaNSqzQVtgEuj3GHUcsX0oqdaNBPLkvK10aSwc1tj1IVl4FQpkTGbdcj0ItWAbC0qQqXExve2yEeDtACaCiHKrUaFB2TcNajGGw5mBztoT40kXIdNPqpvVzYdjn8cc49q8UzLK7k133y8bl/ekGYS0fL1jEMocWdxMdO2eMmsNzZbtb7ZUsKMfQU1qsskMZ4yFmr8p4nhg0mlQN7aVuv44fZL/829rkh6j+v1SbpnXeN1fZBJfxtva0jGb+hl9av+kLf1yT7tTDoO1mOZDS1z6nOyYvkkFsooLesS6pC+O5B8kOulIe98fD4+OT49PTt2JcC7Emlxb6Y1kiGuICAWJJ+iD3fph9ErPqjH2CMz0Pb350fTxNLVjcZ1qOYUq+ERlj+NtpHr3Bxa+FbKTTwFJcsnTkApTdfKJ/ZZZL6xhjH1g5SpTJSsSSmYF2JKi6Alvye57Y4fLrWoHNSzf1NisJsRKufVsqcE/ANdkym4Y7luR4XVSQq4Yhj2T3YVCvj2P4+Oi6MROTKi2vzraw0vjv6xq4gbMKzEKUycAxLLE0hGiwIw+jiXdOkS/yRRbMkKmq5pV0G1Xr01Emf6Fs0Ia7aMEW7AdxiEJcWodifk3mSb6H0r9D0qBNVTFWY2GX4/cltM+4oZquo925OvFHdbd0LpOvpwuFLjO6u3G3Dq8Dvsb2xFRpMaZHVlGu59lw/Up/DOGM+dR9dLLiyswuy+2rVfw/PozRupGN7v2bXHOWd8M3p/1VVqse3lOS4Z3eZuFOumLzR6hIOrsrA85Q7UpkLJ1vwFrQPsWvEgUNJPWp3ucTVz9ggQ+FqCZMAz9J4rhRc/mJPEwJSQY/cI2zx8ZF6KAJrTyVkywlXdsdzXwngCManQrzo+oxifYxaw62/eprRRD5+9gOcwncEJhYvs/IcXZ/kUfpidnL44p6cXz15Mpy/Pzl/MLoJ3N+f1DJS6GyMoUFClWWZrqQcqJmEGqefypn+H20Ub2ohZod26yMPmcSe2V8QeZg/HFwaQgSyCsGybbruQ2CghJNZfwzbxAG3+l78MK4I8QWaa7JeFs13KlRORCK0Hr9JxPethEL92qVQIvbXu+yjwG/ny2fhsPDQ7oXUJnWfJUMoP4UumbLGNstFZcUeoUWmtVwO0zbiPhX2ti0ctnUmbKcP5+Y1uR/OTcPD70fzAht+QFp/+6P5uHf7hZz0Dts8MaLQd1wy5gPbAIzeRDogh8ksSVbl2IgG9i9RtUGrJi3rg7tZYO9lWu5/a/iqTkN6wyXaL0lQmYz+6wdVQiT6xPYhbTbYPgNvxVKu1dqqxdpdxeptqt1tq+9H473/HEo8Ezm9b49FB+K2LPDoIv02VR3ciD17m0TeSwyzV5t7YlSxiAf3l8/vN0vnL5/ft+hGK0YYCNJhvR1YNV5k5skbuFjCKIRgXYQiQ+FsgmtwJ3+Nss3u5ksX4TxOz62pA7jQak78C2KSQ5nK0oE3WagEc7kHWlfTNgHa02bbIcNqwTu+qojDLYWeoTlYZco/gxLy2kDCb2ELo/8SDxcL4x/cLrUt1+fTparUaOxNgnImn84rl8BT40whUZCM8lYBlMRk8vRifxQ/aC4DcvC30snh8G6Zl3BoeuPUH3K0ry5bqiR2eMyFiNao90nBchn80KJ0e99iXfU9aBj1w7HxklloLYwMTirk7a0Ln1JhxvblQlSyI0qwoXHexJlPLZRwZtjFmo9GfbB1jamWaVeGkVZuurOexpNJyfOMQ9ZVWmW3xEtvU7o7pSTxus2NsUpKKFI4oE8RwQcMBl+fnz57ahf73X/4cLfxjLbppI3ZD78fk1wij9knYPNpmbx8hlUepmia8rxC9vpcTn8TlezfhXkfIvUkw3cSJb9MmvjukZsKPopXBRD5MiLPd6ihy1JKuCe46V29qtEqePxUSlT+XulOsrYxFP3wEMqhDGttL1LFcQ4EtYQqTVNDUnYs6hbCpgooKV6OZbMbSmc7klS/YUCyqctrkjAwU0s40np8/S+cynz/rkhJ2ttg+UowtJnqX0+2Yo5Ca3zgfzfCJPUtfbd3zoq/rRUgsCsg9JtDsUitkLUFxl037jY1jtac5Pg/8lLeEU0o8oGD4dxQM8BX7+wYdl0KMWPpot1qytxYXBg7ulroDfjAWXzlpv6OI05jK/qlRS1bHE2ENcxfv4gSWpW7owiHYJyYRFAuh5UKrK1YZ1VD3FvWNn2x/0d+XQy3ZRkR/Kz6dSTpfxo3MdomBCBkmMZpzn86w7apZkMeTYO9rUfYy3+PkqeRJ7BLv+3DsR/wXB6W1kbroSqpUC+xOnYoslCS6R+3htQwLteUVjHXzlLYjKJ3Lgo96npJQwD0NWEMLEvb0fRcEqem9dcgAWrShW8Z8wrBRb+jyQ0QL3+q7bsHF8lFjEHFMmVo7emzHcdtKS8wamhZNxs1vFyH62PI9Ve2IUe2ciRuHHy7+G7osGhydLVWbQNSDt2YkVqPbLrFEizvg7FdI3OwIS8p2LDp5YMNZ0HF1LjlIy9iHA3ue+RZxcK3TgcQ+iJl5gq+X2NbNPJKY6y91bzlM1UJvr8/bcnERnwaSCT6zjNK+4qqVk1338W03FQzlg00K60oJEn6+naywIL3EaNzcRs12eSRTKVYGiZdd5t21DW3X4NRCrFw5zgqmtYMd40rtHvTOfqtqwlv5RAfwIwxXvb5wR859HCcJcvA6aFvtu/be0nVbkP4rsw5Q19cKBD2IdEn/mbima3hWxgfzfmpaSc+0LhnfD6F5fxuEJdXZELmz2fTJFtvg3Dbf8fVCiuXANrztY6KPhuFF7gOR9WfF7lQdPpyJByH+Jow8DPO34Ogu5keEPCY3sCyFxCte2FfMGQBNXoxPSE7VYiqozBU65pygfezSUSqlyVz4/D/I1Hi9xGtZ0Ju8YgrQi6hILvh39uKAOBW77hwSSW9asDp7yFjel44XMfjffb/lWtoMo3740aNjwz0WxqP6RPyL/Ssxr699WWYmlkvB8b06ZfuesgJ9n2HrcCQFNZbwDIpo9z2MHj5v/ZM2+1dXMrhzpr2qcasmM6TQ++tyk1qhiaOmSfFRNJNBS7lkn3mrlkTP1QLoVTU3PHJ2oRfk7OT0YkROzy6fPb98/mz87NkAJaPpm9xqhl2IOZGQGeMo6j3VGpSmdVJoD5ZXcso0cr551loQzvhXoEkJ0s4fRlSMySMpV62rmGzeSITYLng0j9GF3Bsu4+4htGY/FM6oGs4riTznwykRBdFtfR2lqAeJvactzkY2bNW6atXfqoed/PFSvvEDytb+3XMsaXaq3c61G7HZu0ev7c5cAJUat+dScKaFPHrUCSqndqR7ettJc1jd2/FqfMsZucErmSzSgAXJQa3HAImquQ5yC/ng1nKEDQve/ymm5OqNEXroi5uum9VNXRfedxfCpnu7yQ0W2Tm82LIWlE7B2uTRq2LPZs953cFdX73AOFmyTPrrFrpjO0RA6JULR2C4zYZwsO+Uv1VoorNyMiITXeA1oQutzZ9G9uHvapKY86BL4o5UhVEdb/xNwSyEWxPIxz6XZ8mUYnw+Mga0f7YV2axfMtxy9SlB8n4XI2+i8iqkKqbEax5dp/WElZNU7wcJShT3kAdN0OryNt+FzTYT6zILNqUJMPVeEbPDel3xnGXUiB02qyWQ7TF2TwuGt3ZE6YL2UhyvI41r1csNMJDgWNxdCHFXlQOFdgODbCO0A0RROkK/wP5t+PzQzNrwTcXzmntse4Ue3pG6O86N8rOWYfWtOlr4dfHdeaVY1jtg/HuJVK83FKLKG6aLm+7VnZHTVsAH3zcZR5S1+vXZrtFOK6d5fosP3NbNll0Bh73x1g891kFA0zG+NfZg20o1ZA9ozlGSWkThmHxylQNBQwgDcETmme0BmLM507QQGVA+7qXN5+Q3qbY9tFy5B80hHrZUdZ0MB2AIdJiHcPBWS9KHsbgHbgNtrJ7nurPiZuwfwp6MWyF3EpEVTK9vAyuwpqBSx0CVPj7NHjBiAkAEjUTWGIBMuWaiqsfyi1kO7ZJ6VZsrD+w3x1+Hs557xdDyoxDzAuxO68duE/E2I3D5dQ+Mz230HBshNzv9jf87Adw1TcZLM9vlC/Y7s2fVQkh9a/XgpqsV5dlCSI/vuN7lPUdWTVZavm7KY7X9nA9UtlQDjKrtEuiWqTvGd3b4Ibi4FSka8dOKFZqENZNdUg6QCVrjTBdzN7gKOoWiW1Ma2fFksy3/AC1XOBMWT820Ts+IO44ngFwZQzxgVHe0x6Kn4U3z+YOcGXY8Hx5IUePBtdsP2H5tR9Z3qlWaXc/SXTU1X9guK26u/hp+lsDUfN9cfxCd2A1QEs7U5k3fvPTg9EZEbzfJpcgPwPzBDJSiz4g3qKp9RUyA6ZPIyZerN2nvhCrpvtGwAFUDsYtM5HDYGcSrbtJTOFR0DENkoZElLbuYMPJrU3YOhS4AmcZ5SHEc4M0iybwJ7QEOpCReC9dJGCWyO/U8sE2vP77+6/Vz201soHFawyDb2KYhorrHYCwYepvvbmu7tWTw+2tS0DVIItFe1JKV1gk/1GbLBOcx0/UT8gAxxN3KEJmVoDSdFkwtsAwCcRl98J5RP23mIZ63S17sz5QqyPFawDpgEwDRIpr6cev11LDJJnOVbDJZO4PvN1s9R+oiOOyOzFoBz+Qa37fLNpAtddF/APVFYxrOiBjyIa9JBlLb/qNwy4W+RQfRre3H2uHUTZfGvqWyYD73n1AdBLiaJfxOhQitdYsYE3pekjDMRdyKrvdUH5Cq333/LijP1YLeta8EP9wOnjFutq8htUYWbEzXu7bZoHHT1uanmd8/zEb1GrxtA1r7NG9uPm0ZiQq7vA/2aNom7ttszqYcjeyQ/eTL5itZ1MEZN8whydB9qdD9idAbOS3sWZKi6OA3V5LDbVtcuv32rXe877Zt/9Xh+ZrJfbL7jEmlsROlsePDGwOcD3slmdbQTU4kGH3wnenx0eY67enaU26WqEHaEgcdgB3xEImDzuO2nonNGmQ+fdyAx3s/RY7ZyPbyP1cIadtyJ+SB+eH23idfqW8vLGpuKrTVARhZxLPB3nLVAwv95TTHd9rN+8nvKdFSyDyr3bYuLyAH4TcRLlIcUKC2SVAUY/Kc1VX1cBr/PyeQb8gJZsvDrRMDO3HCRj5QwHN/g2xd8hxKnoTE6EqKPoXij6hApJB5Dr9dAG3fYbbzNMdamZfx4YRja5L2KgR3zTQ//hgwezM4JdBz7lYrkv5mPZqV22Cj/d++cu4m1/FuccyHNenm5gPvTMcOdo605srCJHEokA4uvUPyfLc6zzhh7tyYXGPrG6zO64DDKAFnWPdw8/pTaKNTrWFZ6jF5y3Nf24f1Y7U870DLWU6yBWR30YHxRz4b/ihc7ewZli1De+bq9YdPA+0Y9ybZxo65+kRKLPkYZML4W6s66vdWxdDuDk82I2Zw5G22EJ/9dVhG/h0iS6KGTD4HAvMzlIYfYq1/oM5/6PwI72bKwtU2+28r31K29YobFF607+Jj2r8Y3puyWPVvt+whlrzlnHm9r5F3YOdqUmqHDtaW7N3CKmsyj/4osuwbWM0bZrSxYsxfSkPZzB5WnRsJF0/vH2Wi/k8AAAD//0WH2WY=" + return "eJzsvflzHLdyOP67/woUX9XXdrIcHqJkman3Tfgo2WZZByNKcY6X4mJnsLswZ4AxgOFqneR//xS6AQwwB7k8Vs+vinSVRe7OAI1Go9F375Irtj4mLNdfEWK4KdkxeX168RUhBdO54rXhUhyT//8rQoj9gsw5KwudfUXcb8fwDfxvlwhasWNCF0wY+CQMeRJ9tFCyqY/JoftzYB7783HJcCA3D8mlMJQLYpaMFNRQQmeyMfCnlnOzoooRJgw36wnhc0LFekLMkhqSy7JkudETUjCDv0hF5Ewzdc00YddMGE2kIJQspTbwraFXTJOKUd0oVqUPZOT1Z1rVJdOEi7xsCkb+wqjRGa5Sk4quCS21JKoR9jU3ldIZYBBWlf2DX5de0rIkM0ZqWTclNawgK26WFljKS03kHNaIuFCNEFws7Kj2QwtOtBhFVkumGHwFyyJLWtdMsALWtGTxisiKalinyBzS51IaIQ2Lt8Ev9Zic4ZQ51czCBEsmc6lIKRd60sKYWSIgXJM5L9mMUZORH6QiJ+dvJ4Qb+4VZsjB+uiy3vbSu9+yCeM6yiBC4mEtVUUsppJBMEyENyZdULBjh8zAkEAfXRNt3zFLJZrEkvzWssTPotTas0qTkV4z8TOdXdEI+sIIjUdRK5kzr6MEwqm7yJaGavJELbaheElwTuQDEexSadc2OkcI9UrunJD4plii4FOFzQkp2zcpjkkvFok9x2Cu2XklVRJ+PnB378284dEI+WQoFIQx395i8yPaz/V2VHw7Daf+/DSDfWVK5EULLCLi220kBCnekqbAnZsGvmSBGEirc6/i0+3rJynrelDFtIJkrv3BiVpL84OiUcKENFTnTxPKSzlHTdnJ73pKxZo2xXKGpqCCK0YLOSkY0q6lCMuWaCMYKewAFWS15vuxPlwzoiTeXlZ18rmQ1gJOzORGS+IMGaMAT6D+Sc8MEKdncEFbVZp0NbfpcyuHttju5je3+uK432G5/3O0ERBu61oSWK/tP2AcqCqKXsimLlgxm64hPNpoVWYoyEVhX2IH2+RWM5aaZsfYR4ON8bgklGW6caBKCqWi+5IINo98NMbwHvNjGDnwS/LeGEV7Ym3LOmcLtsMcL8PANnxMpGGGfuTb624H9ee3Bt0wdLwF4f+V3A1g+LwaX/JIezZ/v7xfDS2b1klVM0fJyaPHss2GiYMXDEPDaz/EQHCBLKoiw11FZrt0lpAnNldSaKKYNVVbQsPxhiqTOi2m4tW5CzrwvUM2oZqk89Zf2EydOHdwuTtlhiGbGi1L2XJVeDEHmZGnY0a+RNaIermDN/IP2kVxWlZWHcLl2FLsVIKugOLXZfRivcedfDK8s3qp6p7fFBTW3MyTFfmu4YsUxMaphQxjeOdw/eLG7/3z38NnH/ZfH+8+Pnx1lL58/+8+dzYjnFTVsz4Jp5SwRiVlS8QUXVnYboJYfUEbygqZx95mTY4cHtLLZggmm7JgTy++SIa3gA29wfNRePQMzf3AYQaTDxWf3Kt6iPu+nC31vztNi+r/+ulMrWTS5xeNfdybkrztMXB/+dee/N8T1G25F27mfRANLt3e9oQvCaL7EZYysoqQzVm66Djn7leVmaBn/w8T1MWkXMrGiaclzihDPpdydUfV/m63oZ7beu6Zlw0hNueri3/6cotziV0qLglTMygOR4Guk3z9ygTcgSMFOORJMG5bSCq7OaidlSWB+PMPaSEsaVHsU38Tsp4XMr5iaws07vXqppw7FI/ivmNZ0sakQYdjnQfTv/MTKUpJfpCqLDcmmd9iYh8UdgsD77Ff2Sff1kJQliDRLpuyGgPAwOF66Z7kUOTVMpAyLkILP50zZo+22oOW3xh7kuWKsXBPNqMqXVorMrJBXNaXhdZkO5ebXeEGB3Lf2YOSymnGr73FhJNxi/eX5PcpL3tPTT+PPNlPUT9xAlqcVbA6zU8QUF9xwaiTcsJQIZlZSXVkcCQbnCWVx3CrFFlQVoHpZFUwKPYmeRP1sxguu8ANaknkpV0Sx3LIHVDI/np674VAcbiHrgWM/sI9HwIBqoZko8PGL/3hHappfMfON/hbHR3KolTQyl2VvEuTYViDoTKfgcmL2yHkd1yPDKCo0BQAyciErFlRUS3VwETNVkR1/xUi1Y+lMsTlTyfSisxyNqrP72l3euIczFqwLkREFpiUWFLHwO9gOHsOMnNcRSywXNLqB5bemDC4sSL8i+0TDhjNVOEMSGRimxaPlbe1gllpwR3aBnQROeD/tm9cb8qfkwRuYz9m55dmK6WC1QfyNs3p7QqUK55ycnV8f2Q/Ozq9f+LHYGJOtpTIbrqCUYrHZGs6lMjdCH1g8zbehobw9Od0IiR6MQlaUb8WC4ugSJ+jM/ifylhnFc92DZ7Y2bFPBo7Mr4d47eHm0GYh/sZOhoWuuZBUfWSsp2VMdmaf6BARn6cHQHm5IWTjbRuD2QF2wWP92t9WPyYed6+oWaH5kMliWqSA5VWod25Up0TXL+ZznpJQo8BHFkA+hxQmYTypqKQtnaqdkil9b1mXXS4VlETBr1kNvzLZIxLqij4J06wBKJh/eujA6k5e15B2Ab8APIW+kWHDTFGhuKamBP1KrSiCCr/+H7JRS7ByT3e+eZS8Ojl4+25+QnZKanWNy9Dx7vv/8+4OX5P++HlqPlcm4YMJcdgyNt62qf55vWVNscAyzjizpnVRmSU4qpnhOh8FuhFHrrQN9ivPArCOwnlJBi0EgFVtwKbYO4weY5iYQ/7VhM5YP4pGbL4BEbm7E4FspjGK0vGmjuZaXuSy+yGafXbwndq6xDT+5YbO/BJxuw28Fc/dfT4cgHdvuASvfvUH8pJna9SpJ9CRqI56JToizBKNIKedkoahoSqosxTjlSjG8FrKv+tuFZs9gfUfuwhVeJjkThimnKcxLKRURTTVjCpyUYAvyMrnuDI0glqRerjW3v3jvZu5JWffAeSfBbm4fL9eolHJBaGNkBTfXgkm/7pEdm0ltpNgt3EltlUXZFF1dsf1oM1XxB7xvo2sUJQDZgIOSi7mi2qgmN03sxWwR42yPqWfkVsfl3AlraK/XsWeHCvL69BD9qPaWmzOTL5nGvYM7m0fTo3u4hdle9KlBIXFMcx3s/ykQYUDVCOdYVqySJvgLiGyM5gWL5hqGjhLnJ42HjF2p8LKjvtT+gcO2Q4Fpw00fe2jdBCni7m7frZW85gVTfWFz4MgHamT54cOE+OTChxV7QIIbPzaKsfxwQhY5mxCpUkbDF9zQUuaMdnWBEPZwTXlJZ7y019nvUgxYv25aaqN3GdVm9yB/2IpPIjCIBcOSAlqbgCSB1tvNHFkM3iQbreBWY3BY2WYLcDfLfaD2zrjsgQ6kADrfPTh8dvT8xXcvv9+ns7xg8/3NFnHmICFnrzz5wRISh+A4/MMO98dxgQXQoutqE+D8t8Pe4ftg1xxmFSt4U20G+FvPnSI38gZw0xzkt0ejiRcvXnz33XcvX778/vvvNwP8Y8vFERaI2VELKvjvLk6gCBZk55dctybj9KK2QgCH2CNC0XC0a5igwhAmrrmSohq2OLUX4skvFwEQXkzIj1IuSob3OXn/4UdyVmCIFBq/wWWcDNW6TofMynjBBE7vpYXOx5tJDOGt1MrobIE950hkzfTKexccgmZeZxLWslE5EFM0TMfhuWRlbcVmFFvwxpxRHRFNmEN7PX9tGZXhrbZxR9Oke3tbLOADDk8qKujC3ujAY8MyBt3T6AEa4VvbDFYIYBHe9VGF+Su62C7TjOUImC2YEBC0FdVk1vDSBOFoBEhDF9uCsT0sDkI6dk9uE1MtFK223QNgzD87CkLPR4sfXN7n/gPk9NyXwaDMtOEitq85Dvaq98VmPCx6bwM3TDQ96KlhGDTW7jnfy8CgNztgROyBQa7XhvKSP6TzJELF36sHZXwJX96Ncjss2/OlxOT69+ZQiU+kd1PAAfoDe1VugLkH75Nr5cm10l/Vk2vlybWyKRKfXCtPrpUn18p9XSssCD1J/h3ZWMF4ywzdjW/GcL0aaQf7GyUnjcZj3xSef3rh58UdxHDoXMLqNDEyI1OW68w9NMXMIJUGOttLtWq0wQhJ2KaxsGf788uSCfJbw9QaIt8wqD0oFFwUPGea7O46e3RF1x4gi2Bd8sXSlOv08IRwz2hFMAasCsEsrdzGhWELzBbShBa/WrBRYksG1PmSVTTgxt2zo0sCi2OjMODUvcM1OYA0rxkz9IAMGnmiB9pBA6EqJTtWvdfRRxvndbamtRzSpmrFQHqF8UFdoWJNrrgoMsto7EorjBTFB8wycqFhhqPdmpKhg8xuok/qhHBLDN3tpkZyo1k5j3IhBI6fYHNz/9aXyteZu0zOPqyPFH190+m0c44ETLcXerGV3DGc247uuTraLfuYCOR63Qtvfn19nzRkpJchA7QlHvbZjNigS7kgaKVWPE+oLiMn8G0aMu0VH0+TdoFRFrCWFTNLXDVtU3sz8qaNdweu57OSIXiYV8zewt6VZj+1Q7Rvh2RmOY8j5/0g1CfFEshp8n5z5wtvg7pR6yUzhhHcXhml3thkFbtYLQUPw2BM+IyZFWN2DhcbaNk59WHDOIGLrcbE5ryU2q7kxKP6drR6q5FUzAoNoIeUMBY1bCHxzyT92wIxjNDhnOoErzEJtKitWCXVmlj2ZwfwAxWdXPTrphRMoUeXt1np7jGdU2EXCpnp97vot8q6zl7ZrQ8Gz8B/75EfaG+EPqSPY7W259yOn9ysY6l/C34NDrjuoV/Zc+m9k0nSjh8xGctfPROwytoB3OmJxDevTeN1FsPWevSSQS1/msIT0wmZakMNs7/QkqpqmpFfqLIHANL55w3E2QTpRM6ttDIhq1T0qEsKRiQXOGGFZ5ebRfOc1QZynl0MBd5OXsKZkLpkVAPDTIYEK3ROm66wHAgB4B65YPCErrdyySCfcDOMbX8QGZZ8sXSZCMM3wMjOnaV0wDUyIkh7sNu+pMLtYYaZIdOJj+fRTGiXBN8qIzQlKwd+C2eQZanPDNmADNINY49ABsmIjWYDZDBEC43VNcFTCTx2mCpwZdugCUhIx5spp7UBzutyzW9kEkH3dMlALX1wkRJDIID24C9paoF01OC3dhpdL3Dggdfv0qKwZ91d2LtwYbNimm7ldM5LtpsrZq/PKSYJYVoi121Gs78/3Uq5nasChXvwvMIe1VRri9ddTIce3ijZmFxuz/toV+OmuI2Vn0VfR7tFhdvuSUTCOg3za2dIjSn2WPpcrvb+x4fdTukmt5vjMinnlJeNYiljTsYcZ9J3OZHpkKNMesMT6dYwvMHbKh7xgYEEiIK3w0ozkrl5jiui1xICa0KEQ5sHbQkWzEhjKpQsmnLrNU9wFmer2qjyB5YeiJlJ8kY0qg42KqzSIFWoXTN4hKu1/q0cRoYFTbNNPaX3xoabZsycIYUlarQwTt2zU/KNZWeaGbLnpGzNzLcWK+nqrR6QGlSamX3LCueILuDEySmP0YzivkU2WlU69h6XTM1FCwTWQQJTVPjI7bclYIQ665rNEwlo5IRpds0UN5tKQGMexp3vNsypvnDzda40D0ZHuPll6Yy+w/Fr4S0nKlQMXITCcrgo5i1ogSH32u7P15o0NTGyw3WT+8lyxIpeMQI6lZuOM1+4QmiuDWiVaOe7sRiCS7ot7035fyKfLBGZRlDDIC+Y61B8iGMFK72UK4EBZrkp12TNjCXX/yWFxEIPUl0lQ1r5wfJ2TVasLJOvzjT5//50cHj0Tz7ALVjXQkTJ/0LRCKmuLCBwosCS0drIkgExKpHnV3qQSncuWE0Ovif7L48PXxwf7GM85unrH473EY4Lljd2u/GvZN/szlkpBEU7hU8cZO7Fg/39wXdWUlX+Apo3VlTRRtY1K/xr+K9W+Z8P9jP730FnhEKbPx9mB9lhdqhr8+eDw2eHGx4EQj7QFdjLQhEAOQffgQrk/8mFcRaskkIbRQ0agtDOy82QVuHYOt5Ojiq4KNhnhrbsQuaXUZB6wbXd/gI5FhX28RnrjIiVBFiBNWh4qJmlLDNiwW8+vUT7zDTeXpj7mMxpmQjtLRjxd71Ds6R6+SDxrqWuNvh66LeTv5y+2njnfqJ6Sb6pmVrSWkPNOqjiNudiwVStuDDf2s1UdOX2wUiLLpChOgyHbLy54QJtVDeq4HFijV65gRMebBmEoEJqlktRDLkHzlydngxUBKAx/JuJAkjsSlieBNwKdYO22lbXM+FZds4CzwZIBNIuztCGwvblRV6xjbMl7qURhKPVLiKqtZgU3vlak1CGqK0x6Ax26a3jwE41/1IxWqzJNyxbZFaHok1pyMVaWyIJA+tv8S5LxpO1q2oBUdcrrofk2pNWrg/z4+zAGY4JtcdcCjBfnr1ycOy8bpSs2d5JpQ1TBa12vk1VQjqbKXaN9lT/ysXHnW/BRCvITz8dV1V7NXNa+qd2958f7+/vdGtkBVMNKpkbUn2nyNMNW+qUYRy9l4A1WEzJPTwmUbebbiVxrg0XubNg/0v0nasREn3kJ+9JJE4Jh9vTPZz56jQAqsbqgy1VeA49LDe5ghwdYJD9lFygpNlZOMfKUHHFw2TM2ToqdKcY0jq4mnJaZmTarnOKnoW4Bmv4Lt2az0bR3PjrJYZw0tm3AGxYAo8rWbX742rp5Vijr66tHCXB4WBvYDTKWAUIPXwDm9PjWe0jA/DGHg07Qcsdu5D3ifIWWvNFCAF/6eZb/AfcT+JVtFyrrWrY1wksm70DC73rYUM2futRcyYnyzgGkURzw6+t9G/xNOdKG1+7dmxh7E42/7suy95Sty4KpoqXFJaRjGiXVNLbV6S4vrrUHRZ4E2Ocl5Ju6KH9wPUVgbGxnC2XPQ3N8W7tBHOiZQnmHl/p0P980oysZaNcYaCvddCGnEhgT9utS7wUUlV32MA7rPUd2Cr576yA+W5Z9iS4y0qQ2vctDznY37+h4mxFucBQH6wia9EB+igYa8FKby9gVzgJjX9a80XnNmiB01DJD4ZZUSx6ohkj1JldYSmI26iyoisHNeDgnvOyUwTSO7Odu/uH9oExPJ7AKF2PKXGmkdSHBU5nTWZWxPOs0Dly7ecQbOPdkmDfAMgzAMOXofOXHNVa5rytdg16oy/dldSZQqTtOZuJ96ECEU+IWUrNXIE+tFbDZGdeHidvpeBGwvXwXz+cvf1vX8wP7GEutRmqe0H4CJp6vT21n5xB53OGl4V9vLuGuB6kM/rcySPbBpCbVoEaOzDDknCyzefUAiVd8neZHta23qNaMHP5WHN+hOFgCSB26HVVcnGlB+eGCZIYswfMHDMH2M0weu+IwwF31yotS7kijOq1xZFhQCqztSM2P0Rk/Qjaae2UtC5CY/v3A9YDawBnMpg4J6TgCs6aQ+m3gygtWFIN4AHzv4KRRrIlbyQpLuIYoAeAcGYHak1YPuAHOZYIvzs+MwRKE8U2PBJtWXkUvAdWv/p09upb5CTuNo0itb65gC9bZBG5Ep1aXMHQuIozVB9KNTDa12ACV70kvJD28TioOVe8omqNvA1w8mNn2cOzJykZjzZ/nNI+Ond1f/IMh3//xdH+MEBvLc3Gu84FkbmhZccWOwia5r9vClpiJOrTgB3JTg3pU5aFONuitCINLQqvxkztaFPCU5kFnMTTYRZTJZnJNwOZyOMJkG+spAzBVIAkFykBQnQlC3uCisHZ823MXjFDMaYcPNfFgLAVE6zPkYo+2jyaEAk1iiasmJMF20hYeEY7kVJZFliyayp6kcFJJNUjRH09jsVtPGgV1+4L5APb3qtLaqyU+TdIVY6djwDawL5HLR/ctv/UfrJphVxfvSSRsV2VU5LLqm4MRjW68h8QNQ4RfVGbmAHbZdwnppVSsSuMiEIU02YwWNxB3B7CaFfqKrv7mMUlVcWKKjYh11yZhpa++IaekFdQISCqhoDqzs/NjCnBDBhTC3bfhGO7qmFieLgX+ic3dlxVZMh8Y6KS/95qsPL+zqmHcAr18e3SFTONwhJPGxYr2dYK3220OkjXdDY+WFe0pmgtnwT/7PVSl37TlB2P+G8NLYGLu3xfWJkP+rXAuGCnNsbISisYjqTt2e7UX2I5L0LZbFSSjbTvjFVb2GZQK57nIQvfiQ6E6j15rqsI1lGZgAHBOfMCf7dXABeLeVMmg3GBFpiNCrscJ0kfjfdOTqEfB2xh1kfSYyfxA8fgtU89/7I57z+543XL7NvubjNyvH6QypXY8RXIXC8IZxFJ6q/ZoaBF1TTUSJqm5rmzObmuJr5wS5QpF9jvJLb7RwV9IqNOMmJLhBsQXoi7VPmSGwYV++6N1Nbh+/nli8sXRxs6dd/XTFHTNutKgBlIdJexjOsu83aMCxgjeuJuSe/28L2/6DarGw4Llh3A451VrAHv/nEyupH1pcNp1ytv0VeDVSp9ZTd0het83GtitQus9zJu20fukzvvJblk8C0kn/b23U9MvoEubTkTRuoJaWaNMM2ErLgo5Kpr324LG1G14mKLmbQteb+luSWSf995wGJRoR+Adk4r3rmEHwpvwWacirtAe+HAcFsBvWmKJTUTgmNNoNPFTBfxtgwspp98+vDVHOxnB4fZi12VHz5kA3w+JQjxiq6INgpKEg4s48pKvuWjruIoO8r2dw8ODnddvsBD1oLwbbCkp2IhA7v7VCzkqVhICutTsZCnYiFPxUI6ID4VC3m8YiFLYzpW6J8+fjx3n9y3CrsdIsS03LdiKTa4yipmlnJrpuWfjKn9VASnGoxL//H1xwk5f39h///p480QQysttWFl8nslLuH4bd4V4NtPPwS+3WV9vLc3K+Uic59muaz2xlaiayk0y7ShptFdnnPbajYPN3box9kIztZjO2EVR/tHt8A7k8VAFsvjZQLOm7IEZLZA2ykHocVegyupypH089F6OI9I2m6OkdosAzVZSrlI2cGb8MHNx7/tPxinm7cFIO7JBgAlfRQ93Lr2Ri7am8FHjY6ldkIfPZZkyP5y8uHddEKmrz98sP+cvfvh/XQQza8/fBhe2oOTgcazZuCCAaPy27VdWKzS3SkZYxSNnaPRtqANQX1RL0xQNJKwSDhI0RPJcDM2x+zlkhv0YxnSQIBySDyvqRqsU3SG/gZFQ9UjMnVTTF3QPhJq7JmwOl8I263TuFcSk4cbKU7k7eTxusVPegvsGFvRNbKk1yzE+GtLY+iqzn35prouOSvQcstELqGdpRU12CoVsrhgGnp+XLu2oSWjAnLbbu1Keq9UIaKlywH6upcr9FvDFLhhnHUSnSsbpQslrMhF7aXs6F3y4eZech8C2G8qmsuqaoTDOQaayWumPENz3k+VBhE636friem+updz1Q8bIpm7UYDeInFPBrp1f3folo9WaCioJYl2TUNbsdkjaVC8AvnrFz7nw4vYlovlDP2o7y/OIMym7LSet985giNv6JqpDMpBT6AYtP3/Bcsn5Pzs7YQwkw8tzD4+vCROBb1ElWFb20PI2cm7E3Lu2suSdzAb+cZLg6vVKrNgZFIt9jDSGGoT7fmGtLsIX/+D7PPSVGXHAE7IhaGioKqAwGNfOyB0t82Q1dCSLwSmmiKBv2Pmh1Kuek3JCdE/YEdePECQ6IKn0reyHVrfIIG9GKErRYW+Q9HuO6H/AvK1dSD8aMddEqXQhtG2oAAjP+P4scKZKsweXlJaciTffHp1PiEfT8+RJHfPTt+eAy1m3w5h4ePp+TAeoi7k2yLGE1wUcgs0tEazOtrwwdxqxo2iipdrFwGPZRpSXCy5WGi8GyueK+mjrxG5tNSyTe6JH9ZX65pNCM9/S7PW5jRnMymvJsSsuDEYPBCzA692a24ad0O3RQCvmSg6ELYR4SEVi1nlpiDelxFyhPAW3CssGzw7x4BLnYJntx27Vq+48ml6g8R+cvZ2eJv9UdyKPP1dYJV+GjTLEfY5A51pQkog/l9pbnEcSHkAqkRxHV5LaNy9jcW88oN76S/qrj2f+zD8jlZuBQlM7WkFpuMOR/sHwsVMNj1O9w9ENmb4Cy4MU6magF/Yczn4RSMg3bYPIxQmrWhdRyUtXVU9K+XsQhcaUrUpDq4e4SSIMXBBpqcGS6B4QrbjfK0JuCQs8q45W42VSB2GxKNaKlIzxStmmBqHrHNEIii7kCUg2X8hIiEk5/mpBk9UvGk9SpxLtaKqYMXldsJfokYWIWHMRc5HXzn1q1by87A94uD7w+wgO8gOh1fhxGCzvtxeIOcJ5PJj7UmAHzSMqLXA2TkWRnS8jjoxgYa1dRkFaW2hqSCfBaWUEiNluUsXQmrDc6KdkBL3xkopupSrId3yDaNKYK4WNcGktuBm2czAmGa3Gor37gVk7vJiV9csH9yRrw+Ol+//Ub87+ukf3/74/O1/7L1cnql/P/8tP/rPf/19/89fpyBspaPFTfYuaWjpwr2BWYPVEXA9k1aV8TxypCDA1DWIgBFceaq4ZYj/3FcHmJCpl5TcV0jSXBHdVIMIfPbi5chF95CWGbfixI3+IKy4MQbw0n4zgJnw5a24OTzqa9SdAB4fspR+umEMsgij9ZP9apZzWnreOgnZLBiu2Up9LrsotKormGG5mfiR4XFMDLx9rF2vJrjbJCqU5IVLL8dRkjfayCoEH+M40MMQ4kndujoZilLM+QLK9RlJVCPusE4t58ZOFFVx8wHQc67YipalntibXjUa8WKQivZqBeuBQXyArL+zoutQM6Gl0hOyYrNk5mh48FuVUmsyNKjF18n5W7d2Z9jwWxxbNmhZ3mDYcPISDgu+MCrWE0QlrkqH/dU+ERP3WLeX/w2o7CZEkrfOxvhbwxockrz++Aai4KUAUvBXhCuhkNbzdjQS6hVARaeCQT1ct3rojfj69CK7RxnvL9eOqRed9wU7awU66U3+JaPsx6HoKWePBkNggjhF0vZxAIyHdUC4KXa1haPj8WmrvClOyy2bnAIYOJvzifeB2VrM9DJt5xq2x9cD3KQiolXpwRRuGaW/2bw5qx1xXTOd9V1DyWBTrxyo6YRMPTO2v/NCwz+1diVWP6/hF1mW+DCydPtby5aHPUx+2KcI5acI5acI5acI5acI5RvW8hSh/BCG9xSh/BShnML6FKH8FKH8FKHcAfEpQvnxIpSlWlDBfx9ooP6+/83mAUHxsP46ZkLxfInoA6vWWBeWqqZibS9dREwYONYyO3E8WdqpbsnKGgq3UaWoWPga7sZ1EYgKwFOBAVkQYpM2Jw/zxou5b6TlNgOF4p0ivQpCf9saIjHuspTyOn00RzTnzWnuodpyX1Me1ZKHNORB/binHQ/oxnekpAGt+HGp6RG04a4uPLiQBx+Jm/XguyzxhkPT04IfAmdf/70JynvpvoOLeIxg+Fv13rsgfFRBHAS/p/U+BPob9d27rOE2XZd0HYTOQ5KyvfPkw/t0ZR1ldqEZZDbyJhXtTQkdLSC8w/tskoYqECsbmkvyYi85vS64JA6FRp7su1tlNS+mRM4NE0Qbuta+IqDvAYntXa1CGkXA5LLmqJZDzadSzmgZdQXyIEdCz1156cZ1Zzb3Yp8HHKUc0TWKcd0WvqiA4EEaYHPE5V9AAWtixUsGJU8WilZO7lVE84qXdDh4Z3RB9SByHyGtya+mplA7p1fYpy12shiIUXhcjFK1aKqRrs5v6doqECh3IhnXShqWG3Aoc8Ov2bBHK0Lvf+1ovdyZkJ3d0v7fCg/2X98s5cXOfw8vnn1meQO9B7aFgpMZ1KJmGNTvzqhnEO30g6vaa7Tam3GxN0o9wB23vXswyUgDK7sS+H6CuSN4QIwvb091WCvGYZ5SgVGxcU+A1IMSFfghlMyUXGnw5fk0HAeQx+WKzUgNNfN9EysruorRSuXQn6fIHnLq2mTAw6ON/VTQtODs1XZK3bf39uH+wYvd/ee7h88+7r883n9+/Owoe/n82X9ueH1/9N2AYzJ1BfBHQF9JdcXF4hKjjgabmN5HAtlbyort0TKu/Hsr6A4WEmDx1s7kik/EDWfVTsWND8mHm4obbU8Whv0vfRHMOc15yY0VG2p+LYGQqZIN9ICuOcP6w23nPuLT/eA73a1a7gK5NWPQd7OiYm3Vj5y1QSIf40nDmNg/CfzOqHhWEwI5RCFcGA8Vd1KDrqWAdC+XmtWKxlOHtizyBp9AOzvFDIu7gbWBGkxPosS3GSONKJjyPaGdVjhxYZkTkvTVxq7ZE+IfsiKQj0eLY18zcoYl7d2yaFlCQKeRLci8nk5QmKMgXQmHF0AKddkBZ+fEKH7NaVmuJ0RIUlFjICMLPPMGJqAKelGtId1sbREVTXJMs1mWZ8X0vrVMB0JmRg/SpmEzJ2XINbVoARKSvjBaJ/E0Ctroxetd3CNaz700kP7mKA3quA33T4dLAeOlFFtQVWDAmYY65pPoScxOmPEQA2llYczgyaUqNPar+Xh6HgrxY9s/DxmCkzNu/3aYwsbsJbn4j3cu7vIbHapB26Ha6XF4rEkXko66c7giqeW6v/hOnL/QvvMqsAMXKEdobhpv4sS+K0xVZCeMtIOVd+cu5sTPLDrAal+ZEr526o63xw6kCfqKdDkyMN0ZPIbdNY67SIam0N0UIW9D9ziENf7aiLzVoVyTfHxvaJgWhUKaaDBLJ7hFrof1gxK/v0DUWhwtljx6ijyyY22FZD77wdn59YuWsY5czXfIKruDYiGVuRH6Lx92eCMYWKp1G5A4ssQJOrNvJVK+zaN4ebQZiH+B0Hmov93mebnYMdeIH47aGAE9JIa9hXZDIfncxbRvAm4P1KcQiacQif6qnkIknkIkNkXiU4jEU4jEU4jEfUMkXJZ5X01sP9zcSe1T1rs6iYm/s4qWwnuz7fqAcRM09o6UJXihx4If5tx19W19O1DlAa0B/o6PbCg4vX2jk+fwCM1KHq2afxRk4G4z1QiBWjMsYKwKDw8thbG4fxn6P7lO7/59fLyiV0wTbnUwrfms04zVyC5Wo5Q43EERFesaBy30A/DmHcUgvEBxJnKwC2vdMI3aox1TscIuxjUfAXtPMqAV6Vysi+8DyAvfvDDkY4mipQV4RnOxgPZHrqlJF9LWpf/sO/aczeZsn7IX+dH33x0WM/b9fP/guyN68OLZd7PZy8Oj7+YjNUEelK3UGoNZSbXhOZq3dt2qNrQEx4KQp/k2ecWdqRvyV2JeFwaAjBbXbAT6jYGxLRRlKeVKA9dbpc3JPbpbhQ+abfiTqFri9m147Peu8UBKkMit057EGCDlOnZMPRGKtr1EMsRJiXWnHLiWNAqujeKzxg7jK4AgvagG7GtBfV9KbXS393p7RNAe5O0iftFYeMAtbcQ76aoIQSdeOSev452PtwCW5dJQ487Hedlo00laQZfND1KRvzBqdH8Yri3WfEtwSnJZB4t7wCP04krGddbkORGS+HFC55RtNLgYORF38YlE+Vz3Og0wgLd7u1Rj7Bw1cPUkTNLeb7JDxh4EO+ot3BIG7OSYphCnxDLp7FwoPZPMME0Q2T0mkVfLbCXF7tR1hIEJOvty1+CeO9PQs+ww27Sdx7+5sJcO6cSSyib003JHqGcpr6xISl2UJjPYAC8VWELEjZVlh4hnBE+sXrKKKVpusQbHaz9HT0xp5QvyDZ/DTQ4teHsxWySSV9r+VdDpTvtOw4qB59IVYwpkzYspKSR07hquXfSSHs2f7+/P2xkDQYNvqiPjxp9tJuLiK5tY3ENz0nYL0Sa35y3syVCbW9jjiifOzH5PKfYL2MixXEWfAP4+bORD0P8NbOQ3gbFFGznS59+djRzBdkbnuDTKCBX9EQzl4zD34H2ylj9Zy/urerKWP1nLN0Xik7X8yVr+ZC2/i7U80SQaVaZqxKcPb25WGj59eONvWNdsE+sN1iUzzH47Qcle51a5mri4OqhkSM3yntL9eH+Ax0qJ843R26L9jYJqiz68se31PKoHvJNgO6PGPt+vTDaJy/AUgMgKo84p1si3yEsGhCg/CuGUNIcY2FIuHNXZ17l2WRq/Ntq0Pc598bkW4X19NVS5H2iR7oenYFFfUR2AnoSd7kpIY0psiue43LYz3WS5PD46eraHJpx//u3PiUnnT0bWdviRr4epxSJzW5RyNg97hXour6zq5nAIAYyNRgPoBNlMWwA/JLImI04bVWZ2zOnEbjjE7JlkixTLpdBGNWCdkYr4jUKyTE98j0Q7G3KvLRjGMx7xbWH6AkYPbiNs6TMJ9aJ3YCE7I8cQOzZPj6e+kUNNI1UYRh7Hzt2U08dZ7Svs5D262nS7hpZ9JjD3wZKePf2ev7gATOn0FFdnEMpNY3RquUaWDfpReg+37cUzNO1DYXJH2kk1XqDxhQydRvDVaV8tCqhOVzSizw5aRcbDj4Vhi8R7sKFxpIfvo6Nnw32Xjp6Nad5muS3aOIdGHGOU4Y5tlyQ8YBATvi3I7CGDCRyzCkIPwIrfYIZlF/5kmLCWDusZInM41/8M55p9hrqhUWHreEaIwcdj4BvTJAMJaccBSg5F7qK1wOvhOwpzzhoTnkpXYDqIQGtx27Wkqk0LFywBn0g9UjhCxz2T+AfJjJkVc5WvzUriaR/LhlZ0UaXWjMelS6lM5FUAgWluXLT39E/TiEiNrEc380+DTNoDP7K2RjO1zSzMT278Dt2O2t207oz9yBwAxx+HJsZLR6LXd8yQsJsCXvGuY2C4QgM8ilIvdD5k1zQiOSNJKzpnvkNa6PgEnhXQjGPLuf2EM40nOAwFEy2pxrrjZkkFvM6LSauJCCgisvZSOPAHcFoROW9hWm5YR8Ko5rYyEhgInHwUmTyTz3vFJQYKUKSenT9CIM/7jlej6Qb2BNO+3Z+R8/E4gSS0nLFEHrhJelza693nRJdy0QpXN8BpxfCuzeoByYMnADB5Dd1tEtnxFs7ztUYtw4KClaOvKS/bDN0e4KyifHvasT14MIOX90agWFK9NSHIBZR5JrBMg7pi1oQOaHgQagZJsa6gDZN9ZOAS+qTZvCktlqdAGlD8QLk/IPwmhKhA4XOgfFqm7LDTrSSnwl5o7hofQVfXN/Co+PoRojoCg+ZoEID7NYtNAEn3v1DaF0DTlvRSmYnlTGuq1iM3T1oqp71/SPz53W4hHNLfRa2P3ao6rpKFT872t6J9d42WkTCcXsqV65y4YrPg3YewlKgIMmbpUmVlryYAnlQJ+dsYr8ZaVd50YNw6rtPgjxapgxrOzlv5Oy9Luvc82yff8POlFOyfyOn5J4K/k/cX5ODw8gAbSPlaPt+Sk7ou2S9s9jM3ey/2n2cH2cFz8s3PP318+2aCz/7I8iv5rY9F2Ts4zPbJWznjJds7eP764OgluaBzqvjei/2j7GDnLjfJfZgzTrYZLmMHU0sWd6hq/jhn+t/6O9mFJHHjZvvDSMReE9nj4RJJ4+64dIA8Vet+qtb9VK37qVr3U7XuG9ayUbXuP5GPrKqlomCJ+gzhvcyQ77J9UlC9nEmqCu3rk2T+FcigaLQhCxlcXbnO1hV4wKCMwIprRgzTRpNCiq8NaRvYhmgpRk18pyCGaMlDGkxNzfLY3VgQSd1/v9Mk5eYxwsPxQkLnZihB4r95/+r98VCjMmdv3GO53sPkjb2D714mcHXmGt/+kf3s9mZxN7aD7IJdQwhqX9ZdMcVCI2uMkO4u6FNdWO1nzktmsbfHud5znkKa5xLqU5TrbEROz2pq8uXdF3RuXxsSK2NhZGC6iovQeeYO0721r91nOvrrvaazr91jOpRl7j5fLA+FoAAvGI3MJfXA6qJwvrssbVjCGZm0t4MbTDq0ff1JHV03qgxHDVzPGx2Ai0bxnBpKKlk0WJSr0WCRzuKQzyjq4RHPc98lkzjqvtq1wyJ7+yoIs3/BvwamOPVd9HNZVVLAeyGw2puBwLJRuroirv/OV6kemrBVwyv2eyui36Bz+ydRHjCNEm1SUnfXiBRRzqNdUlwQ0iVDZSmX3/kXKM5maFXvJLiPaolZjHLFisQCi9J58lxraGsW9vo6fGGW5HD/4MWEHBweP3t+/PxZ9uzZBoaGAFLbVhQxW8qFK9kDxIj1XqAIWbIoQ0P1wrGyQ66P8xqeRft0KKBlSM0wuwkDZZiKq+6EMTDNJpkYNzzBo5z9ynKvHOAfl3eg7kB+wPJ8pz+gOR+gn0DAlOqwhFgNGZnktX2po4BBMZ+i4K5aklXHIGXApZLBPCE7YKzHXCc/6z5JIQAaotqdXDyI7dndOcWTuWRUGTieLshnp3OiR06ke/quSHOzurfT3dgmRuwB8ZNGJEjGta+HTaLj/pKteEfGXB0PnQ0s7b/KGTl7ZZke+F1n63Z3B9ZbNKrr3xlWwRMYsGVq1KrSytNDY3X3kiQXckdRGIzl7839ys0ClfqwRXwuRaH7a+tF9dyn3KgLC2lU6aNtIIHTF+SbmryeTsjUlNDyzcrlUwwShN/1dADnHVvIPaCKL25vAJ4xuxFuT1iR+WSeikN3THC+tGnDyXDhJUstZ+cDICe5RndOP7oJyrMYqhQSL9j0AxSmvJ56q7/n8q70myytjMXrENDjWwK4cqYw6sAKtaEmocjBq/ue+3UmCivVSWU3wXMgzBm+piUvfKpySGeEeq6Rq8wzcLfAiINDN/FSyqum3pBpt2OQuzDtaKJOgtsYw/4ydP7YxNrSTSOKQD1YxHKEdpS53YQ5zMM8kWHYKuyLz8KxWoI/AdnfiqV6uaGUTdES3an904cqQCY0Laihw1rAW/ctrihPXtUW261UToviEh649EP6OrNSxUpBKoMwQzN4K/PDdoVqlt8iOSdpNwmEGTl3dTh8RVeolJEfTsgix2bWBV9wQ0uZMyqyUdh89YE2C3gEljP3oL3EHUiWDHz1hQ1miGSY2+aItb/NZnEPXEbSWMCzOcwqVvCmuk15hyGSGgCbTe44Ii+5WV9GWmCAoNG7jGqze5DfosREAxFQEnmrAHKN4HA9ovmlJAd6SdjVAIr7Zvfz5qTnXrGw/CjlomR40sZnx3yamydwiTC3rM8d9ELmV3B+3El/5f8eGBy/g4uzm3PvvrNnVi+lMpcoB7d+JCrypVR+vt1wykeurADWMH8du4CcbACREA+7iFzMRhgwabMwMF1FFw8UGWK6gOFCTiACYJX4WcNLQ4b6QregPFyhOQ1zpldRf66Szlipe7Mlejy5WZe/BZYzwATOE4jWyRmOZH/CvwYGObOKeESo7mpPWU9Lm/bzIcok//N/fuarZsaUYJhb7eb/Of5sAIr2+3BxprdgOyiJZ7/5ILUv3XqYEqDvdqBqWTwCQUUYqOWYYmynah56bKOZzmVBPp29Gtb4dU3zx1tUO2J/Mln0ohUeOJks2AgKNz2Om02Eo5GK1v2ZIEYMG9U91nTRkMNzPiaLi+bNE25307SPwOQH58VxHYfRMr/SzyN97+L96c8Xzwn0lt9Q4QtjkLvoe/FEobJAyhjG2MSd9aGOTevNBSnpmimCLR2M4jUatjfVg1xJ9kFlqAvILcAAQLxiiarGtKGzkuslZIyGovrXnHq02YdE0a9oYH9C+bHWCRINYmSC+qzz+tCyyU0qILlJDewtflwV9BRpyuiy27F7xUSu1pi5DNu2IVmacvwCGvNwtJSREORtloicKcPnPKeGXQppLsHocjlj86G47U4rmASU11SVnGmDPV2oiZxG7RZ+reMJUWOEGQdkp0HAIPfkTnC9oeYRofqbn98lFYVe0iu2tRM858IeXwtqmCw6mKVitFhHB9QlQfcGjjpV/FEOqpeKjaljO+HHj+d39O64EYYRP2YltNPc7XC2mfvtTIZ93jQ9wpkFG1UGh4dbZrwjkPVx2d+TQPJ09VV/I+4cJRjX2h2CKAT2UCKk2KWCluvfPaZC7lEDcfxdepKK0MVCsUXaEfjRji1s3cPOrTdm3+/Y/m+P5gOR+2TBOVfaQDUrqxs7YoOgBWcXXiluDOunMRCw6OtaCu1NyE5Pwg1ykNstaiftsIPegD32kLCD3uOYzs3n7WQ+xMsOb0GayQLyx6D8ICW1YnP+eQImmwF+YH+wWEcovwcuwHWnAoIBbx3cDYKxbvhftE0SAIF3LCR/GI42NJkntUsL6aPTm4w3KTXSUyxunfhtPGX1RT1A4xMlkC1Sgj3y7NKxgXtRwo10oBm2bDOuSTxUh4k5zwDH6HOKMYHijyhADE3mKfxyyWjRie6/N5pTqczz+BjhUG+0uwsW+QPMHa8BezajWwKs0W63Eu4PTSsDEm7Q0f7edy6XwjBhsvv5Bm+XpBUzirNrVgQDtSvoAqARB1s2DBwwpEfn3jF4vuemJ5xOFzioZwvVDXrDxZ3q0j5vhBrDqtpk5LUofG0EqBcQ+HlvtIIXJF+y/Cq5MP7Id8MfhaqdPsPzKtZnzk7fnm+ox7g3yV30mLNzUodGnbeqMI759I2fd6rj8g53ic+JXRx5nS/lBzcw8L/HiDwII5MPEcP8wGpLD6nUv6HM/9gxB97MlMe7bc/fnWxL+Z133E7hWft9bEydCj/32H+vykJFIzyyj7HlHePM6UOVvEc2rg5y7djA2uG9d9DK2miePwov24LWfANGWy3G/qUNq1vsQdUey+E6/Vb/IIj6fwEAAP//zo8bQQ==" } diff --git a/journalbeat/docs/fields.asciidoc b/journalbeat/docs/fields.asciidoc index 98fe5775493..5948f58b97f 100644 --- a/journalbeat/docs/fields.asciidoc +++ b/journalbeat/docs/fields.asciidoc @@ -615,7 +615,7 @@ ECS fields. [float] == agent fields -The agent fields contain the data about the agent/client/shipper that created the event. +The agent fields contain the data about the software entity, if any, that collects, detects, or observes events on a host, or takes measurements on a host. Examples include Beats. Agents may also run on observers. ECS agent.* fields shall be populated with details of the agent running on the host or observer where the event happened or the measurement was taken. @@ -631,24 +631,29 @@ Version of the agent. -- -*`agent.type`*:: +*`agent.name`*:: + -- type: keyword -example: filebeat +example: foo Name of the agent. +This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. +If no name is given, the name is often left empty. -- -*`agent.hostname`*:: +*`agent.type`*:: + -- type: keyword -Hostname of the agent. +example: filebeat + +Type of the agent. +The agent type stays always the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine. -- @@ -719,7 +724,7 @@ List of keywords used to tag each event. -- type: object -example: {'key2': 'value2', 'key1': 'value1'} +example: {'application': 'foo-bar', 'env': 'production'} Key/value pairs. Can be used to add meta information to events. Should not contain nested objects. All values are stored as keyword. @@ -739,6 +744,183 @@ For log events the message field contains the log message. In other use cases the message field can be used to concatenate different values which are then freely searchable. If multiple messages exist, they can be combined into one message. +-- + +[float] +== client fields + +A client is defined as the initiator of a network connection for events regarding sessions, connections, or bidirectional flow records. For TCP events, the client is the initiator of the TCP connection that sends the SYN packet(s). For other protocols, the client is generally the initiator or requestor in the network transaction. Some systems use the term "originator" to refer the client in TCP connections. The client fields describe details about the system acting as the client in the network event. Client fields are usually populated in conjuction with server fields. Client fields are generally not populated for packet-level events. + + + +*`client.ip`*:: ++ +-- +type: ip + +IP address of the client. +Can be one or multiple IPv4 or IPv6 addresses. + + +-- + +*`client.port`*:: ++ +-- +type: long + +Port of the client. + + +-- + +*`client.mac`*:: ++ +-- +type: keyword + +MAC address of the client. + + +-- + +*`client.domain`*:: ++ +-- +type: keyword + +Client domain. + + +-- + +*`client.bytes`*:: ++ +-- +type: long + +example: 184 + +Bytes sent from the client to the server. + + +-- + +*`client.packets`*:: ++ +-- +type: long + +example: 12 + +Packets sent from the client to the server. + + +-- + +[float] +== geo fields + +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + + + +*`client.geo.location`*:: ++ +-- +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +Longitude and latitude. + + +-- + +*`client.geo.continent_name`*:: ++ +-- +type: keyword + +example: North America + +Name of the continent. + + +-- + +*`client.geo.country_name`*:: ++ +-- +type: keyword + +example: Canada + +Country name. + + +-- + +*`client.geo.region_name`*:: ++ +-- +type: keyword + +example: Quebec + +Region name. + + +-- + +*`client.geo.city_name`*:: ++ +-- +type: keyword + +example: Montreal + +City name. + + +-- + +*`client.geo.country_iso_code`*:: ++ +-- +type: keyword + +example: CA + +Country ISO code. + + +-- + +*`client.geo.region_iso_code`*:: ++ +-- +type: keyword + +example: CA-QC + +Region ISO code. + + +-- + +*`client.geo.name`*:: ++ +-- +type: keyword + +example: boston-dc + +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. + + -- [float] @@ -903,7 +1085,7 @@ Image labels. [float] == destination fields -Destination fields describe details about the destination of a packet/event. +Destination fields describe details about the destination of a packet/event. Destination fields are usually populated in conjunction with source fields. @@ -948,161 +1130,154 @@ Destination domain. -- -[float] -== geo fields - -Geolocation for destination. - - -*`destination.geo.continent_name`*:: +*`destination.bytes`*:: + -- -type: keyword +type: long -Name of the continent. +example: 184 + +Bytes sent from the destination to the source. -- -*`destination.geo.country_iso_code`*:: +*`destination.packets`*:: + -- -type: keyword +type: long -Country ISO code. +example: 12 + +Packets sent from the destination to the source. -- +[float] +== geo fields + +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + + + *`destination.geo.location`*:: + -- type: geo_point +example: { "lon": -73.614830, "lat": 45.505918 } + Longitude and latitude. -- -*`destination.geo.region_name`*:: +*`destination.geo.continent_name`*:: + -- type: keyword -Region name. +example: North America + +Name of the continent. -- -*`destination.geo.city_name`*:: +*`destination.geo.country_name`*:: + -- type: keyword -City name. +example: Canada + +Country name. -- -*`destination.geo.region_iso_code`*:: +*`destination.geo.region_name`*:: + -- type: keyword -Region ISO code. - - --- - -[float] -== device fields +example: Quebec -Device fields are used to provide additional information about the device that is the source of the information. This could be a firewall, network device, etc. +Region name. +-- -*`device.mac`*:: +*`destination.geo.city_name`*:: + -- type: keyword -MAC address of the device +example: Montreal - --- - -*`device.ip`*:: -+ --- -type: ip - -IP address of the device. +City name. -- -*`device.hostname`*:: +*`destination.geo.country_iso_code`*:: + -- type: keyword -Hostname of the device. - - --- - -*`device.vendor`*:: -+ --- -type: text +example: CA -Device vendor information. +Country ISO code. -- -*`device.version`*:: +*`destination.geo.region_iso_code`*:: + -- type: keyword -Device version. +example: CA-QC + +Region ISO code. -- -*`device.serial_number`*:: +*`destination.geo.name`*:: + -- type: keyword -Device serial number. +example: boston-dc +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. --- -*`device.timezone.offset.sec`*:: -+ -- -type: long -example: -5400 +[float] +== ecs fields -Timezone offset of the host in seconds. -Number of seconds relative to UTC. If the offset is -01:30 the value will be -5400. +Meta-information specific to ECS. --- -*`device.type`*:: +*`ecs.version`*:: + -- type: keyword -example: firewall +example: 1.0.0-beta1 + +required: True -The type of the device the data is coming from. -There is no predefined list of device types. Some examples are `endpoint`, `firewall`, `ids`, `ips`, `proxy`. +ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. +When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. +The current version is 1.0.0-beta1 . -- @@ -1147,7 +1322,7 @@ Error code describing the error. [float] == event fields -The event fields are used for context information about the data itself. +The event fields are used for context information about the log or metric event itself. A log is defined as an event containing details of something that happened. Log events must include the time at which the thing happened. Examples of log events include a process starting on a host, a network packet being sent from a source to a destination, or a network connection between a client and a server being initiated or closed. A metric is defined as an event containing one or more numerical or categorical measurements and the time at which the measurement was taken. Examples of metric events include memory pressure measured on a host, or vulnerabilities measured on a scanned host. @@ -1161,6 +1336,19 @@ example: 8a4f500d Unique ID to describe the event. +-- + +*`event.kind`*:: ++ +-- +type: keyword + +example: state + +The kind of the event. +This gives information about what type of information the event contains, without being specific to the contents of the event. Examples are `event`, `state`, `alarm`. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. + + -- *`event.category`*:: @@ -1168,36 +1356,47 @@ Unique ID to describe the event. -- type: keyword -example: metrics +example: user-management Event category. -This can be a user defined category. +This contains high-level information about the contents of the event. It is more generic than `event.action`, in the sense that typically a category contains multiple actions. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. -- -*`event.type`*:: +*`event.action`*:: + -- type: keyword -example: nginx-stats-metrics +example: user-password-change -A type given to this kind of event which can be used for grouping. -This is normally defined by the user. +The action captured by the event. +This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer. -- -*`event.action`*:: +*`event.outcome`*:: + -- type: keyword -example: reject +example: success + +The outcome of the event. +If the event describes an action, this fields contains the outcome of that action. Examples outcomes are `success` and `failure`. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. + + +-- + +*`event.type`*:: ++ +-- +type: keyword -The action captured by the event. The type of action will vary from system to system but is likely to include actions by security services, such as blocking or quarantining; as well as more generic actions such as login events, file i/o or proxy forwarding events. -The value is normally defined by the user. +Reserved for future usage. +Please avoid using this field for user data. -- @@ -1267,29 +1466,24 @@ Hash (perhaps logstash fingerprint) of raw field to be able to demonstrate log i -- -*`event.version`*:: +*`event.duration`*:: + -- -type: keyword - -example: 0.1.0 - -required: True +type: long -The version field contains the version an event for ECS adheres to. -This field should be provided as part of each event to make it possible to detect to which ECS version an event belongs. -event.version is a required field and must exist in all events. It describes which ECS version the event adheres to. -The current version is 0.1.0. +Duration of the event in nanoseconds. +If event.start and event.end are known this value should be the difference between the end and start time. -- -*`event.duration`*:: +*`event.timezone`*:: + -- -type: long +type: keyword -Duration of the event in nanoseconds. +This field should be populated when the event's timestamp does not include timezone information already (e.g. default Syslog timestamps). It's optional otherwise. +Acceptable timezone formats are: a canonical ID (e.g. "Europe/Amsterdam"), abbreviated (e.g. "EST") or an HH:mm differential (e.g. "-05:00"). -- @@ -1306,12 +1500,32 @@ In case the two timestamps are identical, @timestamp should be used. -- -*`event.risk_score`*:: +*`event.start`*:: + -- -type: float +type: date -Risk score or priority of the event (e.g. security solutions). Use your system's original value here. +event.start contains the date when the event started or when the activity was first observed. + + +-- + +*`event.end`*:: ++ +-- +type: date + +event.end contains the date when the event ended or when the activity was last observed. + + +-- + +*`event.risk_score`*:: ++ +-- +type: float + +Risk score or priority of the event (e.g. security solutions). Use your system's original value here. -- @@ -1330,45 +1544,25 @@ This is mainly useful if you use more than one system that assigns risk scores, [float] == file fields -File fields provide details about each file. +A file is defined as a set of information that has been created on, or has existed on a filesystem. File objects can be associated with host events, network events, and/or file events (e.g., those produced by File Integrity Monitoring [FIM] products or services). File fields provide details about the affected file associated with the event or metric. *`file.path`*:: + -- -type: text - -Path to the file. - -*`file.path.raw`*:: -+ --- type: keyword -Path to the file. This is a non-analyzed field that is useful for aggregations. - - --- +Path to the file. -- *`file.target_path`*:: + -- -type: text - -Target path for symlinks. - -*`file.target_path.raw`*:: -+ --- type: keyword -Path to the file. This is a non-analyzed field that is useful for aggregations. - - --- +Target path for symlinks. -- @@ -1488,193 +1682,284 @@ Last time file metadata changed. -- [float] -== geo fields +== group fields -Geo fields can carry data about a specific location related to an event or geo information for an IP field. +The group fields are meant to represent groups that are relevant to the event. -*`geo.continent_name`*:: +*`group.id`*:: + -- type: keyword -Name of the continent. +Unique identifier for the group on the system/platform. -- -*`geo.country_iso_code`*:: +*`group.name`*:: + -- type: keyword -Country ISO code. +Name of the group. -- -*`geo.location`*:: +[float] +== host fields + +A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or on which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes. + + + +*`host.hostname`*:: + -- -type: geo_point +type: keyword -Longitude and latitude. +Hostname of the host. +It normally contains what the `hostname` command returns on the host machine. -- -*`geo.region_name`*:: +*`host.name`*:: + -- type: keyword -Region name. +Name of the host. +It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. -- -*`geo.city_name`*:: +*`host.id`*:: + -- type: keyword -City name. +Unique host id. +As hostname is not always unique, use values that are meaningful in your environment. +Example: The current usage of `beat.name`. + + +-- + +*`host.ip`*:: ++ +-- +type: ip + +Host ip address. + + +-- + +*`host.mac`*:: ++ +-- +type: keyword + +Host mac address. + + +-- + +*`host.type`*:: ++ +-- +type: keyword + +Type of host. +For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. + + +-- + +*`host.architecture`*:: ++ +-- +type: keyword + +example: x86_64 + +Operating system architecture. -- [float] -== host fields +== os fields -Host fields provide information related to a host. A host can be a physical machine, a virtual machine, or a Docker container. -Normally the host information is related to the machine on which the event was generated/collected, but they can be used differently if needed. +The OS fields contain information about the operating system. -*`host.timezone.offset.sec`*:: +*`host.os.platform`*:: + -- -type: long +type: keyword -example: -5400 +example: darwin -Timezone offset of the host in seconds. -Number of seconds relative to UTC. If the offset is -01:30 the value will be -5400. +Operating system platform (such centos, ubuntu, windows). -- -*`host.name`*:: +*`host.os.name`*:: + -- type: keyword -host.name is the hostname of the host. -It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. +example: Mac OS X + +Operating system name. -- -*`host.id`*:: +*`host.os.family`*:: + -- type: keyword -Unique host id. -As hostname is not always unique, use values that are meaningful in your environment. -Example: The current usage of `beat.name`. +example: debian + +OS family (such as redhat, debian, freebsd, windows). -- -*`host.ip`*:: +*`host.os.version`*:: + -- -type: ip +type: keyword -Host ip address. +example: 10.12.6-rc2 + +Operating system version as a raw string. -- -*`host.mac`*:: +*`host.os.kernel`*:: + -- type: keyword -Host mac address. +example: 4.4.0-112-generic + +Operating system kernel version as a raw string. -- -*`host.type`*:: +[float] +== geo fields + +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + + + +*`host.geo.location`*:: ++ +-- +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +Longitude and latitude. + + +-- + +*`host.geo.continent_name`*:: + -- type: keyword -Type of host. -For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. +example: North America + +Name of the continent. -- -*`host.os.platform`*:: +*`host.geo.country_name`*:: + -- type: keyword -example: darwin +example: Canada -Operating system platform (centos, ubuntu, windows, etc.) +Country name. -- -*`host.os.name`*:: +*`host.geo.region_name`*:: + -- type: keyword -example: Mac OS X +example: Quebec -Operating system name. +Region name. -- -*`host.os.family`*:: +*`host.geo.city_name`*:: + -- type: keyword -example: debian +example: Montreal -OS family (redhat, debian, freebsd, windows, etc.) +City name. -- -*`host.os.version`*:: +*`host.geo.country_iso_code`*:: + -- type: keyword -example: 10.12.6 +example: CA -Operating system version. +Country ISO code. -- -*`host.architecture`*:: +*`host.geo.region_iso_code`*:: + -- type: keyword -example: x86_64 +example: CA-QC -Operating system architecture. +Region ISO code. + + +-- + +*`host.geo.name`*:: ++ +-- +type: keyword + +example: boston-dc + +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. -- @@ -1682,7 +1967,7 @@ Operating system architecture. [float] == http fields -Fields related to HTTP requests and responses. +Fields related to HTTP activity. @@ -1696,6 +1981,18 @@ example: GET, POST, PUT Http request method. +-- + +*`http.request.referrer`*:: ++ +-- +type: keyword + +example: https://blog.example.com/ + +Referrer for this HTTP request. + + -- *`http.response.status_code`*:: @@ -1713,7 +2010,7 @@ Http response status code. *`http.response.body`*:: + -- -type: text +type: keyword example: Hello world @@ -1774,186 +2071,448 @@ Field is not indexed. [float] == network fields -Fields related to network data. +The network is defined as the communication path over which a host or network event happens. The network.* fields should be populated with details about the network activity associated with an event. *`network.name`*:: + -- -type: text +type: keyword example: Guest Wifi Name given by operators to sections of their network. -*`network.name.raw`*:: +-- + +*`network.type`*:: + -- type: keyword -Name given by operators to sections of their network. +example: IPv4 +In the OSI Model this would be the Network Layer. IPv4, IPv6, IPSec, PIM, etc --- -- -*`network.protocol`*:: +*`network.iana_number`*:: + -- type: keyword -example: http +example: 6 -Network protocol name. +IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Standardized list of protocols. This aligns well with NetFlow and sFlow related logs which use the IANA Protocol Number. -- -*`network.direction`*:: +*`network.transport`*:: + -- type: keyword -example: inbound +example: TCP -Direction of the network traffic. -Recommended values are: - * inbound - * outbound - * unknown +Same as network.iana_number, but instead using the Keyword name of the transport layer (UDP, TCP, IPv6-ICMP, etc.) -- -*`network.forwarded_ip`*:: +*`network.application`*:: + -- -type: ip +type: keyword -example: 192.1.1.2 +example: AIM -Host IP address when the source IP address is the proxy. +A name given to an application. This can be arbitrarily assigned for things like microservices, but also apply to things like skype, icq, facebook, twitter. This would be used in situations where the vendor or service can be decoded such as from the source/dest IP owners, ports, or wire format. -- -*`network.inbound.bytes`*:: +*`network.protocol`*:: + -- -type: long +type: keyword -example: 184 +example: http -Network inbound bytes. +L7 Network protocol name. ex. http, lumberjack, transport protocol -- -*`network.inbound.packets`*:: +*`network.direction`*:: + -- -type: long +type: keyword -example: 12 +example: inbound + +Direction of the network traffic. +Recommended values are: + * inbound + * outbound + * internal + * external + * unknown -Network inbound packets. +When mapping events from a host-based monitoring context, populate this field from the host's point of view. +When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of your network perimeter. -- -*`network.outbound.bytes`*:: +*`network.forwarded_ip`*:: + -- -type: long +type: ip -example: 184 +example: 192.1.1.2 -Network outbound bytes. +Host IP address when the source IP address is the proxy. -- -*`network.outbound.packets`*:: +*`network.community_id`*:: + -- -type: long +type: keyword -example: 12 +example: 1:hO+sN4H+MG5MY/8hIrXPqc4ZQz0= -Network outbound packets. +A hash of source and destination IPs and ports, as well as the protocol used in a communication. This is a tool-agnostic standard to identify flows. +Learn more at https://github.com/corelight/community-id-spec. -- -*`network.total.bytes`*:: +*`network.bytes`*:: + -- type: long example: 368 -Network total bytes. The sum of inbound.bytes + outbound.bytes. +Total bytes transferred in both directions. +If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. -- -*`network.total.packets`*:: +*`network.packets`*:: + -- type: long example: 24 -Network outbound packets. The sum of inbound.packets + outbound.packets +Total packets transferred in both directions. +If `source.packets` and `destination.packets` are known, `network.packets` is their sum. -- [float] -== organization fields +== observer fields -The organization fields enrich data with information about the company or entity the data is associated with. These fields help you arrange or filter data stored in an index by one or multiple organizations. +An observer is defined as a special network, security, or application device used to detect, observe, or create network, security, or application-related events and metrics. This could be a custom hardware appliance or a server that has been configured to run special network, security, or application software. Examples include firewalls, intrusion detection/prevention systems, network monitoring sensors, web application firewalls, data loss prevention systems, and APM servers. The observer.* fields shall be populated with details of the system, if any, that detects, observes and/or creates a network, security, or application event or metric. Message queues and ETL components used in processing events or metrics are not considered observers in ECS. -*`organization.name`*:: +*`observer.mac`*:: + -- -type: text +type: keyword -Organization name. +MAC address of the observer -- -*`organization.id`*:: +*`observer.ip`*:: + -- -type: keyword +type: ip -Unique identifier for the organization. +IP address of the observer. -- -[float] -== os fields +*`observer.hostname`*:: ++ +-- +type: keyword -The OS fields contain information about the operating system. These fields are often used inside other prefixes, such as `host.os.*` or `user_agent.os.*`. +Hostname of the observer. +-- -*`os.platform`*:: +*`observer.vendor`*:: + -- type: keyword -example: darwin +observer vendor information. -Operating system platform (such centos, ubuntu, windows). + +-- + +*`observer.version`*:: ++ +-- +type: keyword + +Observer version. + + +-- + +*`observer.serial_number`*:: ++ +-- +type: keyword + +Observer serial number. + + +-- + +*`observer.type`*:: ++ +-- +type: keyword + +example: firewall + +The type of the observer the data is coming from. +There is no predefined list of observer types. Some examples are `forwarder`, `firewall`, `ids`, `ips`, `proxy`, `poller`, `sensor`, `APM server`. + + +-- + +[float] +== os fields + +The OS fields contain information about the operating system. + + + +*`observer.os.platform`*:: ++ +-- +type: keyword + +example: darwin + +Operating system platform (such centos, ubuntu, windows). + + +-- + +*`observer.os.name`*:: ++ +-- +type: keyword + +example: Mac OS X + +Operating system name. + + +-- + +*`observer.os.family`*:: ++ +-- +type: keyword + +example: debian + +OS family (such as redhat, debian, freebsd, windows). + + +-- + +*`observer.os.version`*:: ++ +-- +type: keyword + +example: 10.12.6-rc2 + +Operating system version as a raw string. + + +-- + +*`observer.os.kernel`*:: ++ +-- +type: keyword + +example: 4.4.0-112-generic + +Operating system kernel version as a raw string. + + +-- + +[float] +== geo fields + +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + + + +*`observer.geo.location`*:: ++ +-- +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +Longitude and latitude. + + +-- + +*`observer.geo.continent_name`*:: ++ +-- +type: keyword + +example: North America + +Name of the continent. + + +-- + +*`observer.geo.country_name`*:: ++ +-- +type: keyword + +example: Canada + +Country name. + + +-- + +*`observer.geo.region_name`*:: ++ +-- +type: keyword + +example: Quebec + +Region name. + + +-- + +*`observer.geo.city_name`*:: ++ +-- +type: keyword + +example: Montreal + +City name. + + +-- + +*`observer.geo.country_iso_code`*:: ++ +-- +type: keyword + +example: CA + +Country ISO code. + + +-- + +*`observer.geo.region_iso_code`*:: ++ +-- +type: keyword + +example: CA-QC + +Region ISO code. + + +-- + +*`observer.geo.name`*:: ++ +-- +type: keyword + +example: boston-dc + +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. + + +-- + +[float] +== organization fields + +The organization fields enrich data with information about the company or entity the data is associated with. These fields help you arrange or filter data stored in an index by one or multiple organizations. + + + +*`organization.name`*:: ++ +-- +type: keyword + +Organization name. + + +-- + +*`organization.id`*:: ++ +-- +type: keyword + +Unique identifier for the organization. + + +-- + +[float] +== os fields + +The OS fields contain information about the operating system. + + + +*`os.platform`*:: ++ +-- +type: keyword + +example: darwin + +Operating system platform (such centos, ubuntu, windows). -- @@ -2013,12 +2572,45 @@ These fields contain information about a process. These fields can help you corr +*`process.pid`*:: ++ +-- +type: long + +Process id. + + +-- + +*`process.name`*:: ++ +-- +type: keyword + +example: ssh + +Process name. +Sometimes called program name or similar. + + +-- + +*`process.ppid`*:: ++ +-- +type: long + +Process parent id. + + +-- + *`process.args`*:: + -- type: keyword -example: ['-l', 'user', '10.0.0.16'] +example: ['ssh', '-l', 'user', '10.0.0.16'] Process arguments. May be filtered to protect sensitive information. @@ -2026,46 +2618,255 @@ May be filtered to protect sensitive information. -- -*`process.name`*:: +*`process.executable`*:: + -- type: keyword -example: ssh +example: /usr/bin/ssh -Process name. -Sometimes called program name or similar. +Absolute path to the process executable. -- -*`process.pid`*:: +*`process.title`*:: ++ +-- +type: keyword + +Process title. +The proctitle, some times the same as process name. Can also be different: for example a browser setting its title to the web page currently opened. + + +-- + +*`process.thread.id`*:: ++ +-- +type: long + +example: 4242 + +Thread ID. + + +-- + +*`process.start`*:: ++ +-- +type: date + +example: 2016-05-23T08:05:34.853Z + +The time the process started. + + +-- + +*`process.working_directory`*:: ++ +-- +type: keyword + +example: /home/alice + +The working directory of the process. + + +-- + +[float] +== related fields + +This field set is meant to facilitate pivoting around a piece of data. Some pieces of information can be seen in many places in ECS. To facilitate searching for them, append values to their corresponding field in `related.`. A concrete example is IP addresses, which can be under host, observer, source, destination, client, server, and network.forwarded_ip. If you append all IPs to `related.ip`, you can then search for a given IP trivially, no matter where it appeared, by querying `related.ip:a.b.c.d`. + + + +*`related.ip`*:: ++ +-- +type: ip + +All of the IPs seen on your event. + + +-- + +[float] +== server fields + +A Server is defined as the responder in a network connection for events regarding sessions, connections, or bidirectional flow records. For TCP events, the server is the receiver of the initial SYN packet(s) of the TCP connection. For other protocols, the server is generally the responder in the network transaction. Some systems actually use the term "responder" to refer the server in TCP connections. The server fields describe details about the system acting as the server in the network event. Server fields are usually populated in conjunction with client fields. Server fields are generally not populated for packet-level events. + + + +*`server.ip`*:: ++ +-- +type: ip + +IP address of the server. +Can be one or multiple IPv4 or IPv6 addresses. + + +-- + +*`server.port`*:: ++ +-- +type: long + +Port of the server. + + +-- + +*`server.mac`*:: ++ +-- +type: keyword + +MAC address of the server. + + +-- + +*`server.domain`*:: ++ +-- +type: keyword + +Server domain. + + +-- + +*`server.bytes`*:: ++ +-- +type: long + +example: 184 + +Bytes sent from the server to the client. + + +-- + +*`server.packets`*:: + -- type: long -Process id. +example: 12 + +Packets sent from the server to the client. + + +-- + +[float] +== geo fields + +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + + + +*`server.geo.location`*:: ++ +-- +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +Longitude and latitude. + + +-- + +*`server.geo.continent_name`*:: ++ +-- +type: keyword + +example: North America + +Name of the continent. + + +-- + +*`server.geo.country_name`*:: ++ +-- +type: keyword + +example: Canada + +Country name. + + +-- + +*`server.geo.region_name`*:: ++ +-- +type: keyword + +example: Quebec + +Region name. + + +-- + +*`server.geo.city_name`*:: ++ +-- +type: keyword + +example: Montreal + +City name. + + +-- + +*`server.geo.country_iso_code`*:: ++ +-- +type: keyword + +example: CA + +Country ISO code. -- -*`process.ppid`*:: +*`server.geo.region_iso_code`*:: + -- -type: long +type: keyword -Process parent id. +example: CA-QC + +Region ISO code. -- -*`process.title`*:: +*`server.geo.name`*:: + -- type: keyword -Process title. -The proctitle, often the same as process name. +example: boston-dc + +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. -- @@ -2096,11 +2897,12 @@ Example: If you are experiencing issues with one redis instance, you can filter -- type: keyword -example: elasticsearch +example: elasticsearch-metrics Name of the service data is collected from. -The name can be used to group and correlate logs and metrics from one service. -Example: If logs or metrics are collected from Redis, `service.name` would be `redis`. +The name of the service is normally user given. This allows if two instances of the same service are running on the same machine they can be differentiated by the `service.name`. +Also it allows for distributed services that run on multiple hosts to correlate the related instances based on the name. +In the case of Elasticsearch the service.name could contain the cluster name. For Beats the service.name is by default a copy of the `service.type` field if no name is specified. -- @@ -2110,7 +2912,11 @@ Example: If logs or metrics are collected from Redis, `service.name` would be `r -- type: keyword -Service type. +example: elasticsearch + +The type of the service data is collected from. +The type can be used to group and correlate logs and metrics from one service type. +Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. -- @@ -2154,7 +2960,7 @@ This id normally changes across restarts, but `service.id` does not. [float] == source fields -Source fields describe details about the source of the event. +Source fields describe details about the source of a packet/event. Source fields are usually populated in conjunction with destination fields. @@ -2197,40 +3003,71 @@ type: keyword Source domain. +-- + +*`source.bytes`*:: ++ +-- +type: long + +example: 184 + +Bytes sent from the source to the destination. + + +-- + +*`source.packets`*:: ++ +-- +type: long + +example: 12 + +Packets sent from the source to the destination. + + -- [float] == geo fields -Geolocation for source. +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. -*`source.geo.continent_name`*:: + +*`source.geo.location`*:: + -- -type: keyword +type: geo_point -Name of the continent. +example: { "lon": -73.614830, "lat": 45.505918 } + +Longitude and latitude. -- -*`source.geo.country_iso_code`*:: +*`source.geo.continent_name`*:: + -- type: keyword -Country ISO code. +example: North America + +Name of the continent. -- -*`source.geo.location`*:: +*`source.geo.country_name`*:: + -- -type: geo_point +type: keyword -Longitude and latitude. +example: Canada + +Country name. -- @@ -2240,6 +3077,8 @@ Longitude and latitude. -- type: keyword +example: Quebec + Region name. @@ -2250,9 +3089,23 @@ Region name. -- type: keyword +example: Montreal + City name. +-- + +*`source.geo.country_iso_code`*:: ++ +-- +type: keyword + +example: CA + +Country ISO code. + + -- *`source.geo.region_iso_code`*:: @@ -2260,15 +3113,31 @@ City name. -- type: keyword +example: CA-QC + Region ISO code. +-- + +*`source.geo.name`*:: ++ +-- +type: keyword + +example: boston-dc + +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. + + -- [float] == url fields -URL fields provide a complete URL, with scheme, host, and path. The URL object can be reused in other prefixes, such as `host.url.*` for example. Keep the structure consistent whenever you use URL fields. +URL fields provide a complete URL, with scheme, host, and path. @@ -2277,11 +3146,24 @@ URL fields provide a complete URL, with scheme, host, and path. The URL object c -- type: keyword -example: https://elastic.co:443/search?q=elasticsearch#top +example: https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch + + +Unmodified original url as seen in the event source. +Note that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path. +This field is meant to represent the URL as it was observed, complete or not. + + +-- + +*`url.full`*:: ++ +-- +type: keyword + +example: https://www.elastic.co:443/search?q=elasticsearch#top -Full url. The field is stored as keyword. -`url.href` is a [multi field](https://www.elastic.co/guide/en/ elasticsearch/reference/6.2/ multi-fields.html#_multi_fields_with_multiple_analyzers). The data is stored as keyword `url.href` and test `url.href.analyzed`. These fields enable you to run a query against part of the url still works splitting up the URL at ingest time. -`href` is an analyzed field so the parsed information can be accessed through `href.analyzed` in queries. +If full URLs are important to your use case, they should be stored in `url.full`, whether this field is reconstructed or present in the event source. -- @@ -2299,15 +3181,15 @@ Note: The `:` is not part of the scheme. -- -*`url.hostname`*:: +*`url.domain`*:: + -- type: keyword -example: elastic.co +example: www.elastic.co -Hostname of the request, such as "elastic.co". -In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `hostname` field. +Domain of the request, such as "www.elastic.co". +In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field. -- @@ -2327,42 +3209,22 @@ Port of the request, such as 443. *`url.path`*:: + -- -type: text - -Path of the request, such as "/search". - - -*`url.path.raw`*:: -+ --- type: keyword -URL path. A non-analyzed field that is useful for aggregations. - +Path of the request, such as "/search". --- -- *`url.query`*:: + -- -type: text +type: keyword The query field describes the query string of the request, such as "q=elasticsearch". The `?` is excluded from the query string. If a URL contains no `?`, there is no query field. If there is a `?` but no query, the query field exists with an empty string. The `exists` query can be used to differentiate between the two cases. -*`url.query.raw`*:: -+ --- -type: keyword - -URL query part. A non-analyzed field that is useful for aggregations. - - --- - -- *`url.fragment`*:: @@ -2418,8 +3280,21 @@ One or multiple unique identifiers of the user. -- type: keyword -Name of the user. -The field is a keyword, and will not be tokenized. +example: albert + +Short name or login of the user. + + +-- + +*`user.full_name`*:: ++ +-- +type: keyword + +example: Albert Einstein + +User's full name, if available. -- @@ -2443,6 +3318,16 @@ Unique user hash to correlate information for a user in anonymized form. Useful if `user.id` or `user.name` contain confidential information and cannot be used. +-- + +*`user.group`*:: ++ +-- +type: keyword + +Group the user is a part of. This field can contain a list of groups, if necessary. + + -- [float] @@ -2455,19 +3340,25 @@ The user_agent fields normally come from a browser request. They often show up i *`user_agent.original`*:: + -- -type: text +type: keyword + +example: Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1 Unparsed version of the user_agent. +Field is not indexed. + -- -*`user_agent.device`*:: +*`user_agent.name`*:: + -- type: keyword -Name of the physical device. +example: Safari + +Name of the user agent. -- @@ -2477,129 +3368,196 @@ Name of the physical device. -- type: keyword -Version of the physical device. +example: 12.0 + +Version of the user agent. -- -*`user_agent.major`*:: +*`user_agent.device.name`*:: + -- -type: long +type: keyword -Major version of the user agent. +example: iPhone + +Name of the device. -- -*`user_agent.minor`*:: +[float] +== os fields + +The OS fields contain information about the operating system. + + + +*`user_agent.os.platform`*:: + -- -type: long +type: keyword -Minor version of the user agent. +example: darwin + +Operating system platform (such centos, ubuntu, windows). -- -*`user_agent.patch`*:: +*`user_agent.os.name`*:: + -- type: keyword -Patch version of the user agent. +example: Mac OS X + +Operating system name. -- -*`user_agent.name`*:: +*`user_agent.os.family`*:: + -- type: keyword -example: Chrome +example: debian -Name of the user agent. +OS family (such as redhat, debian, freebsd, windows). -- -*`user_agent.os.name`*:: +*`user_agent.os.version`*:: + -- type: keyword -Name of the operating system. +example: 10.12.6-rc2 + +Operating system version as a raw string. -- -*`user_agent.os.version`*:: +*`user_agent.os.kernel`*:: + -- type: keyword -Version of the operating system. +example: 4.4.0-112-generic + +Operating system kernel version as a raw string. -- -*`user_agent.os.major`*:: +*`beat.name`*:: + -- -type: long +type: alias -Major version of the operating system. +alias to: agent.type + +-- + +*`beat.hostname`*:: ++ +-- +type: alias +alias to: agent.hostname -- -*`user_agent.os.minor`*:: +*`agent.hostname`*:: + -- -type: long +type: keyword -Minor version of the operating system. +Hostname of the agent. -- -*`beat.name`*:: +*`user_agent.patch`*:: + -- -type: alias +type: keyword + +Patch version of the user agent. -alias to: agent.type -- -*`beat.hostname`*:: +*`user_agent.minor`*:: + -- -type: alias +type: keyword + +Minor version of the user agent. -alias to: agent.hostname -- -[[exported-fields-host-processor]] -== Host fields +*`user_agent.major`*:: ++ +-- +type: keyword -Info collected for the host machine. +Major version of the user agent. +-- +*`user_agent.device`*:: ++ +-- +type: keyword -*`host.os.kernel`*:: +Name of the physical device. + + +-- + +*`user_agent.os.major`*:: ++ +-- +type: long + +Major version of the operating system. + + +-- + +*`user_agent.os.minor`*:: ++ +-- +type: long + +Minor version of the operating system. + + +-- + +*`url.hostname`*:: + -- type: keyword -The operating system's kernel version. +Hostname of the request, such as "elastic.co". -- +[[exported-fields-host-processor]] +== Host fields + +Info collected for the host machine. + + [[exported-fields-kubernetes-processor]] == Kubernetes fields diff --git a/journalbeat/include/fields.go b/journalbeat/include/fields.go index 1f46eb2f682..a8eddc860b9 100644 --- a/journalbeat/include/fields.go +++ b/journalbeat/include/fields.go @@ -31,5 +31,5 @@ func init() { // Asset returns asset data func Asset() string { - return "eJzkvX2T2zbSIP5/PgVqUvVLsj+N5tVje57aex6vX5K5jROXX26vbndrBJEtCTsUwADgyMo9992v0ABIgAQl6sXOU3XeqnUskt2NRqPR3ehunJIHWN8SyNQ3hGimC7glr19++IaQHFQmWamZ4Lfkv31DCDEPyIxBkavxN8T91y0+wf87JZwu4ZbQOXCNv9QgXwQ/zaWoylty6f6ZwGP+fFyABeTwkExwTRknegEkp5oSOhWVxn/ie2dZwcxfasHKEiTRC6praJkEqiHHt+ERuB67RzMhNBcaQtSvP9NlWYC6JXcWXUYVEDEjfwGqFZkJSQoxV6MG99gMnDBFZqyAKVA9Jm+EJC/evR0Rps0DvYAavh2WrDhnfE7ckGhZnimQjyyDcTB4xmdCLqnhDskFKMKFJtmC8jkQNqtBIkOYIsp8oxdSVPMF+a2CymBQa6VhqUjBHoD8lc4e6Ii8h5ypERGSlFJkoFTwYg1VVdmCUEV+FnOlqVoQOybyAeQjSM9CvS7h1s6qZ2ogGaFgPIJUTPD6d//tA6xXQubB7z1CYf78DwvEzEfD/0YI7R+wU3hLbsbn4/NTmV12iDGoD6PkFzPpw8jwctGhYiGUNv91GCU/OSgtajrYWH4Ynk+c/VYBYTlwzWYMpEXIlJPW79mMCA4EPjOl1Q8dftRr6xbXh11P+P1KVEVOpkBw9bB8nOLiM3o9e3J+nnfGBeUCliBpcX/oCF97SIcM8qN5meWEm6VbFGu3YBWhmRRKEQlKU6nViEwrTSZ2tlg+qVf4ptHPugp3ShXE+vYvzS9O3V5sV7cGDFGgvapVhBaFV7+rBTPKQAIRVmFpUZICHqFAdaXAv2heycRyKbgfroFipkIZRqL2VbvrjpP/0Gxp+LYsTzpTnFMdriAJv1VMQn5LtKzCB+WCKrglVyn2nlyeX9ycnj85vbz6eP7s9vzJ7dX1+NmTq/91MkxyXlENZ4ZGsloAb3YaIiSbM262n4SovLGbiWOLFTO7XeCgkgBXVJE5cJAG5ohQnkcgzQ6BXzD7qgSawvzeMclyHHc1M1Hh/HR1Jp2rAeur4enf/3FSSpFXmeHYP05G5B8nwB8v/3Hyz4Fc/ZkpbcTGIVGkUmYbF4YUAjRbhNt5h96CTqHoUiym/4JMpwj+3w+wvrglj7So4GJksF66f13+n2EE/xXWZ/gBKSmTbUaaPy8pN4rOD4TmOVmC2b6DrV4LPxHkwwJVI+77zgTioDTEk26HpMbkRVFYgu1KVFqYOabKc3CTTp7kInsAOTEiRSYPz9TEcbCHvUtQis67e5eGz7q76i6SEvITFIUgfxOyyAeKRGfJgCfEiXKtvswj86Z7nBj6HSdCL0Ca2UAzLwkvnrBM8Ixq4LHOISRnsxlIs0Ad/xuVqc1ynEmAYk0UUJkt6LSAMbmbkWVVaFYWMSiHX9k9Bg3NtScjE8sp45ATxrXAjag7PD9BWSGqPN4ZXgY/DbPE31i9LqGwJrSwNrGBYwxCxmeSKi2rTFd2qG5mGnvX7gjGwpxJsRxoes/IW9CSZcYgMCrR28tmX+Hk9ctLtJ1QVGegswUoawUbFIQF6M1ro4Bms85iGYncCabIkmYLxu38NETUAGXFFZJBJCyFBv8+EZVWLIcAV5o6SpylH4IMnQH82NLcEmkLtgGF0urQhz6GQxAzbvddt5TikeUgU0sXAqP6YPvZjsujG3tBCFUZZJcjMs/AeC2thTdnmhYiA8p7NBV9pKygU1Ywvb7/XXBIDahSp0CVPr3IDhvXiwAZMcjMtFplgOKFcttMTA/JEubDfKUu/cPIfI8I9qKNcaUpz2A8yNyuCWSnF5dX109unj57fk6nWQ6z82Gk3jl85O6VFxgk1C/ULVQe7mDVBIRe1gAS/NOBzmbNKX05XkLOquUw8t56DbAud6GOZpmo0PXYhbabm5unT58+e/bs+fPnw8j72OhDi9HsG0LOKWe/W3uH5fX26vyudbOfRrDMQ81AGbmldvc8NZsx1wT4I5OCL1OeeLi1vPjbh5oQlo/Ij0LMC7A7I/n1/Y/kLsfIiLMM0OeNQDWuYWrPtaq61pl+3239PGzvrb8KvSvklLHXO2ZjExJTJWRsxrIOOQQDY97HUKKSGYpMAKbl0C2gKEkmpDUA7N5jXMVGOGocyu1vfG0UiPFddt9y3IeHrdf3FghZUk7nZvND5VbTmfSvrfHb1SLHiZnUuEkY3KiRLI0Bd7ieCrdUhGk31xq38QenFSt0YA20qdB0fhgRjdA6Eui8i+vwsTZoDKwuhqHOn/3hfp9dAYfXcZE8ATkobRz/Zht3uuBV58EwbRB85xenfXMKJAdNWaECFRCgNyJBazAlzR5An0Vx8OHrk5UdlkY/beLXO+PtSlDKy2hAY7+nbCwoo+2cp0Tu3j1emx/u3j3eeICgEuHOUkjdIbYQfD6M3HdC6iShqW3+MFl+++LlRtZ0MOZiSdkQ6zDhfG8KYgUyY1EkcM9BdBCHktPGEWH4EUQhMifDQnYlwP5pS1+8vzIOXN+3VEg/DzYOueWHeOjBuEPcFddyfc+UuM9EfhTsLy1McvfhV2JgJhF7liUQzkHcl4K1zKSNKH8WfM50lQP6pwXV+I8kYuuFHI3VzuewCjvFYOOfHQvZS+N/9aJyIzvmVLrRtWay2Q4Cl7/eCYLfhm4C6Ni37UEtvPdsFAkzX9GixziMKOkzCNGEiI1CNKHcOQ0lMyZhRYtiRDjolZAPDu6IgM5231e+jA6NBvqFtjA8s+0g+TIne33YHoHnUVgkGYndqPlRrCycaOITuI5wjFvjQ1hdJAoko8U9r5ZT6I5rH1QWIrEQuwiNv/C74DAWs5kCPVbQlcfhtsNHB41YaJFTzjhRkAmep04HfkHyzPvuHRt4ZY9glvinjy8xKmlgOchMkdPzi9ur8yj+Z/7YY4gVKwqzYE+fXJ+fJx0ffNLlx8Hn48btDyMSVnabiCuqk1ZYuA1AYgiTG+UGOcww8F24MyEPb12CGpMPYgl+TKgXI1AT4DnukpMRmXjNZf6b5Qr/KvGvUorP60mSS/6jrp0PUoqWt/86+GlwvkvjcmeUEwmlBMznQPiob4xj/cB4PiafFDJyiTaUeyHKeFnQsgQM7RVgQ9CG0e7MBFe4O+9YIZOb00WmFRSz4AyYW/jR/OzgLhw95cCMGMntULXzydSmRAADvefkqDEH8wOXiMVi4HhPzgYruqOrhe2xk1z1+nGf5Co726mwkpl6+Kz7jAdcuigkeziPx5GGu1dGGda+byeri2zMGkk4RfWMUg1zIdcHziqy1sPqSxBx53nUMN74QVa5xV+1hrLEwyiVlsbDFfYLq67n7BG4PedjCvVNnbjhjgrCE1EjMTj13eOCeqiowl0ujB/odI3zZgafHCufM/75VGmq1enGcdNMH2yNYMIdwiEZLXUlGwKtYEWbmXsTd9ZHKte4f0XwbCad4aH7r2mFO3XBHqBYY5ibZwV6YAhLGWwKskoan8Ud3qlRDNNl400LkT3ggZ4kv1VUUuOxMj7/N/NwBUVh/l4KCTZJhGU1DgMhAkkVKcSccbcvjDBPjbAz4RIDP6/N9K6ozJvNI71PO2Njn4mWUAfkunpc5FVxxJiohWcFe6gNYuQ30ITxFwFUl5vCuMtrE7JOnEwv5rX6rUgP25CmoBu72nvcDmDP3GWCZ1CiTUXJxL07Id8baTAm5plXPKB/MOOPx0lVEFu0gjp1Jq9jzJjc6fjEPWSoVSmGrZWUwHWxjqHZDBbGGyJsui3lefCTm1khiaN6HEeFA8ajTkkzXsEjmCW4zfLfmNLydGAiyweHrN7InAvuf3Zz5xTQ34yXjnOZPBerv3In5kugHPX0I8jgLI1MQa8AeJPwYibnO0WqkmgRQbRnCGUBS+AapFFaS/oARFWyJpKBT/jjiiltELikv415ZC4lrhgg4AlOf0s+GfHRFacatalZoo79VgNpohZixe2pVaaLNVmDNoL6nyQXNkFOyIcIJONE06lZxUaFRo/uFPn/vr24vP43HySpTfM6uP6fmGwn5IMhBNcSGlKNgR0BtAEblj2opHyefICSXDwn589uL29uL86t1/jy9Zvbc0vHB7dR2H9Fk2amTQLVePAF0r5xMXYfXpyfJ79ZCbk0u0MGSs0qo7yVFmUJuf/M/q1k9ueL87H530ULQq70ny/HF+PL8aUq9Z8vLq8uB64CQt7TFRrmddqVsTa4ZrKW/U8uwpXDUnClJdU2sYtxDXPDiYRic6rb5s84qWA8h89g03Jykd0H2SU5U2b6c6urKDevT6EF0eZuQW4Td5n2hpA0aggejTVk9oTJvQ2jRY4k4r4lM1qoEGxDRviss2IWVC32Wy2NWDXJF6n/evGXl68GT9lPVC3I9yXIBS3RhrD1ATPG5yBLybj+wcyipCs3AVqgrTs1m69oy87AWd09/tSbCLzFFHQYUvmE/hHl3oMSEgtjaG7WuSJa9FkRFppa+BCqi9didmZJ7VlTk9Ja61umSSmUYtNWkiCuBw0Zvmk3UUNHh8ApmM0rZbfZ1eU/YAoz2qKsYNxjK6VtIiLmXDQ5wuQudeYwrTMfQ2qa+MIWPoE3A0hA1/n4YpyOXeGTHiOqku0zk12jeK8ciGgrNlzglIt0DK/2JG3FUQd5K1V9A3I7O75yqZ2wmMwKdy/3CWCdQW94mjOlGc+0VVn/ETzj9kQg+Mkj79gHrngItzP38tgn6CKpCoheieZp7famrRhqx9cixqqFgnFr9LUGzmyKu42EWbmIYE7X5I0rv0FNjxsBhpMyWozJpBnnxMp6WGlWP4un5rOWNNNe34cUjlrzVhNbD4GFKfmh4Ctj1doDFlqW1k0safZgtkTrlRqvw8brEpPTif82ryTo9Wc2HoFhbJryrlBukbU7G1q0/Isn3/C/5v0oHEWjFo111JcTydTDvcqE7LqEs0LQgaG990w9EIRi3VwmOuY2+R7G83HgkYuiQh/6h3jaPikga1FJ5+Z/p2rT1jnEZrK2Dube+MyHjOgX9LnZ75Aj1C2DG9nkZZXRAm2tcyNoF/5wIBm9WVLGi7WZmllVEDYzg0YXAuMMekE5Zmn4sIdRH1QpNm+pjIY4hXUrCGZF7WanAAh14QMciuVgUETk6hMTUVHj8zlMrQioi5G+aV7oTXMv6vi7P0mNk2pwbzaYhsY96zwUqhvjLRGIjih6R/XCJ9mHyIhNgLnvzZujq8PiBR3E9eybWeGnlNNi/XttGvhTYysTESSsJZrPJcxx94y3yKaWSM5B3+/Em4/4DfITkaj1smA8dKPSPOrj0t4n/cfj1UBuwWcNPLJ605T3Uo3iXUPpLHUk3+lgWhRiRYCqtRmbBtx2pmsbHKxBBEyvrbHSGVbtqQ4j0wPoRlox2IohqBHJmcSMXDffPyRZ1M5q2I7nlT+Q7Mt/aNZfCxfj4dHPAFR35oMmcOBPeWy8ldf/bTVcEmUVnJ3sOPcfXfiV3L0i33+6e/UD8tLvbcHR2vcf8GEzeCJWHGSSHnyy86ziV9/hSpBNgK4Fer7bUN9JtqRybRUxjvHH1jDSWKKUtZ3xhFkZvTiW28WkcWVurs/TiN8a2QlnhXEiMk2LViQqSYJiv7dJiByg7hyZLwyK6VqDMkvQRVCEMQFonnvbcGKgTQiL9/iJoXCSXqLLKLM74RBFxPxMlUbj0Q4ajyWd8bkUuZHYPIklOwTLEjTFkwFbs50njI0m/9EZFz/WPww7fv0RRHjSn1Ep12ERGm3S9+tcyaD8znv2NTwhDU1RUB03FU7u3llEu5/U9qZZHlro1SRYdlH2ZlfulR7ezqts40skVfanVG6qUe5Jp2zjS+dS7lPdEGZRdriYSKHch31N8iRpL4CFUK0UhJ+aX4YtAfNB29oO5TcUd8Q3Ji9sHNwfm9egysVaGXfSFzuNCCWPTOoq/MksB/IKKzzaZSA1oF/8yWWQqRWd+7VKYOuyz6aCDlorMyrVP8tEUUCmffw4rOrFI4E6JlKsjY/FAXLYY+n+P5fJtinq3SS3dfh0+CJBwfS9fzxX2iWCqQiJFWMfaFoZA3Tiv50QCbqStsb4E2efvd/rCoKronVC+ltFC9wNXco+DsyJPBLjdpPWWbyNOQGPy3vNeDOW10Fcy3otzDe9PO+wdlCez26lCS71x8pdKuz0QjXsd+c9tFjRtXIlfCMMWLgjHxuikIDnpIzP224Z4zauM6im8DaKW1f+DGuCvWxwShO1VvvnIKPuZKVPRO4vPT1MuH9yBaRb8BwhT9Sl1fQsljdCutpMXx7u+qQ41RmVwBtQ2OdqUpfQTuKQ3d2MPC5HviDQxRyjKrlRGEoOKkGD3SCC2IhQv9jYP+lF8y35tTQ7hHEKP9gIWgpV7XipcVlQPUvFDHfie4PVxe08WPJ9BlwLNSLVtOK6GpEV47lYKZva/0NKz+ZUrlxBUorigbq2Oax8SzPy6wfyPwceSXbG0nEuI3JmdMmKIVl+DUE5TBnlQ8n5QCwK8r2EfEH1iNjvR9gGZKryJE9TpA4/7QxOes/HF5fjm315FyXld2iiMlswDdjuYyeqPj+7ub+53peoEG3KJtW6bNmkHz++28km7TY6MSDwSBSUVmjdS1Cl4FhuGA57UGGzhTNegl6IA/Ngf9K69ACJBZg8Hv3x9ccReffrB/P/nz4mSLKjGStNdaXSXtdwU9FRZWESC7PlewW0XZ9f9xM0FXl3eQ7P3v7oDCUUi4YkAzVJi+1CtBKy6DaXO0q5C7KmU+wSUHAxvugKdSHmsUz/XP+wWYab1kN1JEGLoGvS7tKLrd4O48HPYm7BeOu4piex63fKOcjkby/e/zIZkcnr9+/NX3e/vPk1Xarx+v37riY9KOWsPzerEBkt0Ch9uzYDCtXbTik/vexrCXbTIK4+agx6XKGSinIFcBkEb0TgpjATKCQF06hsmSYVnrrX1dYllcmk3zvrv0gMn1mHeOJQTNyxR5Ms7j0dyoOzaAM5AhmIhYPk7LREHo4f/KgzwHHK1VrQRyC0kEDzNVFGtmwI0UaAFB64M6wtegACPBO5y7DmEB8YFYyDwsZPj64dWAGUY/rk1m5jeyWkESVcptl3nYy03yqQ6Na52gzrrA1KSov0jEsGiHXNL9GP+26hdW0o1XR3rZM0G4dvAxh4tOUM0zURaFJgpZQgClxSvBU6Jj2l6X0UN9q/sRkLnvadNfafNm46b9xy4njIYDpsLaXQIhMH6vNffAqJg0Z6M64D4yw4r2MSjlC68cqD8erDS5yWdDZjWWIdvodMLJfAc59kgCvutsXxPxHGp6Li7Wn6ExGVTj+o+AMXK55iQQirwwpXZAH5/aFhgaA+uc48cmeawSO3gWCFR9oaeX45vhhfjC9jer917fBUZwRueGM8MzrAhPQy5eDZM6g0ic+65qOnwnY4OSYdDmKakm5zaS8hR+OHB7gjQ2o6jseRmpIdWaKFpsXR+IHQHDNsILNa2jZWAd/J/9+aiCStVzfPeoj9gkxL0eyehVR3KajJvrzu7uNhT7V4M/+1+2R4qWjUqs0d2gCXxrjDU8sV04ueatFMLEvK18aSws5tjVMXloFTpUTGbNYh04tUA7K1qAiVEhvf2yIfDdICaCqEKLcWFW6QcdegGm84mD38oAMtknAeNsWovlzZdDj+cSw9qiUzrajkznLz64f25Q1pIRGtWM84hBJ3FhczbYuXzHxjs1Ubmy0lzNhnUKO6TBLPU8ZCjf80MXIwqRTIe9tqHX/cfeq/eNQVSe8Jvf6Q7lnXRF23CunXibaGZHzFKKuf9W3R1h8OaWfSCbCeymxomVNfkBXLJ7FQRmlZl1CH9D2A5INCLw151+Pr8fnpxcXlqSsB3pdIi3szrZEOcQUBsSJ5F/24Tz+MXvVBPcYenYG+v98/miaWrm40rkM1u1gNj7D8LFpGrnNz6OFbLTfxFJQsnzgFpTRdK5/YZ5H5xhrG1Q9SpjJRsialYF6IKS2Clvye5HY4frjWonJQz/5NicGOI1TOq2VPCfhbuiZTcNty3Y4Kq5MUcMXw2D/ZVSiQ27+fnBYnI3JiVLX529ca3pz8c18VN2BYiV2YuAAklieQjBYF4OnjXNKlS/yTRLElK2i6pl0F1Xr10kjs6Ts0I6zFMka4Ad9xEJYUT7U7R+5Ntok+tELfo0JQPVVhZpHh85FbYtpXzFBVr9mefKW427pTSh+iH4cbNb6zersBpw6fYX9jqzKa1CBrK9Nw7bt8oD6Dd8Z47iK6XnNhYRVm99Wh/RqeR2++SJ3h/ZFde1xwxjej91ddpSbbXp7jktFt7kaxbvpCY0Q4uCoLy1MeQG0qlGzxL2gdYOeKBwcl/aTV6R53M+ePAIHPJUgGPMPouVJ48YPZSQxMCTl2j7DNw0fmowig2Z2cJyNc1R3LfS2MJxCTCv2s4zuK8TlmAbv+5m1KG/Pw6ik8gekMzincZNfPn17mU3g+O794ek0vbq6eTqfPLq+fzm6Cbzfn9QzUuhtPUKCgSrPM1lIPNEzCDFIv5U3/DreKNrQRs0q7dZGHzeNOLK9IPMwaji8MIANFBGHZNt12IrFRQkisv4Zt4gHa/C9/GVYEeYLCNDksC2e3lCunIhFaD16l43rW4yB+6VKpEHpr3g8x4DfK5dX4cjw0O6F1CZ0XyVDLD5FLpmyxjbKns+KBUGPS2qgGaJtxHyv72haPWjqTtlCG/PlKt6N5Jhz9fjQ/sOE3pMW7P4a/W5t/+FvPgO07AxptxzVD7kB74JabSAfEI/JbElW5dk4Ceiep26DUkhf1wN2vsXayrXY/tf1VJiG9YZPtFqWpTMZ+dIOroRJ9YnsQt5psHwG3k6lWa+1UY+2u4PQ21W631Paj8c//wBKPBM4vW+PRQfilizw6CL9MlUeXkUcv8+gbyXGmanNv7EoWsYL+9P7nzdr50/uf2/UjFE8bCtBgno6sGa4ys2WN3C1gFI9g3AlDgMTfAtHkTvgeZ5vDy5Usxn+amFVXA3K70Zj8FcAmhTSXowVtslYL4PAIsq6kbwa0p8+2Q4bThnl6UxWFmQ7LoTpZZcg9ghPz2ULCbGILof+OG4uF8c/vF1qX6vbsbLVajZ0LMM7E2bxiOZwBP4tART7CmQQsi8ng7GZ8Gb9oLwByfFvoZfHtfZiWcW9k4N5vcPeuLFuqH+zwnAsRm1HtkYbjMvKjQen0uMe+7HvScuiBY+cjM9VaGB+YUMzdWRM6p8aN682FqmRBlGZF4bqLNZlaLuPIiI1xG439ZOsYUzPTzAonrdp0ZSOPJZVW4puAqK+0ymyLl9indndMT+JxmxVjk5JUZHBEmSBGChoJuL2+vjqzE/3vv/05mvhvteimjdgFfZiQf0AYdUzC5tE2a/sEqTxJ1TThfYUY9b2d+CQu37sJ1zpC7k2C6SZOfJk28d0hNQw/iWYGE/kwIc52q6MoUUu6JrjqXL2psSp5fiYkGn8udadYWx2LcfgIZFCHNLaXqGO5hgJbwhQmqaCrOxd1CmFTBRUVrkacbMbSYWfyyhdsKBZVOW0KRgYGaYeN19dX6Vzm66suKWFni91PirHFRO90uhVzElLzlfPRjJzYvfTFzj0v+rpehMSigjyAgWaVWiVrCYq7bNon9hyrzeZ4P/AsbymnlHpAxfDvqBjgM/b3DTouhRix9NEutWRvLS4MHFwtdQf8YCy+ctI+o4jTuMr+rVFLV8eMsI65O+/iBJalbujCIdg3JhEUC6EVQqsrVhnVUPcW9Y2fbH/RP1ZCLdlGRX8pOZ1JOl/Gjcz2OQMRMkxiNPs+nWHbVTMh306Cta9F2St83yZ3JU9il3jfh+Mw4j85KK2F1EVXUqVaYPfqVGShJNF90x5ey7FQO17BWDdPaQeC0rks+KqXKQkFPNJANLQgYU/fN8EhNX20ARlAjzYMy5hfGDbqDUN+iGjhW33XLbhYPmocIo4pU2tHj+04bltpiVlD06LJuPl6J0S/tmJPVfvEqA7OxI3Dj3f+G4YsGhydJVW7QNSDt24kVqPbLrFEiwfg7HdI3OwIS8r2LDrZsuAs6Lg6lxylZez2gz0vfIv4cK3TgcS+iJl5gq+X2NbNvJLg9ae6txymamG01+dtuXMRnwaSCT6zgtK+4qqVk1338W03FQz1g00K62oJEv6+m66wIL3GaMLcxsx2eSRTKVYGiddd5tu1PdquwamFWLlynBVM6wA7niu1e9A7/62qCW/lEx0hjjDc9PrEHTmP8TlJkIPXQdtq33Xwkq7bgvRfmXWEur7WQdBWpEv6r8Q1XcOzMt6a71NsJT1sXTJ+GELz/S4IS6qzIXpns+uTLXbBuWu+48uFFMuBbXjb20QfDcOL3Aci68+K3as6fLgQD0L8RQR5GOYvIdFdzN8Q8i35CMtSSLzihX3GnAHQ5On4nORULaaCylxhYM4p2m9dOkqlNJkLn/8HmRqvl3gtC0aTV0wBRhEVyQX/zl4cEKdi151DIu1NC1ZnDxnP+9bJIh7+d79vhZY2w6hf/uabUyM9FsY39Y74F/uvBF9f+rLMTCyXguN3dcr2I2UFxj7D1uFIClos4R4U0e57GG3fb/2bNvtXVzK4c6Y9q3GrJjOkMPrrcpNaRxMnTZPik4iTQUu5ZJ95a5ZE79UK6EU1NzJyeaMX5PL84mZELi5vr57cPrkaX10NMDKavsmtZtiFmBMJmXGOot5TrUFpWieF9mB5IadMo+Sbd60H4Zx/BZqUIC3/8ETFuDySctW6isnmjUSI7YRHfIwu5N5wGXcPobX4oXJG03BeSZQ5f5wSURDd1tcxinqQ2Hva4mxkI1atq1b9rXrYyR8v5RtvMbYO755jSbOsdivXLsRm7Z68tCvzv4tKclqYBXYybC0fsIwl0Py+3T59Y4tSbMKI8hwQanu7GwH/l/3ROsixusyEhLyqsQye1rpgGeNZ07VTE/mpB+gT4BdQlI0X2jeZFWcHRoFeGH+F1rW8LtE8EjlPmktNc4rNoE74gGhw/xFk4WIMiPIEuUnM956p+tKM6boGtm1eOlf+p5IrtkQTHXrXRQO3uQUtZvbOrOZ6JZckHgY9N4U7aZUz3cKUJm4rgThPBpxftP7OvnHrxRQ9JG46wvh9xdrBVtJna/k/zS7Y7mrh/zT1oefBjbM7DNAqCntn3ae7V7X1Zg/vO6Ug7aEpUKrdveu4A7vaf1QoC57EISOrtd+yPVWbYuabB9OkQ54VbHrm9KH/m5yeYm3GbnJpr5hbLjFxBhtmzsLLQ9KD4u1L4L/cqHYcTuijwWfIKrw3LD2K5vnRxrKFurAz/SYKd2NKvZ90tELvwjloFAPXdqph+Jck68fdyCq/ElnvdiPLzfDxtp0PTjscuPFgb/gvs/EMVMGh2DWN71O0bttJ0iv7qMQ2tHrt7Ijqp7plCX51ksMzQk+0oWkDxQkD9r8G2d7AHVyw+1/A3OzE2Lex8SC1ZFjn/Cd3VT9vNQgK1lM1VWGTga9JXI17A312APf+wpkkla3zkYNJfNEEFxxeJEYRTFvGK0TsPu+5K7CJOjnL4XHjKMyL9630pC83jI8tCss6sYkp/2AQ1X0W4ZcguCu3hGKFoVqIlXKHcgHvtQTAmxZXxFhQXaWQzKDeRyXUSfY5+PCev02ms+tu0gXBlVkHsrMxJMfjMyWzs0xIOHM30I6zPbyFSOH6MpwC3N13vtEei+KbyTFWvN1h7Cjj/JeY3hdifu/aprp4yIED9cS6CHU9tHRjwfZQjWN1HGMzaOLU9mYHjAgdPF63/q9FdfCgejpJ7Bwo2nHr7G2f0IrQ7LFwt0ZlNi1TjHUcze3aFIAZMrntwItbnJvdjaSpfOgA9hDNZIClbwTp4EqfOdJP9M4BlS0ZrYMCKTuei+9L/R7F26lwxMZgye40b8up3hocGTroHRp7DODwwASs2PPzjS+sdi3EfO5Ua69anf9xxNp6e0uqrLjaLLvVH0co+nZD6cxoSaesYHFfw73E01ABsxlk2C0nAJxc6Olwzu4bpZh5ENv2QsYfXTXlsEryIXrl2fWT89nFzdPLHG6ub7Jnz7L84uqK0jy/nl3mT893UI0NeWYufb87WXE8WMzWWdEk8nCmw3USH5YTxhPz3N7zD9KmmNWoCpYB/ufpxeXVtfu326BOL8cqEyXstDdwLUXhFhr6Wc5L8dvNgoGkMlusE5k1iejbjqtuC3mIIbIe2rEUe8dnTzCr35446h4xMLRWU1MMy1ocIhUtSdhh5msyzXc9YSkMpR1O7kBKcE43kjPsVHoI3/ic8c9jlx67A9e2hyP3OUf/sjO9YywS03KSRXGbCA+ymGK61Vq17jjYWJS4art5qGclZMAeU0f4YVHkIftZfPVa/4Y2FUKntrJWaGDIjOb5s+z502uq8tn5RT6FS5hd3uRPZ+aHy5vr7PkOc2zICrcw/LfnZHqnCoyB4NKQfXm3NbjU2yLV3Tf/dS239i33dX/GF44ftg2xZmhOrduVpU270gyff13iPdYDiW8KZ44hzaraxe7qdHnbYQx1nnp0O0mH8KRu2pAg6VyhyA2qLblKabGMMHFQuq5wTzNoa55knR3YFGY4ex1Uk5pXiCpvMvPie+3qy4fTyXlv/dXECDtrXYlnL2Z2ia80z+/xhfv6PmNHi5Bhwl5rCjQd41djD/ablmBAtiU5NeoDE1E4Ju9cc77gzgUDcETmmb1mL2dzpmkhMqB83Eubb3vXKO4eWu7ci4E5t3B3Gi4Yb2empjAE8ZNtOHjr1s/tWNwL90EKaM3n+vLCzdjfhtce7oTcZXTicrwPEq1rCip1ClTp04tsi/wHgAjmYbMmx5opd1+n6kmujkUOU3/rWa1JcU9OPw8XPfeJoeVHIeYF2JXWj932utmMwLWw2TI+t9BzvGu4Wemv/L8TwN29xEpT3W4b556ZNasWQup7m+DcqCbKs4WQHt9pvcp7snJrsshONWHNlclH6gxaA4wa2ibQLeMrqw6sqUFwdZMqS4AxqKYVKzRJ+XcNKYdX97yscfL01d01roJOoei2be4ksm5Il99Cyx1ywuKphdbZ3fGl3gkgd3wmQkF1dmqsehrZNL9vlcyNNn9vZq8aD26Pvi060aoV+U61up/XXHqopuaBDfg5Xv01/C2BqXleb/Lxjt0AJSGnNi/65qOt7I2I3o3JpciPIPwBB0qR26OJJKpUCGpfTO9ETj7dveoiwkSKkh5acBqgaiB2kYkcjstBTKRIs3Co6hiGyEIjS1p2MdGmKuBY6AKQaZzHVMcB3izSzJvQHmFDSuK1cP9vAAAA///I4ENs" + return "eJzsvWtzG7eSAPo9vwKlVN0ku9SIkmVZ0da5u4rtJLrxQ2vZm32cLRGcAUlEM8AEwIhmdve/30LjMcA8yCElOudUyamKpOEQ6G40Go1+HqI7srpAJJVfIaSoyskFev3y5iuEMiJTQUtFObtA/+9XCCH9AZpRkmcy+QrZ3y7gE/jfIWK4IBcIzwlT8MQPeRk8mgtelRfoxP7ZMY/+93FBzEB2HpRypjBlSC0IyrDCCE95peBPyWdqiQVBhCmqViNEZwiz1QipBVYo5XlOUiVHKCPK/MIF4lNJxD2RiNwTpiTiDGG04FLBpwrfEYkKgmUlSBG/kKDXn3FR5kQiytK8ygj6gWAlE4OlRAVeIZxLjkTF9NfsVEImQEHAKvkHh5dc4DxHU4JKXlY5ViRDS6oWGlhMc4n4DHA0tBAVY5TN9aj6oQYnQEag5YIIAh8BWmiBy5IwkgFOCxJihJZYAp4ssUSfca4YVyRcBofqBboyU6ZYEg0ToIxmXKCcz+WohjHRTICoRDOakynBKkE/coEur9+OEFX6A7UgfvwYLbu8uCyPNEI0JUnACJTNuCiw5hSUcSIR4wqlC8zmBNGZHxKYg0ok9XfUQvBqvkC/V6TSM8iVVKSQKKd3BP2CZ3d4hD6QjBqmKAVPiZTBi35UWaULhCV6w+dSYblABid0A4R3JFSrklwYDndEbe6ScKdopqCc+ecI5eSe5Bco5YIET82wd2S15CILnvfsHf3v38zQEfskMRQIEbO6F+gsGSfjQ5GedMOp/78PIN9pVlkLoRYEVOrlxACF3dKY6R0zp/eEIcURZvbr5m378YLk5azKQ94wbC4c4kgtOfrR8imiTCrMUiKRliWNrSb15Hq/RWNNK6WlQlVghgTBGZ7mBElSYmHYlErECMn0BmRouaDpoj1dNKBj3pQXevKZ4EUHTa5miHHkNhqQwexA94jPFGEoJzOFSFGqVdK16DPOu5dbr+Q+lvvjqhyw3G676wmQVHglEc6X+odfB8wyJBe8yrOaDaarQE5WkmRJTDLmRZdfgfr9JYxlp5mS+hWQ43SmGSUarp9pIoYpcLqgjHST3w7RvQY028cKfGL094ogmumTckaJMMuhtxfQ4Vs6Q5wRRD5TqeR3Hevz2oGvhbo5BOD7S7caIPJp1onyOT6dPR+Ps26USbkgBRE4v+1CnnxWhGUkexgBXrs5HkIDI5IyxPRxlOcrewhJhFPBpUSCSIWFVjS0fJgYVqfZxJ9a64gzaytUUyxJrE/9UD+x6tTxZnVKD4MkUU6V0vsqd2qIEU6ahy3/Kl4a0sMRLIl7Ub+S8qLQ+pBBV4+ilwJ0FaNODTsPQxwP/kXRQtOtKA9aS5xhtVkgCfJ7RQXJLpASFemi8MHJ+PjscPz88OTZx/H5xfj5xbPT5Pz5s/88GMY8r7AiRxpMrWexQM3igs4p07pbB7f8aHQkp2gqe55ZPbZ7QK2bzQkjQo850vIuGlIrPvANal7VR0/HzB8sRQzR4eDTaxUuUVv247ncWfLUlP6vvx6UgmdVqun414MR+usBYfcnfz3474G0fkO1ajtzk0gQ6fqsV3iOCE4XBo0eLHI8JflQPPj0N5KqLjT+h7D7C1QjMtKqaU5TbCCecX44xeL/hmH0C1kd3eO8IqjEVDTpr/+9NHqLwxRnGSqI1gcCxVdxt37oxpyAoAXbyxEjUpGYVwx2+naS5wjmN3tYKq5ZA0tH4nXCfpLx9I6ICZy8k7tzObEk7qF/QaTE86FKhCKfO8l/8DPJc45+5SLPBrJNa7MRB4vdBF726Y/0m/bjLi2LIa4WROgFAeWhc7x4zVLOUqwIiwUWQhmdzYjQW9suQS1vld7IM0FIvkKSYJEutBaZaCWvqHJFyzweys4vzQEFet/KgZHyYkr1fY8yxeEUa6Pn1ijNaeue/jJ8NuyifmkH0jItIzOYHRtKUUYVxYrDCYsRI2rJxZ2mESOwn4wubpZKkDkWGVy99BWMMzkK3jT3synNqDAPcI5mOV8iQVItHswl8+PLazucUYdryFrg6Af69QAYuFpIwjLz+s1/vEMlTu+I+lZ+Z8Y37FAKrnjK89YkRmJrhaAxnYDDiegt5+64jhhKYCYxAJCgG14Qf0XVXAcHMREFOnBHDBcHms8EmRERTc8a6EhzdbYf28PbrOGUeOtCYESBaZEGhc3dCtaDhzAbyWuZJdQLKlkB+rUpgzIN0m9GfBrDhjVVWEMS6himpqOWbfVgmlvMihyCOPGScLfbNy0HyqfoxTXC5+pay2xBpLfaGPr1i3q9Q7nw+xxdXd+f6gdX1/dnbizSJ2RLLtRADHLO5sNwuOZCrYXei3ic7uOG8vby5SAiOjAyXmC6FwuK5UszQWP2r9FbogRNZQue6UqRoYpHY1X8uXd8fjoMxB/0ZMbQNRO8CLes1pT0rg7MU20Ggr30YGhPBnKWmW0QuC1Q5yS8f9vT6qfoYeO42gDNT4R7yzJmKMVCrEK7MkayJCmd0RTl3Ch8SBAjh4zFCYRPrGoJDWdspySC3mvRpfHFTIsImDVpkTcUWygQXcEjr91agKLJu5fOj074bclpA+A19EHoDWdzqqrMmFtyrOCP2KrimeCb/0EHOWcHF+jwxbPk7Pj0/Nl4hA5yrA4u0Onz5Pn4+ffH5+j/vunCR+tklBGmbhuGxk1YtffzBpxCg6OftQeld1yoBbosiKAp7ga7Ykqs9g70SzMPzNoD60vMcNYJpCBzytneYfwA06wD8V8rMiVpJx2p+gJEpGotBd9ypgTB+bqFppLfpjz7Iot9dfMe6bn6FvxyzWJ/CTjtgm8E8/BfX3ZB2rfcHVa+nUH8JIk4dFeS4E1zG3FCdISsJdiolHyG5gKzKsdCc4y9XAlijoXkq/ZyGbOnt74b6UKFOUxSwhQR9qYwyzkXiFXFlAhwUoItyOnksjG0ATFH5WIlqf7FeTdTx8qyBc47DnZz/Xq+MpdSyhCuFC/g5JoT7vDuWbEpl4qzw8zu1PqyyKuseVesHw27Kv5oztvgGDUaAK/AQUnZTGCpRJWqKvRi1oSxtsfYM7LRcTmzypqx18vQs4MZev3yxPhR9Sk3IypdEGnWDs5sGkxv3MM1zPqgjw0KkWOaSm//j4HwA4qKWceyIAVX3l+AeKUkzUgwVzd0GFk/aThk6EqFL1vui+0fZth6KDBt2OlDD62dICbc9vbdUvB7mhHRVjY7trznRpKePEyJjw58wNgB4t34oVGMpCcjNE/JCHERCxo6pwrnPCW4eRfwYQ/3mOZ4SnN9nP3BWYf1ax2qlTwkWKrD4/RhGF8GYCANhmYFY20ClgRerxezBxlzkgzCYKMx2GM2DAF7suwCtXPGJQ90IHnQ6eHxybPT52cvzr8f42makdl4GBJXFhJ09cqxH6AQOQT74e92uD+OC8yDFhxXQ4Bzn3Z7h3ehrjpJCpLRqhgG+FsnnQI38gC4cQr626PxxNnZ2YsXL87Pz7///vthgH+spbiBBWJ2xBwz+oeNE8i8Bdn6JVe1yTg+qLUSQCH2CGFjODpUhGGmEGH3VHBWdFuc6gPx8tcbDwjNRugnzuc5Mec5ev/hJ3SVmRApY/wGl3E0VO067TIrmwPGS3qnLTQeD9MY/LdiK6O1BbacI4E1013em+AgY+a1JmHJK5ECMwXDNByeC5KXWm02aos5MadYBkzj55Dunr/SgkrR+raxpWnSfntfIuCDGR4VmOG5PtFBxno0Ot3TxgPUI7f2GazgwUK06aPy8xd4vl+hGeoRMJs3IRjQlliiaUVz5ZWjHiAVnu8LxnqzWAhx3zm5T0rVUNS37RYAff7ZXhBaPlrz4HaX8w+I03JfeoMykYqy0L5mJdir1gfDZFjwvQFumGB6uKf6YYyx9sj6XjoGXe+AYaEHxki9OpQX/U06TwJS/L16UPpR+PJulM2w7M+XErLr35tDJdyRzk0BG+hv2KuyBuYWvE+ulSfXShurJ9fKk2tlKBGfXCtPrpUn18qurhXilZ4o/w4NvmC8JQofhiejP14V14P9SclJvfHY68LzX964ec0KmnDolAN2EimeoAlJZWJfmpjMIBEHOutDtaikMhGSsEx9Yc/6368LwtDvFREriHwzQe3+QkFZRlMi0eGhtUcXeOUA0gSWOZ0vVL6KN48P9wwwgjEAKwNmrvU2yhSZm2whiXD2mwbbaGzRgDJdkAJ72thzthclsDhWwgSc2u9QiY4hzWtKFD5GnUae4IV6UM+oQvCGVe918GhwXmdtWkshbaoUBLRXGB+uK5it0B1lWaIFjca0MJGi5gW1CFxoJsNRL01OjINML6JL6oRwSxO620yNpEqSfBbkQjAzfkTN4f6tL5WvM7OZnG1YHyn6et3u1HP2BEzXB3q2l9wxM7ce3Ul1Y7dsU8Kz630rvPn1/S5pyIZfugzQmnnIZ9Vjg875HBkrtaBpxHUJuoRP45Bpd/FxPKkRDLKAJS+IWhiscZ3am6A3dbw7SD2XlQzBw7Qg+hR2rjT9VA9Rf9snM/NZGDnvBsEuKRZBTpPzm1tfeB3UbW69aEpMBLe7jGJnbNIXu/BaCh6GzpjwKVFLQvQcNjZQi3PswobNBDa22iQ2pzmXGpNLR+rNZHVWIy6IVhrgHpLDWFiROTd/RunfGohugnbnVEd0DVmgJm1BCi5WSIs/PYAbKGvkot9XOSPCeHRpnZVuX5MpZhpRyEzf7aDfq+i6eqWX3hs8vfzdIT9QnwhtSB/Haq33uR4/Oln7Uv/m9B4ccM1Nv9T70nkno6QdN2I0ljt6RmCV1QPY3ROob+42bY6zELbaoxcNquXTBN6YjNBEKqyI/gXnWBSTBP2Khd4AkM4/qyDOxmsnfKa1lRFaxqpHmWMwItnACa0829wsnKakVJDzbGMozOnkNJwRKnOCJQjMaEiwQqe4airLnhEA7p4DxuzQ1V4OGSMn7Ax9y+9VhgWdL2wmQvcJ0LNyVzEfUGkEEaQ96GVfYGbXMDGZIZORi+eRhEmbBF9fRnDMVhb8Gk6vy2KXGTKADeIFI4/ABtGIlSQdbNDFC5W+a4KnEmRsN1cYzPbBE5CQbk6mFJcKJK/NNV8rJPzd0yYD1fxBWcwMngHqjb/AsQXScoNb2klwvMCGB1l/iLNM73V7YB/CgU2ySbyUkxnNyWEqiD4+JyZJyKQlUllnNLvz02JK9VwFXLg79yusUYml1HQ9NOnQ3QvFK5Xy/XkfNTZ2ik2i/Cr4OFgtzOxyjwIWlnGYXz1DbEzR29LlctXnv3nZrpSsUr04NpNyhmleCRIL5mjMfiG9zY6Mh+wV0gN3pMWhe4H3VTziAwEN0CjelipVT+bmtcEI33MIrPERDnUetGZYMCP1XaF4VuV7r3liZrG2qkGVP0zpgVCYRN8IRpXeRmWqNHDha9d0buFiJX/Pu4mhQZNkqKd0Z2rYafrMGZxppjYWxol9d4K+1eJMEoWOrJYtifpOUyXGXt8DYoNKNdXf0sq5IRdI4miXh2Q26r4mtrGqNOw9NpmashoIUwcJTFH+kV1vzcAG6qRpNo80oJ4dJsk9EVQN1YD6PIwHLwbmVN/Y+RpHmgOjodz8urBG3+74Nf8tqyoUBFyETEu4IObN3wJ97rVen28kqkqkeEPqRueTlogFviMI7lR2Okpc4QomqVRwqzR2vrXFEGzSbb4z53+NPmkmUhXDikBeMJW++BA1Fazkgi+ZCTBLVb5CK6I0u/4vyrgp9MDFXTSk1h+0bJdoSfI8+uhKov/n6+OT039yAW7euuYjSv4XikZwcacBgR0FlozaRhYNaKISaXonO7n04IaU6Ph7ND6/ODm7OB6beMyXr3+8GBs4bkha6eU2f0XrpldOayFGtRPmjePEfvF4PO78zpKLwh1As0qrKlLxsiSZ+5r5KUX6l+Nxov87boyQSfWXk+Q4OUlOZKn+cnzy7GTgRkDoA16CvcwXAeAz8B0Iz/6fbBhnRgrOpBJYGUOQsfNS1XWrsGLdnE6WKyjLyGdibNkZT2+DIPWMSr38mZFYmOnXp6QxoqkkQDJTg4b6mllCCyPi/eaTW2OfmYTLC3NfoBnOI6W9BiP8rLVpFlguHqTe1dxVB193/Xb5w8tXg1fuZywX6NuSiAUuJdSsgypuM8rmRJSCMvWdXkyBl3YdFNfkAh2qIXDQ4MX1B2glmlEFjxNr9MoOHMlgLSAYZlySlLOsyz1wZev0JHBFAB4zfxOWAYvdMS2TQFqZu0FdbavpmXAiOyVeZgMkzPCumaEOhW3ri7Qgg7MldroR+K1VIxHUWowK73wjkS9DVNcYtAa7+NSxYMc3/1wQnK3QtySZJ/oOhatcoZuV1EziB5bfmbMsGo+XtqoFRF0vqezSay9rvd7Pb2YHyXCBsN7mnIH58uqVhePgdSV4SY4uC6mIyHBx8F18JcTTqSD3xp7qvnLz8eA7MNEy9PPPF0VRH80U5+6tw/Hzi/H4oFkjy5tqzCVzINc3ijytWVJ7GTajtxKwOosp2Zf7NOp60bUmTqWiLLUW7H8JPrM1QoJHbvKWRmIv4XB62pcTV50GQJWm+mDNFU5Cd+tNtiBHAxgjfnLKjKbZQJyaylBhxcNozOkqKHQniOF1cDWlOE/QpMZzYjwLYQ1W/1m8NJ+VwKlyx0sI4aixbh5YjwINK1nV62Nr6aWmRl9Zaj2Kg8NBn8DGKKMvQMbD17E4LZlVv9IBb+jR0BPU0rEJeZspN/CaK0II9IsXX9Pf034UYlFLrbqqYftOoMXsFiJ0281mxPjGrWZNTlpwdBIJp4rea+1f02lGhVSudm0fYmQrm/+2aOlTaiNSMFWIkkcjGlGjlOPNGAkq725lQwSuE4yznOOBHtoPVN4hGNuUs6W8dUOzsltaxRxJnoO5x1U6dP8+SYJWvBK2MNA30t+GrEqgd9tGFG8ZF8UWC7gFru/AVkn/IBnMtwHtkXeX5aC1j7UMOR6P11ScLTBlJtTHVJHV5ID7KBhrwUqvD2BbOMkY/6Sk88ZpUAMnoZIfDLPEpuiJJARha3YFVAxtg8qKthxUh4N7RvNGEUjnzLbu7h/rF/roeAmjND2myJpGYh8WOJ0lmmoVz4lC68jVzyHYxrklwb4BkCcAhitD5w45LCVPaV3tGu6NrnRXVGfKEO3I2kycDxWYeITUgktiC/QZazVMduX0cfSWM6o4HA//9ePV2/92xfzAHmZTm6G6F4SPGFOvs6e2kzPwbEbMYaFfb+IQ1oO0Rp+tPLJ1ALmqL1B9G6ZbE46W+RproLhN/s7jzVrXexRzom4fa86PMBygAGqHXBU5ZXeyc26YIIoxe8DMoXCA1fSjt7Y4bHB7rOI850tEsFxpGikCrDJdWWZzQwTWD387Le0lrUnQ0P79AHwAB3Amg4lzhDIqYK9Zkn7XSdKMRNUAHjD/KxipJ1tyLUtRFsYAPQCEKz1QbcJyAT9GYjH/u5UzXaBUQWzDI/GW1kfBe6DvV5+uXn1nJIk9TYNIrW9v4MOaWIgvWaMWlzc0LsMM1YdyDYz2DZjARSsJz6d9PA5prgUtsFgZ2QY0+amBdvfsUUrGo80fprT3zl3szp5+84/PTsfdAL3VPBuuOmWIpwrnDVtsJ2iS/jEUtMhI1OYBPZKeGtKntAixtkWuVRqcZe4aM9GjTRCNdRZwEk+6RUwRZSavBzLSxyMg32hNGYKpgEg2UgKU6IJnegdlnbOn+5i9IAqbmHLwXGcdylbIsC5HKng0PJrQMGoQTVgQqwvWkbDwjrQqpdAiMCf3mLUig6NIqkeI+noci1t/0KrB3RXIB7F9VOZYaS3zT0hVDp2PAFrHugctH+yy/1w/GVoh11UviXRsW+UUpbwoK2WiGm35D4gah4i+oE1Mh+0y7BNTa6mmKwwLQhTjZjCmuAPbHMKoMbWV3V3M4gKLbIkFGaF7KlSFc1d8Q47QK6gQEFRDMNedX6opEYwoMKZmZNeEY41VNzM83Av9sx07rCrSZb5RQcl/ZzVYOn/nxEE4gfr4GnVBVCVMiaeBxUr2heG7QdhBuqa18QFeAU4BLp8Y/ezupTb9psobHvHfK5yDFLf5voCZC/rVwNhgpzrGSGsrJhxJ6r3dqL9EUpr5stnmkqy4/k5ftYV9BrWa/dxl4buUnlGdJ892FTF1VEZgQLDOPC/f9RFA2XxW5dFglBkLzKDCLhdR0kflvJMT6McBS5i0ifTYSfwgMWjpUs+/bM77z3Z7bZh9391terbXj1zYEjuuApntBWEtIlH9NT0UtKia+BpJk9g8dzVD98XIFW4JMuW8+B2Fdv+goE9g1IlGrJlwAOP5uEuRLqgiULFvZ6LWDt/P52e3Z6cDnbrvSyKwqpt1RcB0JLrzUMe1h3k9xg2MEbyxXdK73nzvb5rN6rrDgnkD8HBlBanAu38Rja54eWtp2vTKa/KVYJWKv3Lou8I1HreaWB2C6L0N2/ahXXLnnSYXDb6H5NPWuruJ0bfQpS0lTHE5QtW0YqoaoSVlGV827dt1YSMslpTtMZO2Zu+3ONVM8u8HD0DWXOg7oJ3hgjYO4YfCm5EpxWwbaG8sGHYpoDdNtsBqhMxYI+h0MZVZuCwdyLSTTx+OzfE4OT5Jzg5FevKQBXD5lKDEC7xEUgkoSdiBxp3WfPNHxeI0OU3Gh8fHJ4c2X+AhuBj4BqD0VCykY3WfioU8FQuJYX0qFvJULOSpWEgDxKdiIY9XLGShVMMK/fPHj9f2ya5V2PUQPqZl14qlpsFVUhC14HszLf+sVOmmQmaqzrj0n15/HKHr9zf6/58+rocYWmmJgZXJd0pcMuPXeVdAbzd9F/h6leXF0dE05/PEPk1SXhz1YSJLziRJpMKqkk2Zswmb4eHGlvxmNmRma4kdj8Xp+HQDvFOedWSxPF4m4KzKcyBmDbSeshNa02twyUXek37eWw/nEVnbztFTm6WjJkvO57E4eOMfrN/+df/BMN28LgCxoxgAkrRJ9HDr2hs+r08GFzXal9oJffRIlCH76+WHd5MRmrz+8EH/uHr34/tJJ5lff/jQjdqDk4H6s2bggAGj8tuVRiy80m2VjNFLxsbWqFvQ+qC+oBcmXDSisEjYSMEb0XBTMjPZyzlVxo+lUAUByj7xvMSis07RlfE3COyrHqGJnWJig/YNo4aeCX3n82G7ZRz3ikL2sCOFibyNPF6L/KiFYMPYalwjC3xPfIy/1DxmXNWpK99UljklmbHcEpZyaGepVQ2yjJUsyoiEnh/3tm1oTjCD3LaNXUl3ShVCktscoG9auUK/V0SAG8ZaJ41zZVC6UCSKbNReLI7eRQ+He8ldCGC7qWjKi6JiluYm0IzfE+EEmvV+ijiI0Po+bU9M+9FOzlU3rI9kbkYBOovEjgJ07/5u3y3fWKGhoBZH0jYNrdVmR6RO9Qr0r1/pjHYjsS8Xy5Xxo76/uYIwm7zRel5/ZhkOvcErIhIoBz2CYtD6/zckHaHrq7cjRFTahZh+vRslihm+NVeGfS0PQleX7y7RtW0vi97BbOhbpw0ul8tEg5FwMT8ykcZQm+jINaQ9NPC1HySfF6rIGwZwhG4UZhkWGQQeu9oBvrttYkQNzumcmVRTw+DviPox58tWU3KE5I+mI6/ZQJDoYnala2XbhV8ng5318JXATG5RtHsr8t9Avrb0jB+suE2iZFIRXBcUIOgXM3544YwvzA5elGt2RN9+enU9Qh9fXhuWPLx6+fYaeDH5rosKH19ed9Mh6EK+L2a8NEgZaWEMrcGsljdcMLeYUiWwoPnKRsCbMg0xLRaUzaU5GwuaCu6irw1xcS55ndwTvizvViUZIZr+HmetzXBKppzfjZBaUqVM8EAoDty1W1JV2RO6LgJ4T1jWgLCOCPepWERfbjLkfBk+R8icgkeZFoNX1ybgUsbg6WU3XauXVLg0vU5mv7x6273MbivuRZ9+4UWlm8aY5RD5nMCdaYRyYP7fcKpp7Fm5A6ro4tqNi2/cvQ9kXrnBnfYXdNeezVwYfuNWrhUJk9pTK0wXDYn2D4iyKa9aku4fEK9U9weUKSLia4L5QO/Lzg8qBum2bRihMGmByzIoaWmr6mkt5xC60KCiTnGw9QhHXo2BAzLeNaYEimNkPc43EoFLQhPvnpJlX4nUbkgcqblAJRG0IIqIfsgaWySAsglZBJL+CREJPjnPTdW5o8JFa3HijIslFhnJbvcT/hI0svAJYzZyPvjIXr9KwT932yOOvz9JjpPj5KQbC6sGq9Xt/gI5LyGX39SeBPjhhhG0Fri6NoURrazDVk3AHremoEC1LTRW5BN/KcVIcZ4f4jnjUtEUSaukhL2xYo7O+bLrbvmGYMFMrhZW3qQ2p2pRTcGYppcaivceeWIe0uxQliTtXJFvji8W7/9Rvjv9+R/f/vT87X8cnS+uxL9f/56e/ue//jH+yzcxCHvpaLHO3sUVzm24NwhrsDoCradcX2WcjOwpCDCxDSJgBFueKmwZ4p676gAjNHGakv3IsDQVSFZFJwGfnZ33HHQPaZmxkSZ29AdRxY7RQZf6kw7K+A830ubktH2jbgTwuJCl+OnAGGTmR2sn+5UkpTh3snXks1lMuGat9dnsIt+qLiOKpGrkRobXTWLg5rEO3TXBniZBoSSnXDo9DqO0kooXPvjYjAM9DCGe1OLVyFDkbEbnUK5PcSQqtgWeks+Uniio4uYCoGdUkCXOcznSJ72opKGLMlx0VArABwZxAbLuzAqOQ0mY5EKO0JJMo5mD4cFvlXMpUdegml6X128t7taw4ZY4tGzgPF9j2LD6khkWfGGYrUaGlAYr6ddXukRMs8ayPvzXkLKZEIneWhvj7xWpzJDo9cc3EAXPGbCCOyJsCYW4nrflEV+vACo6ZQTq4VrsoTfi65c3yQ5lvL9cO6ZWdN4X7Kzl+aQ1+ZeMsu+HonU5ezQYvBA0U0RtHzvAeFgHhHWxqzUcDY9PXeVNUJzv2eTkwTCzWZ94G5i9xUwv4naufnlcPcAhFRH1lR5M4VpQupPNmbPqEVclkUnbNRQNNnGXAzEZoYkTxvp3mkn4UUpbYvXzCn7heW5eNiJd/1aL5W4Pkxv2KUL5KUL5KUL5KUL5KUJ5DS5PEcoPEXhPEcpPEcoxrE8Ryk8Ryk8Ryg0QnyKUHy9CmYs5ZvSPjgbq79ufDA8ICod1xzFhgqYLQz6wavV1YSlKzFb60DWE8QOHt8xGHE8Sd6pbkLyEwm1YCMzmroa7sl0EggLwmJmALAixiZuT+3lDZHaNtNxnoFC4UqhVQejPrSES0i6JOa/RR7Pn5jyc5x56W27flHtvyV035M77cet23HE33pKTOm7Fj8tNj3Abbt6FOxF58JZYfw/eBsU1m6Z1C34InO377zood7r7diLxGMHwG++92xC894LYCX7r1vsQ6Nfed7fBYdNdFzUdhNZDEou96+jhLl1Ze4WdbwaZ9HwTs/qkhI4WEN7hfDZRQxWIlfXNJWl2FO1eG1wShkIbmey6WyUlzSaIzxRhSCq8kq4ioOsBadq76gtpEAGT8pKaaznUfMr5FOdBVyAHcqD0bCtLB9edGe7FvvY0iiWibRRjuy18UQXBgdQh5pDNv4AC1kirlwRKnswFLqzeK5CkBc1xd/BOL0JlJ3EfIa3JYVNiqJ3TKuxTFzuZd8QoPC5FsZhXRU9X57d4pS8QRu80bFwKrkiqwKFMFb0n3R6tgLz/dSDl4mCEDg5z/X+tPOifrlnK2cF/dyNPPpO0gt4D+yLB5RRqURMT1G/3qBMQ9fSdWB1VUhxNKTvq5R6QjvtePZikp4GVxgQ+H5ncEbNBlCtvj6XH1cRhvsTMRMWGPQFiD0pQ4AdhNBV8KcGX59JwLECOlksyRSXUzHdNrLTqynorlUN/nix5yK6rkwFPTgf7qaBpwdWr/ZS6r8/tk/Hx2eH4+eHJs4/j84vx84tnp8n582f/OfD4/ui6AYdsagvg94C+5OKOsvmtiTrqbGK6iwZytOAFOcJ5WPl3I+gWFuRhcdbO6IiP1A1r1Y7VjQ/Rw6HqRt2ThZj+l64I5gynNKdKqw0lvefAyFjwCnpAl5SY+sN15z7k0v3gM9msWm4DuSUh0HezwGylrx8pqYNEPoaT+jFN/yTwO5uLZzFCkEPkw4XNpqJWa5AlZ5DuZVOzatV4YsmWBN7gS2hnJ4giYTewOlCDyFGQ+DYlqGIZEa4ntL0VjmxY5ghFfbVN1+wRci9pFcjFo4Wxrwm6MiXtLVo4zyGgU/EaZFpORkaZw6BdMUsXIAq22QFX10gJek9xnq9GiHFUYKUgIws88womwAJ6Ua0g3WylCRVMcoGTaZIm2WTXWqYdITO9G2lo2Mxl7nNNNVmAhbgrjNZIPA2CNlrxejc7ROvZL3Wkv1lOgzpu3f3T4VAw8VKCzLHITMCZhDrmo+BNk50wpT4GUuvCJoMn5SKTpl/Nx5fXvhC/afvnIDPgpITqvy2lTGP2HN38xzsbd/mt9NWg9VD19GZ4U5POJx0157BFUvNVG/lGnD+TrvMqiAMbKIdwqipn4jR9V4go0IEf6cBU3p3ZmBM3M2sAK11lSvjYXnecPbYjTdBVpEuNAJONwUPYbeO4m2hoDN1NDeR16B6FsMbfKpbWdyjbJN98r2uYmoSMq2AwzSdmiWwP6wclfn+BqLUwWix69aWRkQ1rKyTz6QdX1/dntWDtOZq3yCrb4mLBhVoL/ZcPO1wLhinVug9ILFuaCRqz7yVSvs6jOD8dBuIPEDoP9bfrPC8bO2Yb8cNW62Ogh8Sw19AOVJKvbUz7EHBboD6FSDyFSLSxegqReAqRGErEpxCJpxCJpxCJXUMkbJZ5+5pYPxzupHYp6807iQo/0xctYc7NuuuDiZvAoXckz8EL3Rf8MKO2q2/t24EqD8Ya4M74wIZiptffaOQ5PEKzkker5h8EGdjTTFSMmVszINBXhYf6lsKmuH/u+z/ZTu/u++b1At8Riai+g0lJp41mrIo3qRqkxJkVZEGxrn7QfD8AZ94RBMILBCUsBbuwlBWR5vaoxxQk08jY5iNg74kG1CqdjXVxfQBp5poX+nwsltW8AO9IyubQ/sg2NWlCWrv0n70gz8l0RsaYnKWn3784yabk+9n4+MUpPj579mI6PT85fTHrqQnyoGyl2hhMciwVTY1569BiNdASHCpCjufr5BW7p9bkr4Syzg8AGS222Qj0GwNjmy/KkvOlBKm3jJuTO3LXFz5otuF2oqiZ27Xh0Z/bxgMxQxppHfckNgFStmPHxDEhq9tLRENc5qbulAVXs0ZGpRJ0WulhXAUQwy+iAvuav74vuFSy2Xu93iLGHuTsIg5pU3jAotbjnbRVhKATL5+h1+HKh0sAaNk01LDzcZpXUjWSVozL5kcu0A8EK9kehkpNNdcSHKOUl97i7ukIvbiica01eYYYR24c3zllHw0uenbENj6RIJ9rp90AAzi7t001Np2jOo6eSEjq84032NiBoEfdIC1hwEaOaQxxzCyjxsr50jPRDJOIkM1tEni11F5S7F7ajjAwQWNdtg3u2ZqHniUnydB2Hv9mw14arBNqKkP4p5aOUM+S32mVFNsoTaJMA7xYYfERN1qX7WKeHjqRckEKInC+xxocr90cLTWl1i/Qt3QGJzm04G3FbKFAX6n7V0GnO+k6DQsCnktbjMmzNc0mKOPQuau7dtE5Pp09H49n9YyeocE31dBxw2fDVFzzlSEWd9+ctF5CY5M7chb2aKjhFvaw4ok1s++oxX4BG7kpV9FmgL8PG3kX9H+CjXwdGHu0kRv+/LuzkRuwrdE5LI3Sw0V/C4byfphb8D5Zy5+s5W2snqzlT9byoUR8spY/WcufrOXbWMujm0Ql8vga8enDm/WXhk8f3rgT1jbbNPUGy5wooj8dGc1epvpyNbJxdVDJEKvFjtp9f3+Ax0qJc43R66L9lYBqiy68se713HsPeMfBdoaVfr9dmWwUluHJgJCFiTrHpka+Jl40IET5YQinxCnEwOZ8brlOf51Km6XxWyVV3ePcFZ+rCd6+r/oq9x0t0t3wGCzqSyw90CO/0k0Nqe8SG9M5LLdtTTdJyi9OT58dGRPOP//+l8ik87XipR6+5+NubtHE3BenXM38Wpl7Li301c3SEAIYK2kMoCMjZuoC+D6RNRpxUok80WNORnrBIWZPRUskSMqZVKIC6wwXyC2UYct4x7dYtLEgOy1BN53NFt8XpW9gdO82Mi19Rr5e9AEgctCzDU3H5snFxDVyKHFwFYaR+6mz3eX0cbB9ZTp592IbL1cX2lfM5D5o1tO738kXG4DJ7T3F1hmEctMmOjVfGZEN96P4HK7biyfGtA+FyS1rR9V4gcfn3HcaMV+dtK9FntQxRj332U6rSH/4MVNkHnkPBhpHWvQ+PX3W3Xfp9FnfzVst9sUb19CIo48z7LZtsoQDDGLC9wWZ3mQwgRVWXukBWM0nJsOyCX80jMelIXq62Bz29T/DviafoW5oUNg6nBFi8M02cI1pooEY1+MAJ/sidwEu8HX/GYY5p5Xyb8UYqAYhjLW47lpSlKqGC1Awb8QeKTNCwz0T+QfRlKglsZWv1ZKb3d6XDS3wvIitGY/Ll1yowKsACtNM2WjvydeTgEkVL3sX8+tOIe2A78GtkkTsMwvzkx2/wbe9djcpG2M/sgQw4/dDE9KlodHLLTMk9KKAV7zpGOiu0ACvGq0XOh+SexywnOKoVp0T1yHNd3wCzwrcjEPLuX5CiTQ72A8FEy2wNHXH1QIz+DrNRvVNhEERkZXTwkE+gNMK8VkN02JgHQklqk1lJEwgcPQoMHlGz1vFJToKUMSenb+FQJ73Da9G1Qzs8aZ9vT49++NxAklwPiWRPrBOe1zo493lROd8XitXa+DUanjTZvWA5MFLABi9hu42ke64QfJ8I80tQ4NiKkffY5rXGbotwEmB6f5ux3rjwQxO3+uBYoHl3pQgG1DmhMAiDuoKRZNxQMOLUDOIs1UBbZj0Kx2H0CdJZlWuqTwB1oDiB8L+AeE3PkQFCp8D5+M8FoeNbiUpZvpAs8d4D7mavoFHpddPENXhBTQ1BgE4X5PQBBB1//OlfQE0qVkv1plISqTEYtVz8sSlcurzB4XPtzuFzJDuLKp97PqqYytZuORsdyrq766MZcQPJxd8aTsnLsnUe/chLCUogmyydLHQulflAY+qhPw5xqu+VpXrNozF4z4O/qiJ2nnDOXjL/6B5jo+eJ2P0Lb1ecEb+Cb28/oTM7+j9DTo+uT02DaRcLZ/v0GVZ5uRXMv2FqqOz8fPkODl+jr795eePb9+MzLs/kfSOf+diUY6OT5IxesunNCdHx89fH5+eoxs8w4IenY1Pk+ODbU6SXYSzmWwYLUMHU80WW1Q1f5w9/W/tlWxCErlxk3E3EU2vieTxaGlYY3taWkCeqnU/Vet+qtb9VK37qVr3GlwGVev+Gn0kRckFBkvUZwjvJQq9SMYow3Ix5Vhk0tUnSdxXIIOikgrNuXd1pTJZFeABgzICSyoJUkQqiTLOvlGobmDro6UIVuGZYiiEc+rTYEqsFhf2xIJI6vb3G01S1o/hXw4R8Z2boQSJ++T9q/cXXY3KrL3xiKTyyCRvHB2/OI/gaszVv/w969nszWJPbAvZDbmHENS2rrskgvhG1iZCuonQpzLTt58ZzYmm3hGl8sh6CnGacqhPka+SHj09KbFKF9sjdK2/1qVWhspIx3QFZb7zzBbTvdVf22U6/NtO0+mv7TCd0WW2ny/Uh3xQgFOMeubisgO7IJxvG9S6NZyeSVsrOGDSruVrT2r5uhK532rgeh60AW4qQVOsMCp4VpmiXJUEi3QShnwGUQ+PuJ/bLpnIUffVoR7WiLevvDL7g/mrY4qXrot+youCM/ieD6x2ZiCwbOS2rojtv/NVfA+NxKqiBfmjVtHX3Lndm0YfUJVgdVJSc9UQZ0HOo0YpLAhpk6GSWMof/AsUZ1O4KA8i2ge1xDRFqSBZZIE12nn0Xm1oq+b6+Do5Uwt0Mj4+G6Hjk4tnzy+eP0uePRtgaPAg1W1FDWVzPrcle4AZTb0XKEIWIaWwr17YV3bI9nFewbvGPu0LaClUEpPdZAJliAir7vgxTJpNNLFZ8IiOfPobSd3lwPxxuwV3e/YDkec6/QHPuQD9CAIiREMkhNeQnkle6y81LmBQzCfLqK2WpK9jkDJgU8lgHp8d0NdjrpGftUtSCIBmSG13rtmI9d49eGl25v/HK8FwrjfYwbC9/IBtLAjObj2fridvUEAP+DkAFMYBBv/NPDTul1g+plyQrPKzDF5W5Pw74LucrqyYyA7dgE6JXZC8rHuh9S1mxWj7krtd2UvGuLL9yfnMlbuNWM6BZlPcrGDTU8u2fQdOwz8DLNiMAVAOILuI2c4rZT1nsFpusE3rEkmY7mk3EMBPD3lkkC87JQucz0wQp3d5u+K2oTmgCVUIGa4yqhozdQO3EUBYJz2c27RaBt234sq74UFRWP+cstuKZh0TdOZhuH/1Kdi2I5l/talvPB53fL4RQSMojHfs09WrulWgXuB2Qeomarby3R4Re7Y7VsALDsQhmHnpVzSXqv+uvwmZ2hZwlNPpkZWH7ic6PIQawdvx5UfTd6OA/A3KSGdx0SZSLfvY/rDaEp3w/tNdiXhDoeSH4bIBuuugXvI6CLcjij9PWlKhd+M8CIuBe9s7Jr8QWD9tB1b5hcC63g4su8KPd+zcWOnwwIOHL5nWVvZx8AwUwSHbaWB2P0m6d/ajAlvD6qSzBaof6oYm+MVBjmqbWKA1TGsg7lBg/zbAdgpuW+luGeb/ZtTNyOQ3hIwPEkuadPb+ZCbuSHzz+6mayqaT9EsB5+deA59B4Fauipyyu2aOlIFSkc9NNn0QiJe1ccHOa9KtEGTQ6kuXz1k21OUZXNCPMnK/Fgv94m0jAHx/aHxsQFj66HDIOjMFjoZA3acR7gPgNt/a7CK54EtpA3MC2itBCJqSnC+R1qDaQqGRCLm7SPBpw5kr52xYwcesDpQFM9qjlG5NzlqRTJIjKdKjlAtyVGCG50Qk6Q63hUjgukodObFV5JW5AtYlwX2ThRaOtnbHY+P5G5/e5nx+KxVWlby19pAHIjrzhUbAQu1R8/i65kedqObNkl07K5tBPE7zNjsAI7jgmdzSiFUHI9XTz2prQ9GWR2ef7ahpodlh4260yqzbpmDreLRr1zoDzJDFbRpe7OZcf93oVJUfisAOrNlpYOnDoNu40qeO9AO9tUFlQxzYIENKjxHlsaHfoSRilzlirbFke5g3JaZtNI4MRbr7mt/J2AMofDycB+r951oNGema8/ncitZesTr/84A1dfsMqKJicj3vVn8eoHC3Gwpniks8pTmNKy/txJ4aCjKbkRSatwUDd270bnPO9gcln7khNp2FlN3bqg23HYuzm1w5P30+nh2fvTjJyNnpWXp+nmbHz55hnGWns5PsxXgL0ViDp9fS9QgWFQPHYrpK8zommlEV7pPYWY4o61jn5pn/IGkKuRoypymBXw+PT56d2r/tAXV4ksiUl2Srs4EpwXO70eCeZW8p7rhZUCKwSBerNn5d1rctd90G8GCGSHto2lKgHWSfMatfn3jUM2Kgac1D0+i09hCuaHDCFivvwdTf6zFLgSnt4eAOhATWdC04w7zSQ+jG5pR9TmyKzBZU22yO3MWPvt+V3tIWCWE5jaoEmwGP8khDuOVK5nw+ENyf+bJ5zbMRctAnrMOF7/Py6jSCnc4zPaseY9OBNuVcdR1lDdPAkBXNsvP0+xenWGaz8XE2JSdkdnKWvZjpBydnp+n3W6yxBis8wuBvR8nukypQBnI+fyjtNhqX+ghaCsoFVasvq7m5WR34vkv0paUHVAHCioI6tWrW+KiTHKDz4xcG3s36QODr/ObH4GZZbaN3tXombIGDr+hqvvJVD+CdsmlNgKS9CkXXIK/JVVLxIpqJEVn3Le0m0MY4SR8dWCdnWn2dyDo0L+dVVkfmvdR/upgmKDaOM6xwd3DeW/upGTuNvioRzrI68BVn2S28cOuGdLBwEQbsNZZA4QS+lbhhv2owBkk3BKdGlS0jCBN0bVtduKap0IwiPRmheUqg/WRG51ThnKcEs6QXNlfgvxbcPbBc2RcDdU4fCq7BwYAZAvvJpjnCc3nYLPaF2yAE1NNZnSQFyWhVrJ/9rRkiKrM/bHIb0Qnb8TYItPYQVPKQYKkOj9MN/B8MhCAOm9Yx1lQacKjsCa6OWQ5Cf/2qelDsJ4efh7Oe/YqG5SfO5zkxO61/dlOycv0EttbkBvzsRs94egf7x+70V+7vjsHNZ1CVv1nW3n6m96xccKFuTYBzLZowSxdcuPkO/S7vicr1YKGNeeGoURoXUwbFBgZokpvLIvgBfYf9numK+lDYccaQL2A4X3bXAKAVqmlFc4W67nc1KAONqWsgeennjB3N7blyPCW5bM3WCmRdEy6/AZYroISZxzOt1bsty/5s/uoY5IrNeMioVk+NRU/Nm/p5F2ei//k/N/NdNSWCEWNEs/P/Ej7rgKL+3B+c8SlYD4rC2ddvpPpLGzdTBPR2G6rk2SMwVECBkmeoTi1sTtVl1tl1pmueoU9Xr9oTQXBCiQfZF4ZNVY/YnoxnrYIAD5xMX3q6STh0Ow6byIyGCly2Z8J1pP1jTRcM2T3nY4q4YN40knbrpn0EId85rxn3/w8AAP//DGeFOA==" } diff --git a/libbeat/_meta/fields.ecs.yml b/libbeat/_meta/fields.ecs.yml index 8950402dc78..754bc9a9a5b 100644 --- a/libbeat/_meta/fields.ecs.yml +++ b/libbeat/_meta/fields.ecs.yml @@ -8,8 +8,7 @@ title: Agent group: 2 description: > - The agent fields contain the data about the agent/client/shipper that - created the event. + The agent fields contain the data about the software entity, if any, that collects, detects, or observes events on a host, or takes measurements on a host. Examples include Beats. Agents may also run on observers. ECS agent.* fields shall be populated with details of the agent running on the host or observer where the event happened or the measurement was taken. footnote: > Examples: In the case of Beats for logs, the agent.name is filebeat. For APM, it is the agent running in the app/service. The agent information does not change if @@ -17,31 +16,51 @@ such as Logstash or APM Server. type: group fields: + - name: version + level: core type: keyword description: > Version of the agent. example: 6.0.0-rc2 - - name: type + + - name: name + level: core type: keyword description: > Name of the agent. - example: filebeat - - name: hostname + This is a name that can be given to an agent. This can be helpful if + for example two Filebeat instances are running on the same host + but a human readable separation is needed on which Filebeat instance + data is coming from. + + If no name is given, the name is often left empty. + example: foo + + - name: type + level: core type: keyword description: > - Hostname of the agent. - + Type of the agent. + + The agent type stays always the same and should be given by the agent used. + In case of Filebeat the agent would always be Filebeat also if two + Filebeat instances are run on the same machine. + example: filebeat + - name: id + level: core type: keyword description: > Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. example: 8a4f500d + - name: ephemeral_id + level: extended type: keyword description: > Ephemeral identifier of this agent (if one exists). @@ -58,8 +77,8 @@ fields: - name: "@timestamp" type: date + level: core required: true - phase: 3 example: "2016-05-23T08:05:34.853Z" description: > Date/time when the event originated. @@ -70,14 +89,16 @@ Required field for all events. - name: tags + level: core type: keyword example: "[\"production\", \"env2\"]" description: > List of keywords used to tag each event. - name: labels + level: core type: object - example: {key1: value1, key2: value2} + example: {env: production, application: foo-bar} description: > Key/value pairs. @@ -87,8 +108,8 @@ Example: `docker` and `k8s` labels. - name: message + level: core type: text - phase: 1 example: "Hello World" description: > For log events the message field contains the log message. @@ -97,6 +118,125 @@ different values which are then freely searchable. If multiple messages exist, they can be combined into one message. + - name: client + title: Client + group: 2 + description: > + A client is defined as the initiator of a network connection for events regarding sessions, connections, or bidirectional flow records. For TCP events, the client is the initiator of the TCP connection that sends the SYN packet(s). For other protocols, the client is generally the initiator or requestor in the network transaction. Some systems use the term "originator" to refer the client in TCP connections. The client fields describe details about the system acting as the client in the network event. Client fields are usually populated in conjuction with server fields. Client fields are generally not populated for packet-level events. + type: group + fields: + + - name: ip + level: core + type: ip + description: > + IP address of the client. + + Can be one or multiple IPv4 or IPv6 addresses. + + - name: port + level: core + type: long + description: > + Port of the client. + + - name: mac + level: core + type: keyword + description: > + MAC address of the client. + + - name: domain + level: core + type: keyword + description: > + Client domain. + + # Metrics + - name: bytes + level: core + type: long + example: 184 + description: > + Bytes sent from the client to the server. + + - name: packets + level: core + type: long + example: 12 + description: > + Packets sent from the client to the server. + + - name: geo + title: Geo + group: 2 + description: > + Geo fields can carry data about a specific location related to an event + or geo information derived from an IP field. + type: group + fields: + + - name: location + level: core + type: geo_point + description: > + Longitude and latitude. + example: '{ "lon": -73.614830, "lat": 45.505918 }' + + - name: continent_name + level: core + type: keyword + description: > + Name of the continent. + example: North America + + - name: country_name + level: core + type: keyword + description: > + Country name. + example: Canada + + - name: region_name + level: core + type: keyword + description: > + Region name. + example: Quebec + + - name: city_name + level: core + type: keyword + description: > + City name. + example: Montreal + + - name: country_iso_code + level: core + type: keyword + description: > + Country ISO code. + example: CA + + - name: region_iso_code + level: core + type: keyword + description: > + Region ISO code. + example: CA-QC + + - name: name + level: extended + type: keyword + description: > + User-defined description of a location, at the level of granularity they care about. + + Could be the name of their data centers, the floor number, if this describes + a local physical entity, city names. + + Not typically used in automated geolocation. + example: boston-dc + - name: cloud title: Cloud group: 2 @@ -112,6 +252,7 @@ type: group fields: - name: provider + level: extended example: ec2 type: keyword description: > @@ -119,35 +260,41 @@ digitalocean. - name: availability_zone + level: extended example: us-east-1c type: keyword description: > Availability zone in which this host is running. - name: region + level: extended type: keyword example: us-east-1 description: > Region in which this host is running. - name: instance.id + level: extended type: keyword example: i-1234567890abcdef0 description: > Instance ID of the host machine. - name: instance.name + level: extended type: keyword description: > Instance name of the host machine. - name: machine.type + level: extended type: keyword example: t2.medium description: > Machine type of the host machine. - name: account.id + level: extended type: keyword example: 666777888999 description: > @@ -166,28 +313,40 @@ containers from any runtime. type: group fields: + - name: runtime + level: extended type: keyword description: > Runtime managing this container. example: docker + - name: id + level: core type: keyword description: > Unique container id. + - name: image.name + level: extended type: keyword description: > Name of the image the container was built on. + - name: image.tag + level: extended type: keyword description: > Container image tag. + - name: name + level: extended type: keyword description: > Container name. + - name: labels + level: extended type: object object_type: keyword description: > @@ -198,115 +357,142 @@ group: 2 description: > Destination fields describe details about the destination of a - packet/event. + packet/event. Destination fields are usually populated in conjunction with source fields. type: group fields: + - name: ip + level: core type: ip description: > IP address of the destination. Can be one or multiple IPv4 or IPv6 addresses. - + - name: port + level: core type: long description: > Port of the destination. - + - name: mac + level: core type: keyword description: > MAC address of the destination. - + - name: domain + level: core type: keyword - phase: 1 description: > Destination domain. + + # Metrics + - name: bytes + level: core + type: long + example: 184 + description: > + Bytes sent from the destination to the source. + + - name: packets + level: core + type: long + example: 12 + description: > + Packets sent from the destination to the source. - name: geo + title: Geo + group: 2 + description: > + Geo fields can carry data about a specific location related to an event + or geo information derived from an IP field. type: group - description: - Geolocation for destination. fields: + + - name: location + level: core + type: geo_point + description: > + Longitude and latitude. + example: '{ "lon": -73.614830, "lat": 45.505918 }' + - name: continent_name + level: core type: keyword description: > Name of the continent. + example: North America - - name: country_iso_code + - name: country_name + level: core type: keyword description: > - Country ISO code. - - - name: location - type: geo_point - description: > - Longitude and latitude. + Country name. + example: Canada - name: region_name + level: core type: keyword description: > Region name. + example: Quebec - name: city_name + level: core type: keyword description: > City name. + example: Montreal + + - name: country_iso_code + level: core + type: keyword + description: > + Country ISO code. + example: CA - name: region_iso_code + level: core type: keyword description: > Region ISO code. + example: CA-QC + + - name: name + level: extended + type: keyword + description: > + User-defined description of a location, at the level of granularity they care about. + + Could be the name of their data centers, the floor number, if this describes + a local physical entity, city names. - - name: device - title: Device + Not typically used in automated geolocation. + example: boston-dc + + - name: ecs + title: ECS group: 2 description: > - Device fields are used to provide additional information about the device - that is the source of the information. This could be a firewall, network device, etc. + Meta-information specific to ECS. type: group fields: - - name: mac - type: keyword - description: > - MAC address of the device - - name: ip - type: ip - description: > - IP address of the device. - - name: hostname - type: keyword - description: > - Hostname of the device. - - name: vendor - type: text - description: > - Device vendor information. + - name: version + level: core type: keyword + required: true description: > - Device version. - - name: serial_number - type: keyword - description: > - Device serial number. - - name: timezone.offset.sec - type: long - description: > - Timezone offset of the host in seconds. + ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. - Number of seconds relative to UTC. If the offset is -01:30 the - value will be -5400. - example: -5400 - - name: type - type: keyword - description: > - The type of the device the data is coming from. + When querying across multiple indices -- which may conform to slightly + different ECS versions -- this field lets integrations adjust to the + schema version of the events. - There is no predefined list of device types. Some examples are - `endpoint`, `firewall`, `ids`, `ips`, `proxy`. - example: firewall + The current version is 1.0.0-beta1 . + example: 1.0.0-beta1 - name: error title: Error @@ -318,16 +504,19 @@ type: group fields: - name: id + level: core type: keyword description: > Unique identifier for the error. - name: message + level: core type: text description: > Error message. - name: code + level: core type: keyword description: > Error code describing the error. @@ -336,43 +525,78 @@ title: Event group: 2 description: > - The event fields are used for context information about the data itself. + The event fields are used for context information about the log or metric event itself. A log is defined as an event containing details of something that happened. Log events must include the time at which the thing happened. Examples of log events include a process starting on a host, a network packet being sent from a source to a destination, or a network connection between a client and a server being initiated or closed. A metric is defined as an event containing one or more numerical or categorical measurements and the time at which the measurement was taken. Examples of metric events include memory pressure measured on a host, or vulnerabilities measured on a scanned host. type: group fields: + - name: id + level: core type: keyword description: > Unique ID to describe the event. example: 8a4f500d - phase: 1 + + - name: kind + level: extended + type: keyword + description: > + The kind of the event. + + This gives information about what type of information the event + contains, without being specific to the contents of the event. Examples + are `event`, `state`, `alarm`. Warning: In future versions of ECS, we + plan to provide a list of acceptable values for this field, please use + with caution. + example: state + - name: category + level: core type: keyword description: > Event category. - This can be a user defined category. - example: metrics + This contains high-level information about the contents of the event. It + is more generic than `event.action`, in the sense that typically a + category contains multiple actions. Warning: In future versions of ECS, + we plan to provide a list of acceptable values for this field, please + use with caution. - - name: type + example: user-management + + - name: action + level: core type: keyword description: > - A type given to this kind of event which can be used for grouping. + The action captured by the event. - This is normally defined by the user. - example: nginx-stats-metrics + This describes the information in the event. It is more specific than + `event.category`. Examples are `group-add`, `process-started`, + `file-created`. The value is normally defined by the implementer. + example: user-password-change - - name: action + - name: outcome + level: extended type: keyword description: > - The action captured by the event. The type of action will vary from - system to system but is likely to include actions by security services, - such as blocking or quarantining; as well as more generic actions such - as login events, file i/o or proxy forwarding events. + The outcome of the event. - The value is normally defined by the user. - example: reject + If the event describes an action, this fields contains the outcome of + that action. Examples outcomes are `success` and `failure`. Warning: In + future versions of ECS, we plan to provide a list of acceptable values + for this field, please use with caution. + + example: success + + - name: type + level: core + type: keyword + description: > + Reserved for future usage. + + Please avoid using this field for user data. - name: module + level: core type: keyword description: > Name of the module this data is coming from. @@ -381,6 +605,7 @@ example: mysql - name: dataset + level: core type: keyword description: > Name of the dataset. @@ -391,8 +616,8 @@ example: stats - name: severity + level: core type: long - phase: 1 example: "7" description: > Severity describes the severity of the event. What the different @@ -400,8 +625,8 @@ the implementer to make sure severities are consistent across events. - name: original + level: core type: keyword - phase: 1 # Unfortunately this example is not shown correctly yet as | do not work # in tables well # Is | is the representation of | it works except for cases where @@ -419,34 +644,35 @@ doc_values: false - name: hash + level: extended type: keyword - phase: 1 example: "123456789012345678901234567890ABCD" description: > Hash (perhaps logstash fingerprint) of raw field to be able to demonstrate log integrity. - - name: version - type: keyword - required: true - description: > - The version field contains the version an event for ECS adheres to. - - This field should be provided as part of each event to make it possible - to detect to which ECS version an event belongs. - - event.version is a required field and must exist in all events. It - describes which ECS version the event adheres to. - - The current version is 0.1.0. - example: 0.1.0 - - name: duration + level: core type: long description: > Duration of the event in nanoseconds. + If event.start and event.end are known this value should be the + difference between the end and start time. + + - name: timezone + level: extended + type: keyword + description: > + This field should be populated when the event's timestamp does not include + timezone information already (e.g. default Syslog timestamps). It's + optional otherwise. + + Acceptable timezone formats are: a canonical ID (e.g. "Europe/Amsterdam"), + abbreviated (e.g. "EST") or an HH:mm differential (e.g. "-05:00"). + - name: created + level: core type: date description: > event.created contains the date when the event was created. @@ -462,13 +688,29 @@ In case the two timestamps are identical, @timestamp should be used. + - name: start + level: extended + type: date + description: > + event.start contains the date when the event started or when the + activity was first observed. + + - name: end + level: extended + type: date + description: > + event.end contains the date when the event ended or when the activity + was last observed. + - name: risk_score + level: core type: float description: > Risk score or priority of the event (e.g. security solutions). Use your system's original value here. - name: risk_score_norm + level: extended type: float description: > Normalized risk score or priority of the event, on a scale of 0 to 100. @@ -480,30 +722,22 @@ group: 2 title: File description: > - File fields provide details about each file. + A file is defined as a set of information that has been created on, or has existed on a filesystem. File objects can be associated with host events, network events, and/or file events (e.g., those produced by File Integrity Monitoring [FIM] products or services). File fields provide details about the affected file associated with the event or metric. type: group fields: + - name: path - type: text + level: extended + type: keyword description: Path to the file. - multi_fields: - - name: raw - type: keyword - description: > - Path to the file. This is a non-analyzed field that is useful - for aggregations. - name: target_path - type: text + level: extended + type: keyword description: Target path for symlinks. - multi_fields: - - name: raw - type: keyword - description: > - Path to the file. This is a non-analyzed field that is useful - for aggregations. - name: extension + level: extended type: keyword description: > File extension. @@ -512,115 +746,113 @@ example: png - name: type + level: extended type: keyword description: File type (file, dir, or symlink). - name: device + level: extended type: keyword description: Device that is the source of the file. - name: inode + level: extended type: keyword description: Inode representing the file in the filesystem. - name: uid + level: extended type: keyword description: > The user ID (UID) or security identifier (SID) of the file owner. - name: owner + level: extended type: keyword description: File owner's username. - name: gid + level: extended type: keyword description: Primary group ID (GID) of the file. - name: group + level: extended type: keyword description: Primary group name of the file. - name: mode + level: extended type: keyword example: 0640 description: Mode of the file in octal representation. - name: size + level: extended type: long description: File size in bytes (field is only added when `type` is `file`). - name: mtime + level: extended type: date description: Last time file content was modified. - name: ctime + level: extended type: date description: Last time file metadata changed. - - name: geo - title: Geo + - name: group + title: Group group: 2 description: > - Geo fields can carry data about a specific location related to an event - or geo information for an IP field. + The group fields are meant to represent groups that are relevant to the + event. type: group fields: - - name: continent_name - type: keyword - description: > - Name of the continent. - - name: country_iso_code - type: keyword - description: > - Country ISO code. - - name: location - type: geo_point - description: > - Longitude and latitude. - - name: region_name + + - name: id + level: extended type: keyword description: > - Region name. - - name: city_name + Unique identifier for the group on the system/platform. + + - name: name + level: extended type: keyword description: > - City name. + Name of the group. - name: host title: Host group: 2 description: > - Host fields provide information related to a host. A host can be a - physical machine, a virtual machine, or a Docker container. - - Normally the host information is related to the machine on which the event - was generated/collected, but they can be used differently if needed. + A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or on which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes. type: group fields: - - name: timezone.offset.sec - type: long + + - name: hostname + level: core + type: keyword description: > - Timezone offset of the host in seconds. + Hostname of the host. - Number of seconds relative to UTC. If the offset is -01:30 the - value will be -5400. - phase: 1 - example: -5400 + It normally contains what the `hostname` command returns on the host machine. - name: name + level: core type: keyword description: > - host.name is the hostname of the host. + Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. - phase: 1 - name: id + level: core type: keyword - phase: 1 description: > Unique host id. @@ -629,16 +861,19 @@ Example: The current usage of `beat.name`. - name: ip + level: core type: ip description: > Host ip address. - name: mac + level: core type: keyword description: > Host mac address. - name: type + level: core type: keyword description: > Type of host. @@ -646,65 +881,174 @@ For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. - phase: 1 - - # Operating System information - - name: os.platform - type: keyword - description: > - Operating system platform (centos, ubuntu, windows, etc.) - example: darwin - - - name: os.name - type: keyword - example: "Mac OS X" - description: > - Operating system name. - - - name: os.family - type: keyword - example: "debian" - description: > - OS family (redhat, debian, freebsd, windows, etc.) - - - name: os.version - type: keyword - example: "10.12.6" - description: > - Operating system version. - name: architecture + level: core type: keyword example: "x86_64" description: > Operating system architecture. - - - name: http - title: HTTP - group: 2 - description: > - Fields related to HTTP requests and responses. - type: group - fields: - - name: request.method - type: keyword - description: > - Http request method. - example: GET, POST, PUT - - name: response.status_code - type: long - description: > - Http response status code. - example: 404 - - name: response.body - type: text - description: > - The full http response body. - example: Hello world - - name: version - type: keyword - description: > - Http version. + + - name: os + title: Operating System + group: 2 + description: > + The OS fields contain information about the operating system. + reusable: + top_level: false + expected: + - observer + - host + - user_agent + type: group + fields: + + - name: platform + level: extended + type: keyword + description: > + Operating system platform (such centos, ubuntu, windows). + example: darwin + + - name: name + level: extended + type: keyword + example: "Mac OS X" + description: > + Operating system name. + + - name: family + level: extended + type: keyword + example: "debian" + description: > + OS family (such as redhat, debian, freebsd, windows). + + - name: version + level: extended + type: keyword + example: "10.12.6-rc2" + description: > + Operating system version as a raw string. + + - name: kernel + level: extended + type: keyword + example: "4.4.0-112-generic" + description: > + Operating system kernel version as a raw string. + + - name: geo + title: Geo + group: 2 + description: > + Geo fields can carry data about a specific location related to an event + or geo information derived from an IP field. + type: group + fields: + + - name: location + level: core + type: geo_point + description: > + Longitude and latitude. + example: '{ "lon": -73.614830, "lat": 45.505918 }' + + - name: continent_name + level: core + type: keyword + description: > + Name of the continent. + example: North America + + - name: country_name + level: core + type: keyword + description: > + Country name. + example: Canada + + - name: region_name + level: core + type: keyword + description: > + Region name. + example: Quebec + + - name: city_name + level: core + type: keyword + description: > + City name. + example: Montreal + + - name: country_iso_code + level: core + type: keyword + description: > + Country ISO code. + example: CA + + - name: region_iso_code + level: core + type: keyword + description: > + Region ISO code. + example: CA-QC + + - name: name + level: extended + type: keyword + description: > + User-defined description of a location, at the level of granularity they care about. + + Could be the name of their data centers, the floor number, if this describes + a local physical entity, city names. + + Not typically used in automated geolocation. + example: boston-dc + + - name: http + title: HTTP + group: 2 + description: > + Fields related to HTTP activity. + type: group + fields: + + - name: request.method + level: extended + type: keyword + description: > + Http request method. + example: GET, POST, PUT + + - name: request.referrer + level: extended + type: keyword + description: > + Referrer for this HTTP request. + example: https://blog.example.com/ + + - name: response.status_code + level: extended + type: long + description: > + Http response status code. + example: 404 + + - name: response.body + level: extended + type: keyword + description: > + The full http response body. + example: Hello world + + - name: version + level: extended + type: keyword + description: > + Http version. example: 1.1 - name: log @@ -713,16 +1057,19 @@ Fields which are specific to log events. type: group fields: + - name: level + level: core type: keyword description: > Log level of the log event. Some examples are `WARN`, `ERR`, `INFO`. example: ERR + - name: original + level: core type: keyword - phase: 1 example: "Sep 19 08:26:10 localhost My log" index: false doc_values: false @@ -743,26 +1090,61 @@ title: Network group: 2 description: > - Fields related to network data. + The network is defined as the communication path over which a host or network event happens. The network.* fields should be populated with details about the network activity associated with an event. type: group fields: + - name: name - type: text + level: extended + type: keyword description: > Name given by operators to sections of their network. example: Guest Wifi - multi_fields: - - name: raw - type: keyword - description: > - Name given by operators to sections of their network. + + - name: type + level: core + type: keyword + description: > + In the OSI Model this would be the Network Layer. IPv4, IPv6, IPSec, PIM, etc + example: IPv4 + + - name: iana_number + level: extended + type: keyword + description: > + IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). + Standardized list of protocols. This aligns well with NetFlow and + sFlow related logs which use the IANA Protocol Number. + example: 6 + + - name: transport + level: core + type: keyword + description: > + Same as network.iana_number, but instead using the Keyword name of the + transport layer (UDP, TCP, IPv6-ICMP, etc.) + example: TCP + + - name: application + level: extended + type: keyword + description: > + A name given to an application. This can be arbitrarily assigned for + things like microservices, but also apply to things like skype, icq, + facebook, twitter. This would be used in situations where the vendor + or service can be decoded such as from the source/dest IP owners, + ports, or wire format. + example: AIM - name: protocol + level: core type: keyword description: > - Network protocol name. + L7 Network protocol name. ex. http, lumberjack, transport protocol example: http + - name: direction + level: core type: keyword description: > Direction of the network traffic. @@ -770,47 +1152,220 @@ Recommended values are: * inbound * outbound + * internal + * external * unknown + + When mapping events from a host-based monitoring context, populate this + field from the host's point of view. + + When mapping events from a network or perimeter-based monitoring context, + populate this field from the point of view of your network perimeter. example: inbound - name: forwarded_ip + level: core type: ip description: > Host IP address when the source IP address is the proxy. example: 192.1.1.2 + - name: community_id + level: extended + type: keyword + description: > + A hash of source and destination IPs and ports, as well as the protocol + used in a communication. This is a tool-agnostic standard to identify + flows. + + Learn more at https://github.com/corelight/community-id-spec. + example: '1:hO+sN4H+MG5MY/8hIrXPqc4ZQz0=' + # Metrics - - name: inbound.bytes + - name: bytes + level: core type: long description: > - Network inbound bytes. - example: 184 - - name: inbound.packets + Total bytes transferred in both directions. + + If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. + example: 368 + + - name: packets + level: core type: long description: > - Network inbound packets. - example: 12 - - name: outbound.bytes - type: long + Total packets transferred in both directions. + + If `source.packets` and `destination.packets` are known, `network.packets` is their sum. + example: 24 + + - name: observer + title: Observer + group: 2 + description: > + An observer is defined as a special network, security, or application device used to detect, observe, or create network, security, or application-related events and metrics. This could be a custom hardware appliance or a server that has been configured to run special network, security, or application software. Examples include firewalls, intrusion detection/prevention systems, network monitoring sensors, web application firewalls, data loss prevention systems, and APM servers. The observer.* fields shall be populated with details of the system, if any, that detects, observes and/or creates a network, security, or application event or metric. Message queues and ETL components used in processing events or metrics are not considered observers in ECS. + type: group + fields: + - name: mac + level: core + type: keyword description: > - Network outbound bytes. - example: 184 - - name: outbound.packets - type: long + MAC address of the observer + - name: ip + level: core + type: ip description: > - Network outbound packets. - example: 12 - - name: total.bytes - type: long + IP address of the observer. + - name: hostname + level: core + type: keyword description: > - Network total bytes. The sum of inbound.bytes + outbound.bytes. - example: 368 - - name: total.packets - type: long + Hostname of the observer. + - name: vendor + level: core + type: keyword description: > - Network outbound packets. The sum of inbound.packets + outbound.packets - example: 24 + observer vendor information. + - name: version + level: core + type: keyword + description: > + Observer version. + - name: serial_number + level: extended + type: keyword + description: > + Observer serial number. + - name: type + level: core + type: keyword + description: > + The type of the observer the data is coming from. + There is no predefined list of observer types. Some examples are + `forwarder`, `firewall`, `ids`, `ips`, `proxy`, `poller`, `sensor`, `APM server`. + example: firewall + + - name: os + title: Operating System + group: 2 + description: > + The OS fields contain information about the operating system. + reusable: + top_level: false + expected: + - observer + - host + - user_agent + type: group + fields: + + - name: platform + level: extended + type: keyword + description: > + Operating system platform (such centos, ubuntu, windows). + example: darwin + + - name: name + level: extended + type: keyword + example: "Mac OS X" + description: > + Operating system name. + + - name: family + level: extended + type: keyword + example: "debian" + description: > + OS family (such as redhat, debian, freebsd, windows). + + - name: version + level: extended + type: keyword + example: "10.12.6-rc2" + description: > + Operating system version as a raw string. + + - name: kernel + level: extended + type: keyword + example: "4.4.0-112-generic" + description: > + Operating system kernel version as a raw string. + + - name: geo + title: Geo + group: 2 + description: > + Geo fields can carry data about a specific location related to an event + or geo information derived from an IP field. + type: group + fields: + + - name: location + level: core + type: geo_point + description: > + Longitude and latitude. + example: '{ "lon": -73.614830, "lat": 45.505918 }' + + - name: continent_name + level: core + type: keyword + description: > + Name of the continent. + example: North America + + - name: country_name + level: core + type: keyword + description: > + Country name. + example: Canada + + - name: region_name + level: core + type: keyword + description: > + Region name. + example: Quebec + + - name: city_name + level: core + type: keyword + description: > + City name. + example: Montreal + + - name: country_iso_code + level: core + type: keyword + description: > + Country ISO code. + example: CA + + - name: region_iso_code + level: core + type: keyword + description: > + Region ISO code. + example: CA-QC + + - name: name + level: extended + type: keyword + description: > + User-defined description of a location, at the level of granularity they care about. + + Could be the name of their data centers, the floor number, if this describes + a local physical entity, city names. + + Not typically used in automated geolocation. + example: boston-dc + - name: organization title: Organization group: 2 @@ -820,12 +1375,15 @@ organizations. type: group fields: + - name: name - type: text + level: extended + type: keyword description: > Organization name. - name: id + level: extended type: keyword description: > Unique identifier for the organization. @@ -834,30 +1392,45 @@ group: 2 description: > The OS fields contain information about the operating system. - These fields are often used inside other prefixes, such as `host.os.*` or `user_agent.os.*`. + reusable: + top_level: false + expected: + - observer + - host + - user_agent type: group fields: + - name: platform + level: extended type: keyword description: > Operating system platform (such centos, ubuntu, windows). example: darwin + - name: name + level: extended type: keyword example: "Mac OS X" description: > Operating system name. + - name: family + level: extended type: keyword example: "debian" description: > OS family (such as redhat, debian, freebsd, windows). + - name: version + level: extended type: keyword example: "10.12.6-rc2" description: > Operating system version as a raw string. + - name: kernel + level: extended type: keyword example: "4.4.0-112-generic" description: > @@ -871,40 +1444,214 @@ These fields can help you correlate metrics information with a process id/name from a log message. The `process.pid` often stays in the metric itself and is copied to the global field for correlation. + type: group + fields: + + - name: pid + level: core + type: long + description: > + Process id. + exmple: ssh + + - name: name + level: extended + type: keyword + description: > + Process name. + + Sometimes called program name or similar. + example: ssh + + - name: ppid + level: extended + type: long + description: > + Process parent id. + + - name: args + level: extended + type: keyword + description: > + Process arguments. + + May be filtered to protect sensitive information. + example: ["ssh", "-l", "user", "10.0.0.16"] + + - name: executable + level: extended + type: keyword + description: > + Absolute path to the process executable. + example: /usr/bin/ssh + + - name: title + level: extended + type: keyword + description: > + Process title. + + The proctitle, some times the same as process name. Can also be different: + for example a browser setting its title to the web page currently opened. + + - name: thread.id + level: extended + type: long + example: 4242 + description: > + Thread ID. + + - name: start + level: extended + type: date + example: "2016-05-23T08:05:34.853Z" + description: > + The time the process started. + + - name: working_directory + level: extended + type: keyword + example: /home/alice + description: > + The working directory of the process. + + - name: related + title: Related + group: 2 + description: > + This field set is meant to facilitate pivoting around a piece of data. + Some pieces of information can be seen in many places in ECS. To facilitate + searching for them, append values to their corresponding field in + `related.`. + A concrete example is IP addresses, which can be under host, observer, source, destination, client, server, and network.forwarded_ip. If you append all IPs to `related.ip`, you can then search for a given IP trivially, no matter where it appeared, by querying `related.ip:a.b.c.d`. + type: group + fields: + + - name: ip + level: extended + type: ip + description: > + All of the IPs seen on your event. + - name: server + title: Server + group: 2 + description: > + A Server is defined as the responder in a network connection for events regarding sessions, connections, or bidirectional flow records. For TCP events, the server is the receiver of the initial SYN packet(s) of the TCP connection. For other protocols, the server is generally the responder in the network transaction. Some systems actually use the term "responder" to refer the server in TCP connections. The server fields describe details about the system acting as the server in the network event. Server fields are usually populated in conjunction with client fields. Server fields are generally not populated for packet-level events. type: group fields: - - name: args - type: keyword - description: > - Process arguments. - May be filtered to protect sensitive information. - example: ["-l", "user", "10.0.0.16"] - - name: name - type: keyword + - name: ip + level: core + type: ip description: > - Process name. + IP address of the server. - Sometimes called program name or similar. - example: ssh - - name: pid + Can be one or multiple IPv4 or IPv6 addresses. + + - name: port + level: core type: long description: > - Process id. - exmple: ssh - - name: ppid - type: long + Port of the server. + + - name: mac + level: core + type: keyword description: > - Process parent id. + MAC address of the server. - - name: title + - name: domain + level: core type: keyword description: > - Process title. + Server domain. - The proctitle, often the same as process name. + # Metrics + - name: bytes + level: core + type: long + example: 184 + description: > + Bytes sent from the server to the client. + - name: packets + level: core + type: long + example: 12 + description: > + Packets sent from the server to the client. + + - name: geo + title: Geo + group: 2 + description: > + Geo fields can carry data about a specific location related to an event + or geo information derived from an IP field. + type: group + fields: + + - name: location + level: core + type: geo_point + description: > + Longitude and latitude. + example: '{ "lon": -73.614830, "lat": 45.505918 }' + + - name: continent_name + level: core + type: keyword + description: > + Name of the continent. + example: North America + + - name: country_name + level: core + type: keyword + description: > + Country name. + example: Canada + + - name: region_name + level: core + type: keyword + description: > + Region name. + example: Quebec + + - name: city_name + level: core + type: keyword + description: > + City name. + example: Montreal + + - name: country_iso_code + level: core + type: keyword + description: > + Country ISO code. + example: CA + + - name: region_iso_code + level: core + type: keyword + description: > + Region ISO code. + example: CA-QC + + - name: name + level: extended + type: keyword + description: > + User-defined description of a location, at the level of granularity they care about. + + Could be the name of their data centers, the floor number, if this describes + a local physical entity, city names. + + Not typically used in automated geolocation. + example: boston-dc + - name: service title: Service group: 2 @@ -912,10 +1659,11 @@ The service fields describe the service for or from which the data was collected. These fields help you find and correlate logs for a specific service and version. - type: group fields: + - name: id + level: core type: keyword description: > Unique identifier of the running service. @@ -927,174 +1675,249 @@ can filter on that id to see metrics and logs for that single instance. example: d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6 - phase: 1 - name: name + level: core type: keyword - phase: 1 - example: "elasticsearch" + example: "elasticsearch-metrics" description: > Name of the service data is collected from. - The name can be used to group and correlate logs and metrics from one - service. + The name of the service is normally user given. This allows if two + instances of the same service are running on the same machine + they can be differentiated by the `service.name`. - Example: If logs or metrics are collected from Redis, `service.name` would be - `redis`. + Also it allows for distributed services that run on multiple hosts to + correlate the related instances based on the name. + + In the case of Elasticsearch the service.name could contain the cluster + name. For Beats the service.name is by default a copy of the `service.type` + field if no name is specified. - name: type + level: core type: keyword - phase: 1 + example: "elasticsearch" description: > - Service type. + The type of the service data is collected from. + + The type can be used to group and correlate logs and metrics from one + service type. + + Example: If logs or metrics are collected from Elasticsearch, `service.type` would be + `elasticsearch`. - name: state + level: core type: keyword - phase: 1 description: > Current state of the service. + - name: version + level: core type: keyword - phase: 1 example: "3.2.4" description: > Version of the service the data was collected from. This allows to look at a data set only for a specific version of a service. + - name: ephemeral_id + level: extended type: keyword description: > Ephemeral identifier of this service (if one exists). This id normally changes across restarts, but `service.id` does not. example: 8a4f500f - + - name: source title: Source + group: 2 description: > - Source fields describe details about the source of the event. - + Source fields describe details about the source of a + packet/event. Source fields are usually populated in conjunction with destination fields. type: group fields: - - name: ip - level: core - type: ip - description: > - IP address of the source. + + - name: ip + level: core + type: ip + description: > + IP address of the source. + + Can be one or multiple IPv4 or IPv6 addresses. + + - name: port + level: core + type: long + description: > + Port of the source. + + - name: mac + level: core + type: keyword + description: > + MAC address of the source. + + - name: domain + level: core + type: keyword + description: > + Source domain. + + # Metrics + - name: bytes + level: core + type: long + example: 184 + description: > + Bytes sent from the source to the destination. + + - name: packets + level: core + type: long + example: 12 + description: > + Packets sent from the source to the destination. + + - name: geo + title: Geo + group: 2 + description: > + Geo fields can carry data about a specific location related to an event + or geo information derived from an IP field. + type: group + fields: - Can be one or multiple IPv4 or IPv6 addresses. + - name: location + level: core + type: geo_point + description: > + Longitude and latitude. + example: '{ "lon": -73.614830, "lat": 45.505918 }' - - name: port - level: core - type: long - description: > - Port of the source. + - name: continent_name + level: core + type: keyword + description: > + Name of the continent. + example: North America - - name: mac - level: core - type: keyword - description: > - MAC address of the source. + - name: country_name + level: core + type: keyword + description: > + Country name. + example: Canada - - name: domain - level: core - type: keyword - description: > - Source domain. + - name: region_name + level: core + type: keyword + description: > + Region name. + example: Quebec - - name: geo - type: group - description: - Geolocation for source. - fields: - - name: continent_name - type: keyword - description: > - Name of the continent. + - name: city_name + level: core + type: keyword + description: > + City name. + example: Montreal - - name: country_iso_code - type: keyword - description: > - Country ISO code. + - name: country_iso_code + level: core + type: keyword + description: > + Country ISO code. + example: CA - - name: location - type: geo_point - description: > - Longitude and latitude. + - name: region_iso_code + level: core + type: keyword + description: > + Region ISO code. + example: CA-QC - - name: region_name - type: keyword - description: > - Region name. + - name: name + level: extended + type: keyword + description: > + User-defined description of a location, at the level of granularity they care about. - - name: city_name - type: keyword - description: > - City name. + Could be the name of their data centers, the floor number, if this describes + a local physical entity, city names. + + Not typically used in automated geolocation. + example: boston-dc - - name: region_iso_code - type: keyword - description: > - Region ISO code. - name: url title: URL description: > - URL fields provide a complete URL, with scheme, host, and path. The URL - object can be reused in other prefixes, such as `host.url.*` for - example. Keep the structure consistent whenever you use URL fields. - + URL fields provide a complete URL, with scheme, host, and path. type: group fields: + - name: original + level: extended type: keyword description: > - Full url. The field is stored as keyword. + Unmodified original url as seen in the event source. - `url.href` is a [multi field](https://www.elastic.co/guide/en/ - elasticsearch/reference/6.2/ - multi-fields.html#_multi_fields_with_multiple_analyzers). The data is - stored as keyword `url.href` and test - `url.href.analyzed`. These fields enable you to run a query against part - of the url still works splitting up the URL at ingest time. + Note that in network monitoring, the observed URL may be a full URL, + whereas in access logs, the URL is often just represented as a path. + + This field is meant to represent the URL as it was observed, complete + or not. + example: > + https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch + + - name: full + level: extended + type: keyword + description: > + If full URLs are important to your use case, they should be stored in + `url.full`, whether this field is reconstructed or present in the + event source. + example: https://www.elastic.co:443/search?q=elasticsearch#top - `href` is an analyzed field so the parsed information can be accessed - through `href.analyzed` in queries. - - example: https://elastic.co:443/search?q=elasticsearch#top - name: scheme + level: extended type: keyword description: > Scheme of the request, such as "https". Note: The `:` is not part of the scheme. example: https - - name: hostname + + - name: domain + level: extended type: keyword description: > - Hostname of the request, such as "elastic.co". - + Domain of the request, such as "www.elastic.co". + In some cases a URL may refer to an IP and/or port directly, without a - domain name. In this case, the IP address would go to the `hostname` field. - example: elastic.co + domain name. In this case, the IP address would go to the `domain` field. + example: www.elastic.co + - name: port + level: extended type: integer description: > Port of the request, such as 443. example: 443 + - name: path - type: text + level: extended + type: keyword description: > Path of the request, such as "/search". - multi_fields: - - name: raw - type: keyword - description: > - URL path. A non-analyzed field that is useful - for aggregations. + - name: query - type: text + level: extended + type: keyword description: > The query field describes the query string of the request, such as "q=elasticsearch". @@ -1103,23 +1926,23 @@ no `?`, there is no query field. If there is a `?` but no query, the query field exists with an empty string. The `exists` query can be used to differentiate between the two cases. - multi_fields: - - name: raw - type: keyword - description: > - URL query part. A non-analyzed field that is useful - for aggregations. + - name: fragment + level: extended type: keyword description: > Portion of the url after the `#`, such as "top". The `#` is not part of the fragment. + - name: username + level: extended type: keyword description: > Username of the request. + - name: password + level: extended type: keyword description: > Password of the request. @@ -1132,32 +1955,59 @@ to the event. Fields can have one entry or multiple entries. If a user has more than one id, provide an array that includes all of them. + reusable: + top_level: true + expected: + - client + - destination + - host + - server + - source type: group fields: + - name: id + level: core type: keyword description: > One or multiple unique identifiers of the user. + - name: name + level: core + type: keyword + example: albert + description: > + Short name or login of the user. + + - name: full_name + level: extended type: keyword + example: Albert Einstein description: > - Name of the user. + User's full name, if available. - The field is a keyword, and will not be tokenized. - name: email + level: extended type: keyword - phase: 1 description: > User email address. + - name: hash + level: extended type: keyword - phase: 1 description: > Unique user hash to correlate information for a user in anonymized form. Useful if `user.id` or `user.name` contain confidential information and cannot be used. + - name: group + level: extended + type: keyword + description: > + Group the user is a part of. This field can contain a list of groups, if + necessary. + - name: user_agent title: User agent group: 2 @@ -1166,54 +2016,86 @@ show up in web service logs coming from the parsed user agent string. type: group fields: + - name: original - type: text - description: > - Unparsed version of the user_agent. - - name: device - type: keyword - description: > - Name of the physical device. - - name: version - type: keyword - description: > - Version of the physical device. - - name: major - type: long - description: > - Major version of the user agent. - - name: minor - type: long - description: > - Minor version of the user agent. - - name: patch + level: extended type: keyword + index: false description: > - Patch version of the user agent. + Unparsed version of the user_agent. + example: "Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1" + - name: name + level: extended type: keyword - example: Chrome + example: Safari description: > Name of the user agent. - - name: os.name + - name: version + level: extended type: keyword description: > - Name of the operating system. - - name: os.version + Version of the user agent. + example: 12.0 + + - name: device.name + level: extended type: keyword + example: iPhone description: > - Version of the operating system. - - name: os.major - type: long - description: > - Major version of the operating system. - - name: os.minor - type: long - description: > - Minor version of the operating system. + Name of the device. + + - name: os + title: Operating System + group: 2 + description: > + The OS fields contain information about the operating system. + reusable: + top_level: false + expected: + - observer + - host + - user_agent + type: group + fields: + + - name: platform + level: extended + type: keyword + description: > + Operating system platform (such centos, ubuntu, windows). + example: darwin + + - name: name + level: extended + type: keyword + example: "Mac OS X" + description: > + Operating system name. + + - name: family + level: extended + type: keyword + example: "debian" + description: > + OS family (such as redhat, debian, freebsd, windows). - # Temporary fix to get 7.0 dashboards working. - # This must go in the ecs.yml as otherwise tests don't work. + - name: version + level: extended + type: keyword + example: "10.12.6-rc2" + description: > + Operating system version as a raw string. + + - name: kernel + level: extended + type: keyword + example: "4.4.0-112-generic" + description: > + Operating system kernel version as a raw string. + + # Temporary fix to get 7.0 dashboards working. + # This must go in the ecs.yml as otherwise tests don't work. - name: beat.name type: alias path: agent.type @@ -1222,3 +2104,43 @@ type: alias path: agent.hostname + # This is not in ECS. + # TODO: https://github.com/elastic/ecs/issues/178 + - name: agent.hostname + type: keyword + description: > + Hostname of the agent. + + # Several user_agent fields were removed from ECS. + # TODO: Update filebeat/iis/access accordingly. + - name: user_agent.patch + type: keyword + description: > + Patch version of the user agent. + - name: user_agent.minor + type: keyword + description: > + Minor version of the user agent. + - name: user_agent.major + type: keyword + description: > + Major version of the user agent. + - name: user_agent.device + type: keyword + description: > + Name of the physical device. + - name: user_agent.os.major + type: long + description: > + Major version of the operating system. + - name: user_agent.os.minor + type: long + description: > + Minor version of the operating system. + + # url.hostname was removed from ECS. + # TODO: Update Suricata module to use url.domain. + - name: url.hostname + type: keyword + description: > + Hostname of the request, such as "elastic.co". diff --git a/libbeat/processors/add_host_metadata/_meta/fields.yml b/libbeat/processors/add_host_metadata/_meta/fields.yml index a99a133fbb2..6cffd2ed718 100644 --- a/libbeat/processors/add_host_metadata/_meta/fields.yml +++ b/libbeat/processors/add_host_metadata/_meta/fields.yml @@ -3,11 +3,4 @@ description: > Info collected for the host machine. anchor: host-processor - fields: - - name: host - type: group - fields: - - name: os.kernel - type: keyword - description: > - The operating system's kernel version. + fields: {} diff --git a/metricbeat/docs/fields.asciidoc b/metricbeat/docs/fields.asciidoc index 1c04a31a5cb..0a06d932685 100644 --- a/metricbeat/docs/fields.asciidoc +++ b/metricbeat/docs/fields.asciidoc @@ -3375,7 +3375,7 @@ ECS fields. [float] == agent fields -The agent fields contain the data about the agent/client/shipper that created the event. +The agent fields contain the data about the software entity, if any, that collects, detects, or observes events on a host, or takes measurements on a host. Examples include Beats. Agents may also run on observers. ECS agent.* fields shall be populated with details of the agent running on the host or observer where the event happened or the measurement was taken. @@ -3391,24 +3391,29 @@ Version of the agent. -- -*`agent.type`*:: +*`agent.name`*:: + -- type: keyword -example: filebeat +example: foo Name of the agent. +This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. +If no name is given, the name is often left empty. -- -*`agent.hostname`*:: +*`agent.type`*:: + -- type: keyword -Hostname of the agent. +example: filebeat + +Type of the agent. +The agent type stays always the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine. -- @@ -3479,7 +3484,7 @@ List of keywords used to tag each event. -- type: object -example: {'key2': 'value2', 'key1': 'value1'} +example: {'application': 'foo-bar', 'env': 'production'} Key/value pairs. Can be used to add meta information to events. Should not contain nested objects. All values are stored as keyword. @@ -3499,6 +3504,183 @@ For log events the message field contains the log message. In other use cases the message field can be used to concatenate different values which are then freely searchable. If multiple messages exist, they can be combined into one message. +-- + +[float] +== client fields + +A client is defined as the initiator of a network connection for events regarding sessions, connections, or bidirectional flow records. For TCP events, the client is the initiator of the TCP connection that sends the SYN packet(s). For other protocols, the client is generally the initiator or requestor in the network transaction. Some systems use the term "originator" to refer the client in TCP connections. The client fields describe details about the system acting as the client in the network event. Client fields are usually populated in conjuction with server fields. Client fields are generally not populated for packet-level events. + + + +*`client.ip`*:: ++ +-- +type: ip + +IP address of the client. +Can be one or multiple IPv4 or IPv6 addresses. + + +-- + +*`client.port`*:: ++ +-- +type: long + +Port of the client. + + +-- + +*`client.mac`*:: ++ +-- +type: keyword + +MAC address of the client. + + +-- + +*`client.domain`*:: ++ +-- +type: keyword + +Client domain. + + +-- + +*`client.bytes`*:: ++ +-- +type: long + +example: 184 + +Bytes sent from the client to the server. + + +-- + +*`client.packets`*:: ++ +-- +type: long + +example: 12 + +Packets sent from the client to the server. + + +-- + +[float] +== geo fields + +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + + + +*`client.geo.location`*:: ++ +-- +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +Longitude and latitude. + + +-- + +*`client.geo.continent_name`*:: ++ +-- +type: keyword + +example: North America + +Name of the continent. + + +-- + +*`client.geo.country_name`*:: ++ +-- +type: keyword + +example: Canada + +Country name. + + +-- + +*`client.geo.region_name`*:: ++ +-- +type: keyword + +example: Quebec + +Region name. + + +-- + +*`client.geo.city_name`*:: ++ +-- +type: keyword + +example: Montreal + +City name. + + +-- + +*`client.geo.country_iso_code`*:: ++ +-- +type: keyword + +example: CA + +Country ISO code. + + +-- + +*`client.geo.region_iso_code`*:: ++ +-- +type: keyword + +example: CA-QC + +Region ISO code. + + +-- + +*`client.geo.name`*:: ++ +-- +type: keyword + +example: boston-dc + +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. + + -- [float] @@ -3663,7 +3845,7 @@ Image labels. [float] == destination fields -Destination fields describe details about the destination of a packet/event. +Destination fields describe details about the destination of a packet/event. Destination fields are usually populated in conjunction with source fields. @@ -3708,161 +3890,154 @@ Destination domain. -- -[float] -== geo fields - -Geolocation for destination. - - -*`destination.geo.continent_name`*:: +*`destination.bytes`*:: + -- -type: keyword +type: long -Name of the continent. +example: 184 + +Bytes sent from the destination to the source. -- -*`destination.geo.country_iso_code`*:: +*`destination.packets`*:: + -- -type: keyword +type: long -Country ISO code. +example: 12 + +Packets sent from the destination to the source. -- +[float] +== geo fields + +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + + + *`destination.geo.location`*:: + -- type: geo_point +example: { "lon": -73.614830, "lat": 45.505918 } + Longitude and latitude. -- -*`destination.geo.region_name`*:: +*`destination.geo.continent_name`*:: + -- type: keyword -Region name. +example: North America + +Name of the continent. -- -*`destination.geo.city_name`*:: +*`destination.geo.country_name`*:: + -- type: keyword -City name. +example: Canada + +Country name. -- -*`destination.geo.region_iso_code`*:: +*`destination.geo.region_name`*:: + -- type: keyword -Region ISO code. - - --- +example: Quebec -[float] -== device fields - -Device fields are used to provide additional information about the device that is the source of the information. This could be a firewall, network device, etc. +Region name. +-- -*`device.mac`*:: +*`destination.geo.city_name`*:: + -- type: keyword -MAC address of the device - - --- - -*`device.ip`*:: -+ --- -type: ip +example: Montreal -IP address of the device. +City name. -- -*`device.hostname`*:: +*`destination.geo.country_iso_code`*:: + -- type: keyword -Hostname of the device. - - --- - -*`device.vendor`*:: -+ --- -type: text +example: CA -Device vendor information. +Country ISO code. -- -*`device.version`*:: +*`destination.geo.region_iso_code`*:: + -- type: keyword -Device version. +example: CA-QC + +Region ISO code. -- -*`device.serial_number`*:: +*`destination.geo.name`*:: + -- type: keyword -Device serial number. +example: boston-dc +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. --- -*`device.timezone.offset.sec`*:: -+ -- -type: long -example: -5400 +[float] +== ecs fields -Timezone offset of the host in seconds. -Number of seconds relative to UTC. If the offset is -01:30 the value will be -5400. +Meta-information specific to ECS. --- -*`device.type`*:: +*`ecs.version`*:: + -- type: keyword -example: firewall +example: 1.0.0-beta1 -The type of the device the data is coming from. -There is no predefined list of device types. Some examples are `endpoint`, `firewall`, `ids`, `ips`, `proxy`. +required: True + +ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. +When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. +The current version is 1.0.0-beta1 . -- @@ -3907,7 +4082,7 @@ Error code describing the error. [float] == event fields -The event fields are used for context information about the data itself. +The event fields are used for context information about the log or metric event itself. A log is defined as an event containing details of something that happened. Log events must include the time at which the thing happened. Examples of log events include a process starting on a host, a network packet being sent from a source to a destination, or a network connection between a client and a server being initiated or closed. A metric is defined as an event containing one or more numerical or categorical measurements and the time at which the measurement was taken. Examples of metric events include memory pressure measured on a host, or vulnerabilities measured on a scanned host. @@ -3921,6 +4096,19 @@ example: 8a4f500d Unique ID to describe the event. +-- + +*`event.kind`*:: ++ +-- +type: keyword + +example: state + +The kind of the event. +This gives information about what type of information the event contains, without being specific to the contents of the event. Examples are `event`, `state`, `alarm`. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. + + -- *`event.category`*:: @@ -3928,36 +4116,47 @@ Unique ID to describe the event. -- type: keyword -example: metrics +example: user-management Event category. -This can be a user defined category. +This contains high-level information about the contents of the event. It is more generic than `event.action`, in the sense that typically a category contains multiple actions. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. -- -*`event.type`*:: +*`event.action`*:: + -- type: keyword -example: nginx-stats-metrics +example: user-password-change -A type given to this kind of event which can be used for grouping. -This is normally defined by the user. +The action captured by the event. +This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer. -- -*`event.action`*:: +*`event.outcome`*:: + -- type: keyword -example: reject +example: success + +The outcome of the event. +If the event describes an action, this fields contains the outcome of that action. Examples outcomes are `success` and `failure`. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. + + +-- + +*`event.type`*:: ++ +-- +type: keyword -The action captured by the event. The type of action will vary from system to system but is likely to include actions by security services, such as blocking or quarantining; as well as more generic actions such as login events, file i/o or proxy forwarding events. -The value is normally defined by the user. +Reserved for future usage. +Please avoid using this field for user data. -- @@ -4027,29 +4226,24 @@ Hash (perhaps logstash fingerprint) of raw field to be able to demonstrate log i -- -*`event.version`*:: +*`event.duration`*:: + -- -type: keyword - -example: 0.1.0 - -required: True +type: long -The version field contains the version an event for ECS adheres to. -This field should be provided as part of each event to make it possible to detect to which ECS version an event belongs. -event.version is a required field and must exist in all events. It describes which ECS version the event adheres to. -The current version is 0.1.0. +Duration of the event in nanoseconds. +If event.start and event.end are known this value should be the difference between the end and start time. -- -*`event.duration`*:: +*`event.timezone`*:: + -- -type: long +type: keyword -Duration of the event in nanoseconds. +This field should be populated when the event's timestamp does not include timezone information already (e.g. default Syslog timestamps). It's optional otherwise. +Acceptable timezone formats are: a canonical ID (e.g. "Europe/Amsterdam"), abbreviated (e.g. "EST") or an HH:mm differential (e.g. "-05:00"). -- @@ -4066,10 +4260,30 @@ In case the two timestamps are identical, @timestamp should be used. -- -*`event.risk_score`*:: +*`event.start`*:: + -- -type: float +type: date + +event.start contains the date when the event started or when the activity was first observed. + + +-- + +*`event.end`*:: ++ +-- +type: date + +event.end contains the date when the event ended or when the activity was last observed. + + +-- + +*`event.risk_score`*:: ++ +-- +type: float Risk score or priority of the event (e.g. security solutions). Use your system's original value here. @@ -4090,45 +4304,25 @@ This is mainly useful if you use more than one system that assigns risk scores, [float] == file fields -File fields provide details about each file. +A file is defined as a set of information that has been created on, or has existed on a filesystem. File objects can be associated with host events, network events, and/or file events (e.g., those produced by File Integrity Monitoring [FIM] products or services). File fields provide details about the affected file associated with the event or metric. *`file.path`*:: + -- -type: text - -Path to the file. - -*`file.path.raw`*:: -+ --- type: keyword -Path to the file. This is a non-analyzed field that is useful for aggregations. - - --- +Path to the file. -- *`file.target_path`*:: + -- -type: text - -Target path for symlinks. - -*`file.target_path.raw`*:: -+ --- type: keyword -Path to the file. This is a non-analyzed field that is useful for aggregations. - - --- +Target path for symlinks. -- @@ -4248,193 +4442,284 @@ Last time file metadata changed. -- [float] -== geo fields +== group fields -Geo fields can carry data about a specific location related to an event or geo information for an IP field. +The group fields are meant to represent groups that are relevant to the event. -*`geo.continent_name`*:: +*`group.id`*:: + -- type: keyword -Name of the continent. +Unique identifier for the group on the system/platform. -- -*`geo.country_iso_code`*:: +*`group.name`*:: + -- type: keyword -Country ISO code. +Name of the group. -- -*`geo.location`*:: +[float] +== host fields + +A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or on which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes. + + + +*`host.hostname`*:: + -- -type: geo_point +type: keyword -Longitude and latitude. +Hostname of the host. +It normally contains what the `hostname` command returns on the host machine. -- -*`geo.region_name`*:: +*`host.name`*:: + -- type: keyword -Region name. +Name of the host. +It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. -- -*`geo.city_name`*:: +*`host.id`*:: + -- type: keyword -City name. +Unique host id. +As hostname is not always unique, use values that are meaningful in your environment. +Example: The current usage of `beat.name`. + + +-- + +*`host.ip`*:: ++ +-- +type: ip + +Host ip address. + + +-- + +*`host.mac`*:: ++ +-- +type: keyword + +Host mac address. + + +-- + +*`host.type`*:: ++ +-- +type: keyword + +Type of host. +For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. + + +-- + +*`host.architecture`*:: ++ +-- +type: keyword + +example: x86_64 + +Operating system architecture. -- [float] -== host fields +== os fields -Host fields provide information related to a host. A host can be a physical machine, a virtual machine, or a Docker container. -Normally the host information is related to the machine on which the event was generated/collected, but they can be used differently if needed. +The OS fields contain information about the operating system. -*`host.timezone.offset.sec`*:: +*`host.os.platform`*:: + -- -type: long +type: keyword -example: -5400 +example: darwin -Timezone offset of the host in seconds. -Number of seconds relative to UTC. If the offset is -01:30 the value will be -5400. +Operating system platform (such centos, ubuntu, windows). -- -*`host.name`*:: +*`host.os.name`*:: + -- type: keyword -host.name is the hostname of the host. -It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. +example: Mac OS X + +Operating system name. -- -*`host.id`*:: +*`host.os.family`*:: + -- type: keyword -Unique host id. -As hostname is not always unique, use values that are meaningful in your environment. -Example: The current usage of `beat.name`. +example: debian + +OS family (such as redhat, debian, freebsd, windows). -- -*`host.ip`*:: +*`host.os.version`*:: + -- -type: ip +type: keyword -Host ip address. +example: 10.12.6-rc2 + +Operating system version as a raw string. -- -*`host.mac`*:: +*`host.os.kernel`*:: + -- type: keyword -Host mac address. +example: 4.4.0-112-generic + +Operating system kernel version as a raw string. -- -*`host.type`*:: +[float] +== geo fields + +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + + + +*`host.geo.location`*:: ++ +-- +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +Longitude and latitude. + + +-- + +*`host.geo.continent_name`*:: + -- type: keyword -Type of host. -For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. +example: North America + +Name of the continent. -- -*`host.os.platform`*:: +*`host.geo.country_name`*:: + -- type: keyword -example: darwin +example: Canada -Operating system platform (centos, ubuntu, windows, etc.) +Country name. -- -*`host.os.name`*:: +*`host.geo.region_name`*:: + -- type: keyword -example: Mac OS X +example: Quebec -Operating system name. +Region name. -- -*`host.os.family`*:: +*`host.geo.city_name`*:: + -- type: keyword -example: debian +example: Montreal -OS family (redhat, debian, freebsd, windows, etc.) +City name. -- -*`host.os.version`*:: +*`host.geo.country_iso_code`*:: + -- type: keyword -example: 10.12.6 +example: CA -Operating system version. +Country ISO code. -- -*`host.architecture`*:: +*`host.geo.region_iso_code`*:: + -- type: keyword -example: x86_64 +example: CA-QC -Operating system architecture. +Region ISO code. + + +-- + +*`host.geo.name`*:: ++ +-- +type: keyword + +example: boston-dc + +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. -- @@ -4442,7 +4727,7 @@ Operating system architecture. [float] == http fields -Fields related to HTTP requests and responses. +Fields related to HTTP activity. @@ -4456,6 +4741,18 @@ example: GET, POST, PUT Http request method. +-- + +*`http.request.referrer`*:: ++ +-- +type: keyword + +example: https://blog.example.com/ + +Referrer for this HTTP request. + + -- *`http.response.status_code`*:: @@ -4473,7 +4770,7 @@ Http response status code. *`http.response.body`*:: + -- -type: text +type: keyword example: Hello world @@ -4534,186 +4831,448 @@ Field is not indexed. [float] == network fields -Fields related to network data. +The network is defined as the communication path over which a host or network event happens. The network.* fields should be populated with details about the network activity associated with an event. *`network.name`*:: + -- -type: text +type: keyword example: Guest Wifi Name given by operators to sections of their network. -*`network.name.raw`*:: +-- + +*`network.type`*:: + -- type: keyword -Name given by operators to sections of their network. +example: IPv4 +In the OSI Model this would be the Network Layer. IPv4, IPv6, IPSec, PIM, etc --- -- -*`network.protocol`*:: +*`network.iana_number`*:: + -- type: keyword -example: http +example: 6 -Network protocol name. +IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Standardized list of protocols. This aligns well with NetFlow and sFlow related logs which use the IANA Protocol Number. -- -*`network.direction`*:: +*`network.transport`*:: + -- type: keyword -example: inbound +example: TCP -Direction of the network traffic. -Recommended values are: - * inbound - * outbound - * unknown +Same as network.iana_number, but instead using the Keyword name of the transport layer (UDP, TCP, IPv6-ICMP, etc.) -- -*`network.forwarded_ip`*:: +*`network.application`*:: + -- -type: ip +type: keyword -example: 192.1.1.2 +example: AIM -Host IP address when the source IP address is the proxy. +A name given to an application. This can be arbitrarily assigned for things like microservices, but also apply to things like skype, icq, facebook, twitter. This would be used in situations where the vendor or service can be decoded such as from the source/dest IP owners, ports, or wire format. -- -*`network.inbound.bytes`*:: +*`network.protocol`*:: + -- -type: long +type: keyword -example: 184 +example: http -Network inbound bytes. +L7 Network protocol name. ex. http, lumberjack, transport protocol -- -*`network.inbound.packets`*:: +*`network.direction`*:: + -- -type: long +type: keyword -example: 12 +example: inbound + +Direction of the network traffic. +Recommended values are: + * inbound + * outbound + * internal + * external + * unknown -Network inbound packets. +When mapping events from a host-based monitoring context, populate this field from the host's point of view. +When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of your network perimeter. -- -*`network.outbound.bytes`*:: +*`network.forwarded_ip`*:: + -- -type: long +type: ip -example: 184 +example: 192.1.1.2 -Network outbound bytes. +Host IP address when the source IP address is the proxy. -- -*`network.outbound.packets`*:: +*`network.community_id`*:: + -- -type: long +type: keyword -example: 12 +example: 1:hO+sN4H+MG5MY/8hIrXPqc4ZQz0= -Network outbound packets. +A hash of source and destination IPs and ports, as well as the protocol used in a communication. This is a tool-agnostic standard to identify flows. +Learn more at https://github.com/corelight/community-id-spec. -- -*`network.total.bytes`*:: +*`network.bytes`*:: + -- type: long example: 368 -Network total bytes. The sum of inbound.bytes + outbound.bytes. +Total bytes transferred in both directions. +If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. -- -*`network.total.packets`*:: +*`network.packets`*:: + -- type: long example: 24 -Network outbound packets. The sum of inbound.packets + outbound.packets +Total packets transferred in both directions. +If `source.packets` and `destination.packets` are known, `network.packets` is their sum. -- [float] -== organization fields +== observer fields -The organization fields enrich data with information about the company or entity the data is associated with. These fields help you arrange or filter data stored in an index by one or multiple organizations. +An observer is defined as a special network, security, or application device used to detect, observe, or create network, security, or application-related events and metrics. This could be a custom hardware appliance or a server that has been configured to run special network, security, or application software. Examples include firewalls, intrusion detection/prevention systems, network monitoring sensors, web application firewalls, data loss prevention systems, and APM servers. The observer.* fields shall be populated with details of the system, if any, that detects, observes and/or creates a network, security, or application event or metric. Message queues and ETL components used in processing events or metrics are not considered observers in ECS. -*`organization.name`*:: +*`observer.mac`*:: + -- -type: text +type: keyword -Organization name. +MAC address of the observer -- -*`organization.id`*:: +*`observer.ip`*:: + -- -type: keyword +type: ip -Unique identifier for the organization. +IP address of the observer. -- -[float] -== os fields +*`observer.hostname`*:: ++ +-- +type: keyword -The OS fields contain information about the operating system. These fields are often used inside other prefixes, such as `host.os.*` or `user_agent.os.*`. +Hostname of the observer. +-- -*`os.platform`*:: +*`observer.vendor`*:: + -- type: keyword -example: darwin +observer vendor information. -Operating system platform (such centos, ubuntu, windows). + +-- + +*`observer.version`*:: ++ +-- +type: keyword + +Observer version. + + +-- + +*`observer.serial_number`*:: ++ +-- +type: keyword + +Observer serial number. + + +-- + +*`observer.type`*:: ++ +-- +type: keyword + +example: firewall + +The type of the observer the data is coming from. +There is no predefined list of observer types. Some examples are `forwarder`, `firewall`, `ids`, `ips`, `proxy`, `poller`, `sensor`, `APM server`. + + +-- + +[float] +== os fields + +The OS fields contain information about the operating system. + + + +*`observer.os.platform`*:: ++ +-- +type: keyword + +example: darwin + +Operating system platform (such centos, ubuntu, windows). + + +-- + +*`observer.os.name`*:: ++ +-- +type: keyword + +example: Mac OS X + +Operating system name. + + +-- + +*`observer.os.family`*:: ++ +-- +type: keyword + +example: debian + +OS family (such as redhat, debian, freebsd, windows). + + +-- + +*`observer.os.version`*:: ++ +-- +type: keyword + +example: 10.12.6-rc2 + +Operating system version as a raw string. + + +-- + +*`observer.os.kernel`*:: ++ +-- +type: keyword + +example: 4.4.0-112-generic + +Operating system kernel version as a raw string. + + +-- + +[float] +== geo fields + +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + + + +*`observer.geo.location`*:: ++ +-- +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +Longitude and latitude. + + +-- + +*`observer.geo.continent_name`*:: ++ +-- +type: keyword + +example: North America + +Name of the continent. + + +-- + +*`observer.geo.country_name`*:: ++ +-- +type: keyword + +example: Canada + +Country name. + + +-- + +*`observer.geo.region_name`*:: ++ +-- +type: keyword + +example: Quebec + +Region name. + + +-- + +*`observer.geo.city_name`*:: ++ +-- +type: keyword + +example: Montreal + +City name. + + +-- + +*`observer.geo.country_iso_code`*:: ++ +-- +type: keyword + +example: CA + +Country ISO code. + + +-- + +*`observer.geo.region_iso_code`*:: ++ +-- +type: keyword + +example: CA-QC + +Region ISO code. + + +-- + +*`observer.geo.name`*:: ++ +-- +type: keyword + +example: boston-dc + +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. + + +-- + +[float] +== organization fields + +The organization fields enrich data with information about the company or entity the data is associated with. These fields help you arrange or filter data stored in an index by one or multiple organizations. + + + +*`organization.name`*:: ++ +-- +type: keyword + +Organization name. + + +-- + +*`organization.id`*:: ++ +-- +type: keyword + +Unique identifier for the organization. + + +-- + +[float] +== os fields + +The OS fields contain information about the operating system. + + + +*`os.platform`*:: ++ +-- +type: keyword + +example: darwin + +Operating system platform (such centos, ubuntu, windows). -- @@ -4773,12 +5332,45 @@ These fields contain information about a process. These fields can help you corr +*`process.pid`*:: ++ +-- +type: long + +Process id. + + +-- + +*`process.name`*:: ++ +-- +type: keyword + +example: ssh + +Process name. +Sometimes called program name or similar. + + +-- + +*`process.ppid`*:: ++ +-- +type: long + +Process parent id. + + +-- + *`process.args`*:: + -- type: keyword -example: ['-l', 'user', '10.0.0.16'] +example: ['ssh', '-l', 'user', '10.0.0.16'] Process arguments. May be filtered to protect sensitive information. @@ -4786,46 +5378,255 @@ May be filtered to protect sensitive information. -- -*`process.name`*:: +*`process.executable`*:: + -- type: keyword -example: ssh +example: /usr/bin/ssh -Process name. -Sometimes called program name or similar. +Absolute path to the process executable. -- -*`process.pid`*:: +*`process.title`*:: ++ +-- +type: keyword + +Process title. +The proctitle, some times the same as process name. Can also be different: for example a browser setting its title to the web page currently opened. + + +-- + +*`process.thread.id`*:: + -- type: long -Process id. +example: 4242 + +Thread ID. -- -*`process.ppid`*:: +*`process.start`*:: ++ +-- +type: date + +example: 2016-05-23T08:05:34.853Z + +The time the process started. + + +-- + +*`process.working_directory`*:: ++ +-- +type: keyword + +example: /home/alice + +The working directory of the process. + + +-- + +[float] +== related fields + +This field set is meant to facilitate pivoting around a piece of data. Some pieces of information can be seen in many places in ECS. To facilitate searching for them, append values to their corresponding field in `related.`. A concrete example is IP addresses, which can be under host, observer, source, destination, client, server, and network.forwarded_ip. If you append all IPs to `related.ip`, you can then search for a given IP trivially, no matter where it appeared, by querying `related.ip:a.b.c.d`. + + + +*`related.ip`*:: ++ +-- +type: ip + +All of the IPs seen on your event. + + +-- + +[float] +== server fields + +A Server is defined as the responder in a network connection for events regarding sessions, connections, or bidirectional flow records. For TCP events, the server is the receiver of the initial SYN packet(s) of the TCP connection. For other protocols, the server is generally the responder in the network transaction. Some systems actually use the term "responder" to refer the server in TCP connections. The server fields describe details about the system acting as the server in the network event. Server fields are usually populated in conjunction with client fields. Server fields are generally not populated for packet-level events. + + + +*`server.ip`*:: ++ +-- +type: ip + +IP address of the server. +Can be one or multiple IPv4 or IPv6 addresses. + + +-- + +*`server.port`*:: + -- type: long -Process parent id. +Port of the server. -- -*`process.title`*:: +*`server.mac`*:: ++ +-- +type: keyword + +MAC address of the server. + + +-- + +*`server.domain`*:: ++ +-- +type: keyword + +Server domain. + + +-- + +*`server.bytes`*:: ++ +-- +type: long + +example: 184 + +Bytes sent from the server to the client. + + +-- + +*`server.packets`*:: ++ +-- +type: long + +example: 12 + +Packets sent from the server to the client. + + +-- + +[float] +== geo fields + +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + + + +*`server.geo.location`*:: ++ +-- +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +Longitude and latitude. + + +-- + +*`server.geo.continent_name`*:: ++ +-- +type: keyword + +example: North America + +Name of the continent. + + +-- + +*`server.geo.country_name`*:: ++ +-- +type: keyword + +example: Canada + +Country name. + + +-- + +*`server.geo.region_name`*:: ++ +-- +type: keyword + +example: Quebec + +Region name. + + +-- + +*`server.geo.city_name`*:: ++ +-- +type: keyword + +example: Montreal + +City name. + + +-- + +*`server.geo.country_iso_code`*:: ++ +-- +type: keyword + +example: CA + +Country ISO code. + + +-- + +*`server.geo.region_iso_code`*:: ++ +-- +type: keyword + +example: CA-QC + +Region ISO code. + + +-- + +*`server.geo.name`*:: + -- type: keyword -Process title. -The proctitle, often the same as process name. +example: boston-dc + +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. -- @@ -4856,11 +5657,12 @@ Example: If you are experiencing issues with one redis instance, you can filter -- type: keyword -example: elasticsearch +example: elasticsearch-metrics Name of the service data is collected from. -The name can be used to group and correlate logs and metrics from one service. -Example: If logs or metrics are collected from Redis, `service.name` would be `redis`. +The name of the service is normally user given. This allows if two instances of the same service are running on the same machine they can be differentiated by the `service.name`. +Also it allows for distributed services that run on multiple hosts to correlate the related instances based on the name. +In the case of Elasticsearch the service.name could contain the cluster name. For Beats the service.name is by default a copy of the `service.type` field if no name is specified. -- @@ -4870,7 +5672,11 @@ Example: If logs or metrics are collected from Redis, `service.name` would be `r -- type: keyword -Service type. +example: elasticsearch + +The type of the service data is collected from. +The type can be used to group and correlate logs and metrics from one service type. +Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. -- @@ -4914,7 +5720,7 @@ This id normally changes across restarts, but `service.id` does not. [float] == source fields -Source fields describe details about the source of the event. +Source fields describe details about the source of a packet/event. Source fields are usually populated in conjunction with destination fields. @@ -4957,40 +5763,71 @@ type: keyword Source domain. +-- + +*`source.bytes`*:: ++ +-- +type: long + +example: 184 + +Bytes sent from the source to the destination. + + +-- + +*`source.packets`*:: ++ +-- +type: long + +example: 12 + +Packets sent from the source to the destination. + + -- [float] == geo fields -Geolocation for source. +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. -*`source.geo.continent_name`*:: + +*`source.geo.location`*:: + -- -type: keyword +type: geo_point -Name of the continent. +example: { "lon": -73.614830, "lat": 45.505918 } + +Longitude and latitude. -- -*`source.geo.country_iso_code`*:: +*`source.geo.continent_name`*:: + -- type: keyword -Country ISO code. +example: North America + +Name of the continent. -- -*`source.geo.location`*:: +*`source.geo.country_name`*:: + -- -type: geo_point +type: keyword -Longitude and latitude. +example: Canada + +Country name. -- @@ -5000,6 +5837,8 @@ Longitude and latitude. -- type: keyword +example: Quebec + Region name. @@ -5010,9 +5849,23 @@ Region name. -- type: keyword +example: Montreal + City name. +-- + +*`source.geo.country_iso_code`*:: ++ +-- +type: keyword + +example: CA + +Country ISO code. + + -- *`source.geo.region_iso_code`*:: @@ -5020,15 +5873,31 @@ City name. -- type: keyword +example: CA-QC + Region ISO code. +-- + +*`source.geo.name`*:: ++ +-- +type: keyword + +example: boston-dc + +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. + + -- [float] == url fields -URL fields provide a complete URL, with scheme, host, and path. The URL object can be reused in other prefixes, such as `host.url.*` for example. Keep the structure consistent whenever you use URL fields. +URL fields provide a complete URL, with scheme, host, and path. @@ -5037,11 +5906,24 @@ URL fields provide a complete URL, with scheme, host, and path. The URL object c -- type: keyword -example: https://elastic.co:443/search?q=elasticsearch#top +example: https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch + + +Unmodified original url as seen in the event source. +Note that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path. +This field is meant to represent the URL as it was observed, complete or not. + + +-- + +*`url.full`*:: ++ +-- +type: keyword + +example: https://www.elastic.co:443/search?q=elasticsearch#top -Full url. The field is stored as keyword. -`url.href` is a [multi field](https://www.elastic.co/guide/en/ elasticsearch/reference/6.2/ multi-fields.html#_multi_fields_with_multiple_analyzers). The data is stored as keyword `url.href` and test `url.href.analyzed`. These fields enable you to run a query against part of the url still works splitting up the URL at ingest time. -`href` is an analyzed field so the parsed information can be accessed through `href.analyzed` in queries. +If full URLs are important to your use case, they should be stored in `url.full`, whether this field is reconstructed or present in the event source. -- @@ -5059,15 +5941,15 @@ Note: The `:` is not part of the scheme. -- -*`url.hostname`*:: +*`url.domain`*:: + -- type: keyword -example: elastic.co +example: www.elastic.co -Hostname of the request, such as "elastic.co". -In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `hostname` field. +Domain of the request, such as "www.elastic.co". +In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field. -- @@ -5087,42 +5969,22 @@ Port of the request, such as 443. *`url.path`*:: + -- -type: text - -Path of the request, such as "/search". - - -*`url.path.raw`*:: -+ --- type: keyword -URL path. A non-analyzed field that is useful for aggregations. - +Path of the request, such as "/search". --- -- *`url.query`*:: + -- -type: text +type: keyword The query field describes the query string of the request, such as "q=elasticsearch". The `?` is excluded from the query string. If a URL contains no `?`, there is no query field. If there is a `?` but no query, the query field exists with an empty string. The `exists` query can be used to differentiate between the two cases. -*`url.query.raw`*:: -+ --- -type: keyword - -URL query part. A non-analyzed field that is useful for aggregations. - - --- - -- *`url.fragment`*:: @@ -5178,8 +6040,21 @@ One or multiple unique identifiers of the user. -- type: keyword -Name of the user. -The field is a keyword, and will not be tokenized. +example: albert + +Short name or login of the user. + + +-- + +*`user.full_name`*:: ++ +-- +type: keyword + +example: Albert Einstein + +User's full name, if available. -- @@ -5203,6 +6078,16 @@ Unique user hash to correlate information for a user in anonymized form. Useful if `user.id` or `user.name` contain confidential information and cannot be used. +-- + +*`user.group`*:: ++ +-- +type: keyword + +Group the user is a part of. This field can contain a list of groups, if necessary. + + -- [float] @@ -5215,19 +6100,25 @@ The user_agent fields normally come from a browser request. They often show up i *`user_agent.original`*:: + -- -type: text +type: keyword + +example: Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1 Unparsed version of the user_agent. +Field is not indexed. + -- -*`user_agent.device`*:: +*`user_agent.name`*:: + -- type: keyword -Name of the physical device. +example: Safari + +Name of the user agent. -- @@ -5237,27 +6128,116 @@ Name of the physical device. -- type: keyword -Version of the physical device. +example: 12.0 + +Version of the user agent. -- -*`user_agent.major`*:: +*`user_agent.device.name`*:: + -- -type: long +type: keyword -Major version of the user agent. +example: iPhone + +Name of the device. -- -*`user_agent.minor`*:: +[float] +== os fields + +The OS fields contain information about the operating system. + + + +*`user_agent.os.platform`*:: + -- -type: long +type: keyword -Minor version of the user agent. +example: darwin + +Operating system platform (such centos, ubuntu, windows). + + +-- + +*`user_agent.os.name`*:: ++ +-- +type: keyword + +example: Mac OS X + +Operating system name. + + +-- + +*`user_agent.os.family`*:: ++ +-- +type: keyword + +example: debian + +OS family (such as redhat, debian, freebsd, windows). + + +-- + +*`user_agent.os.version`*:: ++ +-- +type: keyword + +example: 10.12.6-rc2 + +Operating system version as a raw string. + + +-- + +*`user_agent.os.kernel`*:: ++ +-- +type: keyword + +example: 4.4.0-112-generic + +Operating system kernel version as a raw string. + + +-- + +*`beat.name`*:: ++ +-- +type: alias + +alias to: agent.type + +-- + +*`beat.hostname`*:: ++ +-- +type: alias + +alias to: agent.hostname + +-- + +*`agent.hostname`*:: ++ +-- +type: keyword + +Hostname of the agent. -- @@ -5272,34 +6252,32 @@ Patch version of the user agent. -- -*`user_agent.name`*:: +*`user_agent.minor`*:: + -- type: keyword -example: Chrome - -Name of the user agent. +Minor version of the user agent. -- -*`user_agent.os.name`*:: +*`user_agent.major`*:: + -- type: keyword -Name of the operating system. +Major version of the user agent. -- -*`user_agent.os.version`*:: +*`user_agent.device`*:: + -- type: keyword -Version of the operating system. +Name of the physical device. -- @@ -5324,21 +6302,13 @@ Minor version of the operating system. -- -*`beat.name`*:: +*`url.hostname`*:: + -- -type: alias - -alias to: agent.type - --- +type: keyword -*`beat.hostname`*:: -+ --- -type: alias +Hostname of the request, such as "elastic.co". -alias to: agent.hostname -- @@ -8765,18 +9735,6 @@ The average queue time in ms over the last 1024 requests. Info collected for the host machine. - - -*`host.os.kernel`*:: -+ --- -type: keyword - -The operating system's kernel version. - - --- - [[exported-fields-http]] == HTTP fields diff --git a/metricbeat/include/fields/fields.go b/metricbeat/include/fields/fields.go index fa970de09a7..56365861b96 100644 --- a/metricbeat/include/fields/fields.go +++ b/metricbeat/include/fields/fields.go @@ -31,5 +31,5 @@ func init() { // Asset returns asset data func Asset() string { - return "eJzkfWtzG7mu4Pf8CpZTtZOcleVnnIxvnb03J48Z15k8Kk52tvbMKYvqhiRet8gekm1Zs3f/+xZBspvsZsstS5nzYT1V47gfAAiCIAAC6ENyC+tLApl6QohmuoBL8u7N9RNCclCZZKVmgl+S//GEEGJukBmDIlfjJ8T96xLv4P8OCadLuCR0DlzjlRrk6+DSXIqqvCSn7s8EHvPzdQEWkMNDMsE1ZZzoBZCcakroVFQa/8TnjrKCmV9qwcoSJNELqmtomQSqIcen4Q64HrtbMyE0FxpC1O/u6bIsQF2SK4suowqImJG/AdWKzIQkhZirUYN7bAZOmCIzVsAUqB6T90KS158/jAjT5oZeQA3fDktWnDM+J25ItCyPFMg7lsE4GDzjMyGX1HCH5AIU4UKTbEH5HAib1SCRIUwRZd7RCymq+YL8XkFlMKi10rBUpGC3QP5OZ7d0RL5AztSICElKKTJQKniwhqqqbEGoIr+IudJULYgdE7kGeQfSs1CvS7i0s+qZGkhGKBh3IBUTvL7u372F9UrIPLjeIxTm539aIGY+Gv43Qmh/wE7hJbkYH4+PD2V22iHGoN6Nko9m0oeR4eWiQ8VCKG3+tRslPzsoLWo62Fi+G55vnP1eAWE5cM1mDKRFyJST1mdsRgQHAvdMafW8w496bV3i+rDrCd9fiarIyRQIrh6Wj1NcfEXPZy+Oj/POuKBcwBIkLW52HeE7D2mXQX41D7OccLN0i2LtFqwiNJNCKSJBaSq1GpFppcnEzhbLJ/UK3zT6WVfhTqmCWN/+rbni1O3Jw+rWgCEKtFe1itCi8Op3tWBGGUggwiosLUpSwB0UqK4U+AfNI5lYLgX3wzVQzFQow0jUvmp73XHwH5otDd+W5UFninOqwxUk4feKScgviZZVeKNcUAWX5CzF3oPT45OLw+MXh6dnX49fXR6/uDw7H796cfa/D4ZJzluq4cjQSFYL4M1OQ4Rkc8bN9pMQlfd2M3FssWJmtwscVBLgiioyBw7SwBwRyvMIpNkh8A1mH5VAU5i/OCZZjuOuZiYqnJ+uzqRzNWB9NTz9x28HpRR5lRmO/XYwIr8dAL87/e3gnwO5+gtT2oiNQ6JIpcw2LgwpBGi2CLfzDr0FnULRpVhM/xMynSL4/9zC+uSS3NGigpORwXrq/jr9v8MI/jusj/AFUlIm24w0P28oN4rOD4TmOVmC2b6DrV4LPxHkeoGqEfd9ZwJxUBriSbdDUmPyuigswXYlKi3MHFPlObhJJ09ykd2CnBiRIpPbV2riONjD3iUoRefdvUvDve6uupOkhPwMRSHIr0IW+UCR6CwZ8IQ4Ua7Vl7llnnS3E0O/4kToBUgzG2jmJeHFE5YJnlENPNY5hORsNgNpFqjjf6MytVmOMwlQrIkCKrMFnRYwJlczsqwKzcoiBuXwK7vHoKG59mRkYjllHHLCuBa4EXWH5ycoK0SVxzvDm+DSMEv8vdXrEgprQgtrExs4xiBkfCap0rLKdGWH6mamsXftjmAszJkUy4Gm94x8AC1ZZgwCoxK9vWz2FU7evTlF2wlFdQY6W4CyVrBBQViA3jw2Cmg26yyWkcidYIosabZg3M5PQ0QNUFZcIRlEwlJo8M8TUWnFcghwpamjxFn6IcjQGcCXLc0tkbZgG1AorQ596GM4BDHjtt91SynuWA4ytXQhMKp3tp/tuDy6sReEUJVBdjoi8wyM19JaeHOmaSEyoLxHU9E7ygo6ZQXT65s/BIfUgCp1CFTpw5Nst3G9DpARg8xMq1UGKF4ot83E9JAsYT7MV+rSP4zML4jgUbQxrjTlGYwHmds1gezw5PTs/MXFy1c/HtNplsPseBipVw4fuXrrBQYJ9Qv1ASp3d7BqAkIvawAJ/u5AZ7PmlD4dLyFn1XIYeR+8BliX21BHs0xU6HpsQ9vFxcXLly9fvXr1448/DiPva6MPLUazbwg5p5z9Ye0dltfbq/O71s1+GsEyNzUDZeSW2t3z0GzGXBPgd0wKvkx54uHW8vrX65oQlo/IT0LMC7A7I/n05SdylWNkxFkG6PNGoBrXMLXnWlVd60y/77YuD9t767dC7wo5Zez1jtnYhMRUCRmbsaxDDsHAmPcxlKhkhiITgGk5dAsoSpIJaQ0Au/cYV7ERjhqHcvsbXxsFYnyX7bcc9+Ju6/WLBUKWlNO52fxQudV0Jv1ra/x2tch+YiY1bhIGN2okS2PA7a6nwi0VYdrNtcZt/MFpxQodWANtKjSd70ZEI7SOBDrv4tp9rA0aA6uLYajzZy/cPGZXwOF1XCRPQA5KG8e/2cadLnjbuTFMGwTv+cVpn5wCyUFTVqhABQTojUjQGkxJs1vQR1EcfPj6ZGWHpdGlTfz6bLxdCUp5GQ1o7PeUjQVltJ3zlMjV57tzc+Hq892FBwgqEe4shdQdYgvB58PI/SykThKa2uZ3k+UPr99sZE0HYy6WlA2xDhPO96YgViAzFkUC9xxEB3EoOW0cEYafQBQiczIsZFcC7E9b+uL9lXHg+qalQvp5sHHILT/EQw/GHeKuuJbrG6bETSbyvWB/Y2GSq+tPxMBMIvYsSyCcg7gpBWuZSRtR/iL4nOkqB/RPC6rxjyRi64XsjdXO57AKO8Vg45/tC9kb43/1onIj2+dUutG1ZrLZDgKXv94JgmtDNwF07Nv2oBbeezaKhJm3aNFjHEaU9BmEaELERiGaUO6chpIZk7CiRTEiHPRKyFsHd0RAZ9vvK99Hh0YD/U5bGJ7ZdpB8n5O9Pmx3wPMoLJKMxG7U/ChWFk408QlcezjGrfEhrC4SBZLR4oZXyyl0x/UYVBYisRC7CI2/8IfgMBazmQI9VtCVx+G2w1cHjVhokVPOOFGQCZ6nTgc+InnmefeMDbyyOzBL/NvXNxiVNLAcZKbI4fHJ5dlxFP8zP/YYYsWKwizYwxfnx8dJxwfvdPmx8/m4cfvDiISV3SbiiuqkFRZuA5AYwuRGuUEOMwx8F+5MyMNbl6DG5FoswY8J9WIEagI8x11yMiITr7nMv1mu8FeJv0op7teTJJf8S107H6QULW//XXBpcL5L43JnlBMJpQTM50D4qG+MY33LeD4m3xQycok2lHsgynhZ0LIEDO0VYEPQhtHuzARXuDvvWCGTm9NFphUUs+AMmFv40fxs4S7sPeXAjBjJ7VC19cnUpkQAA73n5KgxB/Mdl4jFYuB4T84GK7qjq4XtrpNc9e7uMclVdrZTYSUz9XCv+4wHXLooJI9wHvcjDVdvjTKsfd9OVhfZmDWScIrqGaUa5kKud5xVZK2H1Zcg4s7zqGG88YOscovfag1liYdRKi2Nuyvs11Zdz9kdcHvOxxTqmzpxwx0VhCeiRmJw6rvHBfVQUYW7XBg/0Oka580MPjlWPmf8/lBpqtXhxnHTTO9sjWDCHcIhGS11JRsCrWBFm5l7EnfWOyrXuH9F8GwmneGh+9e0wp26YLdQrDHMzbMCPTCEpQw2BVkljc/iDu/UKIbpsvGmhchu8UBPkt8rKqnxWBmf/5u5uYKiML+XQoJNEmFZjcNAiEBSRQoxZ9ztCyPMUyPsSLjEwPu1md4VlXmzeaT3aWdsPGaiJdQBua4eF3lV7DEmauFZwR5qgxj5DTRh/EYA1eWmMO7y2oSsEyfTi3mtfi/SwzakKejGrh49bgewZ+4ywTMo0aaiZOKenZBnRhqMiXnkFQ/o52b88TipCmKLVlCnzuR1jBmTKx2fuIcMtSrFsLWSErgu1jE0m8HCeEOETbelPA8uuZkVkjiqx3FUOGA86pQ04xXcgVmCD1n+G1NaXg5MZLl2yOqNzLng/rKbO6eAfjVeOs5l8lysfsudmC+BctTTdyCDszQyBb0C4E3Ci5mcHxSpSqJFBNGeIZQFLIFrkEZpLektEFXJmkgGPuGPK6a0QeCS/jbmkbmUuGKAgCc4/ZR8M+KjK041alOzRB37rQbSRC3EittTq0wXa7IGbQT1v0gubIKckLcRSMaJplOzio0KjW5dKfLfnp6cnv+bD5LUpnkdXP8vTLYT8tYQgmsJDanGwI4A2oANy25VUj4PrqEkJz+S41eXpxeXJ8fWa3zz7v3lsaXj2m0U9q9o0sy0SaAaD75A2idOxu7Fk+Pj5DsrIZdmd8hAqVlllLfSoiwh96/Z30pmfz05Hpv/TloQcqX/ejo+GZ+OT1Wp/3pyenY6cBUQ8oWu0DCv066MtcE1k7Xsf3MRrhyWgistqbaJXYxrmBtOJBSbU902f8ZJBeM53INNy8lFdhNkl+RMmenPra6i3Dw+hRZEm7sFuU3cZdobQtKoIbgz1pDZEyY3NowWOZKI+5LMaKFCsA0Z4b3OillQtXjcamnEqkm+SP3r9d/evB08ZT9TtSDPSpALWqINYesDZozPQZaScf3czKKkKzcBWqCtOzWbr2jLzsBZ3T7+1JsI/IAp6DCk8gn9Lcq9ByUkFsbQ3KxzRbTosyIsNLXwIVQXr8XszJLas6YmpbXWt0yTUijFpq0kQVwPGjJ80m6iho4OgVMwm1fKbrOry7/AFGa0RVnBuMdWSttERMy5aHKEyVXqzGFaZz6G1DTxhQf4BN4MIAFdx+OTcTp2hXd6jKhKts9Mto3ivXUgoq3YcIFTLtIxvNqTtBVHHeStVPUNyO3s+MqldsJiMivcPdwngHUGveFpzpRmPNNWZf1HcI/bE4HgkkfesQ9c8RBuZ+7hsU/QRVIVEL0Szd3a7U1bMdSOr0WMVQsF49boaw2c2RR3GwmzchHBnK7Je1d+g5oeNwIMJ2W0GJNJM86JlfWw0qy+F0/NvZY0017fhxSOWvNWE1sPgYUp+aHgK2PV2gMWWpbWTSxpdmu2ROuVGq/DxusSk9OJ/zaPJOj1ZzYegWFsmvKuUD4ga1c2tGj5F0++4X/N+1E4ikYtGuuoLyeSqdsblQnZdQlnhaADQ3tfmLolCMW6uUx0zG3yDMbzceCRi6JCH/p5PG3fFJC1qKRz839QtWnrHGIzWQ8O5sb4zLuM6CP63OwPyBHqA4Mb2eRlldECba1jI2gn/nAgGb1ZUsaLtZmaWVUQNjODRhcC4wx6QTlmafiwh1EfVCk2b6mMhjiFdSsIZkXtZqcACHXhAxyK5WBQROTqExNRUePzOUytCKiLkb5vHuhNcy/q+Ls/SY2TanBvNpiGxj3rPBSqG+MtEYiOKPpM9cIn2YfIiE2AuenNm6Or3eIFHcT17JtZ4YeU02L9R20a+FNjKxMRJKwlms8lzHH3jLfIppZIzkHfbMWbr/gO8hORqPWyYDx0o9I86uPSo0/698ergdyCew08snrTlPdSjeJdQ+ksdSTf6WBaFGJFgKq1GZsG3HamaxscrEEETK+tsdIZVu2pDiPTA+hGWjHYiiGoEcmZxIxcN9/PkyxqZzU8jOetP5Dsy39o1l8LF+Ph0c8AVFfmhSZw4E95bLyV1/+2Gi6JsgrOTrac+68u/Equ3pJn367ePkde+r0tOFp7do03m8ETseIgk/Tgna1nFd/6AVeCbAJ0LdDz7Yb6WbIllWuriHGMP7WGkcYSpaxtjSfMyujFsXxYTBpX5uL8OI34g5GdcFYYJyLTtGhFopIkKPZHm4TIAerOkXnDoJiuNSizBF0ERRgTgOa5tw0nBtqEsHiPnxgKJ+kluowyuxMOUUTML1RpNB7toPFY0hmfS5Ebic2TWLJdsCxBUzwZsDXbecLYaPIfnXHxU31h2PHrTyDCk/6MSrkOi9Bok75f50oG5Xfes6/hCWloioLquKlwcvXZItr+pLY3zXLXQq8mwbKLsje78lHp4e28yja+RFJlf0rlphrlnnTKNr50LuVjqhvCLMoOFxMplI9hX5M8SdoLYCFUKwXh5+bKsCVgXmhb26H8huKO+MbktY2D+2PzGlS5WCvjTvpipxGh5I5JXYWXzHIgb7HCo10GUgP66E8ug0yt6NyvVQJbl302FXTQWplRqf5RJooCMu3jx2FVLx4J1DGRYm18LA6QwyOW7v93mWybot5NcluHT7svEhRM3/vHc6VdIpiKkFgx9oGmlTFAJ/7dCZGgK2lrjL9xdu/9XlcQXBWtE9LfK1rgbuhS9nFgTuSRGLebtM7ibcwJeFzea8absbwO4lrWa2He6eV5h7WD8ny2K01wqT9W7lJhp9eqYb8776HFiq6VK+EbYcDCHfnYEIUEPCdlfN52yxi3cZ1BNYWXUdy68mdYE+xlg1OaqLV6fA4y6k5W+kTk/tLT3YT7Z1dA+gCePeSJurSansXyXkhXm+nLw12fFKc6oxJ4Awr7XE3qEtpJHLK7mpG75cgXBLqYY1QlNwpDyUElaLAbRBAbEeoXG/uTXjRPyafS7BDGKby2EbQUqtrxUuOyoHqWihluxfcGq4vbebDkWQZcCzUi1bTiuhqRFeO5WCmb2v88pWdzKleuIClF8UBd2xxWfqAZ+XRN/tfAI8nOWDrOZUTOjC5ZMSTLryEohymjfCg518SiIM8k5AuqR8S+P8I2IFOVJ3maInX4aWdw0ns8PjkdXzyWd1FSfocmKrMF04DtPrai6v7Vxc3F+WOJCtGmbFKty5ZN+vXr561s0m6jEwMCj0RBaYXWvQRVCo7lhuGwBxU2WzjjJeiF2DEP9metSw+QWIDJ49Gf3n0dkc+frs3/v31NkGRHM1aa6kqlva7hpqKjysIkFmbL9wpoOz8+7ydoKvLu8hyevf3VGUooFg1JBmqSFtuFaCVk0W0ut5dyF2RNp9gloOBkfNIV6kLMY5n+pb6wWYab1kN1JEGLoGvS9tKLrd5248EvYm7BeOu4piex63fKOcjk19dfPk5GZPLuyxfz6+rj+0/pUo13X750NelOKWf9uVmFyGiBRumHtRlQqN62SvnpZV9LsJsGcfVRY9DjCpVUlCuAyyB4IgI3hZlAISmYRmXLNKnw1L2uti6pTCb9Xln/RWL4zDrEE4di4o49mmRx7+lQHpxFG8gRyEAsHCRnpyXycPzgR50BjlOu1oLeAaGFBJqviTKyZUOINgKk8MCdYW3RLRDgmchdhjWH+MCoYBwUNn66c+3ACqAc0ycf7Db2qIQ0ooTLNPuhk5H2ewUS3TpXm2GdtUFJaZGecckAsa75GF187BZa14ZSTbfXOkmzcfg2gIFHW84wXROBJgVWSgmiwCXFW6Fj0lOa3kdxo/2VzVhwt++ssf+0cdN54wMnjrsMpsPWUgotMrGjPv/oU0gcNNKbcR0YZ8F5HZOwh9KNtx6MVx9e4rSksxnLEuvwC2RiuQSe+yQDXHGXLY7/hTA+FRVvT9NfiKh0+kbFb7lY8RQLQlgdVrgiC8hvdg0LBPXJdeaRO9MMbrkNBCs80tbIj6fjk/HJ+DSm96lrh6c6I3DDG+OZ0Q4mpJcpB8+eQaVJfNU1Hz0VtsPJPulwENOUdJtLewnZGz88wC0ZUtOxP47UlGzJEi00LfbGD4TmmGEDmdXStrEK+E7+e2sikrSeXbzqIfY7Mi1Fs7sXUt2loCb79Ly7j4c91eLN/FP3zvBS0ahVmzu0AS6NcYenliumFz3VoplYlpSvjSWFndsapy4sA6dKiYzZrEOmF6kGZGtRESolNr63RT4apAXQVAhRbi0q3CDjrkE13nAwj/CDdrRIwnnYFKP6fmXT4fjHsfSolsy0opJby82n6/bHG9JCIlqxnnEIJe4sLmbaFi+Z+cZmqzY2W0qYsXtQo7pMEs9TxkKN/zIxcjCpFMgb22odL24/9d896oqk94Ren6d71jVR1weF9M+JtoZk/IlRVj/rD0Vbn+/SzqQTYD2U2dAyp74gK5ZPYqGM0rIuoQ7puwXJB4VeGvLOx+fj48OTk9NDVwL8WCIt7s20RjrEFQTEiuRzdPEx/TB61Qf1GHt0Bvr+fv9omli6utG4DtXsYjU8wvKjaBm5zs2hh2+13MRTULJ84hSU0nStfGKfReYbaxhXP0iZykTJmpSCeSGmtAha8nuS2+H44VqLykE9+zclBjuOUDmvlj0l4B/omkzBbct1OyqsTlLAFcNj/2RXoUBu/3FwWByMyIFR1ea3rzW8OPjnY1XcgGEldmHiApBYnkAyWhSAp49zSZcu8U8SxZasoOmadhVU69VLI7Gnb9GMsBbLGOEGfPtBWFI81e4cuTfZJnrXCn2PCkH1VIWZRYb3R26JaV8xQ1W9ZnvyleJu604pXUcXhxs1vrN6uwGnDu9hf2OrMprUIGsr03Dtu3ygPoN3xnjuIrpec2FhFWb31aH9Gp5Hb95IneH9K7v2uOCMb0bvP3WVmmz78RyXjG5zN4p10xcaI8LBp7KwPOUW1KZCyRb/gtYBdq54cFDST1qd7nE1c/4IELgvQTLgGUbPlcIPP5idxMCUkGP3CNs8fGReigCa3cl5MsJV3bHc18J4AjGp0M86PqMYn2MWsOtv3qa0MQ/PXsILmM7gmMJFdv7jy9N8Cj/Ojk9entOTi7OX0+mr0/OXs4vg3c15PQO17sYTFCio0iyztdQDDZMwg9RLedO/w62iDW3ErNJufcjD5nEnllckHmYNxx8MIANFBGHZNt12IrFRQkis/wzbxAO0+V/+Y1gR5AkK02S3LJztUq6cikRoPXiVjutZ94P4jUulQuited/FgN8ol2fj0/HQ7ITWR+i8SIZafohcMmWLbZQ9nRW3hBqT1kY1QNuM+1jZ17Z41NKZtIUy5M+f9HU0z4S9fx/ND2z4F9Li3R/D363NP7zWM2D7zIBG23HNkDvQHrjlJtIB8Yj8kkRVrp2TgN5J6jYoteRFPXAf11g72Va7n9r+KpOQ3rDJdovSVCZjP7rB1VCJPrE9iFtNtveA28lUq7V2qrF2V3B6m2q3W2r70fj7/8ISjwTO71vj0UH4vYs8Ogi/T5VHl5F7L/PoG8l+pmpzb+xKFrGC/vbll83a+duXX9r1IxRPGwrQYO6OrBmuMrNljdxXwCgewbgThgCJ/wpEkzvhe5xtDi9Xshj/ZWJWXQ3I7UZj8ncAmxTSfBwtaJO1WgCHO5B1JX0zoEf6bFtkOG2Yp/dVUZjpsByqk1WGfEdwYl5bSJhNbCH0P3BjsTD++Wyhdakuj45Wq9XYuQDjTBzNK5bDEfCjCFTkIxxJwLKYDI4uxqfxg/YDQI5vC70snt6EaRk3RgZu/AZ348qypXpuh+dciNiMao80HJeRHw1Kp8c99mXfk5ZDDxw7H5mp1sL4wIRi7s6a0Dk1blxvLlQlC6I0KwrXXazJ1HIZR0ZsjNto7Cdbx5iamWZWOGnVpisbeSyptBLfBER9pVVmW7zEPrX7xvQkHrdZMTYpSUUGR5QJYqSgkYDL8/OzIzvR//77X6OJf6pFN23ELujdhPwaYdQxCZtH26ztA6TyIFXThN8rxKjv5cQncfneTbjWEXJvEkw3ceL7tInvDqlh+EE0M5jIhwlxtlsdRYla0jXBVefqTY1VyfMjIdH4c6k7xdrqWIzDRyCDOqSx/Yg6lmsosCVMYZIKurpzUacQNlVQUeFqxMlmLB12Jj/5gg3FoiqnTcHIwCDtsPH8/Cydy3x+1iUl7Gyx/UkxtpjonU63Yg5Cav7kfDQjJ3Yvfb11z4u+rhchsaggd2CgWaVWyVqC4i6b9o49x2qzOd4PPMtbyimlHlAx/DsqBrjH/r5Bx6UQI5Y+2qWW7K3FhYGDq6XugB+MxVdO2nsUcRpX2T81aunqmBHWMXfnXZzAstQNXTgE+8QkgmIhtEJodcUqoxrq3qK+8ZPtL/qvlVBLtlHR30tOZ5LOl3Ejs8ecgQgZJjGafZ/OsO2qmZCnk2Dta1H2Ct/T5K7kSewS7/tw7Eb8NweltZC66EqqVAvsozoVWShJdE/aw2s5FmrLTzDWzVPagaB0Lgs+6mVKQgF3NBANLUjY0/d9cEhN72xABtCjDcMy5grDRr1hyA8RLXyr77oFF8tHjUPEMWVq7eixHcdtKy0xa2haNBk3f94J0adW7KlqnxjVwZm4cfj+zn/DkEWDo7OkaheIevDWjcRqdNsllmhxC5z9AYkvO8KSskcWnTyw4CzouDqX7KVl7MMHe174FvHhWqcDiX0QM/MEXy+xrZt5JMHrb3VvOUzVwmivz9ty5yI+DSQTfGYFpf2Jq1ZOdt3Ht91UMNQPNimsqyVIeH07XWFBeo3RhLmNme3ySKZSrAwSr7vMu2t7tF2DUwuxcuU4K5jWAXY8V2r3oHf+W1UT3son2kMcYbjp9Y07cu7ic5IgB6+DttW+a+clXbcF6f9k1h7q+loHQQ8iXdL/THyma3hWxgfzfoqtpIetS8Z3Q2je3wZhSXU2RO9sdn2yxTY4t813fLOQYjmwDW97m+ijYXiR+0Bk/Vmxj6oOHy7EgxB/F0Eehvl7SHQX8xNCnpKvsCyFxE+8sHvMGQBNXo6PSU7VYiqozBUG5pyiferSUSqlyVz4/D/I1Hi9xM+yYDR5xRRgFFGRXPAf7IcD4lTsunNIpL1pwersIeN5XzpZxMP/7vut0NJmGPXDT54cGumxMJ7UO+Lf7F8Jvr7xZZmZWC4Fx/fqlO07ygqMfYatw5EUtFjCPSii3fcweni/9U/a7F9dyeCbM+1ZjVs1mSGF0V+Xm9Q6mjhomhQfRJwMWsol+8xbsyR6rlZAr6u5kZHTC70gp8cnFyNycnp59uLyxdn47GyAkdH0TW41wy7EnEjIjHMU9Z5qDUrTOim0B8trOWUaJd88az0I5/wr0KQEafmHJyrG5ZGUq9anmGzeSITYTnjEx+iD3Bs+xt1DaC1+qJzRNJxXEmXOH6dEFERf6+sYRT1I7Hfa4mxkI1atT636r+phJ3/8KN/4AWNr9+45ljTLardy7UJs1u4b//eA1bvlwo1Y2/4az8NyzFPfZqK6kdtOSkUXV6DihmLy726PLGh9t6GzXYTMtSZqJYM2NES5QjahsQZmnc8lXXtP038Tsl72iXQjbElQrHvHILWO5D/YOpOKrG9NoERILGvTkpW2iSbjZMky2XwdYcOsqZJm8e40aMV/9K/iR0DXnC5Z1kBuowxWWHJ07Y/rNeV2G6QpFxmmwtt1R17bPmMoUYIc5CI7aBZjIao8WItRJ6u63Wh6cX7wzUhReLJWEyzbitVtdTTPb/CBm7qDqcuKtp+R7FuwdIxvjT3YNlcge2A7ijI/IgrH5LNLxw2qrA3AEZlntrFWzuZM00JkQHlXVDxtPtG1yV/roeXKPUiu3kZ9Ct0aHIDhYWVS4+CtPn8PY3EP3AQiWfO5ble2GfuHsNHZVsidRmcF0+ubwLSqKajUIVClD0+yByyDABBBy4s1VhVTrkOf6jGnYpHDzb6e1aaPuL1zeD9c9NwrhpafhJgXYFdaP3ab3bIZgUtaeWB8bqHn2F20Welv/d8J4K4TKX6Jrp0TbO+ZNasWQuoba9I0rWIozxZCenyH9SrvMadrssjW/X9tk9Q91QLUAKMSlgS6ZerDvY/2ohFc3N8Pt8tpxQpNUl8eb0jZQ3pVjTNdIdngKugUim6hVmQck80G8gO0XCEnLJ5aaJ09E7fxTQC5MtZtIKiumDhWPY1smusPSmbYRnh4dFKNBxdEPnA43PYOf1CteseaS7fV1NywrQscr/4eXktgau43PcWjHbsBSkJObV70zUsPsjciejsmlyLfg/AHHChFboN0SVTVriomwPRZ5OTb1dsuorbBuTuqBmIXmchhvxzE70ekWThUdQxDZKGRJS27mPA4xZ6D7wtdADKNc5/qOMCbRZp5E9o9bEhJvBbu/wsAAP//EtLBlA==" + return "eJzsvflyHDeSOPy/nwJBR3yWd5vFQ9Rhbsy3S0uyxbAOriit95gNNboK3Q2zCigDKLbas/Puv0AmgALqIJtHa2YiOBNhSV1ViUQikUjkuUsu2PqYsFx/Q4jhpmTH5NWL828IKZjOFa8Nl+KY/P/fEELsAzLnrCx09g1xfzuGJ/CfXSJoxY4JXTBh4JcA8iT6aaFkUx+TQ/fPgXHs/z4uGQJy45BcCkO5IGbJSEENJXQmGwP/1HJuVlQxwoThZj0hfE6oWE+IWVJDclmWLDd6Qgpm8C9SETnTTF0yTdglE0YTKQglS6kNPDX0gmlSMaobxar0hYy8+kKrumSacJGXTcHIj4waneEsNanomtBSS6IaYT9zQymdAQVhVtk/+XnpJS1LMmOklnVTUsMKsuJmaZGlvNREzmGOSAvVCMHFwkK1P1p0oskosloyxeARTIssaV0zwQqY05LFMyIrqmGeInNEn0tphDQsXgY/1WNyikPmVDOLE0yZzKUipVzoSYtjZpmAcE3mvGQzRk1GfpKKnJy9nRBu7AOzZAF+Oi23vLSu9+yEeM6yiBG4mEtVUcsppJBMEyENyZdULBjh8wASmINrou03Zqlks1iS3xvW2BH0WhtWaVLyC0Z+ofMLOiEfWMGRKWolc6Z19GKAqpt8Sagmb+RCG6qXBOdEzoHwnoRmXbNj5HBP1O4uiXeKZQouRfidkJJdsvKY5FKx6FcEe8HWK6mK6PeRvWP/9x8IOmGfLMWCEIare0yeZvvZ/q7KD4fxtP/dBpLvLKtciaEVBFzb5aSAhdvSVNgds+CXTBAjCRXuc3zbPV6ysp43ZcwbyObKT5yYlSQ/OT4lXGhDRc40sbKks9W0HdzutwTWrDFWKjQVFUQxWtBZyYhmNVXIplwTwVhhN6AgqyXPl/3hEoCeeXNZ2cHnSlYDNDmdEyGJ32hABtyB/ic5N0yQks0NYVVt1tnQos+lHF5uu5LbWO6P63qD5fbb3Q5AtKFrTWi5sn+EdaCiIHopm7Jo2WC2juRko1mRpSQTQXSFFWjfXwEsN8yMta+AHOdzyygJuHGmSRimovmSCzZMfgdieA14sY0V+CT47w0jvLAn5ZwzhcthtxfQ4RGfEykYYV+4Nvr7gfV55dG3Qh0PAfh+5VcDRD4vBqf8nB7Nn+zvF8NTZvWSVUzR8vPQ5NkXw0TBirsR4JUf4y40QJFUEGGPo7Jcu0NIE5orqTVRTBuqrKJh5cMUWZ0X03BqXUWceV+hmlHNUn3qx/YXp04dXK9OWTBEM+NVKbuvSq+GoHCyPOz418gaSQ9HsGb+RftKLqvK6kM4XQvFLgXoKqhObXYexnPc+TfDK0u3qt7pLXFBzfUCSbHfG65YcUyMatgQhXcO9w+e7u4/2T18/HH/+fH+k+PHR9nzJ4//e2cz5nlJDduzaFo9S0RqllR8wYXV3Qa45SfUkbyiadx55vTYYYBWN1swwZSFObHyLgFpFR/4guOr9ugZGPmDowgSHQ4+u1bxEvVlP13oW0ueltL/8+edWsmiyS0d/7wzIX/eYeLy8M87/7shrd9wq9rO/SAaRLo96w1dEEbzJU5jZBYlnbFy03nI2W8sN0PT+AsTl8ekncjEqqYlzyliPJdyd0bVXzeb0S9svXdJy4aRmnLVpb/93wvUW/xMaVGQill9IFJ8jfTrR87xBAQt2F2OBNOGpbyCs7O3k7IkMD7uYW2kZQ2qPYmvEvbTQuYXTE3h5J1ePNdTR+IR+ldMa7rYVIkw7Msg+Xdes7KU5FepymJDtultNuZxcZsgyD77yL7pHg9pWYJIs2TKLggoD4Pw0jXLpcipYSIVWIQUfD5nym5ttwStvDV2I88VY+WaaEZVvrRaZGaVvKopDa/LFJQbX+MBBXrf2qORy2rG7X2PCyPhFOtPz69RXvLePf1F/NtmF/UTB8jKtILNYXSKlOKCG06NhBOWEsHMSqoLSyPBYD+hLo5LpdiCqgKuXvYKJoWeRG/i/WzGC67wB1qSeSlXRLHcige8ZH58cebAoTrcYtZDx/5gX4+QgauFZqLA18//6x2paX7BzCP9PcJHdqiVNDKXZW8QlNhWIegMp+BwYnbL+TuuJ4ZRVGgKCGTkXFYsXFEt18FBzFRFdvwRI9WO5TPF5kwlw4vOdDRend1jd3jjGs5YsC5ERhQYllhUxMKvYAs8xhklr2OWWC9odAPTb00ZXFiUfkPxiYYNZ6pwhiQyAKalo5VtLTDLLbgiuyBOgiS83e2b1xvKp+TFK4TP6ZmV2YrpYLVB+o2LertDpQr7nJyeXR7ZH07PLp96WGxMyNZSmQ1nUEqx2GwOZ1KZK7EPIp7m27ihvD15sRERPRqFrCjfigXF8SUO0Bn9W/KWGcVz3cNntjZsU8Wjsyrh3Dt4frQZij/awdDQNVeyires1ZTsro7MU30Ggr10Z2wPN+QsHG0jdHuoLlh8/3an1c/Jj53j6hpsfmYyWJapIDlVah3blSnRNcv5nOeklKjwEcVQDqHFCYRPqmopi2dqp2SKX1rRZedLhRURMGrWI28stkgkuqKfgnbrEEoGH166AJ3Jz7XkHYSvoA8hb6RYcNMUaG4pqYF/pFaVwATf/YXslFLsHJPdZ4+zpwdHzx/vT8hOSc3OMTl6kj3Zf/LDwXPy1++G5mN1Mi6YMJ87hsbrZtXfz9fMKTY4hlFHpvROKrMkJxVTPKfDaDfCqPXWkX6B48CoI7i+oIIWg0gqtuBSbB3HDzDMVSj+e8NmLB+kIzdfgYjcXEnBt1IYxWh51UJzLT/nsvgqi316/p7YscYW/OSKxf4aeLoFvxbN3X9/MYTp2HIPWPlujeInzdSuv5JEb+JtxAvRCXGWYFQp5ZwsFBVNSZXlGHe5UgyPheyb/nKh2TNY31G6cIWHSc6EYcrdFOallIqIppoxBU5KsAV5nVx3QCOKJamXa83tX7x3M/esrHvovJNgN7evl2u8lHJBaGNkBSfXgkk/75EVm0ltpNgt3E5tL4uyKbp3xfanza6KP+F5Gx2jqAHIBhyUXMwV1UY1uWliL2ZLGGd7TD0j1zou505ZQ3u9jj07VJBXLw7Rj2pPuTkz+ZJpXDs4s3k0PLqHW5ztQZ8aFBLHNNfB/p8iEQCqRjjHsmKVNMFfQGRjNC9YNNYwdpQ4P2kMMnalwseO+1L7B4JtQYFpww0fe2jdACnhbm7frZW85AVTfWVzYMsHbmT54d2U+OTAhxl7RIIbPzaKsfxwQhY5mxCpUkHDF9zQUuaMdu8CIezhkvKSznhpj7M/pBiwfl011UbvMqrN7kF+txmfRGgQi4ZlBbQ2AUsCr7eLOTIZPEk2msG1xuAws80m4E6W22DtnXHZHR1IAXW+e3D4+OjJ02fPf9ins7xg8/3NJnHqMCGnLz37wRQSh+A4/sMO9/txgQXUouNqE+T802Hv8G2oaw6zihW8qTZD/K2XTpEbeQO8aQ76273xxNOnT589e/b8+fMffvhhM8Q/tlIccYGYHbWggv/h4gSKYEF2fsl1azJOD2qrBHCIPSIUDUe7hgkqDGHikispqmGLU3sgnvx6HhDhxYT8LOWiZHiek/cffianBYZIofEbXMYJqNZ1OmRWxgMmSHqvLXR+3kxjCF+lVkZnC+w5RyJrpr+8d9EhaOZ1JmEtG5UDM0VgOg7PJStrqzaj2oIn5ozqiGnCGNrf89dWUBne3jZuaJp0X29LBHxA8KSigi7siQ4yNkxj0D2NHqARubXNYIWAFuFdH1UYv6KL7QrNWI+A0YIJAVFbUU1mDS9NUI5GkDR0sS0c283iMKRj5+Q2KdVi0d62ewiM+WdHUej5aPGHz7c5/4A4PfdlMCgzbbiI7WtOgr3sPdhMhkXfbeCGiYaHe2oAg8baPed7GQB6tQNGxB4YlHptKC/5u3SeRKT4R/WgjE/h67tRrsdle76UmF3/0Rwq8Y70bgrYQH/HXpUrcO7h++BaeXCt9Gf14Fp5cK1sSsQH18qDa+XBtXJb1woLSk+Sf0c2vmC8ZYbuxidjOF6NtMD+RslJo/HYV4Xnvzj34+IKYjh0LmF2mhiZkSnLdeZemmJmkEoDne2hWjXaYIQkLNNY2LP9369LJsjvDVNriHzDoPZwoeCi4DnTZHfX2aMruvYIWQLrki+WplynmyeEe0YzAhgwK0SztHobF4YtMFtIE1r8ZtFGjS0BqPMlq2igjTtnR6cEFsdGYcCp+4ZrcgBpXjNm6AEZNPJEL7RAA6MqJTtWvVfRTxvndbamtRzSpmrFQHsF+HBdoWJNLrgoMito7EwrjBTFF8wycqFhhqNdmpKhg8wuok/qhHBLDN3tpkZyo1k5j3IhBMJPqLm5f+tr5evMXSZnH9d7ir6+anfaMUcCptsDvdhK7hiObaF7qY52yz4lArte9sKbX13eJg0Z+WXIAG2Zh30xIzboUi4IWqkVzxOuy8gJPE1Dpv3Fx/OknWCUBaxlxcwSZ03b1N6MvGnj3UHq+axkCB7mFbOnsHel2V8tiPbrkMws53HkvAdCfVIsgZwm7zd3vvA2qBtvvWTGMILbX0apNzbZi118LQUPw2BM+IyZFWN2DBcbaMU59WHDOICLrcbE5ryU2s7kxJP6erJ6q5FUzCoNcA8pARY1bCHxn0n6t0VimKDDOdUJXWMWaElbsUqqNbHizwLwgIpOLvplUwqm0KPL26x095rOqbAThcz02x30WxVdpy/t0geDZ5C/t8gPtCdCH9P7sVrbfW7hJyfrWOrfgl+CA6676Vd2X3rvZJK04yEmsPzRMwGrrAXgdk+kvvnbNB5nMW6tRy8BauXTFN6YTshUG2qY/QstqaqmGfmVKrsBIJ1/3kCcTdBO5NxqKxOySlWPuqRgRHKBE1Z5drlZNM9ZbSDn2cVQ4OnkNZwJqUtGNQjMBCRYoXPadJXlwAiA98gBgzt0vZVDBuWEG2Fs+YPKsOSLpctEGD4BRlbuNOUDrlEQQdqDXfYlFW4NM8wMmU58PI9mQrsk+PYyQlO2cui3eAZdlvrMkA3YIF0wdg9skEBsNBtggyFeaOxdEzyVIGOHuQJntg2egIR0PJlyWhuQvC7X/EohEe6eLhmo5Q8uUmYIDNBu/CVNLZCOG/zSTqPjBTY8yPpdWhR2r7sDexcObFZM06WcznnJdnPF7PE5xSQhTEvkus1o9uenmym3Y1Vw4R7cr7BGNdXa0nUX06GHF0o2Jpfb8z7a2bghrhPlp9HjaLWocMs9iVhYp2F+7QipMcVuS5/L1Z7/+LJbKd3kdnFcJuWc8rJRLBXMCcxxIX2THZmCHBXSG+5IN4fhBd5W8YgPDDRAVLwdVZqRzM0znBG9lBBYEyIc2jxoy7BgRhq7QsmiKbde8wRHcbaqjSp/YOmBWJgkX0RQdbBRYZUGqULtmsEtXK317+UwMSxqmm3qKb01NdwwY+YMKSxTo4Vx6t6dkkdWnGlmyJ7TsjUz31uqpLO394DUoNLM7FdWOUdygSROdnlMZlT3LbHRqtKx97hkai5aJLAOEpiiwk9uvS0DI9ZZ12yeaEAjO0yzS6a42VQDGvMw7jzbMKf63I3XOdI8Gh3l5telM/oOx6+Fr5yqUDFwEQor4aKYt3ALDLnXdn2+06SpiZEdqZucT1YiVvSCEbhTueE484UrhObawK0S7XxXFkNwSbflrTn/W/LJMpFpBDUM8oK5DsWHOFaw0ku5EhhglptyTdbMWHb9P1JILPQg1UUC0uoPVrZrsmJlmTw61eT/+/bg8OhffIBbsK6FiJL/g6IRUl1YRGBHgSWjtZElADEqkecXepBLd85ZTQ5+IPvPjw+fHh/sYzzmi1c/He8jHucsb+xy47+SdbMrZ7UQVO0UvnGQuQ8P9vcHv1lJVfkDaN5YVUUbWdes8J/hn1rlfzrYz+z/DzoQCm3+dJgdZIfZoa7Nnw4OHx9uuBEI+UBXYC8LRQDkHHwHKrD/JxfGWbBKCm0UNWgIQjsvN0O3CifW8XRyXMFFwb4wtGUXMv8cBakXXNvlL1BiUWFfn7EORKwkwAqsQcNDzSxlhRELfvPpZ7TPTOPlhbGPyZyWidLeohE/622aJdXLO6l3LXe1wddDfzv58cXLjVfuNdVL8qhmaklrDTXroIrbnIsFU7XiwnxvF1PRlVsHIy25QIfqCByy8eKGA7RR3aiC+4k1eukAJzLYCghBhdQsl6IYcg+cujo9GVwRgMfw30wUwGIXwsokkFZ4N2irbXU9E15k5yzIbMBEIO/iCG0obF9f5BXbOFviVjeCsLXaSUS1FpPCO99pEsoQtTUGncEuPXUc2unNv1SMFmvyiGWLzN6haFMacr7WlkkCYP09nmUJPFm7qhYQdb3iekivPWn1+jA+jg6S4ZhQu82lAPPl6UuHx86rRsma7Z1U2jBV0Grn+/RKSGczxS7Rnuo/Of+48z2YaAV5/fq4qtqjmdPSv7W7/+R4f3+nWyMrmGrwkrkh13eKPF2xpO4yjNB7CViDxZTcy2MadbvoVhPn2nCROwv2v0XPXI2Q6Cc/eE8jcZdwOD3dy5mvTgOoaqw+2HKFl9DDepMryNFBBsVPyQVqmp2Jc6wMFVc8TGDO1lGhO8WQ18HVlNMyI9N2nlP0LMQ1WMOzdGm+GEVz44+XGMNJZ90CsmEKPK5k1a6Pq6WXY42+urZ6lASHgz2B0ShjL0Do4RtYnJ7Mal8ZwDf2aNgBWunYxbzPlNfwmi9CCPRLF9/SP9B+Es+ilVptVcP+ncCK2RuI0JtuNhTj1241Z3KygmOQSDQ3/NJq/5ZOc6608bVrxybGbmTzv+m07Cl17aRgqHhKYRoJRDulkl4/I8X1xWfdEYFXCcZ5KemGHtoPXF8QgI3lbLns3dCc7NZOMSdalmDu8ZUO/f8+aUbWslGuMNB3OtyGnEpgd9u1U/wspKpusIA3mOs7sFXyP1gB410z7Ulwl5Wgte9bGXKwv39FxdmKcoGhPlhF1pID7qNgrAUrvT2AXeEkNP5pzRed06BFTkMlPwCzolj0RDNGqDO7wlSQtlFlRVcOasDBPedlpwikd2Y7d/dP7QtjdDwBKF2PKXGmkdSHBU5nTWZWxfOi0Dly7e8QbOPdkmDfAMwzQMOXofOHHNVa5rytdg33Rl+6K6kzhUTbczYT70MFJp4Qs5SauQJ9aK2GwU69Pk7eSsGNhOPhf346ffu/vpgf2MNcajNU94LwETT1entqPzmDzucMDwv7encOcT1IZ/S5kUe2DSA37QVqbMMMa8LJMp9Ri5R0yd9lulnbeo9qwczn+xrzI4CDKYDaoddVycWFHhwbBkhizO4wciwcYDUD9N4Whw3ujlValnJFGNVrSyPDgFVma8dsHkRk/Qi309pd0roEje3fd5gPzAGcyWDinJCCK9hrjqTfD5K0YEk1gDuM/xIgjWRLXslSXMQxQHdA4dQCak1YPuAHJZYIf3dyZgiVJoptuCfesvooeA/s/erT6cvvUZK40zSK1Hp0Dg9bYhG5Ep1aXMHQuIozVO/KNQDtOzCBq14SXkj7uB/SnCleUbVG2QY0+bkz7eHRk5SMexs/TmkfHbu6PXuGzb//9Gh/GKG3lmfjVeeCyNzQsmOLHURN8z82RS0xEvV5wEKyQ0P6lBUhzrYorUpDi8JfY6YW2pTwVGcBJ/F0WMRUSWby1Ugm+niC5BurKUMwFRDJRUqAEl3Jwu6gYnD0fBujV8xQjCkHz3UxoGzFDOtzpKKfNo8mREaNogkr5nTBNhIW3tFOpVRWBJbskopeZHASSXUPUV/3Y3EbD1rFufsC+SC29+qSGqtl/g1SlWPnI6A2sO5Rywe37K/bXzatkOurlyQ6tqtySnJZ1Y3BqEZX/gOixiGiL2oTM2C7jPvEtFoqdoURUYhi2gwGizuI60MY7UxdZXcfs7ikqlhRxSbkkivT0NIX39AT8hIqBETVEPC680szY0owA8bUgt024djOapgZ7u6Ffu1gx1VFhsw3Jir5760GK+/vnHoMp1Af305dMdMoLPG0YbGSbc3w3Uazg3RNZ+ODeUVziubySfAv/l7q0m+asuMR/72hJUhxl+8LM/NBvxYZF+zUxhhZbQXDkbTd2536SyznRSibjZdkI+03Y9UWthnUivt5yMJ3ogOjek+e6yqCdVQmYEBwzrwg3+0RwMVi3pQJMC7QArNRYZfjJOmj8d7JKfTjgCXM+kS67yR+kBi89qnnXzfn/bXbXteMvu3uNiPb6yepXIkdX4HM9YJwFpGk/poFBS2qpqFG0jQ1z53OyWU18YVboky5IH4nsd0/KugTGXUSiC0TbsB4Ie5S5UtuGFTsuzVRW4fvl+dPPz892tCp+75mipq2WVeCzECiu4x1XHeYtzDOAUb0xs2S3u3me3/ebVY3HBYsO4jHK6tYA9794wS6kfVnR9OuV96SrwarVPrJbugK1/m518RqF0Tv57htH7lN7rzX5BLgW0g+7a27H5g8gi5tORNG6glpZo0wzYSsuCjkqmvfbgsbUbXiYouZtC17v6W5ZZL/3LnDZPFCP4DtnFa8cwjfFd+CzTgVN8H23KHhlgJ60xRLaiYEYU2g08VMF/GyDEymn3x699kc7GcHh9nTXZUf3mUBfD4lKPGKrog2CkoSDkzjwmq+5b3O4ig7yvZ3Dw4Od12+wF3mgvhtMKWHYiEDq/tQLOShWEiK60OxkIdiIQ/FQjooPhQLub9iIUtjOlbo1x8/nrlfbluF3YIIMS23rViKDa6yipml3Jpp+bUxtR+K4FCDcek/v/o4IWfvz+1/P328GmNopaU2rEx+q8QlhN/mXQG9/fBD6NtV1sd7e7NSLjL3a5bLam9sJrqWQrNMG2oa3ZU5181m83BjR34cjeBoPbETZnG0f3QNvjNZDGSx3F8m4LwpSyBmi7QdchBb7DW4kqocST8frYdzj6ztxhipzTJQk6WUi1QcvAk/XL392/6Dcbp5WwDilmIASNIn0d2ta2/koj0ZfNToWGon9NFjSYbsrycf3k0nZPrqwwf7x+m7n95PB8n86sOH4andORloPGsGDhgwKr9d24nFV7obJWOMkrGzNdoWtCGoL+qFCReNJCwSNlL0RgJuxuaYvVxyg34sQxoIUA6J5zVVg3WKTtHfoGioekSmboipC9pHRo09E/bOF8J26zTulcTs4SDFibydPF43+Ulvgh1jK7pGlvSShRh/bXkMXdW5L99U1yVnBVpumcgltLO0qgZbpUoWF0xDz49L1za0ZFRAbtu1XUlvlSpEtHQ5QN/1coV+b5gCN4yzTqJzZaN0oUQUuai9VBy9S37c3EvuQwD7TUVzWVWNcDTHQDN5yZQXaM77qdIgQuf7dD0x3aNbOVc92BDJ3I0C9BaJWwrQrfu7Q7d8tEJDQS1JtGsa2qrNnkiD6hXoX7/yOR+exLZcLKfoR31/fgphNmWn9bx95hiOvKFrpjIoBz2BYtD2v+csn5Cz07cTwkw+NDH7+vCUOBX0M14ZtrU8hJyevDshZ669LHkHo5FHXhtcrVaZRSOTarGHkcZQm2jPN6TdRfz6P2RflqYqOwZwQs4NFQVVBQQe+9oBobtthqKGlnwhMNUUGfwdMz+VctVrSk6I/gk78uIGgkQX3JW+le3Q/AYZ7OkIXykq9A2Kdt+I/OeQr60D40cr7pIohTaMtgUFGPkF4ccXzvTC7PElpWVH8ujTy7MJ+fjiDFly9/TF2zPgxez7ISp8fHE2TIeoC/m2mPEEJ4XSAg2t0aiON3wwt5pxo6ji5dpFwGOZhpQWSy4WGs/GiudK+uhrJC4ttWyTe+KX9cW6ZhPC89/TrLU5zdlMyosJMStuDAYPxOLAX7s1N407odsigJdMFB0M24jwkIrF7OWmIN6XEXKE8BTcK6wYPD3DgEudomeXHbtWr7jyaXqDzH5y+nZ4mf1W3Io+/SyISj8MmuUI+5LBnWlCSmD+32huaRxYeQCr5OI6PJfQuHsbk3npgXvtL+quPZ/7MPzOrdwqEpja0ypMxx2J9k+Ei5lsepLun4hszPADLgxT6TUBH9h9OfigEZBu28cRCpNWtK6jkpauqp7VcnahCw2p2hQHV49wEtQYOCDTXYMlUDwjWzjfaQIuCUu8S85WYyVShzHxpJaK1EzxihmmxjHrbJEIyy5mCUr2T4hICMl5fqjBHRUvWo8T51KtqCpY8Xk74S9RI4uQMOYi56NH7vpVK/ll2B5x8MNhdpAdZIfDs3BqsFl/3l4g5wnk8mPtScAfbhhRa4HTMyyM6GQddWoCDXPrCgrS2kJTRT4Ll1JKjJTlLl0IqQ3PiXZKStwbK+XoUq6G7pZvGFUCc7WoCSa1BTfLZgbGNLvUULx3LxBzlxe7umb54Ip8d3C8fP/P+t3R639++/OTt/+193x5qv7z7Pf86L///Y/9P32XorCVjhZX2bukoaUL9wZhDVZHoPVM2quMl5EjBQGmrkEEQHDlqeKWIf53Xx1gQqZeU3KPkKW5IrqpBgn4+OnzkYPuLi0zrqWJg34nqjgYA3RpnwxQJjy8ljaHR/0bdSeAx4cspb9uGIMsArR+sl/Nck5LL1snIZsFwzVbrc9lF4VWdQUzLDcTDxlex8TA62Ht+muCO02iQkleufR6HCV5o42sQvAxwoEehhBP6ubVyVCUYs4XUK7PSKIacYN5ajk3dqCoipsPgJ5zxVa0LPXEnvSq0UgXg1y0VyuYDwDxAbL+zIqOQ82ElkpPyIrNkpEj8OC3KqXWZAiopdfJ2Vs3d2fY8EscWzZoWV5h2HD6EoIFXxgV6wmSEmelw/pqn4iJa6zbw/8KUnYTIslbZ2P8vWENgiSvPr6BKHgpgBX8EeFKKKT1vB2PhHoFUNGpYFAP180eeiO+enGe3aKM99drx9SLzvuKnbUCn/QG/5pR9uNY9C5n94ZDEII4RNL2cQCNu3VAuCp2tcWj4/Fpq7wpTsstm5wCGjia84n3kdlazPQybecalsfXA9ykIqK90oMp3ApKf7J5c1YLcV0znfVdQwmwqb8cqOmETL0wtn/nhYY/au1KrH5Zw19kWeLLKNLt31qxPOxh8mAfIpQfIpQfIpQfIpQfIpSvmMtDhPJdBN5DhPJDhHKK60OE8kOE8kOEcgfFhwjl+4tQlmpBBf9joIH6+/6TzQOCYrD+OGZC8XyJ5AOr1lgXlqqmYm0PXSRMABzfMjtxPFnaqW7JyhoKt1GlqFj4Gu7GdRGICsBTgQFZEGKTNicP48aTuW2k5TYDheKVIr0KQn/bGiIx7bKU8zp9NEduzpvz3F1vy/2b8ugteeiGPHg/7t2OB+7GN+SkgVvx/XLTPdyGu3fhwYnceUtcfQ++yRSv2DS9W/Bd8Ozff6/C8lZ338FJ3Ecw/LX33psQfPSCOIh+79Z7F+yvvO/eZA7X3XVJ10HoPCSp2DtLfrxNV9ZRYReaQWYjX1LRnpTQ0QLCO7zPJmmoArGyobkkL/aS3euCS+JQaJTJvrtVVvNiSuTcMEG0oWvtKwL6HpDY3tVeSKMImFzWHK/lUPOplDNaRl2BPMqR0nNTWbpx3ZnNvdhngUapRHSNYly3ha+qIHiUBsQccfkXUMCaWPWSQcmThaKV03sV0bziJR0O3hmdUD1I3HtIa/KzqSnUzukV9mmLnSwGYhTul6JULZpqpKvzW7q2FwjUO5GNayUNyw04lLnhl2zYoxWR9392tF7uTMjObmn/a5UH+6dvlvJ053+HJ8++sLyB3gPbIsHJDGpRMwzqd3vUC4h2+MFZ7TVa7c242BvlHpCO2149GGSkgZWdCTyfYO4IbhDjy9tTHeaKcZgvqMCo2LgnQOpBiQr8EEpmSq40+PJ8Go5DyNNyxWakhpr5vomVVV3FaKVy6M9TZHfZdW0y4OHRxn4qaFpw+nI7pe7bc/tw/+Dp7v6T3cPHH/efH+8/OX58lD1/8vi/Nzy+P/puwDGbugL4I6ivpLrgYvEZo44Gm5jeRgPZW8qK7dEyrvx7LeoOFxJw8dbO5IhP1A1n1U7VjQ/Jj5uqG21PFob9L30RzDnNecmNVRtqfimBkamSDfSArjnD+sNt5z7i0/3gme5WLXeB3Jox6LtZUbG214+ctUEiH+NBA0zsnwR+Z7x4VhMCOUQhXBg3FXdag66lgHQvl5rVqsZTR7Ys8gafQDs7xQyLu4G1gRpMT6LEtxkjjSiY8j2h3a1w4sIyJyTpq41dsyfEv2RVIB+PFse+ZuQUS9q7adGyhIBOI1uUeT2doDJHQbsSji5AFOqyA07PiFH8ktOyXE+IkKSixkBGFnjmDQxAFfSiWkO62doSKhrkmGazLM+K6W1rmQ6EzIxupE3DZk7KkGtqyQIsJH1htE7iaRS00YvXO79FtJ77aCD9zXEa1HEb7p8OhwLGSym2oKrAgDMNdcwn0ZuYnTDjIQbS6sKYwZNLVWjsV/PxxVkoxI9t/zxmiE7OuP23oxQ2Zi/J+X+9c3GXj3SoBm1BtcMjeKxJF5KOumO4Iqnluj/5Tpy/0L7zKogDFyhHaG4ab+LEvitMVWQnQNrByrtzF3PiRxYdZLWvTAmP3XXH22MH0gR9RbocBZjuAI9xd43jzhPQFLqbIuZt6B6HsMbfGpG3dyjXJB+/GwLTklBIEwGzfIJL5HpY3ynx+ytErcXRYsmrL1BGdqytkMxnfzg9u3zaCtaRo/kGWWU3uFhIZa7E/uuHHV6JBpZq3QYmji1xgM7oW4mUb/Monh9thuKPEDoP9bfbPC8XO+Ya8cNWG2Ogu8Swt9huqCSfuZj2TdDtofoQIvEQItGf1UOIxEOIxKZEfAiReAiReAiRuG2IhMsy718T2x83d1L7lPXuncTEz+xFS+G52XZ9wLgJGntHyhK80GPBD3Puuvq2vh2o8oDWAH/GRzYUHN5+0clzuIdmJfdWzT8KMnCnmWqEwFszTGCsCg8PLYWxuH8Z+j+5Tu/+e3y9ohdME27vYFrzWacZq5FdqkYpcbiCIirWNY5a6AfgzTuKQXiB4kzkYBfWumEab48WpmKFnYxrPgL2ngSgVelcrIvvA8gL37ww5GOJouUFeEdzsYD2R66pSRfT1qX/+Bl7wmZztk/Z0/zoh2eHxYz9MN8/eHZED54+fjabPT88ejYfqQlyp2yl1hjMSqoNz9G8tetmtaElOFaEPM+3yStuT12RvxLLugAAMlpcsxHoNwbGtlCUpZQrDVJvlTYn9+RuL3zQbMPvRNUyt2/DY5+7xgMpQ6K0TnsSY4CU69gx9Uwo2vYSCYiTEutOOXQtaxRcG8VnjQXjK4Agv6gG7Gvh+r6U2uhu7/V2i6A9yNtF/KSx8ICb2oh30lURgk68ck5exSsfLwFMy6Whxp2P87LRppO0gi6bn6QiPzJqdB8M15ZqviU4Jbmsg8U90BF6cSVwnTV5ToQkHk7onLKNBhcjO+ImPpEon+tWuwEAeLu3SzXGzlEDR08iJO35Jjts7FGwUK+RlgCwk2OaYpwyy6SzcqH0TDLCNCFkd5tEXi2zlRS7F64jDAzQWZebBvfcmIceZ4fZpu08/sOFvXRYJ9ZUNuGfVjpCPUt5YVVS6qI0mcEGeKnCEiJurC47xDwjdGL1klVM0XKLNThe+TF6akqrX5BHfA4nObTg7cVskUhfaftXQac77TsNKwaeS1eMKbA1L6akkNC5a7h20XN6NH+yvz9vRwwMDb6pjo4b/7aZioufbGJxD81J2yVEm9yet7AnoDa3sMcVT5yZ/ZZa7FewkWO5ij4D/GPYyIew/xvYyK9CY4s2cuTPfzgbOaLtjM5xaZQRLvp7MJSP49zD98Fa/mAt78/qwVr+YC3flIgP1vIHa/mDtfwm1vLkJtGoMr1GfPrw5upLw6cPb/wJ65ptYr3BumSG2acT1Ox1bi9XExdXB5UMqVneUrsf7w9wXylxvjF6W7S/UVBt0Yc3tr2eR+8B7yTYzqix7/crk03iMjwFELLCqHOKNfIt8RKAEOVHIZyS5hADW8qF4zr7OdcuS+O3Rpu2x7kvPtcSvH9fDVXuB1qke/AULOorqgPSk7DSXQ1p7BKb0jkut+1MN1kuj4+OHu+hCedff/9TYtL51sjagh95PMwtlpjb4pTTeVgrvOfyyl7dHA0hgLHRaACdoJhpC+CHRNYE4rRRZWZhTid2wSFmzyRLpFguhTaqAeuMVMQvFLJluuN7LNpZkFstwTCdcYtvi9LnAD24jbClzyTUi96BieyMbEPs2Dw9nvpGDjWNrsIAeZw6N7uc3s9sX2In79HZpss1NO1TgbkPlvXs7vfyxQVgSndPcXUGodw0RqeWaxTZcD9Kz+G2vXiGpn0oTO5YO6nGCzy+kKHTCH467V+LAqnTGY3cZwetIuPhx8KwReI92NA40qP30dHj4b5LR4/Hbt5muS3eOINGHGOc4bZtlyU8YhATvi3M7CaDAZywCkoP4IpPMMOyi38CJsylI3qG2Bz29b/CvmZfoG5oVNg6HhFi8HEb+MY0CSAhLRzg5FDkLpoLfB6eURhz1pjwVjoD0yEEWovbriVVbVq8YAr4RuqRQggd90ziHyQzZlbMVb42K4m7fSwbWtFFlVoz7pcvpTKRVwEUprlx0d7Tb6cRkxpZjy7mt4NC2iM/MrdGM7XNLMxPDn6Hb0ftblp3YN+zBED449jEdOlo9PqGGRJ2UcAr3nUMDFdogFdR64XOh+ySRixnJGlV58x3SAsdn8CzAjfj2HJuf+FM4w4OoGCgJdVYd9wsqYDPeTFpbyICioisvRYO8gGcVkTOW5yWG9aRMKq5rowEBgInP0Umz+T3XnGJgQIUqWfn7yGQ533Hq9F0A3uCad+uz8j+uJ9AElrOWKIPXKU9Lu3x7nOiS7lolasr8LRqeNdmdYfkwRNAmLyC7jaJ7niN5PlO4y3DooKVoy8pL9sM3R7irKJ8e7dju/FgBK/vjWCxpHprSpALKPNCYJkGdcWiCR3Q8CLUDJJiXUEbJvvKwCH0SbN5U1oqT4E1oPiBcv+A8JsQogKFz4HzaZmKw063kpwKe6C5Y3yEXF3fwL3S62eI6ggCmqNBAM7XLDYBJN3/QmlfQE1b1kt1JpYzralaj5w8aamc9vwh8e83O4UQpD+LWh+7veq4ShY+OdufivbbNVpGAji9lCvXOXHFZsG7D2EpURFkzNKlyupeTUA8qRLytzFejbWqvGrDuHlcpsEfLVEHbzg7b+UfvCzp3pNsnzziZ0sp2L+QF2efCP6dvD8nB4efD7CBlK/l8z05qeuS/cpmv3Cz93T/SXaQHTwhj355/fHtmwm++zPLL+T3PhZl7+Aw2ydv5YyXbO/gyauDo+fknM6p4ntP94+yg52bnCS3Ec442Ga0jB1MLVvcoKr5/ezp/+ivZBeTxI2b7Q8TEXtNZPdHS2SNm9PSIfJQrfuhWvdDte6Hat0P1bqvmMtG1bq/JR9ZVUtFwRL1BcJ7mSHPsn1SUL2cSaoK7euTZP4TyKBotCELGVxduc7WFXjAoIzAimtGDNNGk0KK7wxpG9iGaClGTXymIIVoyUMaTE3N8tidWBBJ3f++0yTlahjh5XgioXMzlCDxT96/fH881KjM2Rv3WK73MHlj7+DZ8wSvzljjyz+ynt3eLO7Edpids0sIQe3ruiumWGhkjRHS3Ql9qgt7+5nzklnq7XGu95ynkOa5hPoU5Tob0dOzmpp8efMJndnPhtTKWBkZGK7iInSeucFwb+1ntxmO/nar4exntxgOdZmbjxfrQyEowCtGI2NJPTC7KJzvJlMb1nBGBu2t4AaDDi1ff1DH140qw1YD1/NGG+C8UTynhpJKFg0W5Wo0WKSzOOQzinq4x/3cd8kkjrpvdi1YFG/fBGX2R/zXwBAvfBf9XFaVFPBdCKz2ZiCwbJSurojrv/NNeg9NxKrhFfujVdGvuHP7N1EfMI0SbVJSd9WIFFHOo51SXBDSJUNlqZTf+TcozmZoVe8ktI9qiVmKcsWKxAKL2nnyXmtoaxb2+Dp8apbkcP/g6YQcHB4/fnL85HH2+PEGhoaAUttWFClbyoUr2QPMiPVeoAhZMilDQ/XCsbJDro/zGt5F+3QooGVIzTC7CQNlmIqr7gQYmGaTDIwLntBRzn5jub8c4D8+34C7A/uByPOd/oDnfIB+ggFTqiMS4mvIyCCv7EedCxgU8ykK7qol2esYpAy4VDIYJ2QHjPWY6+Rn3SYpBFBDUrudixux3bsv/L832L033LgJaV2uFDMZirXr+TgWS14UWk4LfBv5YsbGioTipiP5b28+WHTB3VDaunTKbsJ1i0OSy4SmzgAMTZ4VxXpNMxYiacK2H0iHgng9q0WNzEEZM3YkDgqysT0BHIHl+IziNRZA5MJ3dM+l6G2+dNV0TW+rgMCnUP1vLWjF8xZyd8hohw3OLsjkFsL13FTIHCqz4r4jJ+WKrjUIRiPJTiHznXYzlrIpor1o/+n9f5BeSO0SDm/Ot+4pMk+efKqt8GmPOloUn+GFzx6kL94o1VUblmbwVebBdqnC8muOoySWPcEwI2cuuT3qqm4BTsgixw6xBV9wQ0uZMyr6rOJx8ym9bWrdCC6n7kVy+tKjZDes34MbjHC9MAljxJt8s1HcC58jlgx0NodZxQreVNdpxChN4sTazQZ3Ep2X3Kw/R6pVwKDRu4xqs3uQX6MZRIAIaF681aq4RnS4HlGnUpaDwz6sakDFPdn9coObCH5icflZykXJcKeNj45B6lcP4KLLr5mf2+iFzC9g/7id/tL/ewA4PoM83G4iq3tm96xeSmU+o0rTGmepyJdS+fF2wy4fUacDWuRaTxDpJMNQLsC9eDcFxTlCA8CkdvnAcBVd3FElivkCwIVEG0TAHpezhpeGDDVbbVHp2Ghvk3AdxkxzPvpjlXTGSt0bLVGOydUK8jW4nAIlcJzAtE6fcSz7Gv81AOTUarcRo7oGLKnoaXnT/j7EmeQvf/UjXzQzpgTDhEU3/i/xbwNYtM/DwZmegi1QEo9+9UZqP7p2MyVI32xD1bK4B4aKKFDLgrTGxO5QzV23bTTSmSzIp9OX/YG6Stzdh2oh9geTRc8FeMfBZMFGSLjpdtxsIIRGKlr3R4LAC+z+dF/DRSCHx7xPEReNmyfS7qph70HID46LcP9fAAAA//9wugNv" } diff --git a/packetbeat/include/fields.go b/packetbeat/include/fields.go index 85c5c9da5ee..0557c6a824c 100644 --- a/packetbeat/include/fields.go +++ b/packetbeat/include/fields.go @@ -31,5 +31,5 @@ func init() { // Asset returns asset data func Asset() string { - return "eJzsvf13GzeyIPp7/goc5Z4X+S5FS/JHEu+bt6tIcqIdW9ZI8mTm3rmHArtBEqsm0AHQopi9+7+/g8JHA91osinSjmfXyjmxRHZXFYBCoVCfB+ieLN8gkslvEFJUFeQNOj+9+QahnMhM0FJRzt6g/+8bhJD+Ak0oKXI5/AbZ397AN/C/A8TwnLxBeEqYgk88yJPgo6ngVfkGHds/E3j0z+2MGEAWD8o4U5gypGYE5VhhhMe8UvAnPPc8K6j+R85oWRKB1AwrDy0TBCuSw9PkgTA1tF9NOFeMKxKiPn/E87Ig8g26MOgyLAniE/QTwUqiCReo4FM5qHEP9cARlWhCCzImWA3RWy7QydX7AaJKf6FmxMM3wxIVY5RNkR0SLsvnkogHmpFhMHjKJlzMsZ4dlHMiEeMKZTPMpgTRiQcJE0IlkvodNRO8ms7QbxWpNAa5lIrMJSroPUF/xpN7PEDXJKdygLhApeAZkTJ40EOVVTZDWKJ3fCoVljNkxoRuiHggwk2hWpbkjVlVN6kBZ4SM8UCEpJz5z92792S54CIPPu9gCv3zVwNEr0c9/zUTmh9ilvANej08HB4eiOy4RYxGvR0ll3rR+5Hh+KJFxYxLpX/bjpJfLJQGNS1sNN8Oz0dGf6sIojlhik4oEQYhlZZb9+kEcUYQeaRSyWet+fB76w3sD7Of4P0Fr4ocjQmC3UPzYWoWf8AvJ68OD/PWuEg5I3MicDHadoTnDtI2g7zVD9McMb11i2JpN6xEOBNcSiSIVFgoOUDjSqE7s1o0v/M7fNXoJ22BO8aSxPL2p/oTK26P1otbDQZJopyolQgXhRO/ixnVwkAQxI3AUrxEBXkgBYgrSdyD+pGMz+ecueFqKHoppJ5IkL5yc9mx998Vnet5m5d7rSXOsQp3kCC/VVSQ/A1Sogq/KGdYkjfoRWp6944Pj14fHL46OH5xe/jDm8NXb168HP7w6sW/7fXjnDOsyHNNI1rMCKtPGsQFnVKmj58Eq7w1h4mdFsNm5riAQSUBLrBEU8KI0DAHCLM8AqlPCHiDmkcFwSnM13aSzIzDqaYXKlyftszEU9ljf9Vz+u//2CsFz6tMz9g/9gboH3uEPRz/Y+8/es7qOyqVZhuLRKJK6mOca1IQwdksPM5b9BZ4TIo2xXz8P0mmUgT/r3uyPHqDHnBRkaOBxnps/zr+3/0I/jNZPocXUImpaE6k/jnFTAs6NxCc52hO9PEdHPWKu4VANzMQjXDuWxWIEalIvOhmSHKITorCEGx2olRcrzGWbgZXyeS7nGf3RNxplkJ39z/IOzuDHdM7J1LiafvsUuRRtXfdUZJDfiFFwdGvXBR5T5ZobRniCLGs7MWX/ko/ab9ODP2CIa5mROjVADUvCS9esIyzDCvCYpmDUE4nEyL0BrXzX4tMpbfjRBBSLJEkWGQzPC7IEF1M0LwqFC2LGJTFL80ZA4rm0pGR8fmYMpIjyhSHg6g9PLdAWcGrPD4ZToOP+mnib41cF6QwKjQ3OrGGoxVCyiYCSyWqTFVmqHZlan3XnAhaw5wIPu+pek/Qe6IEzbRCoEWi05f1ucLQ+ekx6E7AqhOishmRRgvWKBAN0OvHBgHNep/FPBJdJ6hEc5zNKDPrUxPhAYqKSSADCTLnirjnEa+UpDkJcKWpw8hq+iHI8DIALxuaGyxtwNaggFst+vCOYRHEE7f5qVsK/kBzIlJblwRK9db6sxmXQzd0jBCKMpIdD9A0I/rW0th4U6pwwTOCWYekwg+YFnhMC6qWo985I6kBVfKAYKkOjrLtxnUSIEMamV5WIwyAvYBv64XpIFmQab+7Upv+fmReA4In0UaZVJhlZNhL3fYE0oOj4xcvX73+/ocfD/E4y8nksB+pFxYfujhzDAOEuo26hsrtL1iegPCW1YME923Py6afKXU8nJOcVvN+5L13EmBZbkIdzjJewdVjE9pev379/fff//DDDz/++GM/8m5reWgw6nODiylm9Hej79DcH6/23rWsz9MIlv5SUSI132Jzeh7ow5gpRNgDFZzNUzfx8Gg5+fXGE0LzAfqZ82lBzMmIPlz/jC5ysIxYzQDuvBGo+mqYOnONqPYy0527jY/7nb3+rfB2BTOl9fWW2libxGRJMjqhWYscBIYxd8eQvBIZsEwApnGhm5GiRBkXRgEwZ4++KtbM4XFIe76xpRYg+u6y+ZFjX9xuv14bIGiOGZ7qww+Em6czeb82ym9biuzGZuJxo9C44ZHMtQK3vZwKj1SAaQ5Xj1vfB8cVLVSgDTSpUHi6HRE101oS8LSNa/ux1mg0rDaGvpc/88HoKacCDK91RXIE5EQqffGvj3ErC85aX/STBsF7bnOaJ8cE5URhWshABAToNUtgD6bE2T1RzyM7eP/9ScvWlEYfrZqvK33bFURKx6MBjd03Za1BaWlnb0ro4urhpf7g4urhtQNIZMLcWXKhWsQWnE37kXvFhUoSmjrmt+Pl9yenK6emhTHnc0z7aIeJy/cqI1bAMwZFAveU8BbikHOaOCIMPxNe8MzyMBdtDjA/Te6Lz1fKCFOjhgjpnoOVQ27cQxz0YNwh7oopsRxRyUcZz3eC/dTARBc3H5CGmUTspiyBcEr4qOS0oSatRPmOsylVVU7gflpgBX8kEZtbyM6m2t45jMBOTbC+n+0K2am+f3WisiPb5VLa0TVWsj4Ogiu/PwmCz/oeAnCxb+qDirvbsxYkVL+Fiw7lMKKkSyEEFSJWCkGFsn4ajCZUkAUuigFiRC24uLdwB4iobPNz5dPI0Gign+gIA59tC8mn8ex1YXsgLI/MIklL7ErJD2xl4EQLn8C1Azeuxwew2kgkERQXI1bNx6Q9rqegMhCRgdhGqO8Lv3NGhnwykUQNJWnzY3/d4dZCQwZadCmnDEmScZanvAOXQJ5+3j5jDK/0gegt/vH2FKySGpaFTCU6ODx68+Iwsv/pH+OGWNCi0Bv24NXLw8PkxQe+ac/H1v5xfe0PLRKGd2uLK4iThlm4CUCACZNp4UZyMgHDd2F9Qg7esiRyiG74nLgxgVyMQN0RlsMpeTdAd05y6d9pLuGfEv4pBX9c3iVnyb3U1vOJELxx2z8PPuod71JfuTPMkCClIBDPAfBB3uiL9T1l+RB9lDCRc9Ch7ANRxMsMlyUB015BjAlaT7T1mcAOt/6OBUxy7V2kSpJiEviAmYEfrc8G14WdhxzoEQO5Lao29kytCgTQ0Ds8R7U6mG+5RQwWDcfd5Iyxoj06z2wPreCq84enBFeZ1U6ZlfTSk0fVpTzA1gUmecLlcTfccHGmhaG/+7aiutDKqJHEpcivKFZkysVyy1WFqXWwugJErD8P64nX9yAj3OK3GkOZgzNKprlxe4F9YsT1lD4QZvx8VIK88YEb1lUQekQ1x8DSt90Ffqggwm0sjBvoeAnrpgefHCubUvZ4IBVW8mDluHGmttZGIOAO4KAMl6oSNYGGsaLDzD4JJ+sDFks4vyJ4JpJOz6H9bVzBSV3Qe1IswczNsgJuYABLamySZJXQdxbrvJODGKaNxhsXPLsHh55Av1VYYH1jpWz6X/WXC1IU+t85F8QEidDM49AQIpBYooJPKbPnwgDi1BB9zm1g4ONSL+8Ci7w+PNLntFU2nrLQgniDXFuO87wqdmgTNfAMY/fVQTT/BpIwfiOAamNTKLNxbVz4wMn0Zl7K34r0sDVpkrRtV08etwXYsXYZZxkpQafC6M4+e4f2NTdoFfO5EzxEPdPjj8eJZWBbNIw6tiqvnZghulCxxz2cUCNS9LRWQhCmimUMzUSwUFYTYcJtMcuDj+zKcoEs1cPYKhxMPMiU9MRL8kD0Flyn+a8Mafm+ZyDLjUXmDzJ7BXcf27WzAuhXfUuHtUz6xfxb1mM+J5iBnH4gIvCloTFRC0JYHfCiF+c7iaoSKR5BND6EsiBzwhQRWmjN8T1BshKeSEpcwB+TVCqNwAb9rYwjsyFxRQ8GT8z0t+ijZh9VMaxAmuotaqffSCCF5IwvmPFaZapYoiVRmlH/E+XcBMhxcR+BpAwpPNa7WIvQ6KsLif6fb4+OX/5XZyTxqrk3rv8nBNtxca8Jgb0EilStYEcAjcGGZvcyyZ97N6RERz+iwx/eHL9+c3Robo2n52/fHBo6buxBYf6KFk0vmyBYgeOLCPPE0dC+eHR4mHxnwcVcnw4ZkXJSaeEtFS9LkrvXzL9SZH86Ohzq/44aEHKp/nQ8PBoeD49lqf50dPziuOcuQOgaL0Ax92FXWttgigrP+x+thSsnc86kEliZwC7KFJnqmUgINiu6TfyM5QrKcvJITFhOzrNREF2SU6mXPzeyCjP9+Jg0IJrYLZKbwF2qnCIktBgiD1ob0mfC3ciY0aKLJOB+gya4kCHYmozwu9aOmWE5e9puqdmqDr5I/Xby0+lZ7yX7BcsZ2i+JmOESdAiTHzChbEpEKShTz/QqCrywC6A46LpjffjyJu/0XNXN7U+dgcBrVEGLIRVP6L7CzN2guIDEGJzrfS6R4l1ahIEmZ86Eau21EJ1ZYuNrqkNavbylCpVcSjpuBAnCflAkgyfNIarpaBE4JvrwSultZne5F6iEiLYoKhjO2EoqE4gIMRd1jDC6SPkcxj7yMaSmti+smSfi1AAU0HU4PBqmbVfwTYcSVYmmz2RTK96ZBREdxXoWGGY8bcPzN0mTcdRC3ghVX4HcrI7LXGoGLCajwu3DXQzoI+j1nOZUKsoyZUTWfw++Y8YjEHzkkLf0A5s8BMeZfXjoAnSBVEmQWvD6W3/tTWsx2IyvQYwRCwVlRulrDJyaEHdjCTN8EcEcL9Fbm34Dkh4OAjAnZbgYort6nHeG18NMM/9dvDSPSuBMOXkfUjhorJsn1g+BhiH5IeNLrdUaBwsuS3NNLHF2r49EcyvVtw5jr0ssTsv+Wz+SoNf5bBwCPbFpyttMuYbXLoxp0cxfvPh6/v3cD8JR1GJRa0ddMZFU3o9kxkX7SjgpOO5p2rum8h4BFHPNpbylbqN9MpwOgxs5Lyq4Qz+Ll+2jJGjJK2Gv+d9Jr9raC7FerLWDGek78zYjuoQ7N/2d5AB1zeAGJnhZZrgAXetQM9qRcw4krTdzTFmx1EszqQpEJ3rQcIUAO4OaYQZRGs7socUHlpJOGyKjJk5C3gqAWWBz2ElCELbmAxiKmcEgicjmJyasovrOZzE1LKDWRvq2fqAzzL3w9nfnSY2DauBs1pj62j19HApWtfKWMERHFF1hNXNB9iEyZAJgRp1xc3ixnb2ghdivvl4VdoAZLpa/e9XAeY0NT0SQIJdoOhVkCqdnfETWuURiStRoo7m5hXdgPgGJXM4LysJrVHqOumbpyZ7+3c1Vz9kij4qwSOtNU95JNbC3h9La6kC+lcG4KPgCESyXemyKwLEzXhrjoAcRTLrXxkqrWDWXOrRM96AbaAVjK5igBiinAiJy7Xo/S05RM6phPZ4z55Dsin+o918DF2Wh66cHqgv9Qm04cF4eY29l/ncj4ZIoq8B3suHa31rzK7o4Q/sfL86ewVy6sy1wre3fwJf14BFfMCKS9MA3G68qvPUd7ARRG+gaoKebDfVK0DkWSyOIYYw/N4aRxhKFrG2MJ4zK6MQxX88m9VXm9cvDNOL3mnfCVaEM8UzhomGJSpIg6e9NEqILUHuN9BsaxXipiNRb0FpQuFYBcJ473fBOQ7tDND7j7zSFd+ktOo8iuxMXooiYd1gqUB7NoMEtaZXPOc81x+ZJLNk2WOZEYfAMmJztPKFs1PGPVrn42X/Qz/36M+Ghpz/DQizDJDRch+/7WMkg/c7d7D08LjRNkVEdDhWGLq4Mos09tZ1hltsmetUBlm2UndGVTwoPb8ZVNvElgiq7QypX5Sh3hFM28aVjKZ+S3RBGUbZmMRFC+ZTpq4MnUXMDzLhshCD8Un/SbwvoF5radsi/IbsDviE6MXZw5zb3oMrZUurrpEt2GiCMHqhQVfiR3g7oDDI8mmkgHtCl81wGkVqR36+RAuvTPusMOtLYmVGq/vOMFwXJlLMfh1m94BLwNpFiqe9YjJCcPGHr/l8XybbK6l0Ht7XmaftNAozpav+4WWmmCKYsJIaNnaFpoRXQO/fuHRJEVcLkGH9k9NHde21CcFU0PKS/VbiA09CG7MPALMsDMfY0afjijc2JsDi9V483o7k34pqpV1y/0znnrantFeezWWqCDf0xfJcyO53IevqtvwcXC7yUNoVvAAYL6/IxJgpBwE9K2bR5LaPM2HV65RS+iezWlfNh3UEtG1jSRK7V02OQQXbS0gUid6eebsfcv9gE0jV4dhAnasNqOjbLWy5sbqZLD7d1UqzojFLgNSioc3XnU2jvYpPdxQQ9zAcuIdDaHKMsuUFoSg4yQYPTIIJYs1A325if9Kb5Fn0o9QmhL4U3xoKWQuUvXnJYFlhNUjbDjea9xmrtdg4s2s8IU1wOUDWumKoGaEFZzhfShPY/S8nZHIuFTUhKUdxT1tbOyvc4Qx9u0N96uiRbY2ldLiNyJnhOiz5RfjVBORlTzPqSc4MMCrQvSD7DaoDM+wMoAzKWeXJOU6T293YGnt7D4dHx8PVT5y4Kym/RhEU2o4pAuY+NqHr84fXo9cunEhWiTemkSpUNnfT29mojnbRd6ESDAJcokUqCdi+ILDmDdMNw2L0Smw2c4ZyoGd8yDvYXpUoHEBmASffoz+e3A3T14Ub//+NtgiQzmqFUWFUyfevqrypaqgxMZGA27l4BbS8PX3YTNOZ5e3v2j96+tYoSsEVNkoaapMVUIVpwUbSLy+0k3QWmppXsElBwNDxqM3XBpzFPv/MfrObhuvSQtyQoHlRN2px7odTbdnPwjk8NGKcde3oSp34rnQPd/XpyfXk3QHfn19f6n4vLtx/SqRrn19dtSbpVyFl3bFbBM1yAUvp+qQcUireNQn46p6/B2HWBOO9qDGpcgZCKYgVgGwRPRODGZMKBSQqqQNhShSrwuvts6xKLZNDvhbm/CDCfmQvxnUVxZ90edbC4u+lgFviiNeQIZMAWFpLV0xJxOG7wg9YAh6mr1gw/EIQLQXC+RFLzljEhGguQBIc7hdyie4IIy3huI6wZiR1GBWVEQuGnB1sOrCCYQfjk2mpjTwpIQ5LbSLPvWhFpv1VEwLXO5maYy1qvoLRIzthggFjWXEYfPvUI9bmhWOHNpU5Sbex/DIDh0aQzjJeIg0oBmVIcSWKD4g3TUeEoTZ+jcND+Sic0+LbL19jtbVzlb1zjcdxmMK1pLQVXPONbyvNLF0JioaHOiOtAOQv8dVSQHaRunDkwTnw4jlMCTyY0S+zDa5Lx+Zyw3AUZwI5705jxf0WUjXnFmsv0r4hXKv1Fxe4ZX7DUFISwWlNhkyxIPtrWLBDkJ/vII+vTDL6yBwhkeKS1kR+Ph0fDo+FxTO+3thyebI3ADm8IPqMtVEjHUxae8UGlSfyhrT46KkyFk13SYSGmKWkXl3YcsrP5cAA3nBBPx+5mxFOy4ZQornCxs/kAaHYyjCGzmpsyVsG8o//SWIgkrS9e/9BB7CectBTN9ruQ6jYFnuzjl+1zPKypFh/mH9rf9E8VjUq1WacNYUIrd+C1XFA168gWzfi8xGypNSmo3FZf6sI0cCwlz6iJOqRqlipAtuQVwkJA4XuT5KOIMADqDCHMjEYFB2RcNcjjDQfzhHvQlhpJuA6rbFSfLm06HP8w5h7Z4JmGVXJjvvlw02zekGYS3rD1DEMocWVxPlEmeUmvNxRbNbbZUpAJfSRy4NMkwZ8y5HL4r3eaD+4qScTIlFqHDzdf+k9udQXSO0yvz9I162qr61om/TzW1pCMz2hldau+ztr6bJtyJi0D64HI+qY5dRlZIX0SEmWkEj6FOqTvngjWy/RSk/dy+HJ4eHB0dHxgU4CfSqTBvZrWSIbYhIBYkFxFHz6lHkan+MAOY4fMgLu/Oz/qIpY2bzTOQ9WnmIeHaP482ka2cnN4wzdS7s5RUNL8zgooqfBSusA+g8wV1tBX/SBkKuMlrUMKpgUf4yIoye9Ibprj+0stLHrV7F8VGGxnBItpNe9IAX+Pl2hM7LHsy1FBdpIkTFJw+yerCgV8++97B8XeAO1pUa3/dbmGr/f+46kirsewEqcwsgZISE9AGS4KAt7HqcBzG/gnkKRzWuB0TrsMsvX81kic6RsUI/RsGSNcgW83CEsMXu2Wy72ONlHbZug7VACqIytMbzL4fmC3mHIZM1j6PdsRrxRXW7dC6Sb6sL9S4yqrNwtwqvA7qG9sREYdGmR0ZRzufRsP1KXwTijLrUXXSS5IrILoPm/a9/Acev1Gyof3R1btscYZV4zetbpKLbZpnmOD0U3sRrGs60KDRTholQXpKfdErkqUbMxfUDrArBULHCXdpPlwj4uJvY8QRB5LIihhGVjPpYTGD/ok0TAFyaF6hCkePtAvRQD16WRvMtxm3dHc5cI4AiGo0K06PCMpm0IUsK1v3qS0Vg9ffE9ekfGEHGLyOnv54/fH+Zj8ODk8+v4lPnr94vvx+Ifjl99PXgfvro7r6Sl1V3pQSIGlopnJpe6pmIQRpI7L6/oddhetKCNmhHajkYeJ405sr4g99B6OGwagniwCsEyZbrOQUCghJNa1YbtzAE38l2uGFUG+A2a62y4KZ7OQKysiAVoHXqnifNbdID61oVQAvbHu2yjwK/nyxfB42Dc6odGEzrFkKOX78CWVJtlGGu8sv0dYq7TGqkGUibiPhb3XxaOSzqjJlOH8fKbuaG4Sdt4fzQ2sf4e0+PQH83fj8A8/6xiweaZHoe04Z8g6tHseuYlwQHCRv0FRlmvLE9C5SO0CpYa8qAbu0wprJ8tqd1PbnWUS0hsW2W5Qmopk7EbXOxsqUSe2A3GjyPYOcFueapTWThXWbjNOZ1HtZkltNxr3/R+Y4pHA+WlzPFoIP3WSRwvhp8nyaE/kztM8ukaym6VaXRu7EkUsoD9ev1stnT9ev2vmj2DwNhREEf3twKjhMtNH1sB2AcPggrEehgCJ6wJRx064GmerzcuVKIb/eqd3nQdkT6Mh+jMhJiikbo4WlMlazAgjD0T4TPp6QE+8s20Q4bRind5WRaGXw8yQD1bp00fwTr82E2RyZxKh/x0OFgPjP/ZnSpXyzfPni8ViaK8Aw4w/n1Y0J88Jex6Biu4IzwWBtJiMPH89PI4fNA2A7LzN1Lz4dhSGZYw0D4zcATeyadlCPjPDs1eIWI1qjjQcl+YfRaRKj3vo0r7vGhd6wqDykV5qxfUdGGGI3VkiPMX6GtcZC1WJAklFi8JWF6sjtWzEkWYbfW3U+pPJY0ytTL0qDDVy06WxPJZYGI6vDaIu0yozJV7iO7XtMX0Xj1vvGBOUJCOFI4oE0VxQc8Cbly9fPDcL/d9++1O08N8q3g4bMRt6Oya/ARjeJmHiaOu9vQdU7qVymqBfIVh939y5IC5Xuwn2OkDuDIJpB058mjLx7SHVE74XrQwE8kFAnKlWh4Gj5niJYNfZfFOtVbL8OReg/NnQnWJpZCzY4SOQQR7S0DRRh3QNSUwKUxikAlfdKfchhHUWVJS4Gs1kPZbWdCZbvkBBsSjLaZUxMlBIW9P48uWLdCzzyxdtUsLKFpt7iqHEROdy2h2zF1LzmePRNJ+Ys/Rk45oXXVUvQmJBQG4xgXqXGiFrCIqrbJpvjB+rOc3xeeCmvCGcUuIBBMN/A8FAHqG+b1BxKcQIqY9mqyVrazGu4cBu8RXwg7G4zEnzHQac+qrsnho0ZHU8EeZibv1dDJF5qWq6YAjmibsIioHQMKH5jFWKFfG1RV3hJ1Nf9I/lUEO2FtGfik8nAk/ncSGzp/hAuAiDGPW5jydQdlUvyLd3wd5XvOxkvm+Tp5IjsU28q8OxHfEfLZTGRmqjK7GUDbBPqlRkoCTRfdMcXuNiITdsweiLpzQNQelYFnjU8ZQgBXnAAWsojsKavm8DJzV+MAYZAjfa0CyjP6FQqDc0+QGimSv17Utw0XxQX4gYhEwtLT2m4rgppcUnNU2zOuLm83mIPjRsT1XTY+SNM3Hh8N35f0OTRY2jtaX8FQg78OYaCdnopkosUvyeMPo7SXR2JHNMn5h0smbDGdBxdi7aScnY9Y49x3yz2LnWqkBiHoTIPM6Wcyjrph9JzPVHX1sOQrXA2uvitqxfxIWBZJxNDKM0W1w1YrJ9Hd9mUcFQPpigsLaUQOHnm8kKA9JJjNrMrdVsG0cyFnyhkTjZpd9dGte2BydnfGHTcRZk7A3s4Fdq1qC397fKE96IJ9qBHaG/6vWRWXIeYj9JEIPXQtso37X1lvZlQbpbZu0gr6/hCFqLdI7/Z6JNV/+ojPf6/dS0oo5pnVO2HUL9/iYIS6yyPnJn9dUnm22Cc9N4x9OZ4POeZXibx0QXDf2T3Hsi646KfVJ2eH8m7oX4kzByP8yfgqPbmL9B6Ft0S+YlF9DihT5CzABR6PvhIcqxnI05FrkEw5wVtN/acJRKKjTlLv6PZHK4nENbFrAmL6gkYEWUKOfsO9M4IA7F9pVDIumNC+qjh/TN+43lRXD+t99vmJZWw/APf/PNgeYeA+MbfyL+ZP5KzOupS8vM+HzOGbznQ7YfMC3A9hmWDgdSQGMJz6CIdlfDaP1565400b+qEkHPmeaqxqWa9JBC66+NTWq4JvbqIsV70UwGJeWSdeaNWhI95wXQSTXVPHL8Ws3Q8eHR6wE6On7z4tWbVy+GL170UDLqusmNYtgFnyJBMn05impPNQalsA8K7cByIsZUAefrZ80Nwl7+JVGoJMLMH3hU9JVHYCYbrZhM3EiE2Cx4NI9RQ+4Vzbg7CPXsB8IZVMNpJYDnnDsloiDq1tdSijqQmD5tcTSyZqtGq1XXVQ8q+UNTvuEaZWv76jmGNDPVdueajVjv3VP3dxJMMtI6qEYIzFXXswFt1O0hN4/14kPcY8EXJgTG9tLq2upao/XX8RXszhrhX+6KDb/nxt5Uk9BY8KyghKnRtrgoo8qkKPVGR9eFmDTxFXwK2mMdT7QBYrqGh29jy/sG09mQZ1xpYhhXuHv42xOzYtib0CMILtZScxGht5hdjd6QucEMAGmzYWUCDydZocBOSTDcWq15ywUUmWmUnGo4SRrl+3Ek5TwsKFYzIzgnYqAPwJxMcFUodPe3g7cuv1j/dhf4fz6yAgKvo8IErvLAAFFfQm0GqR+QLG3MH1ShuVbTg2xOsFT69QevOGKc2UZy5gvZXL2zPtw0JTy9hJqNfib84ioyA7g4FHj5CaVONgkZ8Uf6/yr0cF4dDbQq+gb9+L/7ie96BD6Gx5IfTqVjnEYJCa9eRSAhatDW6DdN+BruuXWu+Nj7XhbVlDL5fI6lIuJ5JSmbHhh/8wEsDPjd/90Mwobyc/EfJlmopCUxXS/avSS2IqNNwIVxgRs6SkcHMu/9hz6XgPSgKV+K1QIH4grRVeAlEeil8Ya6u7/LYtih9IIX+5HkH63rMfj+nE0atMCDLmmuMCSInEBxy0qbllvNa6OmZ/UqLxtk1lrMKgqDXtChUN2PZJ8Rh++XN395N3Dx0Vyg64/voWz5nlYu9kJFS3/gxUpDE4+o3NHS7uKU1AA3Uw16kRAz9DzXO289Gq0uYpYfwD59Ojq7f7Yb2YZa1u7G2BexIAXBsgdGySdqgQVxbzRjxeHftooR5jHGNS71ECgkiJiAcDLHTNUB4UN/cYcNMXKFiO0dYO+tVsqhM/Fe+ibQ5x4Amn3d/Dml0+9B7PZI31Cfdl/++9///veD9+8Pzs5uf/nlzfv3b25uhnNaFPTfmnLo+PDo1cHh0cHxy9ujl28OX785fDU8/P7o3/rdn205XSog/Cq7J8rLShimVnnGhDAkCWlywZ4+mv5pxjjnUiFBMq2F1h27Nh3zJHAKdOnRLKcZVkRq9cN359JzVbdO03jgAAJ4+nuogTZA7erZgmghLE1ZB0XEnOQQZwCk2twQViybdBZ8UWc6dFKqiND4DUfnaIz1nHBwLjFbUGhOlE3G0BqvV94jbA8FZutQMSJgCf767uTSK/UuwDRsxAXlVCLwvFJEjNYjuYES24huiiu+jkeZEn1tI1eCl0RAK9gonD4sE9/pRS5HT9O2914eDr8/ejVAB9+/HB4eHfXM21mhbdPSFUgLb2pNF7BxqkUwA3MQ3OFtaLjN23NR45KUGCxx+mqGzXmUiLk269235FNr1SGDw06/W3wsEbX7MjdtfAKJp/d5BNKJA1fNGrZrN51fzPJ5gtYvYgTSRoDtdBFp+fC634AuwpV7vfHKudWK+XH1ymninrpqr/2qvd7Vpnt4/SVtu77rltp4my/fNhvvC1rEgKQvYPPV3d2jKYkSqVZHJplMEJM9YlYUWu1KRZkNbdE6w5xgWQkyD41aKHHUobjO5sievSMoMRY91eHKXEMuLA5UQ2O+4YYrG9ZJBFRD+6QkmEJvkXqR14kTWygX4UL00DDiNgir6kgGcMMUwd5CeL3gfcKZ8DIa7yc+GL6Yw5yWIz3sL+JI2EYT23TtYuG4AW99uerYunX8cpWxz7jxvqDDHIj5YjbfdvrYZ99+X9A6BiT94VuwkZTV8xAGA7xVKHZ2CO9UOwz5S3GnLH7VDvtqhyFems3L9Va70/dXiObengV/G8tdsN5BfQNryVsLmJc2iuf29Cq0ANLcW9XBRt+yqt8GfqxtjetRoEHLxh6r0o3a6Ulj81oj7WJGILs9EeXg6l7vkzlVdtOZ8Ii6+xMXdV3j8Lna9/5siP5q6qtbPwZl9q0huuQuQsFvEFe9y3XHCHZvVOSUV6phuIRWM6uHrWXejE5ntgWJ7U7Tdkca6bjAS5PaMC8rRSBAwkMyXRZyUhKWS1O4i3inq2/tiASRVaFs5ITtEeZhUGbe16KqdkcBhA5X5top+vDn4I/zIMpN/31jQluaH5+a0BTzcTSlUZei9Y615w9EjJ+bl5KTWke6qLqFiYdkXwS34H7ctMiEm0iOOHtmwmRu/vIuBII0arR/c/7u/PS2znz8eHV2cns+QGfn7871vzWUlkdP9qgGdBuEZ7k3jOcQSAm3DyROS6R4YtQensvdh172Venyn8FXIgssZ2j/+TMDwLvG6cS/RiW6e15JIuTzo7tBBNVTVz9zZwBpeaOlpe0kGT6olqUemml+WoODMEqTxh3pDIwrNKFQFhPyfIoimgEb3xtNc5AOvYm0gtqP0G2/IaRWzbKbpjjQSvNNNAX1s+FA9aP3ZHlgtjmUg7BP17vXvHVPmr6nMGd5gxjWOlWZMoTRrJpjPUCcmzBWcBqGw6TKpJ/VqxYUi5Nc7yatuZlGiD+f3yLLKiNbZ0ET+yel1UID1UZb0CgcugnHbDB9/EIUGkDUR4gwE2fhNRdd4Hkc7htkEa2YDdfbDAAQRYSMl1mfplgYx7gWFfpY0QMNno/W/nYm6EQdXF+dNt+u36iTqXxCaTQYxuveBR2kvzeVgS2oK1C0IB7enudh/FYlK5sVZoMGIWLYFReWUVEZcH+WgvigRIEXpqWOLabWLtsxI0U5qQqjGAtejQsiZ5wrE+FulRqTbm2VmWv4oxlf11ZbHP5wN7r2PqmIADubG3KBXjX9lD8XG1vWcQiW5gJgz+EFDapz7UNbJ3szMoE9nBVLK1fHlGGxrOF78LyqZz7usN/KOG6eJNBnbucjte3r/uChRopweMEJ9OH3wcdoP9CO5bNNNOMQerPtdiNYJs1xZsYUnfc4Xhb6+MoKnt1DzIQWg4rze6f/QUGpFVE6WnMjGZVec0YQyRE1xo5uTvElpaxGXWRq2KdXHzemqguXudfRNaEEEJ8V39SavAB1cALtR9LfSVO5afOja1FXEDZVs7p2DOg98JnDc3GFAuGn72Qmrjk1m+YDF1iTcDuYUes7w9OHbbtS/lONO2cyYKzWm2sih4DfoKyycqVHlAvcs3HyJsPbdCRrVXzwjQq9iuKjUa8/vkf7guDiQOsQB3POqOKCsukzuDtluL7r4UJyUxrB9umC+oaA/kDxA0uIvoNUzE06ZESdXd6E2prH7YsHU5nxByKW63ZyJrjfySnrwk6m2BmvGtYHxfVBTqTWTqmcmSFEzGYmfwPB1DmcguN8p2PRohxy/WAQGrypc95gCw+pL3uYXohQ8htaCxBfpc+DspWsJFqQonjyjOR8/sRJuWArBmHuXqZ/VXLmPJizD+8bs3fBkCJi7gXTry/QJX6gpjQNuqVQEuDk6iJ93XTFerK6Us9dzuenZqHeAY5zlt9FZRRaT9woLEDPd8lmBa/yINcs6tQOIXRaN0yf/e/tt0ZdzhpN3nGe1wYlnOcjeGDkQNYx/p1mMv3oEN4aOrB2YHUtsWxNumVU2TSicIiurDUm6CKoAQ7QNDON43M6pQoXPCO4GU4Z0OYKufeIWjQPooszR9LMdumfUdbMtUxhCPKB1+EIY7T7YbEPjIJ0AD/Pvh3/mgtU2Mh/I+Q2F4YWVC1HQepwnbUgDwiW6uBoTXz6SQAIQWZxkPFIpSGHyo504ZjlIJnVr6onxX5z8Nif9ewrmpafOZ8WxOy0buymeutqBLYo65rx2Y2e8+we9o/d6Wfu7wRw853xtjRr3pvv9J6VMy7UyCSz1a2QMctmXDh8B36Xd+j6niy0UZKXvWlAoRn/5Ta9LjzAqEVLAt08bsK8ZZUIAOcPXEPAAks0rmihUKgQtEnZvl7FqcfJkh3AalwFHpOi7XmLkr/R6gTwNbRcwEwYPJ5pbYSQZdlfzF8JIBdswkNGtUpMLHpq3tSfr+XMIDppg+o7cti74dcaz3Cz+sF3stHPy8/SfTXWXxjzlp2rP4efJTDV3/tDPj6xa6AonKnVm75+ae30RkRvNsklz3fA/MEMlNZ5kfJ958NqWxETYLriOfp4cdZGpP8vS7xtCaUAVQ2xjYznZLczqCF2TGFf0dEPkYGG5rhsY4JyYabO467QBSDTOHcpjgO8WSSZV6HdwYGUxGvgWgmD57+VgZnw5P1frlr2QP1h3efEJAzVFdFTIsBCRRttfkHKYnmQrGjfv4gQ0AqQoJy9LZMMFvyB6wynP5wpVaYx1rWDD1+mau/rVxoV155yDpBHhchjWQTBPEBlqqVAgaU82Kpp3FtMC43G+nMBYgKT+XqnqC7OEnjIo+ksszt1y0FcgexgBzVdLKig85L58UwzwcxHQaDI4SYlfWijH3NeEMx6alITJIkaoJyDozcTBKt66M9/q0iVmoC8UZBiK9zevePArscPJZd3N3pPAashoy7cuFL8ICcFSXTDehL2AKBBauyaFTOVLBMn8sEC07a0eBLyoBiKL3NqjODeC2O2XbLDC5PVnIgDhXvu5It2k2oHZIAecEFNV3DreXQBfpoZGClSfEgK+kDEskHBpgLm1k/Cgd5UU0ZsL0aD+MCfVA4fUniaFHZg/j+A1jdb0lM7KLyb2E4L8MjA3uNh0cYE/U4Ej2zG+oeRRbE8yElWYEFy82JKSPuF3C3hDiwYMXHnhhK80leXg3vSp4H0qnJ/1vtiAQZBGyjePji73/nuce3KoE1kphDO7hlfFCSfWt/mJPD4p8kqeJaoxbqzbS0JNDu0zGQ3d+iDmOE4LrqsnDPCFI5u0UwnB0ZKbUf0mZF9rphNp+CjkwOoYL9TbAAxgQy4dfubuRHoYGD1Ba9lvY1DcfcAfYZSCqIVO9vOcx0Oav2axDssfTWAUpAHyitZLJHHanil0TyHC4SZaZnkqi+15aEt+b0d2Sf1TqqLiK/YSb559VYXuw8uTjgo/Ochg/JlJgYaqpgjUg59u71JBOsBCz2nUbBcNE+Y5VjxRA+MJ66vB+hkYWo3zW2Rhe2QXlvdyYPzh2T6oFGEqR3oze8v3p/Xjscu3Vnfqp7DjaibFsIynscpLtvS40AmZsB6+dez5tOto+4YNKhc7wutWK/SoOZb93275OygJMK1Pds/gipO4SfHz1IpI4JyQRNSfYM6v3bEDtQAHeqt+WOSA32X/dSldKMBnwTxHwHcoLNBUprDdZ9vidrmOCluTROKJ69JJRXpHKUncVQNzxtvwpJXKKEK73KO3WG1cn59vdzdDNmDS6HaXoo5LMvSxiS3sUBUwbbTeKov9tBLTlq3VfvYLMvdoQlDowCbCyHAUmKWCxxYCE/dZy0zof8GPbx8/mIzg2GICa3PQ79ItnipCahNBHkdJGYBdZsfw2jYNBEtQloo++aUtU+WbozrsTbD0VZREFLRrlIfU5JIKGsRc2syPaJuC42MmTbiSVEXum6jTTeVamF+q4EA8y7BhMptvVSB405/MWqpBMHzbXGjE4PHphEZoHrzINNBzNaWlZCKVK+TE4qQpqhMD1LzIvqbjfNH0woLzBQhea351481Qh/NqHEI2ZgY/tY9A7zJXBuP/oQ5J6ZNKjE05FRqeVLpa6i5NuFMVbhwxHWTZMItt+LDE9dOsI6X9lmyUTDnmOfLoAHXnKB9bH+hEhV0Tm1Q8/Gr1+9/QpTZ958Nkzu52Q5v3WS2I4n/4rqhGSNRwDoQVOw2e1I9iQLb0eZCK5aN6HNJLcu8Ft7A8bhtxwslTpHUKwLNA2DvfCft41+F3Fch91XIfTohl84/N1mzT9v5Z0RhWshAVfMNQQzYTbd0Q5d/0vJG4qgq2naJxvj5onsvp2agzywEBZL7DD+kh1XzUQdNaB1LtUi7bjJT7RbQOJD91vg0oH9iatViAudE4ZXEdU1ai7pTPi85VAGduLVykU1pElbPYEjkPVk2Y3PSxHYzVZLkD6xY+lkz/UIlUejngo9xMQLzjhzpG9LAJawCGY1ovS6qVau0/OcnOcjMXUtv10G4Fb1XJto7zrG0GXjmAxW1EJ7bSIvg8fWUZ7wYNd1saepXbLUW6Su2W8aLas4kksRGPNqgPZfpgyEbMa8yODjXbMVwJOU9WY4s9E87mKs/+1FQlpNH45zVk5gUdg0y8ZSy6QiKCO+aY0zKeg3flEwyGWUmqdxUVZ9B73PXTZky9JeP59d/f37+t/PTj7fnJtFPD7dy4KydQQlKHkjAbrlZ06DohPGjU2nWs/u0WSGXNjrkrJPB81kQMeNlDgw6KDCdYCavVmYzMsejVvBOTFuv0/C2nhTFtXIZgu7Wpfodjp0E9pnAFqltFndZEAaP5pEHXjyQfPWJuOaw2ZguyNkyn4yhaoy+Pfpl1Stq6VtN1qrTZDc0mbOiN0Et78ouKQq3gcQ0R3gyMZLWoEX7hNbFdzThA9s7elmSAZpUDPzvkEXk+o8biM/WTbOYkt2NCqBpsWpE1d7bj5entxcfLvegGcfJzz9fn/98cnu+N6i9sN4huprQRrjrlpNP/JQ9j6drNRFYdGoMGxPxgRFXPg06muBs5ufCbOV9LMEMo/9ILGPt/CIljh37MVFPknxX1+dXJ9fn28o8R9yIdk3KxhPXknsOh1VHLs5WL6Igv412dw1IbOTa4vD1OvDHkvz1OhBT//U68PU6sP11ADVs/Z9Wmvp0MRfta6lMXgnMz1fB+lWwfhWs6Ktg/cIFa9KlIauy5EK19PmOGD+0Ps6vNRVRUVd9FYYmbFVpC9uayhSeDseEJhbcFmVxPq+Mz03xFBz5xTBDH670xe+mvkAkR4srNdPc0yqDjfo7clJByTZw3daOlA08pr6nGXv8DZqTbIYZlXM9jEq25Fv6bImS4locuZpfU6Yxe/ZNKqg1hqWMjGQXJzXNXGgerSTp8JAtsNCCL+0d7xkLAOXmLG4Hb2Ci33mWVcIkG/1qvgF5D0UF4IROEhU3bttosaFsMioryClocOaJ8/2CJxboEyQj9MG2iqvLDUEUNaLGwnh9/vPFze35Nbge/winX0uImuC01a6/NebOnqhvgwB+iD+FtC1Nh/6VZIo+EAgNTVgY0YQXBV9EVXfC/tyMLJ4LMucP0Nk0XzGWoPbB7iYRcsRpucJwEheaj7H28XunUWqwn81Ybfk6t17coPihQYRcAmob1leT9VeT9VeT9VeT9Sc0WXec/lFZ+ZCWtad/rR65+gmuWgwo4nXJ0dtGtFEzRgszZN+HggzhSYbj0soAiw1sBX+4VDKX3E9Kw8JzLuoShnO8tPA21SUaNR/iuekbEBiMyo49FVnZScNcprBsrFNEU/gkQnahWNWUqKBC3EZk2JN1+5PaHdGuNIQpq9F+sc+xLAjORxlnJisqawb69p2rFp3tAzpAYlthWPoDk4QSdDo1SZ7htkhMKmpkNtC02wptHCq2yqiilTLZvNzjQt8KIPUJ1Nz2QNeQDwA+Oe2CQA6MJX9BBEH3jC9csVczCrh9hY6nGc5dJq5r370vKctA7FXM1j4sgrWqIy38Yj5bu35ws/pc6zfD0P8+SInPkWrVVu8idlzw7L5Z2uCTLthixiVpZvBDoUTL92AmyWZgNNqU+RaCqqhwZnpAm+z8M6vYRWo5XPg1LrvR6Vyrd9W62c6xwiM7RSsJbGcJdxN4oaAtjnOxwjTbbYElwvLeFuIDX4HeAfYuG5UBSFG769sESHt/e3DRzphC+xOrwq0haac3iR3QI9Vc7dCD395AFTNiLarLlKKEVfORpr0SZGdqbc/DgzyWRFAoiIyRpUHfy0COkqyqu230Eklu6ne6zKGVcLMlxmIKAmV3s7rhbaGbbF9SdpaVDy+DrM+zX06vHl62Uj7Nx1GGZ1c1WAcRbVQTLqigPto83fU/o9kLW8JdnA30HQaznM8dD2b6HGHWwha9aWydA+OniBqpme5VxgKuTxkpeUabLhVfxSVMR5W+1jcOYTWaPhpza6JdoqmM3pqQVVn48Wxc+o1nYSFS4FIP0OgvlqYxmeKgSWf2W0UlNS7A+IgXhJEFLpwilKC56Z18whLaZChBwGUar4TivhUlmvEFfKX50y2P0UgjcBSamJTFEh0cIGtDgX4FUiEu0FhwnOs/kjX5NNK4DbEZUHdn4tugSlbd9bOuYd5Rl8UVudoMWYP3TRMLh9I7b8IJgqw7jcrnmdVExbB8qyT9SiG51ZSxRHtLXom9sKdpinc1uh2Oxk5gOBY/QJeiZq4jlSTJRsCMPCokFSld1a4x50oqgcsV/CxIgZfbDgOAhINJyBjrCMVZ6HCLIO3TIRkibKbAgLRNIbtZN27A3msz3nqavpNRL/Z901BFLXgKoV1w9oQyqu0JC89dt7OttSiwPg19RaAh+mi8yxEkPVEf3r49v9b7XP9xcvrnVVWKeDlKFiZtk++r2WgWAuHSf2zeiFMaq9K+gWGumlogOZCpWZ7xcrPzIC7/pl+vt5E34gH/zQSvprMUTizyBRatC9IT19ZdhhzYuvcIJDjyDBeIEbXg4h7tn2txzYgaRGDe6YducXE/QERlqXkynvcWsU3r0qo0aDs7qWvhKuXNs0Zc0W7NxLjJ8fU03CxFCzUmUE8cCveQ4XToG+kMWsD4ZEKEL6M5QDnJCsrIQJM1QAzf6+8KgiUZ2CCepoGiDiKxLfpGFtiooC33Ym//d2rYVNr18s2CwGwMQ6+lo9sidS+iFig7eyRHpsJ5ZfN6w76EyTFa2HD8jqy8S46QrjSn9xscDbRBN6h9Pdizi5vTD389v34GWmZR8EULXnxguLfhIMR6mIpmVYFFeNaMiVcuukJk7Fnta/jsZOjts1trbg80r3ARHePGFzfDLC9sHFYL1uqgF6/CfbKlc4xlhKfH5wdoQkasJ6MFyZ+mshqzziCOOX4c6QvUyAkeSX9PC551HcA3GcscP9J5NXeJ5ZG4cfpVx4A0Qy9oUVhNEmcZKbsGB0E36zhsl+IjEB5Qksv1GC+WrlZV+waofx4Iy51/w4TahYIEiqYGoIfor/C8RHPc9hpkM85N/FZOJpQF0t1iMaFI9axIqwU+kDawYHM3aBKmAZeH42o81aGZLWAmOx37UcSdjmGv1mWB53hpyueR1dztD/SIvg6GyPkcU9ZUF3fICzGbG3RGrwS2bl0ZWsDADSCI5AVYymdcKv26RA8UGx3KwIQC5TfQ46NrrEyOjKzblWSKB2TlaGvgGOmTGrSImtQWNEO6BSJR7c1o3A6TQzOM7Db2krLpyAY9JkeajKBYM9qTSBHQzKhFrQqWWnFUMTwf02llyqT22uFQagSzaoKhHo1xf3ge5nVXJlLLuxYw26bJ1rbhEwUvm+PAhGLojZhXUgnoNSy5ULSCYEgAnzzgLYVjogW9HDbu4i5kBBSJ67en6MWPx686g1/1gTOaY9nURZ/OeQYm0jBX3cB5XTCcJcJLrIbfQXelMujLOuKTiSRqJEm2s5PQtkw0kO20xsLCfhWZbL5rr72dCMq8cQ06bJ1yLnLKIG7sI6N6U+EC3Wqc+x9vT7vUbMErtSPNC0wOAG6VTKj1M9v90LzSHqdbyV5aDKzaroUdLNh6Kac3ww+vfwgfb49mM/nGVLnj0aROqI5FoXVe/+XtVZv/niSx3Tn2OU5dFnVvXEFUfesawZ10ZNlod7v+CdewpvEbWZPS9flfPp7f3Na3tI5bGUYwFsOOKYMkim5JQ2hdiutQ+7JYGoLAhvVs4FRP+0AlE86lxrFolmNpS0d5YmhTdwdrQde9xNwGkivRaJHzxJWob/u1k8W2+azj0tJkIJNdHWoIsK76g8uTP9f1aVkQCA5avPU4tkOGTlapGh742fnpu4vL8/quxFuAvKMC3P6zyNprzTG5O28g3KeHmQLcL59yd8Qb2HALU0Q84MIcb95LBDaFeSokoWKKFtGmEJgZh5JvcnB9fnn+68Xlz9ClsutiL8iYgtX3/4wR/3RxebZuyGPO1WhCC/IJr0Zu3ylea8oYMGvEdfzTd/rP74yKlODu2pBsy5r7oCdv0YVv7YWgbmXKZOh0vrxpe5wvbw42qiycs83bEG7V/0prJWeXN6jE2b3WAevbsu9WY907peBTgedGVZ4SRoTJKGicBSaFDeAGwKhEGS8p8Y1/EhGW3d6LHvTXtQ/t/R6rxoa4pwxqspkARbvqySoWwGIm9Y/K0HfLBZ1qhZgL33VGLK11BQZHmRleBC5VttQb1yGJsMP7PMSVmnFBFVZbt6M6gVmCFCx7lhofFFbBcuTGKu/9qww5CpYtM3XTGOFUERsDKlW6drsZmCBZBeVJR17n+xTDW8wIGJQsugcXnWpTGGGMXuekbZtnYJToMZScSLp1H5U16+ROXSpIpmToVtSqRiVkRRpBGWbEfgaK5RBdd0+Hsy52DtdnRY5sP/ZPyZOOTDtEiIaEnu6hBIlAevI6B5DNSHavT+KcSr3un2m9AJfs8ohrSYuhmDA0KvM2Wh9Q3TkcJSqmdbN81FldeVfjgbxJiMSiQir06ujYZkn7ZGat6C+IaIo/Uzx1RUHolfLeSXitbFQSxHtSkl5+OL++/nCd7LZkpFFDEVlzqoTCzfgr9UpQkg/RxaS+FRq7i+1XKhHj7KAUlLUjNbMZFjjTSjHaHxN923pxDIa1MX8g6Oj49TMwvmkpxCUJH8eC1AV0G4HVWCIiM1zqc1pfi44OXc1difb/cXZ29myIfsLZPZIFhhLA+rT6reKQKiOIe7lxAOKxHKAMC0Gh5xmsoDTJ0VrbRxNCcvM+GPmFTS38hxqgfwh4LoL3DxZljSaXb7FYDKfQkn6Y8VRDML+MDT92OyvZepwFybjIZWPxUrhPTk5OViBsJm8nokywcQ5uhPXicgVOoop8VBaVHHG2crQEsutM0kJ5YFIxLOvuk9t3Z8+QhoI4IyYbCRoXx8vd8pno9/7LESi+exPOh2MshlNeYDYdcjEd7umTYi/8oKk/EeQrs+T6HjgP2sbevjuz1QHMpYQhMh8TaPmd8dIlZkUADTD99Eyp8s3z59A9LpPVZEIfgYLU/OI5/l2vHh9W96lANSYXvbolrZKWDGEh8NLtf5NsllMI28RaNwT/lAlxBXxI2o54vqb0eNnSqzpVDktzq/jIU7T+MDdB8kpkxPOu677sFbq7nMmhRX5nRF6YxNcgb6WgbYpW50DwdUtCUlBJBMjV5ALbXzrkhSOmr7gAJmuMvE1RkpD3f+tG31946ENuCyJS4sTPgSr6M0ZsOQi8AlarSSzTHC/RmKAMZ7PG+TQmEy11aJhjlVOZYZHrk/TfiOAuEGZOMKs1J5iJRBQs46pGNUzvgc55aOis6zQATYL1UtUx/GbkQxsCh5kvJ0Sle6MkcbSzdz3U3ni36CFMv7pt+u01jJJPLK/qgHx/8XMCC+RvUzKbiV1N8R8krWoCvMRqAu14ENiZm3gBy26UZUWlj6hmtm+s4jVjLK7AqjImOBkpXSP+QiRmQNBnkJqXN6tJ+GMlp+/M+dl2XN0L9Ilbrib5D9pyNQFrtlzrwc+15WrEX8iWCwj6o7ZcQMKXsuW+KizBXPyzKi28VMN2N6sWS51rVrLPJXll73AvDTxvNzpdY+sKW5gHyXrggtYsfXN+2jEQ8qhGYpWZ6vxREZaTOmXOFhBpisF6WD+dnP31/PqmY3BVXjYDZ9cLcdswmYvvJPp4doVKvCw4zpEGhPYpMwa7Z3XPTH2fDnxYv9zeXrWcWPrDzbxYFipKurEadVtSrTE1xh11xWyNpHfnzFUpFeDgbgYtrNiYqO7YLpaBe1wfeXoCrEQZph/CgrT8FG6pDz5eX7RQ6SlTtuCpE1YuDdG+DlMBhXC8lzRsoO0cX4qju8eDxWJxoGEdVKIwAbT5Xbq94KqWezspUdme1xM0x2WoXsFYcGliIcNG1dIrVKn+p+bnVxPDb4ZhGhqWrsuf1zXGBQEjsHusbh2Xiku1JIAioVchak/lXZAglJa+DpEkmgFU2z6EQOmZz7FMr4Be0+T0rwtxaVZGCjdLv2aOqb3Ws+Pjqs2WqH7UIhywdXgIUCh1Xx6+7MgOmgncCp5eice80Ynpkis04RXrSlb559kqbfe1+dlqr7SgQQPN7fZKC+Z46feKPfBoNg8PvIvT9+0Dz0yc/mqzttAWNtooeqOHhtRo5QmEpfp5llxKOi7IyIj85m562fj7dWpTm+3ejlHrlSN5gmbVHDMoQwVnFRxAXmHsFiXmm2Ra5rqcUJ86BkVRO2En82H7wjYSpVMEfqLp6gyQ8V89ccJcOeauGbPQnzhlgfZb65lzMocLULD13tuPWtvPfZGnlc6OzRdgQBttQLeTnpQV3L5/OTo8XET1eTAnTJk0IrOlIboowwxKS44pw2K5F8GacIHM5wdjLEk+QHv6BN8zAbjkUbmPuUB7tkyO+RJqecHfEcA2YWu2TEHZDuZD4IWRwd53zIUv62O/kOjD5bu/r9y98NwOV8eRZNy0Pm22Pmjsc1DiOt08OXCboj1JlCkMOiUq4Q41K1lPPS8zKCCkzzi4iJryvBA/lsbdsHqZeVu9fXcwZ+dBqVZNDfBcPQy/2330cDPH3GbDhwH0LooumHhEJ60pssGdm54X27MEmDl8+uEwDAd0G/bj5Z8vP/x6uTdAe+84zvfitPW9G8UF0V+ekYIo+O2UV0wRoX/Vd179702Bx6dKFADl+uOpwItCP9GEhZWEx6ssIxJ+fYupfgvq0FZqtrfxGfF/5yQ1B5XiaNApybws+BJh5i5Dkgz0PVkQqLgYc7jl2xScOTU1RiNVwko8iKbalyQGducmeugX0Nw27oIDwWNJFYzw70G2wSgu2/rE1XdRgY3qrU1Z6aXBfmpm9YDTBJvdbETi9sQ25UhdpgQMcgwqI3dP2x9NRjgZRpHfSAfbmBBAsX5C/lhS3KTg33ZOgwHqLp5Ggvmwf+h8UERHVQQQLrPNQ3DlqfxPPQazDA/jKrsn23oXLRTbDCi85NvRtUtltCbTiMbt96oWVxUu6iDLKADXz01dQTuCsN9ajk5JF9GdrtG02SwGJi+77j6ujLKY+g3INOt8T5btuQVndn/6XDqohhUtstSnvz6cwT/RR5/dOTl+puqSTTUpaJ9OnPVp1SSBo90aXLZcy9rf7isDVax9I6m7iCZSV2xkshtEzokEB6QkLAd9JscKD4zfzyfizymUyV99mfj8w4wl0icepxVt6QE+kcu0AvT6pS05krvhStOIyHoMfMLuOnazC/FHUOgESL8dAS7GdTxivH5vUPPhdQffUhHTNM4JZ0uyucbDTXpChFiZbfAlU2imMCdFIrdms22WmbsUoiwTYH16nhP7GwL4a9UtyqiiuPiEdFgM9uTyHs/Nj6oHIsZcUrXcVikBQnxrECuK9jz4PSdxVtAi8GLUaK6yhVoS2Frwom4w48+sPa0BSDQcDvfA7btXiApl+pZsPlt5shqCTRzHqBn78yR1xISEuHJQWqh/Jws8RvrmLOmUfddjAnMi1U6o0YDA0MTZliThSvE5T+RgbrSmhioHC82hD5nNUAaS3FeeJEQeS2EaNUArRVM2u+mJS9hepMIsHy/39v90+GyA9mTBF3v7fzrSv0OTICnpA9nb/9Pxs4Ez0Wn+skmvkwYCL8bAKGdstytmK106ebO1axmcAGikQm56dO6ULHd1TZG12XlJHktFE7VmN+R1rLDmFiqWLh7Oh8HF53lrZmM6Q8AXk3jp/98XhyjHS2mzhEJstsWcbZ6yx/jC2N5IIQmi8Y3TphaPJS8qRdBHRh9bNO+/OD4Y05UTJwtCylHi/rehzNJgkCSmMTBlaE4zwX0lJLs7vitENcqM9dG8slpuhOrajk7Qxv0Oio2473z6+4r5YrxZ4PcJ+aE3JihICZATyMJ0bT0bWzMR/tuyb7oAYOfMX6+k/1bRhPVhm1GoFbYpKm1PHSUI+GhAEAMNK00U9nqI5ahidHuTz+nJDdrP+LzEghxglh/IBS6fRSUW/C5eeZH7fASZaQM7FAif05Mb47NEVZlj1Sj601eKg76zq/uPBkalopnT0n2yMjrH2QwRpsTSNIQOQvaTISw2bGZPk2tVMYC50jnTDv54qpfVSQUv3V3QiFMZvCeesynPx6EjXn9yNu4IgzHf/tQRAKqRS+IGb/0dWcElsYLG5IubiCIrSi1EtKCidkYbt/iMTmdE2IZi3t2P0P4kTFG9gwjJO5jkOxeHfPcM4bI0LWkdBtsEFUu0IEXRFbZTzwjaKHCg2a5wxRLZg9TRVffjcp3abRkvWyMqMlz41PImx8XOmPBcCHNIm1RPqqI45UVhUkwuN0qJN22n/cvWidHnKRCjJsY0w4qwyMCqdRdIXocnvaLSABG7/Crb2DHnCu0Pn3nmihCsSHN2z3vcE8593GyAeYyF0Xa6RuXyo1sTbexct/zmPtF0ob+svSG2zkdtN8t5Zm+BiiM+pwodmE7t0FLHxe2ZKg3u2UA7rQp4UI9cH9kHETpbLFbzUpA9UBWqUY6ia7TX8OqWZ0sdjuGqOncMfkyC8hJpkq7t9zuzWtYE+Ckti8SMuBV5K/i8H55fZ0T4G2FWCQk8Sl3XFyo9zDY2WJZ+aE7Q/7j5cFlzBmSweNeHTK0yiuLXQVWzYgkKC2gxxAVBxMQ5yQHCBTSENElT80oqNMcqm5n4JI86gm+W02d9RfxqWsaHT1/ZWEeP072J/gWIHKB/4SInYqx/m1GmBuhfyGNZYGqb/P+LZLiUM67ac2lY6i2I/RuiN3xfOZ+c2oLOqZ1WexL6sVmR7VmqPeMpWuojIT35kE7oZ5/GJSyxPVYafS8dLbGUdQLRlhSxV5CjBLNvOE0/tacprtZlOE2ziwHthFH9DrdqJIIiEwVRpE2WeWJnRFmEhlNLIiZczJu1U/QpE1QsR74wHxTSsZrvAEliyil+NCA/uPub9ATgKAXU6w7vMatw0R6qkRcXG+iMVsIEGnvTd/jhanR9fvXu7za8B/ax7QRpOMG3Wax9aY5ed7Ba9dfvrTLrVLQiej+w7PrqtDsAG63QzB5p5zRomD5YLcgAq2ch1YMIF8UTkrGuTuFNk30Fao2z3ybvBGWxfBoSczz0wtLymHdOjgUKzycAbWyyCmEHrbk1nA7wI6k65ckKaJp5E3HVHfnuo0mBH7rllsbja4rZHQkvpLhEkHxYbViN0TEJEd9J0waf5gM9hEwrpVpeV2p2UDH62IVxug1G2H5PQbmShzx4Y0XTd2aHSG6GSSo830x7PhFjqoRGeXEWVr4HktAcZzPKCOT/uhqWXbjts+vyxMPQVj9w+25w7V7K34rw0r28+cu7riu3/m6zjEsHHm1WOVQ277Cb29Lc1VbT7IsNQr2w9HW2TixUIul+xFDQiuQjwRfb2HYjwpytW2M3IaKTqui8ZnsaIoBBPQS+8HnQBZbKFMLtELmUSSIaXXLXk31xeXN+feuKlfajmuap4lmMLPTlAagguaY9QSS0z63tLX2pvDl/d366nspgzf1VKgLHJ041XlEtUNPY4InPSiGs+gr6NriCmcYGC7NtXRlZCQdWrUEF6sl3ckX6lAn03UEwWR3fFlmTYAd14m3nPvXColXkpO3KYbNyk03CGsuXb9s1li/f3qCHl89fbJarZ+CiLVP11s+yps77FJxN1vBXYkrnlHEx2hoPgFmPTeGV4B5eotMP768+fLw8C8orK5zyzbSiplcwgYZdwwPTnin9Qlnr80BXcLREsPSBm+zaulLPjSloaLqO88ppfGJfcammgnQf2/UDm53dDtFmzPgEaQOItpU2u9AZnHC+mu5KaUjKwJaqVq9QIOv6lmTpJe6SWLrdhAamJA9ExMFL64G6lzZIADb1cePP3p7cnrxrfHZ1cnlx+ol0hMkXryNsRWFTR7CyRJCchufYtf67Q4zAd5tJEAcebSRBDJmtxI5ensY4Ug5IrnVshnDqBp6syLW5Ey1G9ildaAaTL8Zq11LNBJ2oYDFv4YOD66vTjhWtH9hMR/GYNlvXVnGaNStqbClqxnNjrgoqz6xYSn9ROYvFx4QWpFGyxjjQArCV9fVJcDdpQeZFV2xM/aBmRCyotCAuzoK6FG7VXOfljlbeNNuAucO7fLhqBo4+NE0DTG8hvTh7Z0actOg9ZX+1o3waxOg1sgZZKn3odr1SEcQeG/AxI0DMZjITOCXceDWc7gtq/Ux/et2uK0L5efuufQ+we+3dhh1XVLG7i8DGYRuNyh637wIl3vB0/XxdOEw/djR8kSgcNsMslzN8T0YZ1w+rbdsb/Go7aDjqGJlyRY3e7Lvk1OeldxhJIqV9JoJXtxMyFeMJy8SyBE9vZ42Nar7tKC7q6Q0IM8RbBLYYOSoFeaC8ku7BLpIAz8iIze34wBLXRZiRfBXLiSjAhWRFNbAH+sC0vIrg7dHc1IEIh3txBonQimb3RNVfm78ReVSEdYzWdLAYZUTYlrxk5N3zu+Mt2+HDnObO+a+ibnSBGZ4gqiQp4nG7iBD7RkBw96hmpCjaRQQ3KU7VFgWr2GDNjKAeYmG8bPdzXVBo7ZBo3abVpIqZOcsrYbyoNMXd4aBsQxiSjzJazrqKVDVj7noM7p2Nu7NgwzHEffwq6ToNhsQ2wd0QArUG5ZvnzxeLxZBihodcTJ/XHc7kc1XIg1r3aPw5fJypefFt/OFBR4mwYFr4HOLyaxmwsykKwxMDNHbbR1Nm6ZFPnBgN/UCDPaB54y8zLelZ8MIiPeTm5mkNGeL89L4LILkuiV7fcU02YzipjYga+h4R0HBu5HqOJpqGr96fLYId0/rG2d90EoDLsrBYRwVeEjHy1YWCk3NbgtpMg4K9FdBwADR42bF6vw27h2U34MgcF5+IfNO3n8enocE4MMHNhkVcN2oyL9XShrcmIeozI3/Qx4AkvscVCBUA2uxNiZI73YridoPSna6ZlvAOU6t51KqVanD+P+F5BqN1jRzXi/wL5QKaIFZYqjrQ2a1ZHAELacH64kHyFKOogLxWFSi7ADCrXUclRCf5k3K382ZgIllRRTymxvD8fRgODbdJWuDGyycNqnXO7XiArQOu1zBbsPzx0X+Mn+UYawZhm591x9iWp0hK6WiRf2kBkTxEh+ID4489ET7a1q6YMV6xzEab4cbZ4BOHOlkfGfYP1gOdFAu8lM1T5As4EIJlCc6EIJWm1w1t7QkQUXJav9ihh5mw3SgMapg4TzY+UNb1O/7bq8MfrSWorhDfIbEExcUoYZTfQEaBRKonA+KXNNi2BzVEzbgamaYBSbyNANQW0jM97bbpQHCxC9aEmtIW0BlyBQ14ojqG3osEeL2DAsj0JF3NvE0zttE9WY5wMeWCqtl8t8eEB9vQEuLFMnRoLG21wdhJ0PXNyQCd3ZxoFfL89OzmZP2QGhGZqDfz3tDfvS05JC3Nv64B6Gedwha7Oyo6qMSFIoJBlu/I3IRSNK699N5UUMkandTg0CW4A1Ir29VSHS+22edQljTcZAxdnb9vm8mjRapSZbl76gtu0EEjTyNkm6ONYazTFSABWKSO+41Oo1MDplnpuImNiylm9Ped3GI/BLBsJlkvvLgYVYxurXN8ZNQkxVMWgV9BBRyOLGuXLt8Q9ZWFo6WQIFM9fkuIXc0VNGR8Pucs1VN/YzIuwdklwK5h09lcEHx9/q/dh1TKquPcWbsnzpmiaumugLLSyijLke07/3VrfN0a/9RbY0LZlAjoBt17f6SZ2scH5q/aFoyVA+vS9L+T6P3Zq5DE1sz6Y2+Gj3aH9eaXk4OjvniPX73eLebjV68buLtMaZ/kOuWMGV+vU1+vU1+vU9Fovl6nvl6n0Nfr1JNRftUZ/4/QGb9ep75uja9b4+t1qi/WL+061cLauk2Nshmm7djZlRXcTmeQHDZBSlRSeXXLXqd6hfp9Ggp6BRviggjTt3HLosCpZvIuoAKQAFDTUv4BsrzgQ0EyQh+SvsNg8dq0rbzmvg3erBXNIOa095X2f+IXTzvv/sfJC0DonJSd8iGJHkVx03K2rZBLO3S1cqzpDIgDbE0OknTlcRiXwvgE9BkPuLnNQCfPIqsKKHYzI0Dw8Jv/PwAA//+KOIEM" + return "eJzsvWt3GzmSIPq9fwWOes61vUtRkl/l8t6+uypJrtJtW1ZLclfPTM+RwEyQRCsTYAFI0azZ+e/3IAJAAvngQ6Jc1XulOqcskZmBABAIxDt2yS1bvCcs038gxHBTsPfk5OjyD4TkTGeKzwyX4j35f/5ACLFfkDFnRa6HfyDut/fwDfxvlwhasveETpgw8EkAeRh9NFGymr0nL92fHePYn6spQ0BuHJJJYSgXxEwZyamhhI5kZeBPLcdmThUjTBhuFgPCx4SKxYCYKTUkk0XBMqMHJGcGf5GKyJFm6o5pwu6YMJpIQSiZSm3gW0NvmSYlo7pSrEwfGJKTr7ScFUwTLrKiyhn5gVGjhzhLTUq6ILTQkqhK2NfcUEoPYQVhVsP/5uelp7QoyIiRmZxVBTUsJ3NuphZZygtN5BjmiGuhKiG4mFio9kOLTjQZReZTphh8BdMiUzqbMcFymNOUxTMic6phnmLoFn0spRHSsHgb/FTfk1McMqOaWZxgymQsFSnkRA9qHIeWCAjXZMwLNmLUDMkHqcjh+acB4cZ+YaYswE+n5baXzmZ7dkI8Y8OIELgYS1VSSykkl0wTIQ3JplRMGOHjABKIg2ui7TtmqmQ1mZJfKlbZEfRCG1ZqUvBbRv5Mx7d0QC5YzpEoZkpmTOvowQBVV9mUUE0+yok2VE8JzolcwsL7JTSLGXuPFO4XtXlK4pNiiYJLET4npGB3rHhPMqlY9CmCvWWLuVR59HnP2bE/f0XQCfkMUywIYbi778nb4f5wf1dlL7vxtP9/DCTPLKksxdAyAq7tdlLAwh1pKuyJmfA7JoiRhAr3Oj7tvp6yYjauipg2kMyVnzgxc0k+ODolXGhDRcY0sbykcdS0HdyetwTWqDKWK1QlFUQxmtNRwYhmM6qQTLkmgrHcHkBB5lOeTdvDJQA98WaytIOPlSw71uR0TIQk/qDBMuAJ9B/JsWGCFGxsCCtnZjHs2vSxlN3bbXfyMbb7ajFbY7v9cbcDEG3oQhNazO0/YR+oyImeyqrIazIYLSI+WWmWD9MlE4F1hR2on58DLDfMiNWPAB/nY0soCbh+okkIpqTZlAvWvfwORPce8PwxduCL4L9UjPDc3pRjzhRuhz1esA7P+ZhIwQj7yrXRLzr258Sjb5k6XgLw/tzvBrB8nndO+R19PX6zv593T5nNpqxkihbXXZNnXw0TOcsftgAnfoyHrAGypJwIex0VxcJdQprQTEmtiWLaUGUFDcsfbpDUeX4Tbq1lizNuC1QjqlkqT/1Qf+LEqYPV4pQFQzQzXpSy56rwYggyJ0vDjn6NnOHSwxWsmX/QPpLJsrTyEE7XQrFbAbIKilPr3YfxHHf+l+GlXbdyttPa4pya1QxJsV8qrlj+nhhVsa4V3nm5f/B2d//N7stXV/vv3u+/ef/q9fDdm1f/trMe8RxTw/YsmlbOEpGYJRWfcGFltw5q+YAykhc0jbvPnBzbDdDKZhMmmLIwB5bfJSCt4ANvcHzUXj0dI1+4FcFFh4vP7lW8RW3eTyf63pynXul///vOTMm8yuw6/n1nQP6+w8Tdy7/v/Meaa/2RW9F27AfRwNLtXW/ohDCaTXEaPbMo6IgV685Djv7BMtM1jf9k4u49qScysKJpwTOKGI+l3B1R9V/rzejPbLF3R4uKkRnlqrn+9ucI5RY/U5rnpGRWHogEXyP9/pFLvAFBCnbKkWDasJRWcHZWOykKAuPjGdZGWtKg2i/xMmZ/k8vslqkbuHlvbt/pG7fEPetfMq3pZF0hwrCvncu/8xMrCkl+lqrI1ySb1mFjHhd3CALvs1/ZJ93XXVKWINJMmbIbAsJDJ7x0zzIpMmqYSBkWITkfj5myR9ttQc1vjT3IY8VYsSCaUZVNrRQ5tEJeWRWGz4oUlBtf4wUFct/Co5HJcsStvseFkXCLtafn9ygreEtPP4o/W09RP3SALE/L2RhGp7hSXHDDqZFww1IimJlLdWvXSDA4TyiL41YpNqEqB9XLqmBS6EH0JOpnI55zhR/QgowLOSeKZZY9oJJ5dXTuwKE4XGPWQsd+YB+PkAHVQjOR4+OX/3pGZjS7Zea5foHwkRxmShqZyaI1CHJsKxA0hlNwOTF75LyO6xfDKCo0BQSG5FKWLKiolurgImaqJDv+ipFqx9KZYmOmkuFFYzoaVWf3tbu8cQ9HLFgXIiMKDEssKmLid7AGHuOMnNcRSywXVLqC6demDC4sSv9A9omGDWeqcIYk0gGmXkfL22pgllpwR3aBnQROeD/tm8/W5E/Jg0uYz+m55dmK6WC1wfXrZ/X2hEoVzjk5Pb97bT84Pb9762GxPiY7k8qsOYNCisl6cziXyizFPrB4mj2GhvLp8GitRfRo5LKk/FEsKI4ucYDG6H8kn5hRPNMtfEYLw9YVPBq7Eu69g3ev10PxBzsYGrrGSpbxkbWSkj3VkXmqTUBwlh6M7cs1KQtHWwvdFqoTFuvf7rb6MfmwcV2twOZHJoNlmQqSUaUWsV2ZEj1jGR/zjBQSBT6iGPIhtDgB80lFLWXxTO2UTPE7y7rsfKmwLAJGHbaWN2ZbJGJd0UdBunUIJYN3b12AzuT1TPIGwkvWh5CPUky4qXI0txTUwB+pVSUQwbP/JDuFFDvvye53r4ZvD16/e7U/IDsFNTvvyes3wzf7b74/eEf+61nXfKxMxgUT5rphaFw1q/Z5XjGn2OAYRu2Z0plUZkoOS6Z4RrvRroRRi0dH+gjHgVF7cD2iguadSCo24VI8Oo4XMMwyFP9SsRHLOteRm2+wiNwsXcFPUhjFaLFso7mW15nMv8lmn15+Jnasvg0/XLLZ3wJPt+Er0dz9y1EXpn3b3WHluzeKXzRTu14liZ5EbcQz0QFxlmAUKeWYTBQVVUGVpRinXCmG18LwD+3tQrNnsL4jd+EKL5OMCcOU0xTGhZSKiKocMQVOSrAFeZlcN0AjigWZTRea21+8dzPzpKxb6JxJsJvbx4sFKqVcEFoZWcLNNWHSz7tnx0ZSGyl2c3dSa2VRVnlTV6w/Wk9V/ID3bXSNogQgK3BQcjFWVBtVZaaKvZj1wjjbY+oZWem4HDthDe31OvbsUEFOjl6iH9XecmNmsinTuHdwZ/NoeHQP1zjbiz41KCSOaa6D/T9FIgBUlXCOZcVKaYK/gMjKaJ6zaKxu7ChxftIYZOxKhZcd9aX2DwRbgwLThhs+9tC6AdKF29y+O1PyjudMtYXNjiMfqJFlLx8mxCcXPszYIxLc+LFRjGUvB2SSsQGRKmU0fMINLWTGaFMXCGEPd5QXdMQLe539KkWH9WvZVCu9y6g2uwfZw2Z8GKFBLBqWFNDaBCQJtF5vZs9k8CZZawYrjcFhZutNwN0s98HaO+OGD3QgBdT57sHLV6/fvP3u3ff7dJTlbLy/3iROHSbk9NiTH0whcQj249/tcN+OCyygFl1X6yDnv+32Dt9ndc3LYclyXpXrIf7Jc6fIjbwG3jQD+W1rNPH27dvvvvvu3bt333///XqIX9VcHHGBmB01oYL/6uIE8mBBdn7JRW0yTi9qKwRwiD0iFA1Hu4YJKgxh4o4rKcpui1N9IR7+fBkQ4fmA/CjlpGB4n5PPFz+S0xxDpND4DS7jBFTtOu0yK+MFEzi9lxYaH68nMYS3UiujswW2nCORNdMr7010CJp5nUlYy0plQEwRmIbDc8qKmRWbUWzBG3NEdUQ0YQzt9fyFZVSG19rGhqZJ9/ZjsYALBE9KKujE3ujAY8M0Ot3T6AHq4VuPGawQ0CK86aMK45d08rhMM5YjYLRgQkDU5lSTUcULE4SjHiQNnTwWjvVhcRjSvnvyMVeqxqLWtlsI9Plne1Fo+Wjxg+v73H+wOC33ZTAoM224iO1rjoMdt75Yj4dF763hhomGBz01gEFj7Z7zvXQAXe6AEbEHBrleHcpLfpfOk2gp/lk9KP1T+PZulNW4PJ4vJSbXfzaHSnwivZsCDtDv2KuyBOcWvk+ulSfXSntWT66VJ9fKuov45Fp5cq08uVbu61phQehJ8u/I2grGJ2bobnwzhuvVSAvsN0pO6o3HXhaef3Tpx8UdxHDoTMLsNDFySG5YpofuoRvMDFJpoLO9VMtKG4yQhG3qC3u2Pz9PmSC/VEwtIPINg9qDQsFFzjOmye6us0eXdOERsgusCz6ZmmKRHp4Q7hnNCGDArBDNwsptXBg2wWwhTWj+D4s2SmwJQJ1NWUnD2rh7tndKYHGsFAacune4JgeQ5jVihh6QTiNP9EANNBCqUrJh1TuJPlo7r7M2rWWQNjVTDKRXgA/qChULcstFPrSMxs60xEhRfMBMIxcaZjjarSkYOsjsJvqkTgi3xNDdZmokN5oV4ygXQiD8ZDXX9299q3ydscvkbOO6pejrZafTjtkTMF1f6Pmj5I7h2Ba65+pot2yvRCDXu1Z488ndfdKQkV66DNCWeNhX02ODLuSEoJVa8SyhuiE5hG/TkGmv+HiatBOMsoC1LJmZ4qxpndo7JB/reHfgej4rGYKHecnsLexdafZTC6J+OyQzy3EcOe+BUJ8USyCnyfvNnS+8DupGrZeMGEZwe2WUemOTVexitRQ8DJ0x4SNm5ozZMVxsoGXn1IcN4wAuthoTm7NCajuTQ7/Uq5fVW42kYlZoAD2kAFjUsInEP5P0b4tE94J251Qn6xqTQL20JSulWhDL/iwADyhv5KLfVYVgCj26vM5Kd4/pjAo7UchMv99F/6is6/TYbn0weAb+e4/8QHsjtDHdjtXannMLP7lZ+1L/JvwOHHDNQz+359J7J5OkHQ8xgeWvngFYZS0Ad3oi8c1r03idxbjVHr0EqOVPN/DEzYDcaEMNs7/QgqryZkh+psoeAEjnH1cQZxOkEzm20sqAzFPRY1ZQMCK5wAkrPLvcLJplbGYg59nFUODt5CWcAZkVjGpgmAlIsEJntGoKy4EQAO+eCwZP6OJRLhnkE26Evu0PIsOUT6YuE6H7BujZudOUDrhGRgRpD3bbp1S4PRxiZsjNwMfzaCa0S4KvlRGakpVDv8YzyLLUZ4asQQbphrEtkEECsdKsgwy6aKGyuiZ4KoHHdlMFzuwxaAIS0vFmyujMAOd1ueZLmUTQPV0yUE0fXKTEEAigPvhTmlogHTX4rb2Jrhc48MDrd2me27PuLuxduLBZfpNu5c2YF2w3U8xenzeYJIRpiVzXGc3+/nQz5XasEhTuzvMKezSjWtt13cV06O6NkpXJ5ON5H+1s3BCrWPlp9HW0W1S47R5EJKzTML96hNSYYo+lz+Wq73982O2UrjK7OS6Tckx5USmWMuYEZj+T3uREpiB7mfSaJ9LNoXuDH6t4xAUDCRAFb7cqVU/m5jnOiN5JCKwJEQ51HrQlWDAj9alQMq+KR695gqM4W9ValT+w9EDMTJI3Iqg62KiwSoNUoXZN5xEuF/qXonsxLGqarespvfdquGH6zBlSWKJGC+ONe/aGPLfsTDND9pyUrZl5YVclnb3VA1KDSjWyb1nhHJcLOHFyyuNlRnHfLjZaVRr2HpdMzUWNBNZBAlNU+MjttyVgxHrYNJsnElDPCdPsjilu1pWA+jyMO9+tmVN96cZrXGkejYZw8/PUGX2749fCW05UKBm4CIXlcFHMW9ACQ+613Z9nmlQzYmSD6yb3k+WIJb1lBHQqNxxnvnCF0Fwb0CrRzre0GIJLui3uTfl/JF8sEZlKUMMgL5jrUHyIYwUrPZVzgQFmmSkWZMGMJdf/TXKJhR6kuk1AWvnB8nZN5qwokq9ONfm//njw8vX/8AFuwboWIkr+NxSNkOrWIgInCiwZtY0sAYhRiTy71Z1UunPJZuTge7L/7v3Lt+8P9jEe8+jkw/t9xOOSZZXdbvwr2Te7c1YKQdFO4RMHQ/fiwf5+5ztzqUp/AY0rK6poI2czlvvX8F+tsj8d7A/tfwcNCLk2f3o5PBi+HL7UM/Ong5evXq55EAi5oHOwl4UiAHIMvgMVyP+LC+PMWSmFNooaNAShnZebLq3CsXW8nRxVcJGzrwxt2bnMrqMg9Zxru/05ciwq7OMj1oCIlQRYjjVoeKiZpSwzYsFvfnON9pmbeHth7PdkTItEaK/RiL9rHZop1dMHiXc1ddXB112/Hf5wdLz2zv1E9ZQ8nzE1pTMNNeugituYiwlTM8WFeWE3U9G52wcj7XKBDNVgOGTtzQ0XaKWaUQXbiTU6doATHmwZhKBCapZJkXe5B05dnZ4hqAhAY/g3EzmQ2K2wPAm4FeoGdbWtpmfCs+yMBZ4NmAikXRyhDoVty4u8ZGtnS9xLIwhHq55EVGsxKbzzTJNQhqiuMegMdumt49BONf9CMZovyHM2nAytDkWrwpDLhbZEEgDrF3iXJfDkzFW1gKjrOdddcu1hLdeH8XF04AzvCbXHXAowX54eOzx2TiolZ2zvsNSGqZyWOy9SlZCORordoT3Vv3J5tfMCTLSC/PTT+7Ksr2ZOC//U7v6b9/v7O80aWcFUg0rmmlTfKPK0ZEudMozQWwlYncWU3MN9EnW96VYS59pwkTkL9v+KvnM1QqKP/OAticQp4XB7uoeHvjoNoKqx+mBNFZ5Dd8tNriBHAxlkPwUXKGk2Js6xMlRc8TCBOVpEhe4UQ1oHV1NGiyG5qed5g56FuAZr+C7dmq9G0cz46yXGcNDYt4BsmAKPK1nV++Nq6WVYo282s3KUBIeDvYHRKGMVIPTwdWxOi2fVj3TgG3s07AA1d2xi3ibKFbTmixDC+qWbb9c/rP0gnkXNteqqhm2dwLLZDVjopocN2fjKo+ZMTpZxdC4SzQy/s9K/XacxV9r42rV9E2Mb2fw3nZa9pVZOCoaKpxSmkUC0Uyro6hkprm+vdYMFLmOM40LSNT20F1zfEoCN5Wy5bGlojndrJ5gTLQsw9/hKh/7ni2ZkISvlCgM900EbciKBPW0rp3gtpCo32MAN5noGtkr+K8thvBXTHgR3WQFS+77lIQf7+0sqzpaUCwz1wSqydjlAHwVjLVjp7QXsCieh8U9rPmncBjVyGir5AZg5xaInmjFCndkVpoJrG1VWdOWgOhzcY140ikB6Z7Zzd3+oH+hbx0OA0vSYEmcaSX1Y4HTWZGRFPM8KnSPXfg7BNt4tCfYNwHwIaPgydP6So1rLjNfVrkFv9KW7kjpTuGh7zmbifahAxANiplIzV6APrdUw2KmXx8knKbiRcD38+4fTT//hi/mBPcylNkN1LwgfQVOvt6e2kzPoeMzwsrCPN+cQ14N0Rp+NPLJ1ALmpFai+A9MtCSfbfE4tUtIlfxfpYa3rPaoJM9fbGvMKwMEUQOzQi7Lg4lZ3jg0DJDFmDxg5Zg6wmwF664jDAXfXKi0KOSeM6oVdI8OAVEYLR2weRGT9CNrpzClpzQWN7d8PmA/MAZzJYOIckJwrOGtuSV90LmnOkmoADxj/GCD1ZEsuJSku4higB6BwagHVJiwf8IMcS4TfHZ/pQqWKYhu2RFtWHgXvgdWvvpwev0BO4m7TKFLr+SV8WS8WkXPRqMUVDI3zOEP1oVQD0J6BCVy1kvBC2sd2luZc8ZKqBfI2WJMfG9PuHj1Jydja+HFKe+/Y5f3JMxz+/bev97sR+mRpNt51LojMDC0atthO1DT/dV3UEiNRmwYsJDs0pE9ZFuJsi9KKNDTPvRpzY6HdEJ7KLOAkvulmMWWSmbwcyUQeT5D8aCVlCKaCRXKREiBElzK3JyjvHD17jNFLZijGlIPnOu8QtmKC9TlS0UfrRxMioUbRhCVzsmAdCQvPaCdSKssCC3ZHRSsyOImk2kLU13Ysbv1Bqzh3XyAf2PberKDGSpm/Qapy7HwE1Dr2PWr54Lb9p/qTdSvk+uoliYztqpySTJazymBUoyv/AVHjENEXtYnpsF3GfWJqKRW7wogoRDFtBoPFHcTqEEY7U1fZ3ccsTqnK51SxAbnjylS08MU39IAcQ4WAqBoCqjt/rkZMCWbAmJqz+yYc21l1E8PDvdA/OdhxVZEu842JSv57q8Hc+ztvPIY3UB/fTl0xUyks8bRmsZLHmuHZWrODdE1n44N5RXOK5vJF8K9eL3XpN1XR8Ij/UtECuLjL94WZ+aBfi4wLdqpjjKy0guFI2p7tRv0llvE8lM1GJdlI+05ftYXHDGrF89xl4TvUgVC9J891FcE6KgMwIDhnXuDv9grgYjKuigQYF2iBWauwy/sk6aPy3skb6McBWzhsL9K2k/iBY/CZTz3/tjnvP7njtWL0x+5u03O8PkjlSuz4CmSuF4SziCT11ywoaFF1E2ok3aTmudMxuSsHvnBLlCkX2O8gtvtHBX0io04CsSbCNQgvxF2qbMoNg4p9917U2uH79d3b67ev13Tqfp4xRU3drCtBpiPRXcYyrrvMaxiXACN6YrOkd3v4Pl82m9V1hwXLBuLxzipWgXf/fQLdyNm1W9OmV94u3wysUukru6ErXOPjVhOrXWC913HbPnKf3HkvySXAHyH5tLXvfmDyHLq0ZUwYqQekGlXCVAMy5yKX86Z9uy5sRNWci0fMpK3J+xPNLJH8becBk0WFvgPbMS154xJ+KL45G3EqNsH20qHhtgJ60+RTagYEYQ2g08VI5/G2dEymnXz68Nkc7A8PXg7f7qrs5UM2wOdTghCv6Jxoo6AkYcc0bq3kW2x1Fq+Hr4f7uwcHL3ddvsBD5oL4rTGlp2IhHbv7VCzkqVhIiutTsZCnYiFPxUIaKD4VC9lesZCpMQ0r9E9XV+fuk/tWYbcgQkzLfSuWYoOrYcnMVD6aafknY2Z+KIJDdcal/3hyNSDnny/t/79cLccYWmmpNSuT3ytxCeHXeVew3n74LvTtLuv3e3ujQk6G7tNhJsu9vpnomRSaDbWhptJNnrNqNuuHG7vlx9EIjtZiO2EWr/dfr8B3JPOOLJbtZQKOq6KAxayRtkN2You9BudSFT3p5731cLZI2m6MntosHTVZCjlJ2cHH8MHy41/3H4zTzesCEPdkA7Ak7SV6uHXto5zUN4OPGu1L7YQ+eizJkP358OLsZkBuTi4u7D+nZx8+33Qu88nFRffUHpwM1J81AxcMGJU/LezEYpVuo2SM3mVsHI26BW0I6ot6YYKikYRFwkGKnkjAjdgYs5cLbtCPZUgFAcoh8XxGVWedolP0Nygaqh6RGzfEjQvaR0KNPRNW5wthu7M07pXE5OEgxYm8jTxeN/lBa4INYyu6Rqb0joUYf21pDF3VmS/fNJsVnOVouWUik9DO0ooabJ4KWVwwDT0/7lzb0IJRAbltK7uS3itViGjpcoCetXKFfqmYAjeMs06ic2WtdKGEFbmovZQdnSUfru8l9yGA7aaimSzLSrg1x0AzeceUZ2jO+6nSIELn+3Q9Md1X93KuerAhkrkZBegtEvdkoI/u7w7d8tEKDQW1JNGuaWgtNvtF6hSvQP76mY959yQey8Vyin7Uz5enEGZTNFrP2+8cwZGPdMHUEMpBD6AYtP3/JcsG5Pz004Awk3VNzD7ePSVOBb1GleGxtoeQ08OzQ3Lu2suSMxiNPPfS4Hw+H1o0hlJN9jDSGGoT7fmGtLuIX/uD4depKYuGAZyQS0NFTlUOgce+dkDobjtEVkMLPhGYaooEfsbMh0LOW03JCdEfsCMvHiBIdMFT6VvZds2vk8De9tCVokJvULR7o+W/hHxtHQg/2nGXRCm0YbQuKMDInxF+rHCmCrPHlxSWHMnzL8fnA3J1dI4kuXt69OkcaHH4omsVro7Ou9ch6kL+WMR4iJNCboGG1mhURxs+mFuNuFFU8WLhIuCxTEO6FlMuJhrvxpJnSvroa1xcWmhZJ/fED+vbxYwNCM9+SbPWxjRjIylvB8TMuTEYPBCzA692a24qd0PXRQDvmMgbGNYR4SEVi1nlJifelxFyhPAW3MstGzw9x4BLnaJntx27Vs+58ml6ncR+ePqpe5v9UXwUefq7wCr9MGiWI+zrEHSmASmA+P9BM7vGgZQ7sEoU1+65hMbdjzGZYw/cS39Rd+3x2IfhN7RyK0hgak8tML1vcLT/RrgYyarF6f4bkZXp/oILw1SqJuAX9lx2flEJSLdt4wiFSUs6m0UlLV1VPSvl7EIXGlLWKQ6uHuEgiDFwQaanBkugeEK2cJ5pAi4Ju3h3nM37SqR2Y+KXWioyY4qXzDDVj1njiERYNjFLULL/QkRCSM7zQ3WeqHjTWpQ4lmpOVc7y68cJf4kaWYSEMRc5H33l1K+Zkl+77REH378cHgwPhi+7Z+HEYLO4frxAzkPI5cfak4A/aBhRa4HTcyyM6HgddWICDXNrMgpS20JTQX4YlFJKjJTFLp0IqQ3PiHZCStwbK6XoQs67dMuPjCqBuVrUBJPahJtpNQJjmt1qKN67FxZzl+e7esayzh15dvB++vm/67PXP/33Tz+++fSve++mp+pv579kr//tL7/u/+lZisKjdLRYZu+ShhYu3BuYNVgdYa1H0qoynkf2FAS4cQ0iAIIrTxW3DPGf++oAA3LjJSX3FZI0V0RXZecCvnr7rueie0jLjJVr4qA/aFUcjI51qb/pWJnw5cq1efm6rVE3Anh8yFL66ZoxyCJAayf7zVjGaeF56yBks2C4Zi31ueyi0KouZ4ZlZuAhw+OYGLga1q5XE9xtEhVK8sKll+MoySptZBmCjxEO9DCEeFI3r0aGohRjPoFyfUYSVYkN5qnl2NiBoipuPgB6zBWb06LQA3vTq0rjuhikor2ZgvkAEB8g6++s6DrUTGip9IDM2SgZOQIPfqtCak26gNr1Ojz/5ObuDBt+i2PLBi2KJYYNJy8hWPCFUbEY4FLirHTYX+0TMXGPdX35L1nKZkIk+eRsjL9UrEKQ5OTqI0TBSwGk4K8IV0IhreftaCTUK4CKTjmDerhu9tAb8eTocniPMt7frh1TKzrvG3bWCnTSGvxbRtn3Y9FSzraGQ2CCOETS9rEDjYd1QFgWu1rj0fD41FXeFKfFI5ucAho4mvOJt5F5tJjpadrONWyPrwe4TkVEq9KDKdwySn+zeXNWDXExY3rYdg0lwG68cqBuBuTGM2P7O881/DPTrsTq1wX8IosCH0aWbn+r2XK3h8mDfYpQfopQfopQfopQfopQXjKXpwjlhzC8pwjlpwjlFNenCOWnCOWnCOUGik8RytuLUJZqQgX/taOB+uf2N+sHBMVg/XXMhOLZFJcPrFp9XVjKGRULe+niwgTAsZbZiOMZpp3qpqyYQeE2qhQVE1/D3bguAlEBeCowIAtCbNLm5GHceDL3jbR8zECheKdIq4LQb1tDJF67YUp5jT6aPZrz+jT3UG25rSn3asldGnKnftzSjjt04w0pqUMr3i41bUEbburCnRN58JFYrgdvMsUlh6alBT8Ez7b+uwzLe+m+nZPYRjD8Sr13kwXvVRA70W9pvQ/Bfqm+u8kcVum6pOkgdB6SlO2dJx/epytrL7MLzSCHPW9SUd+U0NECwju8zyZpqAKxsqG5JM/3ktPrgkviUGjkyb671XDG8xsix4YJog1daF8R0PeAxPauViGNImAyOeOolkPNp0KOaBF1BfIoR0LPprx07boz63uxz8MapRzRNYpx3Ra+qYDgUepgc8TlX0ABa2LFSwYlTyaKlk7uVUTzkhe0O3ind0KzzsXdQlqTn82MQu2cVmGfutjJpCNGYbsrStWkKnu6On+iC6tAoNyJZDxT0rDMgEOZG37Huj1a0fL++47W050B2dkt7P+t8GD/9c1S3u78R/fk2VeWVdB74LGW4HAEtagZBvW7M+oZRD1856z2Kq32Rlzs9VIPcMfH3j0YpKeBlZ0JfD/A3BE8IMaXt6c6zBXjMI+owKjYuCdA6kGJCvwQSkZKzjX48nwajkPIr+WcjcgMaub7JlZWdBW9lcqhP08+fMipq5MBX75e208FTQtOjx+n1H19b7/cP3i7u/9m9+Wrq/137/ffvH/1evjuzat/W/P6vvLdgGMydQXwe1CfS3XLxeQao446m5jeRwLZm8qS7dEirvy7EnWHCwm4eGtncsUn4oazaqfixkXy4briRt2ThWH/S18Ec0wzXnBjxYYZv5NAyFTJCnpAzzjD+sN15z7i0/3gO92sWu4CuTVj0HezpGJh1Y+M1UEiV/GgASb2TwK/Myqe5YBADlEIF8ZDxZ3UoGdSQLqXS82qReMbt2zDyBt8CO3sFDMs7gZWB2owPYgS30aMVCJnyveEdlrhwIVlDkjSVxu7Zg+If8iKQD4eLY59HZJTLGnvpkWLAgI6jaxR5rObAQpzFKQr4dYFFoW67IDTc2IUv+O0KBYDIiQpqTGQkQWeeQMDUAW9qBaQbrawCxUN8p4OR8NsmN/ct5ZpR8hM70FaN2zmsAi5pnZZgISkL4zWSDyNgjZa8XqX94jWcy91pL85SoM6bt390+FSwHgpxSZU5RhwpqGO+SB6ErMTRjzEQFpZGDN4Mqlyjf1qro7OQyF+bPvnMUN0Msbt326lsDF7QS7/9czFXT7XoRq0BVUPj+CxJl1IOmqO4YqkFov25Btx/kL7zqvADlygHKGZqbyJE/uuMFWSnQBpByvvjl3MiR9ZNJDVvjIlfO3UHW+P7UgT9BXpMmRgugE8xt01jrtMQFPoboqY16F7HMIa/1GJrNahXJN8fK8LTL2EQpoImKUT3CLXw/pBid/fIGotjhZLHj1CHtmwtkIyn/3g9Pzubc1Ye67mDbLKNlAspDJLsf/2YYdL0cBSrY+BiSNLHKAx+qNEytd5FO9er4fiDxA6D/W36zwvFzvmGvHDUesjoIfEsNfYrikkn7uY9nXQbaH6FCLxFCLRntVTiMRTiMS6i/gUIvEUIvEUInHfEAmXZd5WE+sP13dS+5T1pk5i4u+soqXw3qy7PmDcBI29I0UBXui+4Icxd119a98OVHlAa4C/4yMbCg5v32jkOWyhWcnWqvlHQQbuNlOVEKg1wwT6qvDw0FIYi/sXof+T6/Tu38fHS3rLNOFWB9OajxrNWI1srmqUEoc7KKJiXf2ohX4A3ryjGIQXKM5EBnZhrSumUXu0MBXL7WRc8xGw9yQArUjnYl18H0Ce++aFIR9L5DUtwDOaiwm0P3JNTZqY1i79V9+xN2w0ZvuUvc1ef//dy3zEvh/vH3z3mh68ffXdaPTu5evvxj01QR6UrVQbg1lBteEZmrd23azWtATHgpCn+Tp5xZ2pJfkrMa8LACCjxTUbgX5jYGwLRVkKOdfA9eZpc3K/3LXCB802/ElUNXH7Njz2e9d4ICVI5NZpT2IMkHIdO248EYq6vUQC4rDAulMOXUsaOddG8VFlwfgKIEgvqgL7WlDfp1Ib3ey9Xh8RtAd5u4ifNBYecFPr8U66KkLQiVeOyUm88/EWwLRcGmrc+TgrKm0aSSvosvkgFfmBUaPbYLi2q+ZbglOSyVmwuId1hF5cCVxnTR4TIYmHEzqnPEaDi54TsYlPJMrnutdpAADe7u1SjbFzVMfVkzBJe7/JBhl7FCzUFdwSADZyTFOMU2IZNHYulJ5JRrhJFrJ5TCKvlnmUFLsj1xEGBmjsy6bBPRvT0Kvhy+G67Tz+6sJeGqQTSyrr0E/NHaGepby1Iil1UZrMYAO8VGAJETdWlu0inp51YrMpK5mixSPW4DjxY7TElFq+IM/5GG5yaMHbitkikbxS96+CTnfadxpWDDyXrhhTIGue35BcQueu7tpF7+jr8Zv9/XE9YiBo8E01ZNz4s/VEXHxlHYt7aE5abyHa5Pa8hT0Btb6FPa544szs95Riv4GNHMtVtAngn8NG3oX9b2AjX4bGI9rIkT7/6WzkiLYzOselUXqo6PdgKO/HuYXvk7X8yVrentWTtfzJWr7uIj5Zy5+s5U/W8k2s5YkmUakiVSO+XHxcrjR8ufjob1jXbBPrDc4KZpj9doCSvc6scjVwcXVQyZCa6T2l+/7+ANtKifON0eui/ZWCaos+vLHu9dyrB5xJsJ1RY59vVyYbxGV4cljIEqPOKdbIt4uXAIQoPwrhlDSDGNhCThzV2de5dlka/6i0qXuc++Jz9YK39dVQ5b6jRboHT8GiPqc6ID0IO92UkPqU2HSd43LbznQzzOT7169f7aEJ53/+8qfEpPNHI2cWfM/X3dRiF/OxKOV0HPYK9VxeWtXNrSEEMFYaDaADZDN1AfyQyJpAvKlUMbQwbwZ2wyFmzyRbpFgmhTaqAuuMVMRvFJJleuJbJNrYkHttQfc64xF/rJW+BOjBbYQtfQahXvQOTGSn5xhix+ab9ze+kcOMRqowQO5fnc2U0+3M9hg7effONt2urmmfCsx9sKRnT7/nLy4AUzo9xdUZhHLTGJ1aLJBlg36U3sN1e/EhmvahMLkj7aQaL9D4RIZOI/jqTVstCkudzqhHn+20ivSHHwvDJon3YE3jSGu9X79+1d136fWrPs3bTB+LNs6hEUcfZbhj2yQJjxjEhD8WZvaQwQCOWQWhB3DFbzDDsol/AibMpcF6usgczvX/hHPNvkLd0KiwdTwixODjMfCNaRJAQlo4QMmhyF00F3g9fEdhzFFlwlPpDExjIdBaXHctKWemxgumgE+kHimE0HDPJP5BMmJmzlzlazOXeNr7sqEVnZSpNWO7dCmVibwKIDCNjYv2vvnjTUSkRs56N/OPnUzaI98zt0oz9ZhZmF8c/Abd9trdtG7A3jIHQPj92MTr0pDo9YYZEnZTwCvedAx0V2iAR1Hqhc6H7I5GJGckqUXnoe+QFjo+gWcFNOPYcm4/4UzjCQ6gYKAp1Vh33EypgNd5Pqg1EQFFRBZeCgf+AE4rIsc1TtM160gYVa0qI4GBwMlHkckz+bxVXKKjAEXq2fk9BPJ8bng1qmZgTzDt2/3pOR/bCSShxYgl8sAy6XFqr3efE13ISS1cLcHTiuFNm9UDkgcPAWFyAt1tEtlxBed5plHLsKhg5eg7yos6Q7eFOCspfzzt2B48GMHLez1YTKl+NCHIBZR5JjBNg7pi1oQOaHgQagZJsSihDZN9pOMS+qLZuCrsKt8AaUDxA+X+gPCbEKIChc+B8mmRssNGt5KMCnuhuWu8Z7mavoGtrtePENURGDRHgwDcr8PYBJB0/wulfQE1bUkvlZlYxrSmatFz86Slcur7h8Sfb3YLIUh/F9U+dqvquEoWPjnb34r23QVaRgI4PZVz1zlxzkbBuw9hKVERZMzSpcrKXlVAPKkS8tsYr/paVS47MG4ed2nwR72onRrOzif5Ky8KuvdmuE+e8/OpFOx/kKPzLwR/J58vycHL6wNsIOVr+bwgh7NZwX5moz9zs/d2/83wYHjwhjz/809Xnz4O8NkfWXYrX/hYlL2Dl8N98kmOeMH2Dt6cHLx+Ry7pmCq+93b/9fBgZ5Ob5D7MGQdbby1jB1NNFhtUNd/Omf5reyebmCRu3OF+9yJir4nh9tYSSWPztXSIPFXrfqrW/VSt+6la91O17iVzWata9x/JFStnUlGwRH2F8F5myHfDfZJTPR1JqnLt65MM/SuQQVFpQyYyuLoyPVyU4AGDMgJzrhkxTBtNcimeGVI3sA3RUoya+E7BFaIFD2kwM2qm792NBZHU7fcbTVKWwwgPxxMJnZuhBIn/5vPx5/ddjcqcvXGPZXoPkzf2Dr57l+DVGKt/+3v2s9mbxd3YDrNLdgchqG1Zd84UC42sMUK6OaEvs9xqP2NeMLt6e5zrPecppFkmoT5FsRj2yOnDGTXZdPMJndvXusTKWBjpGK7kInSe2WC4T/a1+wxH/3Gv4exr9xgOZZnNx4vloRAU4AWjnrGk7phdFM63ydS6JZyeQVs7uMagXdvXHtTRdaWKcNTA9bzWAbisFM+ooaSUeYVFuSoNFulhHPIZRT1s8Ty3XTKJo+4PuxYssrc/BGH2B/yrY4gj30U/k2UpBbwXAqu9GQgsG4WrK+L67/wh1UMTtmp4yX6tRfQlOrd/EuUBUylRJyU1d41IEeU82inFBSFdMtQw5fI7/wuKsxlaznaStY9qidkV5YrliQUWpfPkudrQVk3s9fXyrZmSl/sHbwfk4OX7V2/ev3k1fPVqDUNDQKluK4orW8iJK9kDxIj1XqAIWTIpQ0P1wr6yQ66P8wKeRft0KKBlyIxhdhMGyjAVV90JMDDNJhkYNzxZRzn6B8u8coB/XG9A3YH8gOX5Tn9Acz5AP8GAKdVgCbEa0jPIiX2poYBBMZ88565aklXHIGXApZLBOCE7oK/HXCM/6z5JIYAaLrU7uXgQ67N75P/uBNNZ7zUKQQbiEndcSWgxDxYpf4b8OtabD7nFhZxjig6dmUqhPbHrqCc65BJyb+ZEegeOi0wC32JU9SndcPR4XD90LKxmZTYZrr5e1xyvkBO4Tet8pw0G5ito+CqNgNhgORv8TBqLjJCG9k//4cgsmfYm+ChGi5XYnI7Tmlwwsm/sHxM3WqWV/Ap9Mb1NOsDxfnu8fHxgnqvKVU+3NhZ8kIr8dHV1PojLd7aCVdhXo2idd0gTLldf81dX52TKaM7UIM4vvfnb7gdf6s/+dhNpk19EAaVKk/CtnIOVKB9guu6cLjS4MSlWO8TgSG5IacXqKF4UvOhh/29gSkIKXC+3Crq5e8frUNOEye4ttGT0I5On54k1zEfWRyWaNun72ZHX0J+9EK70/yzsdN4cDKyI+Z58/1/rse96BiG/w2cCR0vpCacRCxnEqwQkZDVyTPjHuONGmFR3SN3epOI522NiL4lp2ZsV1YQLvVdSbZjaqzQXk10uJkybXdiY4dSUxb/jJFzxW6n+w4V08hkrLAYdoX8PQqONwCl84hZz5vEg+N5/2HsJUCcf5UQbqqfdpBZFcC1hXQVdMEVeY1RaWit1q9wLXlwPpfBoKKCIETm+V0ZSFvF0DDaHkD0OLCcS3LKZa4NSlSxEwwVSr/JZA81ailmGYZQMHjPV5wnvQ3b4aXH5l48DcsFyjqUpL758emH/3bHCxU4saEU931uSeILllrZ2G7ekBbiZaLAWCilBl3nB19GgrLhIRb4L5/T+w7nz87CZbShlbW+O6w6sWMGoXmNE3zfcv9HMZYd/2yJG3E2Ba69yGTcFDuVWXKPzkgpTJ6zXijsciGufF+h0gJ0PVig/sR/udGsC6+gBINljO4U+md4+MhxH/mO8O0dSFoyKFXKYyHkG7cT52Cm0XBN7Dfi/BMKHsHYQrux1SAsf4ZsmQypmD7HGNkyGqZLlEJMIs3A1EESxaKqodgC+Qus8tfBCkdzT47rYSFR9t2TGFRuwElMQ/tqj3RVhZda1Uv314+FZ0hLJBwO82385PPiFjJUPgvZ8kmJM1K6hkwmIkrEHKpIA5xy7xIfYNAgKBYm2gmBJOnmmW+MXXJvI4zDmSpuaJIHAWyR5FV0CD6XMREpvEWiy5KHG8TLrzUoKrVMfWioCFyMoUv6cldy4GjmoW7wIgKSyy9l+rhZcXwzJX7G6uGMCXLi3huRMevE+3Hy+kNQ1liSPxdookmvXvt+oQGaoqVZYgyxDm/LJ1GWn4SsddznGCs/pAqOdylkFGUaRkQ2wIzmbMZFrX5zHSyxYcQJtlNrqLqh2lIwKHqV+c4HvW45Q83KA0CMHrFyiz3+O/jiJTET2b1ewtvnxEep1+HGypCUzU7mCg0S30t4dU6M9fKlzUWs10TiPUSxLuxfhTn3+48nVgJx/vrT//3KFupqWRIoXqGNe/uVjDMTeHiPy/PLk48nRVR0i/uX8+PDqZECOTz6e2H9rKK3rMIkAXSZXOduGfwOvXUAlPj6Q/aGJkR2zTjTNLxcfsTlINfNJHHBR6ILqKXm+9wIBBLmSj+M0tJu9SjOl9w5uBgnUgF39zA0CsvzGMnmXzhY/WKc6xtsCDUpcLopdgKC1Wcl7zKEXDoT+FUWyAs44nsqLdbbGJtwKWo1Qx73XXWW/TKmVwtJNsgT1s/FE7aO3bLGLxxwSyNzT9enFt25Z8+KNMz82MADXOR0QETitSmonSHO0AYM8Hk+TG7zi6l2LijRpaU+TlcsgBOzmx5Mr4kjl2qWbWWT/ZJg2jjCcqsITX0ITDh4wK7zBRQ0QXVOECF5z0xUtU1u5YV/XUGGcgwcBMMOUTrfZ3qZUoVRpWYW9VuxEo+eTvb+aKj42uxfnR8236zdqASTE+ieTEbIuTdLneMPmXg4UFusAZ5K7z2Pjh6/WEyxuYG73/cGgvFx0XRimZooFi56ic+wa4hzw7R4hU1bMxlWByrOS1ahgeiqhA0kt1Cg6r4WZC/ijaZxqiy1+/Pg0+g4mXeK0W80NqcDumn0qbaZQH1lPIbTuZWE/nvMowP05nc0K7mxSqBVbadnx1REXVC1q+AG8rFQsgGPmZ2LY6iYQ7MKg2dZnimB/66kmgnDJqK4Ug95ekTz8KfqYPI+kY/1iE8k4hh4Xi+nQNLspDlfM8HKN62Vur6+skNktNkDihhgpb738B0n2S1RcK7mxjOsgOZOSFwXXLJOiWVsLlKLUCjCrrvvQtLCPzr9sjFXfWFBb6Zqv0GDBuAGVFSwJwDtNWojS7rFwG/+VNYWbNj06zkYKJiZmWifAYskI+1ndoIZEzO/qyDsFulYTP/A2Kywf1TFrqzPcf9pITv9c886FjghrXaU8tAGz9AYVfo3P0QyFOXzbmKhpUpIdR0KFPt2soTFGOyh5rhgtdq0MsVtXa3gBulNGa10PGsZB1prrUmXfx+F3jdx1iFgdpBJ+0SGc4PjsMpbWwtihgifXmbxjPqui/yRnSoaTnB5cNJJsZYm9gTtt0mNXfsQI01Y65XqKU0iIDRd/A8bUO51C0nyrc7GsnGGJhhED8FiIu0EWAdK65MExiKOktwzaRKJRwUyjQG6Xjq/JnBXFvVckl+U9F+VULJkE6l5GGlp0r1wAc/z5U2P1TgX0ewqM6edX5Ize8QkS/hWHnJrD89NuddNnNWd1SvNNLssj3KiPMMaJyG+SzKrWE5eGKpDzfaRGIas8CtSwf/rkUKg9S61s2H33f3LforicJa9qQvO8NijRPL+GB649yNpB1msms48O4a2hB+smFhxBLFsRq5QUOkswHJJzZ43x3Alqk2cvB2SSMXD55HzCDS1kxmjTCh/h5us9X6822eKD5PTYozSV2vh612uMEIXfrRojdnCsN4p74DrypYV1Ni+HJct5Va5QoBBE4mhbb3DnSOYFN4vrKO6udvnpXUa12T1Y4dw5jAARCMuLwoW4RnS47om1S0kOIsHCrgZU3De7X9cnPfeKxeVHKScFw5PWPzpWMFs+gCs9tmJ+7qDnMruF8+NO+rH/uwM4fgdG1maVY/edPbN6KpW5xkiQOnOHimwqlR9vN5zyHlk/oEU2ipBwmgbknoYvH5IlGwAmja07hivp5IHxcjFdALhw4SICc6rJqOKFIbFA0EalkcBzn2rcYUyRFARsj1XQESt0a7QkcpIsj55cgcsprASOE4jWZXM5kv0J/+oAcirGMiZUJ8SkrKemTft5F2WS//wvP/JtNWJKMDQZufH/HH/WgUX9fbg401uwBkri0ZcfpPqllYcpQXqzAzWT+RYIKlqBmXMItDMV7VDVQ49tNNK5zMmX0+P2QPb/ekaz7U2qhtgeTOat/NAHDiZz1rOE6x7H9QZCaKSks/ZIkJUPAurWhotAdo+5TRYXjZsl3G7ZsFtg8p3jIlzHYWj5yywyvR1++st5y8ZmP6zrL2MEQl30vYsFOKhko8Ov2KxY7DYqpW5aOh1wBUhQCNUXh1ZKqgHRvOQFhaJqU2Nm3SPWNcP2X7e3B1+J7LH33Jkr9tUQ9nVWuAh6iNqwWHYkVWcF1Xq3g1etvywfKC/sMM5HChA7RsKvtzrU6XHHOOwr9lrYngjjIS4ZbHcLSQYOVNQ5BX8C0YypCJEFpFFpit+1h0/jgVYMfzommpkBySU4TzPFqKmnvvdLxaquBcgbEdIPGju4TDzY1eNDvbftzT5gIGrIpG9sWhm5m7NG6dMHjB4BxEHRVlgJLBjTcSPvzilvc4t7DR5F54Pv1lKBa9vtPRt47Lq4iBS6KpnaNXTNk3wahVXVBjkAMiB3tOA5mKF9CyjXVMcSg2BFFx2ygt8xtWhgsCmDqZuO79pDNYFO8CL3A++Gm8qPRwyddDI7MKnvQj3xB+JTG/2D69UtC9DIwOnGPqbsV6ZkYoclUKRnXix2c5YVVLEcX+xi0mEjt4u4B6sxSK7vQClZGS4mu7ds8TBe6tzcHmAUCEHS40Oz262fHt/AxxX2IDS7FXJesHzi/IXjyIvejRaUA3+8Y60ZdPFyxOTbV0d2/SlNS4zMKm/gxzp5LZz5eBe51MOQPkbe57MrehkfH+9C+cytjgYQOwYDan2gROYPKxotQ0ynro9xzO7urPredT6YYzsPXec6xNL5CllwAk6pJiPGBJkpdsdlpYsFCaMirfC0aKpUhApwcPS3QPelAh+G9mF9kurig0tOElWTygcApMNuoth9hk9pEWeiBsggfOHCQKVlvCL1MDSASoul3VFl1zQJQEvWiYqcGqkeSNn1/gaAnhd2nabSRW0/bNALJzsFcOGS7L5oDBNmC3Lzp9NPJ7Uzr092tlrVHmhE/bgwkcmci7b8cH98PMiOFXCe89WkeX+Lo78GcSgX1mWwZGS/BFV2acmbKU9S7M6Y0lzDIjw/gLSi+JOXLzowmCkuFe/g6uuLHX7GHtSA7Nuj+X0nBWKhSC5Fl1K60YQPo5iKCG4UvN/JzUHdlw8c2iWwYreGYkGM7FSTZlx1Z1zei6JqeMF409fPy4vC21xjf1ktXd9QwGE7Uw7guoZ6OBfzoyxmvpFuaxTw1D90GY+sYm9lYiwB2iVd0dlse8PE4UYwmnfLU62pyBWNLIRH/rOWmTB8Q+5e773azGAYj0RWV6Q47az5VyNQmwjyOvDKAeo3P8YRpt1ItBBpDRlfbM2RyNKbpX/E1aM2Q7yWYUBWlICLMWkw9U5krjB7Iq4S1MxCaQ88LurKK+1hu6qzdYz8wQIB4l2ACVW69C3V6itGkjwfxWj50LHJIY7jUnMQqD08BNsXuGIHGtJ76n3yTDHkkoUXyd9c7DyZVFRRYRhock7yrx9rhBPirGkMGU0Mf+tfAdkkro1nfyh8TSGXqIE45FxbflJZNRTVJpqZihYeuX6UMITxQXR46NuI1DHI3rCeBkiOZL6IuhWUjDyn7heuScFL7gKFX755++kHwoV7v1HcsitdY53FbEfn/uWjC45EI1FEOhCo6w97p3iSBIuTzZlWyhvJt+JajngdvIGn8SozlWvcobELP1SzgrPzTLvHn5jcE5N7YnKPx+T+0Hn0MRP1fif/uNWZPFSoQ7CbHumGLH+v7U3YUVW07RKN+ct5/1nuWoF1ViGq2LHO9GN8RFVe9+BEVpFUC7WLJjHVbgE7Rtq4DtrFdO1aimDJDF2KXN+itbA7kuVMQlmBsd8rH9nUjcLyFYyRvGWLZmxON7L9RNWJ8mdRLMKqYXMlzQz5sZAjWlyDeUdfWw1p4JNAAY1GBFwf1qZV6+jboxxlu67Et+8ifBC+5xhBneYtuqw2/MAk/ctKF2kRPb4a80wW1003Wzf2S45aC/Ulxy2TRVUKTTRzUYQuaM9nz1DI8MurDC7OFUcxnsnsli2uHfTHncz5n8MsoPsFOmftInYyuwaadMLF5BqqkmybYjANvIaPZewwSwsTtbHMT2j86Tv2/uXLycW/7p387eToy9UJJs/Z6VYenLMzGMXZHYvILcc9jQo5oB+da9zP/ttmCV/a6JJzToZAZ1HETOA5MOngUtKsg5iCWJlNWUmvW8E7KW5r3YZX9aIYaYXLGHS/LLXe5diL4DoL2EK1TeI+swDHsTRyJ4s7li+/EVdcNhvjdZX0q3baY9hWu6MOv+VoLbtNtoMT3hVrI9TyrmwTo/gYaMpzQsdj5LQ4LHnOeF3QxiI+cK3yFjM2IONKgP8dMnPoZKLYxHISC/HFqmVWE7a9WQE0y1aRVe18+HJ2dHX6+WwHqsMd/vjjxcmPh1cnO4PaCxscossRFc2WHA9afBaWbC9druVIUNUrMWyMxGfBfDdTKLFHs2lYCzzKz6kGM4z9o2Mba+cXm1HFugZ9AOc7vzg5P7w4eSjP88hd875F2XjhWnzPj+HEkdPj5Zuo2C/X21MDOg5ybXF4Ugd+W5Sf1IEU+yd14EkdeLg6QBq2/sflpiFdzEf7Oiw7VQL8eWKsT4z1ibGSJ8b6O2esnS4NXc1mUpmWPN8T40dWx/m1liIplGpVYW2oMtWMyBmmHlLFajw8EWIsuCt04n1emSyxIAlN/GJUkM/nVvG7rBWIztnSykwt9bSK+pP1HTldQckucN3VY9SNcbBmJs49/YaULJtSwXXp2j6t5wRKkuJaFLmcXrtMY+7ug7bdADMxkp0e1jhL6EtdadbjIZtTZRlft3d8zVgAKOHmxvbwBhj9LrOsUphs9DN+A/weEvXhhu5EKq0EvdFmQyliMqsgp6BBmYfe9wueWMBPsYzxO1d7ui7hA1HUhKOF8eLkx9PLq5MLcD3+Fk6/FhOtG3H1q/0rzJ1rDn0VBfBD/CmkbVk87K8sM/yOQWhoh4WRjGVRyHlSySZuGCPYfM83XIMU8N65tDrTbmMRIUecz5YYTqTqH3Udv3f3kBbsNzNWO7rOnRc3KiiIAxGfgNqG9WSyfjJZP5msn0zWj2iy7rn9k1LtMS4rb/9aPPL1E3y1GBDE6zKeV41oo2aMFhXEvQ8FGeKbjKbligGWGLiq+KBUCp/cz2ZIwqVUdVnAki4cvE1liUbNh3Rt1g0IjGbl5t4VWdmLQ6m7RtlYpkiW8F6IbEOwqjExUdW1jdBwN+vDb2p/RfvSEFhWo/3iOteyYjS/zqTArKisGei77lq18Gxf0NEgrr2Ewz8ySRjFJxNM8oyPRceikkZmA+92W5GNQ8WWGVWsUKabyj0trFYAqU8g5rYnugJ9APDouCsGOTAOfejhfSvk3BdQxVmELrMh74LmPhMXeCPLyXPNRQZsrxJ139+wV3WkRdjMFyv3DzSrb7V/UwoNmaKU+JyYVr3yPmRHhcxum6UNHnXD5lOpWTODH4oPOroHM0k2BaPRpsQ3V9wkxSi7J7TJyT92gl0iloPCb8dyB52XVryrVq12Tg29dku0FMF2lnA/gqcGWs14FyssszsWVBOqb11xO/AV2BPgdNmkDEAXttvWJoDbB+3BRztTDi1FnAi3AqWtahJbwEeb0mzRg98+QJVAtpbUZerCRFTltcW9UmxrYu2alwf7OmOKQ5FhShwOVi8DPsqyqu5gsRZL8ku/1W2OrYSbbTFVE2Ao21vVDbWFfrRDmdZpNrt7HWV9Hv90dH73upXyiR8nGZ59FVY9RLJRTbioKvn15umu/ztZvbjN2unxwOowVOSy9DSY2XtEOAtb8ibaOgfop0iak2FHKNeuWRKqtcx406USqrjE6ag61M+mMazUu+vMre3EL1dtvLUgy7Lw09U4CwfPwSKsoDM7QZRfHE4jNqEimBtp9kvFNUcXYHrFKybYnBZeEOrAuemdvMcWumQohc33050wknCns5KpnMNXlj799qBEmoDj0BhkVizI7i5xNhToAaANkYqMlKS5/aOzJl/a37ueEO/Nu7uKqmS1m3731mXxRa42G6xB+2kn7eC8iRcIO93yiQh5Zs3e0R5W0nu50NJJylSTnYWs1E7S47uDdu1wW5yNW8B4LmGCPkUN1ZFKs1aFfAKlt74aog2b+apdIymNNorOltCzYgVdPHQaACSeTAePcY5QmsUOtwTScz5kQ0JxCRCka7TYT7olzTY9jFcBp2eafDo8Ckg/xyYlZi67BnQbLu5RRrW9YPG960+2sxZF1qdhqAg0JF/Qu5xAsgv1+cOHkwt7zu0fh0d/XlalSM6uOwuTttEP1WwsCQFzWX9uwYgzQ6vSc4SBqqZlSB5k1ypP5Wyz+yAt/2Zfr49RMOIB/U2VrCbTrjGpyudUtRSke+6tV4Y82LRzNxRcI4KZuVS35PmJZdeCmUEC5qN96IoWtwPCTNa1Tuh5byHbtC4tS4N2q9OlFi4T3gJppBXtViyMX5xQT8OvUrJRI2ZPAMQUPWfDyTA0pxm0gMnxmKlQRnNAcpYVXLCBRWtABL0d+F7NAxfE0zRQ1EEkru3dtQN2XfCWe3Ft/3fXtLl2+xUa8IDZGKZec0d/ROr+Pi1QocU7wQrnlcvrjXv9dc7RwYbr99rxu84Z8qXm9PUmxyNp0E/quZ3s8enl0ee/nly8ACmzKOS8BS+9MPzbcBFSO03Ds6qgKr5rRiwIF30hMu6uDjV8tjL19t1tJbc7nle0SK5x9MVNqcgLF4fVgrU86CWIcI+2dZ6wkHmG8cIEMWTEeTJakMJtqquR6A3iKOnXa6tAXXvGo/mv3Yynw7B277mU9Csvq9InlifsxstXPROyBD3nReEkSZplbNY3OQi6WUVh22QfEfOAklzSSQrFwteqamuA9ueOidz7NzDULmYkUDQ1Aj0kf4XnNSlp22uQTaXE+K2cjbmIuLsbBUOR6lXRTgq8Y21g0eFu4KSwqVWA42s81aGZLWCYnU7DLNLuwXBW67LAJV1g+Ty2nLrDhZ7g10MQuSwpF01xcYu0kJI5DodyJZB1S2VoAQM3gGJaFmApn0pt7Oua3HGKMhTChALllwttknqsyVyFvkZety3OlE7I8dHWxCk0qgcpoka1BQ1Rd0A0qb0ZDe2wc2pIyP5gL7iYXLugx86ZdkZQrJjtYSIIWGK0rNZEW20kqQQtR3xSYZnUtU44lBqhohpTqEeD7o9Aw7LudMRqftcC5lofudo2cmzgZbwOMBTDHsS80kZB/14tleEVBEMC+M4L3mE4YpbR62FDF/chIyBIXHw4Iq++f/mmN/jVXjjXJdVNWfT+lIcwiYW5TAOXdcFw0RFe4iT8Hrwrk0Gv02s5HmtmrjXLtnYTujaECNkta8os3FeJyeZZe+/dQnARjGvQtepISpVzAXFjXwS3h4oW5MqO+fzL1VGfmK1kZbYkeYHJAcAt4wm1fOY6CuIr7Xn6nVxLioFd2zazgw1bzeXsYXj39l38eHs2m/E3YWZbnk3XDdWzKbzO6z+7Om/T3704tr/HvsWtK5KOiEuQqrWua9BJrx0Zbe/U30MNaxq/iTMpXZz85cvJ5VWtpfVoZZTAXJAcuwySJNGShtAOlNah9rNigQiBDevFwIue7oFKdziXGtcibsfClY4KyPCm7A7Wgj69BLWBzp1otMi5507U2n7tZHGtM+u4tG40CGZXxxIC7Kv94Ozwz3V9WhEFgoMU7zyO7ZChw2WiRgB+fHL08fTspNaVZAtQcFSA23+aWHudOSb39w2E+6xhpgD3y2OejvQAI7UIw9QdLfB6C14isCmUXSEJlTC8SA6FogIdSqHJwcXJ2cnPp2c/QufHPsVesREHq+//GTP+4fTseNWUR1Ka6zEv2COqRv7cGVlLyhRGtgPX8U/P7J/PUETqoO7akOzKmoegp2DRhW+dQlC3BxU6djqfXbY9zmeXuxtVFs7F5m0IH9T/ykolx2eXZEazWysD1tpy6Fbj3DszJSeKligqT5hgCjMKGncBprAB3AgY1ySTM85C45+OCMt+78Ua+Ne1D51+T03jQNxyATXZMEDR7XpnFQsgMUz94zr23UrFJ1Yglip0nVELZ12ByXGB00vAdZUtDcZ1SCLs8T4PaWWmUnFDzYPbUR3CKkEKlrtL0QdFTbQdOVrlg39VEI/BomWmbhojvCjiYkC16a7djhNTLKugPOl1kPkeY3rzKQODkhvuzkenuhRGmGOQOXnb5hkZJdaYSs40f3AflRX75G9drlhmdOxWtKJGpXTFGkEZOOOwAsViSC76l8NbF3unG7Iir12P88ekSY+mmyJEQ0Kf9JiDJCADer0TyKYsu7U3cc613fdvtF8wlu7ziFtOS6GYMDQqCzbaEFDdOx2jKmFls/y6t7rytuYDeZMQicWVNuTNwUuXJR2Sma2gP2eqyf6weOqSgtBL+b3n8FbYqDSw905Oevb55OLi80VntyXkRg1BZMWtEjM39FfaneAsH5LTca0Vot3F9SvVREixO1NctCM1sylVNLNCMXk+YlbbevUSDGsjecfIwcu3L8D4ZrmQ1Cx+nCpWF9BtBFZTTZjO6Mze01YtOtj3NXc1ef734+PjF0PyA81uiS4olAC2t9UvlTS+dz++3LgA6UgPSEaV4tDzDHZQY3K0lfbJmLEc3wcjv3KphX83A/J3Bc8l8P4ukqzRzu2bz+fDCbR5H2ayqyFY2MaGH7udlew8zoplUuW6sXldYx8eHh4uGbCZvN0RZULRObjRqKdnS8ZkpsivZ0Wlr+u+/p1jM8iuw6SF2S6mYjjSfc6uPh6/IBYKkYJhNhI0Lk63u+Uzse/99wMQfHfGUg5HVA0nsqBiMpRqMtyxN8VO/EFTfmIkVGbJrR5YRm1jrz4eu+oAqJQIwsoRg5bfmZz5xKwEIAKzT0+Nmb3f24PucZmuxmP+FTDoWl9a0l/t7slhddsVqCb0fK1uScu4pSBUKbrw5x+TzXIOYZvUyobgn8IQVxiPaNcRL9SUHi1aclWvyOFwbhUfuY/UH+cmaFmpjAXa9d2Xg0B3kws9dIPfIMuLk/ga6C1ltE3W6h0IoW5JjAqZMQV8tXOD3S89/MIjsy67ACJrzLyNUScin/7WP/z6zMNecg9AooudhDUwxfqEkVoOIq+Ak2o6tqmkCzJiJKPZtHE/jdjYch0e51jlXGdU5fYm/TempA+EKRkVteQEK9ERBSukqYcadp+B3nVoyKyrJACLgvNS1TH8OPOhC4GjIpQT4tq/MWNptHNwPdTeeL/pMcywu238nRrG2SPzqzogPyh+nmEB/21yZlzY5Rj/RtyqRiBwrCbQngeBnCXGCzhy4yIrKntFNbN9UxGvGWNxDlaVEaOdkdL1wL8Tjhkh9A245tnlchR+W84ZOnN+sxNX9wK955GrUf6NjlyNwIoj13rwWx25euDfyZGLEPqtjlyEwu/lyD0JLNFa/LMKLXJmhu1uVi2SOrGk5J7rpJWd/Z1u4Hm70ekKW1fcwjxK1gMXtCXpy5Ojnomwr+ZaLTNTnXw1TOSsTplzBUSabLCe1g+Hx389ubjsmVyVz5qBs6uZuGuYLNUzTb4cn5MZXRSS5sQCIs+5QIPdi7pnptWnIx/WT1dX5y0nlv1wMy+Wg0o63ViNui1drTHtiFvqitmaydqdM5elVICDuxm0sORgkrpju1pE7nF75dkFcBxl2P0QVazlp/Bbvfvl4rQ1lF0y4wqeembl0xDd67AUUAgneEnjBtre8WUkufm6O5/Pdy2s3UoVGECb33S3F1zWcm8rJSrb63pISjqLxSuYC51hLGTcqFoHgaqr/yn+/Iwx/DgNbGg4813+gqwxKhgYgf1jdeu4rrhUhwIIEnYXkvZUwQUJTGkR6hBpZgnAtO1DBISesqS6ewfsnnYu/6oQl2ZlpPiwrNfMseusrdnxcdlh66h+1EIcRuvxEJCY677ef92THTRVtBU8vXQcfKN3pDNpyFhWoi9Z5Z/nqLTd1/jzoLPSggYNNB92VlowR4twVtyFx7MyvvBOjz61LzxcOPvVZm2hHWyyUfTGGhJSo5UnINbVz3Mmteajgl0jy2+epteNv992HWo87u0YtbVyJA/JtCqpgDJUcFfBBRQExn5Wgt90pmWuygkNqWNQFLUXdmc+7LqwkaP0ssBHWq7eAJnw1T0XzJdj7lsxB/2eSxZJv7WcWbISFKDo6H1yH7WOn/8i7xY6ew5fNALZ6AD6k3SvrOC2/uXxCHAJt/dByYTBNCI80hBdlFEBpSVHXFC12ElgjaUi+PnuiGqWD8iOvcF3MACXfTX+Y6nIjiuTg19CLS/4OwHYRmzFkSm42MJ6KDpHHhx8x1KFsj7uC00+n33816WnF57b4u54lNBNG9Jm64vGPQclrrubJ0duU7KjmcHCoBNmOtyhuJP10stZBgWE7B0HiiiW54X4se6xG1YvXLflx3cLa3YSlWq12ADN1dMIpz1EDzdzzF02fBxA76PoooUnfNxaIhfcuel98XCSADNHSD8cxuGA/sB+Ofvz2eefz3YGZOejpPlOmra+c2mkYvbLY1YwA78dyUoYpuyvVue1/14WdHRkVAFQLr4cKTov7BNNWNRoeLzKMqbh1w+U27egDm1lpjsb3xH//1yk5qS6KBpkSlbOCrkgVHhlSLOB1ZMVg4qLKYU7uu2CU3KsMZqIEo7jQTTVc81SYDd+oYdhA1HbuIkuhDBKV8GI8B5kG1ynZVvvufs+KrBRvbXJKwM3eN61snbC3QjjaUaW+HBkm3ykLlMCBjkBlZH7l+23RiNeDBTkN5LBNkYEhli9IL8tKn5R6C9bxwGBesUTOVgI+4fOB0VyVSUAQZltXoJLb+V/6jngNtyNquyWPdS76KC4ZkCxku9m1y6V0VpMZI0PP6uWXVW0qIMskwDcsDZ1Be0EwvPWdvRyugTv7hpNm61iZPJy+x7iyrhIsd8ATdznW7Zory04s9fHz6eDWljJJmt7+9vLGfwT68izW0cnrFRdsqlGhTznY299WrZI4Gh3BpcH7mXtbw+VgSrR1kjqLqIdqSsuMtlPIpdMgwNSM5GDPJNTQwfo9wuJ+CWHMvnLlYlvP82UIz3yPB1r657gPanMCkBvX7uSI7mfrsZGRM5jEBJ2V5Gb24jfAkPPQNY7EeBiXEUj6PV7T5oPr7r4FoZh0zjPnB3KqMaDJj1mSi3NNvg9Y4hLmLOiI7dms2OWoS5FuMgUWJ/2cuZ+IwB/pbjFBTecFo+IhxvB3VzB47n5VXXH1EhqbhYPFUoAkdAaxLGinQB+x3OcJbgoOr9uNFd5gFgS2VrovG4wE+6sHSsBaDIcDnfA7btTqIpkVkvGz5berIgwxnFcN2N/7iWOYEiILwdlmfozXdARsZqz5hPxbI0FzJk2W8HGAgJDkxQPRIlWRpayIwdzoz1FrDwsUkIfMpehDCj5rwJKhH2dKWzUAK0UsWx20xPXYXvRhop8tNh5/qf9FwOyows533n+pwP7OzQJ0prfsZ3nf3r5YuBNdJa+XNLruDFAYGNglEPb7ZLV6i6dvNnetQxOADQRITe9OreKllddu9Da7L5kX2eGd9Sa3ZDWqaGWWrha+Hi4EAaX3uetlU3xjAGfjtOt/79f7ZOcLrTLEopHcy3mXPOUHSHnaHtjhWaEpxqnSy0eaVlUhpEvgn9t4fz81cvdEV+6cLpgbHbdof9tyLMsGKIZNgbmgpQ8UzJUQnKn41mhqusMrY/4ynK+EYtrW7pBG/odFBvx34X09yXrJWSzwO898kMvMSjIKOATxMH0bT0bR7Mj/Ldl3/QBwN6Zv1pI/6XiHdaHh8zCLLFNce166hjFwEcDjBhwWGqicOoh1deV4A83+RwdXpLnmSxnVLFdKvJdPaezF0mJhXCKlypy3w4hXDawQwHzOTq8RJ8lqWY5NY2iP+tycZB3tqX/WGBcG555KT0kK5MTmk0JE0YtsCF0FLLfGcLiwmZ2LLpOFAOYS50z7eCP+3pZPVcI3N0HjXiRIXjipZjIfBQ74u0nx6OeMBj89oeeAFA7uGZ+8s7fkRVSM8doMF8cI4ocK3UQyZyr2hmNbvEpn0yZcg3FgrufkOfjOEX1BiIkb2CRb3wc8s0LQmczbEnrR3BNUKkmc1YUfWE79YqQjQIHmu0Kl2yRu0g9XnU/Lt+p3ZXxcjWiEsNFSC1vUlzqjInvhTiHtIn1uCqKI1kUmGJytlFKPLadDi87J8Y6TwEbxRjTjBomEgOrlV0geR2eDIJKA0Tq8qtcY8dcGvJ8+CIQVzLAkjRn/3wYeyxliJuNRh5RhdJO36x8fnRrodHOdSUvbzuaLqzPay+Zq/NR281ymTkt0EgiS27ILnZqh5Y6Pm4PqzT4ZyPptCrgQTtze2XvJsO5YrGWlqLsgaowjXIUfbO9gFcfeLfU4Ri+qnPP5EcsKi/RjdKF+35rVssagbCks6JjRfyOfFCyXG+cn6dMBY0wq5QGGuW+6wvXAWZ7NNiW9YY5JP/v5eezmjIggyW4PnTXLpMkfh1ENceWoLCAZUNSMcIwzkkPCC2gISQmTZWVNqSkJptifFIYOoGP2xmyvhJ6xZbx8dPnLtYxjOnfJP8CSA7Iv0iVMzWyv025MAPyL+zrrKDcNfn/Fy3oTE+laa8lktQHYPuXzB74dfl859IWvORuWd1NGObmWHYgqfaKd+FSXwndiw/phGH1eVrCkrprpdH30uOSclnPEF1JEaeCHHQQ+4bL9EN7mdJqXUhpllwQtGdG9TvSiZEEikwUzLA2WvjE1pByAyKlzpgaS1U2a6fYWyaqWE5CYT4opOMk3wHRDMspfkGQn73+pgMCNEkBDbLDJyoqWrSnivzidAOZ0XGYSGJv+g4/n19fnJx//FcX3gPn2HWCREoIbRZrX5rH11+sTvwNZ2uW9QpaCb6fRXZxftQfgE2WSGZfee8yWJghWC3KAKtXoasHES2KeyRjnR/Bm5h9BWKNt9926gSzYnG/QfB6WGuUlse8d3EcUHi+A9DGJqsYdtSa28LpAX+tTS8/WQLNEm9HXHVPvvv1uKB3/XzLjhNqirkTCS90UYli+bDasBqjJxKmnmlsg8/zgZ1CZoVSy68rM92tBP/aN+LkISPC8bvPkEtpKIBHK5rVmf1AerORtKHlZtLzoRpxo+yQp8dx5XtAiZQ0m3LBIP/X17DsG9s9uypPPA5tDRN370Zq90L/UsRK9+LyLx/7VG773WYZlx482axyqG7qsJvb0rxqa3EOxQahXli3OlsnFhrV6X6kUNCK5ddKzh9i200Q87ZuOzqGiI6rolfNDjgkAKN6CHIe8qALqg0Wwu1huVxophpdclejfXp2eXJx5YuVroc1z7uKZwk2t8oDYMFyi3sHktA+t7a3rIvl5cnHk6PVWEZ7HlSpBJwce9F4SbVAi2ODJr4phrDrS/DbQAXDxgZzPLa+jKyGC6uWoCLx5Jlekj6Fgb5bCCar49sSaxKcoN5x27lPa41iReRO25UfzfFNMY5rLJ99aNdYPvtwSe5e773aLFcP4ZIHpuqtXmWLXfApeJss0lfHkpZcSHX94HEAzOrRDF0K7u41Ofr86fzzl7PjqLyyoV2+mVbU9BIisLBreGDaw9IvXLQ+j2QFj0sCy164nV1bl8q5KQYNSddT3myS3tjnUpuJYv3Xdv3AZne3H2gzYrwHt4GBHspttiEzeOZ8PtmW0NDJA1uiWr1DEa9btyTLWuyuc5R+NyHC1OyOqTR4aTVQ/9IGCcBYHzf97MPh1eHHxmfnh2enR48kI4x/9zLCgzBsygiOlyiW8/geu7B/97AR+G4zDuLBk404CKLZSuxYy9OYRsoByrWMLQjt0sA7K3Jt7kRLB3tMFxqOFIqxur00U8XHJtrMK/hg9+L8qGdH6wc2k1HCSJvta6s4zYodRVuKmcoczVVR5ZklWxkUleOUfYx5wRola9CBFoGtnK9Pg7vJMrLAulJj6mczZWrOtQNxehzVpfC75jsv97Ty5tkGxB3r8vGuIRx7aWIDzGAhPT3+iDPutOjd53y1o3wayNg9cgZZrkPodr1TCcQ1DuDXjAEym/FMoJT44NVw+hXU+pn18fWnroj559XHth7gztrHDTuumGJ7isDGYRuNyh5XHyMhHmm6fr4uHGYfOxi+6igcNqUi11N6y64zaR82D21v8LProOGxE2wiDUe5OXTJqe/L4DDSTGv3TAKvbieEFeOZyNRiBp7e3hobVfnQWZzWyxshhsi7AVwxcjJT7I7LSvsH+1CCca6RbT6MDhxyfYgh56tEzlQBLiTHqoE8yGdh+VUCb4fnWAcinu7pMSRCG57dMlN/jX8T9tUw0TNb7GBxnTHlWvKy6+Ce3x5tuQ4feJt7579JutFFZnhGuNGsSOftI0LcGxHC/bOasqJoFxHcpDhVmxUsI4MVK0LWYAujRbuf65xDa4eO1m1WTKoErlleKfSi8i7qjiflGsKw/Drjs2lfkapmzN0ak/vo4u4c2HgOaR+/SvtOgzGyTXCXjEGtQf1+b28+nw85FXQo1WSv7nCm90yhd2vZo/Hn8OvUlMUf0w93e0qERcsiS4jLr3nA1pYoDk+MhnHHPlkyh4++58JY6LsW7C7PG3/hsnSvQmAW3VNuHp7WlCHOz567CJLvkhjkHd9kM4XTdRBJQ95jChrOXfueox1Nw5efzxbCnmhD4+w/9CJAZ7PCjXpd0AVT16G6UHRzPhShNtGQ6GxFOOwCDoF3LD9vw/5puQN4jdfFI6GPfftlehviiAMMbkYS8d2oWTkzCxfe2gnR3hn5nb0GNAs9roCpANBmb0rSedIdK243KN3qnlkO70dqNY9atlMNyv8nvM9gtr6R42qWf2p8QBPECmtTBzr7PUsjYCEt2CoeLO8iFBOh16oC5TYAVrXvqoTopHBTbnfdECbRFTcsjNSYXtCH4dLwh6QFbrS416Ra99yWJ9i64NaaZgtWuD7Wn+M3ucaaQdj4s+oae+At0iV0tNA/c4BYHg9H0gvjt70RvrjWrlQIWYnMRZvRxt0QEod6SZ8g+Uf7QQ6LOV3o5i3yO7gQom2J7oQolWYtDW3lDZBgclS/2COHYdhuEgY17LhPNr5QVvU7/tub/e+dJaiuEN/DsRSnxXWHUX4DHgUcqV4MiF+yYNse1HhoIc01Ng3oHLcRgNoa9Nguu2s6ECl20Z5wLG0BnSGX4EDHpmfqa6EAr/dgAJmerK+ZNzZju75li2taTKTiZlpu95oIYBtSQrpZiIcdpS02oJ2EXFweDsjx5aEVIU+Oji8PV0+pEZFJ1ibeS/5rsCXHqHXTr28A+k2XsEXuHoseLGlhmBKQ5XuNmlAXjiuV3ssKKlmTwxocOQN3QNfO9rVUp/OHnHMoSxofMkHOTz61zeTJJlVdZbnXlBf8pKNGnshkm7NNYaySFSABWHVd9xvdRkcIplnpuDmaVBMq+K9b0WI/R7BcJtla49LiuhL8wTLHF8ExKZ6LBPwSLOByFFm7dPmGQ587OJYLKTax83eIuN1cgkMmy1KKrp76G6NxBs4uBXYNl87mg+Dr+3/lOeRaVz33zsozcSIMNwuvAurKCqMiJ67v/NPReDoa/9RHY8zFhCnoBr32+egm6hAfmL9pWzCWTqxP0n+myafjNzGKrZUN196UHmxv1MufDncP1h335Zu32x355Zu3jbH7TGmPok55Y8aTOvWkTj2pU8lsntSpJ3WKPKlT9x7ySWb8P0JmfFKnno7G09F4UqfWHfX3pk61Rm1pU9fZlPJ27Oz/J7wnuDlngDeHpSmUFJUWl8CbW9DuFFFL/WjjAqIWGybmpBZB7m2k8FBgbJfJwxZUgC0BGwq5Ur4MvMsLLFiUmpyaWYZ17hAp8jDdhreb64akE9HQRFpzSnSXNivRmLz6zsvRGGwhbJISZ/mA1XoFlHXTxRmUFnLYJ3RBjWOQO5EcB7YNPQUVZ+KtDlGPwqCB+yAz4JDeDPgmz5zk0hzwYTcZqWAH63EBAgAA//9W0b9q" } diff --git a/winlogbeat/docs/fields.asciidoc b/winlogbeat/docs/fields.asciidoc index f3699460a10..8c803925ede 100644 --- a/winlogbeat/docs/fields.asciidoc +++ b/winlogbeat/docs/fields.asciidoc @@ -235,7 +235,7 @@ ECS fields. [float] == agent fields -The agent fields contain the data about the agent/client/shipper that created the event. +The agent fields contain the data about the software entity, if any, that collects, detects, or observes events on a host, or takes measurements on a host. Examples include Beats. Agents may also run on observers. ECS agent.* fields shall be populated with details of the agent running on the host or observer where the event happened or the measurement was taken. @@ -251,24 +251,29 @@ Version of the agent. -- -*`agent.type`*:: +*`agent.name`*:: + -- type: keyword -example: filebeat +example: foo Name of the agent. +This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. +If no name is given, the name is often left empty. -- -*`agent.hostname`*:: +*`agent.type`*:: + -- type: keyword -Hostname of the agent. +example: filebeat + +Type of the agent. +The agent type stays always the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine. -- @@ -339,7 +344,7 @@ List of keywords used to tag each event. -- type: object -example: {'key2': 'value2', 'key1': 'value1'} +example: {'application': 'foo-bar', 'env': 'production'} Key/value pairs. Can be used to add meta information to events. Should not contain nested objects. All values are stored as keyword. @@ -359,6 +364,183 @@ For log events the message field contains the log message. In other use cases the message field can be used to concatenate different values which are then freely searchable. If multiple messages exist, they can be combined into one message. +-- + +[float] +== client fields + +A client is defined as the initiator of a network connection for events regarding sessions, connections, or bidirectional flow records. For TCP events, the client is the initiator of the TCP connection that sends the SYN packet(s). For other protocols, the client is generally the initiator or requestor in the network transaction. Some systems use the term "originator" to refer the client in TCP connections. The client fields describe details about the system acting as the client in the network event. Client fields are usually populated in conjuction with server fields. Client fields are generally not populated for packet-level events. + + + +*`client.ip`*:: ++ +-- +type: ip + +IP address of the client. +Can be one or multiple IPv4 or IPv6 addresses. + + +-- + +*`client.port`*:: ++ +-- +type: long + +Port of the client. + + +-- + +*`client.mac`*:: ++ +-- +type: keyword + +MAC address of the client. + + +-- + +*`client.domain`*:: ++ +-- +type: keyword + +Client domain. + + +-- + +*`client.bytes`*:: ++ +-- +type: long + +example: 184 + +Bytes sent from the client to the server. + + +-- + +*`client.packets`*:: ++ +-- +type: long + +example: 12 + +Packets sent from the client to the server. + + +-- + +[float] +== geo fields + +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + + + +*`client.geo.location`*:: ++ +-- +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +Longitude and latitude. + + +-- + +*`client.geo.continent_name`*:: ++ +-- +type: keyword + +example: North America + +Name of the continent. + + +-- + +*`client.geo.country_name`*:: ++ +-- +type: keyword + +example: Canada + +Country name. + + +-- + +*`client.geo.region_name`*:: ++ +-- +type: keyword + +example: Quebec + +Region name. + + +-- + +*`client.geo.city_name`*:: ++ +-- +type: keyword + +example: Montreal + +City name. + + +-- + +*`client.geo.country_iso_code`*:: ++ +-- +type: keyword + +example: CA + +Country ISO code. + + +-- + +*`client.geo.region_iso_code`*:: ++ +-- +type: keyword + +example: CA-QC + +Region ISO code. + + +-- + +*`client.geo.name`*:: ++ +-- +type: keyword + +example: boston-dc + +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. + + -- [float] @@ -523,7 +705,7 @@ Image labels. [float] == destination fields -Destination fields describe details about the destination of a packet/event. +Destination fields describe details about the destination of a packet/event. Destination fields are usually populated in conjunction with source fields. @@ -568,161 +750,154 @@ Destination domain. -- -[float] -== geo fields - -Geolocation for destination. - - -*`destination.geo.continent_name`*:: +*`destination.bytes`*:: + -- -type: keyword +type: long -Name of the continent. +example: 184 + +Bytes sent from the destination to the source. -- -*`destination.geo.country_iso_code`*:: +*`destination.packets`*:: + -- -type: keyword +type: long -Country ISO code. +example: 12 + +Packets sent from the destination to the source. -- +[float] +== geo fields + +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + + + *`destination.geo.location`*:: + -- type: geo_point +example: { "lon": -73.614830, "lat": 45.505918 } + Longitude and latitude. -- -*`destination.geo.region_name`*:: +*`destination.geo.continent_name`*:: + -- type: keyword -Region name. +example: North America + +Name of the continent. -- -*`destination.geo.city_name`*:: +*`destination.geo.country_name`*:: + -- type: keyword -City name. +example: Canada + +Country name. -- -*`destination.geo.region_iso_code`*:: +*`destination.geo.region_name`*:: + -- type: keyword -Region ISO code. - - --- - -[float] -== device fields +example: Quebec -Device fields are used to provide additional information about the device that is the source of the information. This could be a firewall, network device, etc. +Region name. +-- -*`device.mac`*:: +*`destination.geo.city_name`*:: + -- type: keyword -MAC address of the device +example: Montreal - --- - -*`device.ip`*:: -+ --- -type: ip - -IP address of the device. +City name. -- -*`device.hostname`*:: +*`destination.geo.country_iso_code`*:: + -- type: keyword -Hostname of the device. - - --- - -*`device.vendor`*:: -+ --- -type: text +example: CA -Device vendor information. +Country ISO code. -- -*`device.version`*:: +*`destination.geo.region_iso_code`*:: + -- type: keyword -Device version. +example: CA-QC + +Region ISO code. -- -*`device.serial_number`*:: +*`destination.geo.name`*:: + -- type: keyword -Device serial number. +example: boston-dc +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. --- -*`device.timezone.offset.sec`*:: -+ -- -type: long -example: -5400 +[float] +== ecs fields -Timezone offset of the host in seconds. -Number of seconds relative to UTC. If the offset is -01:30 the value will be -5400. +Meta-information specific to ECS. --- -*`device.type`*:: +*`ecs.version`*:: + -- type: keyword -example: firewall +example: 1.0.0-beta1 + +required: True -The type of the device the data is coming from. -There is no predefined list of device types. Some examples are `endpoint`, `firewall`, `ids`, `ips`, `proxy`. +ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. +When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. +The current version is 1.0.0-beta1 . -- @@ -767,7 +942,7 @@ Error code describing the error. [float] == event fields -The event fields are used for context information about the data itself. +The event fields are used for context information about the log or metric event itself. A log is defined as an event containing details of something that happened. Log events must include the time at which the thing happened. Examples of log events include a process starting on a host, a network packet being sent from a source to a destination, or a network connection between a client and a server being initiated or closed. A metric is defined as an event containing one or more numerical or categorical measurements and the time at which the measurement was taken. Examples of metric events include memory pressure measured on a host, or vulnerabilities measured on a scanned host. @@ -781,6 +956,19 @@ example: 8a4f500d Unique ID to describe the event. +-- + +*`event.kind`*:: ++ +-- +type: keyword + +example: state + +The kind of the event. +This gives information about what type of information the event contains, without being specific to the contents of the event. Examples are `event`, `state`, `alarm`. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. + + -- *`event.category`*:: @@ -788,36 +976,47 @@ Unique ID to describe the event. -- type: keyword -example: metrics +example: user-management Event category. -This can be a user defined category. +This contains high-level information about the contents of the event. It is more generic than `event.action`, in the sense that typically a category contains multiple actions. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. -- -*`event.type`*:: +*`event.action`*:: + -- type: keyword -example: nginx-stats-metrics +example: user-password-change -A type given to this kind of event which can be used for grouping. -This is normally defined by the user. +The action captured by the event. +This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer. -- -*`event.action`*:: +*`event.outcome`*:: + -- type: keyword -example: reject +example: success + +The outcome of the event. +If the event describes an action, this fields contains the outcome of that action. Examples outcomes are `success` and `failure`. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. + + +-- + +*`event.type`*:: ++ +-- +type: keyword -The action captured by the event. The type of action will vary from system to system but is likely to include actions by security services, such as blocking or quarantining; as well as more generic actions such as login events, file i/o or proxy forwarding events. -The value is normally defined by the user. +Reserved for future usage. +Please avoid using this field for user data. -- @@ -887,29 +1086,24 @@ Hash (perhaps logstash fingerprint) of raw field to be able to demonstrate log i -- -*`event.version`*:: +*`event.duration`*:: + -- -type: keyword - -example: 0.1.0 - -required: True +type: long -The version field contains the version an event for ECS adheres to. -This field should be provided as part of each event to make it possible to detect to which ECS version an event belongs. -event.version is a required field and must exist in all events. It describes which ECS version the event adheres to. -The current version is 0.1.0. +Duration of the event in nanoseconds. +If event.start and event.end are known this value should be the difference between the end and start time. -- -*`event.duration`*:: +*`event.timezone`*:: + -- -type: long +type: keyword -Duration of the event in nanoseconds. +This field should be populated when the event's timestamp does not include timezone information already (e.g. default Syslog timestamps). It's optional otherwise. +Acceptable timezone formats are: a canonical ID (e.g. "Europe/Amsterdam"), abbreviated (e.g. "EST") or an HH:mm differential (e.g. "-05:00"). -- @@ -926,12 +1120,32 @@ In case the two timestamps are identical, @timestamp should be used. -- -*`event.risk_score`*:: +*`event.start`*:: + -- -type: float +type: date -Risk score or priority of the event (e.g. security solutions). Use your system's original value here. +event.start contains the date when the event started or when the activity was first observed. + + +-- + +*`event.end`*:: ++ +-- +type: date + +event.end contains the date when the event ended or when the activity was last observed. + + +-- + +*`event.risk_score`*:: ++ +-- +type: float + +Risk score or priority of the event (e.g. security solutions). Use your system's original value here. -- @@ -950,45 +1164,25 @@ This is mainly useful if you use more than one system that assigns risk scores, [float] == file fields -File fields provide details about each file. +A file is defined as a set of information that has been created on, or has existed on a filesystem. File objects can be associated with host events, network events, and/or file events (e.g., those produced by File Integrity Monitoring [FIM] products or services). File fields provide details about the affected file associated with the event or metric. *`file.path`*:: + -- -type: text - -Path to the file. - -*`file.path.raw`*:: -+ --- type: keyword -Path to the file. This is a non-analyzed field that is useful for aggregations. - - --- +Path to the file. -- *`file.target_path`*:: + -- -type: text - -Target path for symlinks. - -*`file.target_path.raw`*:: -+ --- type: keyword -Path to the file. This is a non-analyzed field that is useful for aggregations. - - --- +Target path for symlinks. -- @@ -1108,193 +1302,284 @@ Last time file metadata changed. -- [float] -== geo fields +== group fields -Geo fields can carry data about a specific location related to an event or geo information for an IP field. +The group fields are meant to represent groups that are relevant to the event. -*`geo.continent_name`*:: +*`group.id`*:: + -- type: keyword -Name of the continent. +Unique identifier for the group on the system/platform. -- -*`geo.country_iso_code`*:: +*`group.name`*:: + -- type: keyword -Country ISO code. +Name of the group. -- -*`geo.location`*:: +[float] +== host fields + +A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or on which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes. + + + +*`host.hostname`*:: + -- -type: geo_point +type: keyword -Longitude and latitude. +Hostname of the host. +It normally contains what the `hostname` command returns on the host machine. -- -*`geo.region_name`*:: +*`host.name`*:: + -- type: keyword -Region name. +Name of the host. +It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. -- -*`geo.city_name`*:: +*`host.id`*:: + -- type: keyword -City name. +Unique host id. +As hostname is not always unique, use values that are meaningful in your environment. +Example: The current usage of `beat.name`. + + +-- + +*`host.ip`*:: ++ +-- +type: ip + +Host ip address. + + +-- + +*`host.mac`*:: ++ +-- +type: keyword + +Host mac address. + + +-- + +*`host.type`*:: ++ +-- +type: keyword + +Type of host. +For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. + + +-- + +*`host.architecture`*:: ++ +-- +type: keyword + +example: x86_64 + +Operating system architecture. -- [float] -== host fields +== os fields -Host fields provide information related to a host. A host can be a physical machine, a virtual machine, or a Docker container. -Normally the host information is related to the machine on which the event was generated/collected, but they can be used differently if needed. +The OS fields contain information about the operating system. -*`host.timezone.offset.sec`*:: +*`host.os.platform`*:: + -- -type: long +type: keyword -example: -5400 +example: darwin -Timezone offset of the host in seconds. -Number of seconds relative to UTC. If the offset is -01:30 the value will be -5400. +Operating system platform (such centos, ubuntu, windows). -- -*`host.name`*:: +*`host.os.name`*:: + -- type: keyword -host.name is the hostname of the host. -It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. +example: Mac OS X + +Operating system name. -- -*`host.id`*:: +*`host.os.family`*:: + -- type: keyword -Unique host id. -As hostname is not always unique, use values that are meaningful in your environment. -Example: The current usage of `beat.name`. +example: debian + +OS family (such as redhat, debian, freebsd, windows). -- -*`host.ip`*:: +*`host.os.version`*:: + -- -type: ip +type: keyword -Host ip address. +example: 10.12.6-rc2 + +Operating system version as a raw string. -- -*`host.mac`*:: +*`host.os.kernel`*:: + -- type: keyword -Host mac address. +example: 4.4.0-112-generic + +Operating system kernel version as a raw string. -- -*`host.type`*:: +[float] +== geo fields + +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + + + +*`host.geo.location`*:: ++ +-- +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +Longitude and latitude. + + +-- + +*`host.geo.continent_name`*:: + -- type: keyword -Type of host. -For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. +example: North America + +Name of the continent. -- -*`host.os.platform`*:: +*`host.geo.country_name`*:: + -- type: keyword -example: darwin +example: Canada -Operating system platform (centos, ubuntu, windows, etc.) +Country name. -- -*`host.os.name`*:: +*`host.geo.region_name`*:: + -- type: keyword -example: Mac OS X +example: Quebec -Operating system name. +Region name. -- -*`host.os.family`*:: +*`host.geo.city_name`*:: + -- type: keyword -example: debian +example: Montreal -OS family (redhat, debian, freebsd, windows, etc.) +City name. -- -*`host.os.version`*:: +*`host.geo.country_iso_code`*:: + -- type: keyword -example: 10.12.6 +example: CA -Operating system version. +Country ISO code. -- -*`host.architecture`*:: +*`host.geo.region_iso_code`*:: + -- type: keyword -example: x86_64 +example: CA-QC -Operating system architecture. +Region ISO code. + + +-- + +*`host.geo.name`*:: ++ +-- +type: keyword + +example: boston-dc + +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. -- @@ -1302,7 +1587,7 @@ Operating system architecture. [float] == http fields -Fields related to HTTP requests and responses. +Fields related to HTTP activity. @@ -1316,6 +1601,18 @@ example: GET, POST, PUT Http request method. +-- + +*`http.request.referrer`*:: ++ +-- +type: keyword + +example: https://blog.example.com/ + +Referrer for this HTTP request. + + -- *`http.response.status_code`*:: @@ -1333,7 +1630,7 @@ Http response status code. *`http.response.body`*:: + -- -type: text +type: keyword example: Hello world @@ -1394,186 +1691,448 @@ Field is not indexed. [float] == network fields -Fields related to network data. +The network is defined as the communication path over which a host or network event happens. The network.* fields should be populated with details about the network activity associated with an event. *`network.name`*:: + -- -type: text +type: keyword example: Guest Wifi Name given by operators to sections of their network. -*`network.name.raw`*:: +-- + +*`network.type`*:: + -- type: keyword -Name given by operators to sections of their network. +example: IPv4 +In the OSI Model this would be the Network Layer. IPv4, IPv6, IPSec, PIM, etc --- -- -*`network.protocol`*:: +*`network.iana_number`*:: + -- type: keyword -example: http +example: 6 -Network protocol name. +IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Standardized list of protocols. This aligns well with NetFlow and sFlow related logs which use the IANA Protocol Number. -- -*`network.direction`*:: +*`network.transport`*:: + -- type: keyword -example: inbound +example: TCP -Direction of the network traffic. -Recommended values are: - * inbound - * outbound - * unknown +Same as network.iana_number, but instead using the Keyword name of the transport layer (UDP, TCP, IPv6-ICMP, etc.) -- -*`network.forwarded_ip`*:: +*`network.application`*:: + -- -type: ip +type: keyword -example: 192.1.1.2 +example: AIM -Host IP address when the source IP address is the proxy. +A name given to an application. This can be arbitrarily assigned for things like microservices, but also apply to things like skype, icq, facebook, twitter. This would be used in situations where the vendor or service can be decoded such as from the source/dest IP owners, ports, or wire format. -- -*`network.inbound.bytes`*:: +*`network.protocol`*:: + -- -type: long +type: keyword -example: 184 +example: http -Network inbound bytes. +L7 Network protocol name. ex. http, lumberjack, transport protocol -- -*`network.inbound.packets`*:: +*`network.direction`*:: + -- -type: long +type: keyword -example: 12 +example: inbound + +Direction of the network traffic. +Recommended values are: + * inbound + * outbound + * internal + * external + * unknown -Network inbound packets. +When mapping events from a host-based monitoring context, populate this field from the host's point of view. +When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of your network perimeter. -- -*`network.outbound.bytes`*:: +*`network.forwarded_ip`*:: + -- -type: long +type: ip -example: 184 +example: 192.1.1.2 -Network outbound bytes. +Host IP address when the source IP address is the proxy. -- -*`network.outbound.packets`*:: +*`network.community_id`*:: + -- -type: long +type: keyword -example: 12 +example: 1:hO+sN4H+MG5MY/8hIrXPqc4ZQz0= -Network outbound packets. +A hash of source and destination IPs and ports, as well as the protocol used in a communication. This is a tool-agnostic standard to identify flows. +Learn more at https://github.com/corelight/community-id-spec. -- -*`network.total.bytes`*:: +*`network.bytes`*:: + -- type: long example: 368 -Network total bytes. The sum of inbound.bytes + outbound.bytes. +Total bytes transferred in both directions. +If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. -- -*`network.total.packets`*:: +*`network.packets`*:: + -- type: long example: 24 -Network outbound packets. The sum of inbound.packets + outbound.packets +Total packets transferred in both directions. +If `source.packets` and `destination.packets` are known, `network.packets` is their sum. -- [float] -== organization fields +== observer fields -The organization fields enrich data with information about the company or entity the data is associated with. These fields help you arrange or filter data stored in an index by one or multiple organizations. +An observer is defined as a special network, security, or application device used to detect, observe, or create network, security, or application-related events and metrics. This could be a custom hardware appliance or a server that has been configured to run special network, security, or application software. Examples include firewalls, intrusion detection/prevention systems, network monitoring sensors, web application firewalls, data loss prevention systems, and APM servers. The observer.* fields shall be populated with details of the system, if any, that detects, observes and/or creates a network, security, or application event or metric. Message queues and ETL components used in processing events or metrics are not considered observers in ECS. -*`organization.name`*:: +*`observer.mac`*:: + -- -type: text +type: keyword -Organization name. +MAC address of the observer -- -*`organization.id`*:: +*`observer.ip`*:: + -- -type: keyword +type: ip -Unique identifier for the organization. +IP address of the observer. -- -[float] -== os fields +*`observer.hostname`*:: ++ +-- +type: keyword -The OS fields contain information about the operating system. These fields are often used inside other prefixes, such as `host.os.*` or `user_agent.os.*`. +Hostname of the observer. +-- -*`os.platform`*:: +*`observer.vendor`*:: + -- type: keyword -example: darwin +observer vendor information. -Operating system platform (such centos, ubuntu, windows). + +-- + +*`observer.version`*:: ++ +-- +type: keyword + +Observer version. + + +-- + +*`observer.serial_number`*:: ++ +-- +type: keyword + +Observer serial number. + + +-- + +*`observer.type`*:: ++ +-- +type: keyword + +example: firewall + +The type of the observer the data is coming from. +There is no predefined list of observer types. Some examples are `forwarder`, `firewall`, `ids`, `ips`, `proxy`, `poller`, `sensor`, `APM server`. + + +-- + +[float] +== os fields + +The OS fields contain information about the operating system. + + + +*`observer.os.platform`*:: ++ +-- +type: keyword + +example: darwin + +Operating system platform (such centos, ubuntu, windows). + + +-- + +*`observer.os.name`*:: ++ +-- +type: keyword + +example: Mac OS X + +Operating system name. + + +-- + +*`observer.os.family`*:: ++ +-- +type: keyword + +example: debian + +OS family (such as redhat, debian, freebsd, windows). + + +-- + +*`observer.os.version`*:: ++ +-- +type: keyword + +example: 10.12.6-rc2 + +Operating system version as a raw string. + + +-- + +*`observer.os.kernel`*:: ++ +-- +type: keyword + +example: 4.4.0-112-generic + +Operating system kernel version as a raw string. + + +-- + +[float] +== geo fields + +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + + + +*`observer.geo.location`*:: ++ +-- +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +Longitude and latitude. + + +-- + +*`observer.geo.continent_name`*:: ++ +-- +type: keyword + +example: North America + +Name of the continent. + + +-- + +*`observer.geo.country_name`*:: ++ +-- +type: keyword + +example: Canada + +Country name. + + +-- + +*`observer.geo.region_name`*:: ++ +-- +type: keyword + +example: Quebec + +Region name. + + +-- + +*`observer.geo.city_name`*:: ++ +-- +type: keyword + +example: Montreal + +City name. + + +-- + +*`observer.geo.country_iso_code`*:: ++ +-- +type: keyword + +example: CA + +Country ISO code. + + +-- + +*`observer.geo.region_iso_code`*:: ++ +-- +type: keyword + +example: CA-QC + +Region ISO code. + + +-- + +*`observer.geo.name`*:: ++ +-- +type: keyword + +example: boston-dc + +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. + + +-- + +[float] +== organization fields + +The organization fields enrich data with information about the company or entity the data is associated with. These fields help you arrange or filter data stored in an index by one or multiple organizations. + + + +*`organization.name`*:: ++ +-- +type: keyword + +Organization name. + + +-- + +*`organization.id`*:: ++ +-- +type: keyword + +Unique identifier for the organization. + + +-- + +[float] +== os fields + +The OS fields contain information about the operating system. + + + +*`os.platform`*:: ++ +-- +type: keyword + +example: darwin + +Operating system platform (such centos, ubuntu, windows). -- @@ -1633,12 +2192,45 @@ These fields contain information about a process. These fields can help you corr +*`process.pid`*:: ++ +-- +type: long + +Process id. + + +-- + +*`process.name`*:: ++ +-- +type: keyword + +example: ssh + +Process name. +Sometimes called program name or similar. + + +-- + +*`process.ppid`*:: ++ +-- +type: long + +Process parent id. + + +-- + *`process.args`*:: + -- type: keyword -example: ['-l', 'user', '10.0.0.16'] +example: ['ssh', '-l', 'user', '10.0.0.16'] Process arguments. May be filtered to protect sensitive information. @@ -1646,46 +2238,255 @@ May be filtered to protect sensitive information. -- -*`process.name`*:: +*`process.executable`*:: + -- type: keyword -example: ssh +example: /usr/bin/ssh -Process name. -Sometimes called program name or similar. +Absolute path to the process executable. -- -*`process.pid`*:: +*`process.title`*:: ++ +-- +type: keyword + +Process title. +The proctitle, some times the same as process name. Can also be different: for example a browser setting its title to the web page currently opened. + + +-- + +*`process.thread.id`*:: + -- type: long -Process id. +example: 4242 + +Thread ID. -- -*`process.ppid`*:: +*`process.start`*:: ++ +-- +type: date + +example: 2016-05-23T08:05:34.853Z + +The time the process started. + + +-- + +*`process.working_directory`*:: ++ +-- +type: keyword + +example: /home/alice + +The working directory of the process. + + +-- + +[float] +== related fields + +This field set is meant to facilitate pivoting around a piece of data. Some pieces of information can be seen in many places in ECS. To facilitate searching for them, append values to their corresponding field in `related.`. A concrete example is IP addresses, which can be under host, observer, source, destination, client, server, and network.forwarded_ip. If you append all IPs to `related.ip`, you can then search for a given IP trivially, no matter where it appeared, by querying `related.ip:a.b.c.d`. + + + +*`related.ip`*:: ++ +-- +type: ip + +All of the IPs seen on your event. + + +-- + +[float] +== server fields + +A Server is defined as the responder in a network connection for events regarding sessions, connections, or bidirectional flow records. For TCP events, the server is the receiver of the initial SYN packet(s) of the TCP connection. For other protocols, the server is generally the responder in the network transaction. Some systems actually use the term "responder" to refer the server in TCP connections. The server fields describe details about the system acting as the server in the network event. Server fields are usually populated in conjunction with client fields. Server fields are generally not populated for packet-level events. + + + +*`server.ip`*:: ++ +-- +type: ip + +IP address of the server. +Can be one or multiple IPv4 or IPv6 addresses. + + +-- + +*`server.port`*:: + -- type: long -Process parent id. +Port of the server. + + +-- + +*`server.mac`*:: ++ +-- +type: keyword + +MAC address of the server. + + +-- + +*`server.domain`*:: ++ +-- +type: keyword + +Server domain. + + +-- + +*`server.bytes`*:: ++ +-- +type: long + +example: 184 + +Bytes sent from the server to the client. + + +-- + +*`server.packets`*:: ++ +-- +type: long + +example: 12 + +Packets sent from the server to the client. + + +-- + +[float] +== geo fields + +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + + + +*`server.geo.location`*:: ++ +-- +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +Longitude and latitude. + + +-- + +*`server.geo.continent_name`*:: ++ +-- +type: keyword + +example: North America + +Name of the continent. + + +-- + +*`server.geo.country_name`*:: ++ +-- +type: keyword + +example: Canada + +Country name. + + +-- + +*`server.geo.region_name`*:: ++ +-- +type: keyword + +example: Quebec + +Region name. + + +-- + +*`server.geo.city_name`*:: ++ +-- +type: keyword + +example: Montreal + +City name. + + +-- + +*`server.geo.country_iso_code`*:: ++ +-- +type: keyword + +example: CA + +Country ISO code. + + +-- + +*`server.geo.region_iso_code`*:: ++ +-- +type: keyword + +example: CA-QC + +Region ISO code. -- -*`process.title`*:: +*`server.geo.name`*:: + -- type: keyword -Process title. -The proctitle, often the same as process name. +example: boston-dc + +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. -- @@ -1716,11 +2517,12 @@ Example: If you are experiencing issues with one redis instance, you can filter -- type: keyword -example: elasticsearch +example: elasticsearch-metrics Name of the service data is collected from. -The name can be used to group and correlate logs and metrics from one service. -Example: If logs or metrics are collected from Redis, `service.name` would be `redis`. +The name of the service is normally user given. This allows if two instances of the same service are running on the same machine they can be differentiated by the `service.name`. +Also it allows for distributed services that run on multiple hosts to correlate the related instances based on the name. +In the case of Elasticsearch the service.name could contain the cluster name. For Beats the service.name is by default a copy of the `service.type` field if no name is specified. -- @@ -1730,7 +2532,11 @@ Example: If logs or metrics are collected from Redis, `service.name` would be `r -- type: keyword -Service type. +example: elasticsearch + +The type of the service data is collected from. +The type can be used to group and correlate logs and metrics from one service type. +Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. -- @@ -1774,7 +2580,7 @@ This id normally changes across restarts, but `service.id` does not. [float] == source fields -Source fields describe details about the source of the event. +Source fields describe details about the source of a packet/event. Source fields are usually populated in conjunction with destination fields. @@ -1817,40 +2623,71 @@ type: keyword Source domain. +-- + +*`source.bytes`*:: ++ +-- +type: long + +example: 184 + +Bytes sent from the source to the destination. + + +-- + +*`source.packets`*:: ++ +-- +type: long + +example: 12 + +Packets sent from the source to the destination. + + -- [float] == geo fields -Geolocation for source. +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. -*`source.geo.continent_name`*:: + +*`source.geo.location`*:: + -- -type: keyword +type: geo_point -Name of the continent. +example: { "lon": -73.614830, "lat": 45.505918 } + +Longitude and latitude. -- -*`source.geo.country_iso_code`*:: +*`source.geo.continent_name`*:: + -- type: keyword -Country ISO code. +example: North America + +Name of the continent. -- -*`source.geo.location`*:: +*`source.geo.country_name`*:: + -- -type: geo_point +type: keyword -Longitude and latitude. +example: Canada + +Country name. -- @@ -1860,6 +2697,8 @@ Longitude and latitude. -- type: keyword +example: Quebec + Region name. @@ -1870,9 +2709,23 @@ Region name. -- type: keyword +example: Montreal + City name. +-- + +*`source.geo.country_iso_code`*:: ++ +-- +type: keyword + +example: CA + +Country ISO code. + + -- *`source.geo.region_iso_code`*:: @@ -1880,15 +2733,31 @@ City name. -- type: keyword +example: CA-QC + Region ISO code. +-- + +*`source.geo.name`*:: ++ +-- +type: keyword + +example: boston-dc + +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. + + -- [float] == url fields -URL fields provide a complete URL, with scheme, host, and path. The URL object can be reused in other prefixes, such as `host.url.*` for example. Keep the structure consistent whenever you use URL fields. +URL fields provide a complete URL, with scheme, host, and path. @@ -1897,11 +2766,24 @@ URL fields provide a complete URL, with scheme, host, and path. The URL object c -- type: keyword -example: https://elastic.co:443/search?q=elasticsearch#top +example: https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch + + +Unmodified original url as seen in the event source. +Note that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path. +This field is meant to represent the URL as it was observed, complete or not. + + +-- + +*`url.full`*:: ++ +-- +type: keyword + +example: https://www.elastic.co:443/search?q=elasticsearch#top -Full url. The field is stored as keyword. -`url.href` is a [multi field](https://www.elastic.co/guide/en/ elasticsearch/reference/6.2/ multi-fields.html#_multi_fields_with_multiple_analyzers). The data is stored as keyword `url.href` and test `url.href.analyzed`. These fields enable you to run a query against part of the url still works splitting up the URL at ingest time. -`href` is an analyzed field so the parsed information can be accessed through `href.analyzed` in queries. +If full URLs are important to your use case, they should be stored in `url.full`, whether this field is reconstructed or present in the event source. -- @@ -1919,15 +2801,15 @@ Note: The `:` is not part of the scheme. -- -*`url.hostname`*:: +*`url.domain`*:: + -- type: keyword -example: elastic.co +example: www.elastic.co -Hostname of the request, such as "elastic.co". -In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `hostname` field. +Domain of the request, such as "www.elastic.co". +In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field. -- @@ -1947,42 +2829,22 @@ Port of the request, such as 443. *`url.path`*:: + -- -type: text - -Path of the request, such as "/search". - - -*`url.path.raw`*:: -+ --- type: keyword -URL path. A non-analyzed field that is useful for aggregations. - +Path of the request, such as "/search". --- -- *`url.query`*:: + -- -type: text +type: keyword The query field describes the query string of the request, such as "q=elasticsearch". The `?` is excluded from the query string. If a URL contains no `?`, there is no query field. If there is a `?` but no query, the query field exists with an empty string. The `exists` query can be used to differentiate between the two cases. -*`url.query.raw`*:: -+ --- -type: keyword - -URL query part. A non-analyzed field that is useful for aggregations. - - --- - -- *`url.fragment`*:: @@ -2038,8 +2900,21 @@ One or multiple unique identifiers of the user. -- type: keyword -Name of the user. -The field is a keyword, and will not be tokenized. +example: albert + +Short name or login of the user. + + +-- + +*`user.full_name`*:: ++ +-- +type: keyword + +example: Albert Einstein + +User's full name, if available. -- @@ -2063,6 +2938,16 @@ Unique user hash to correlate information for a user in anonymized form. Useful if `user.id` or `user.name` contain confidential information and cannot be used. +-- + +*`user.group`*:: ++ +-- +type: keyword + +Group the user is a part of. This field can contain a list of groups, if necessary. + + -- [float] @@ -2075,19 +2960,25 @@ The user_agent fields normally come from a browser request. They often show up i *`user_agent.original`*:: + -- -type: text +type: keyword + +example: Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1 Unparsed version of the user_agent. +Field is not indexed. + -- -*`user_agent.device`*:: +*`user_agent.name`*:: + -- type: keyword -Name of the physical device. +example: Safari + +Name of the user agent. -- @@ -2097,27 +2988,116 @@ Name of the physical device. -- type: keyword -Version of the physical device. +example: 12.0 + +Version of the user agent. + + +-- + +*`user_agent.device.name`*:: ++ +-- +type: keyword + +example: iPhone + +Name of the device. -- -*`user_agent.major`*:: +[float] +== os fields + +The OS fields contain information about the operating system. + + + +*`user_agent.os.platform`*:: + -- -type: long +type: keyword -Major version of the user agent. +example: darwin + +Operating system platform (such centos, ubuntu, windows). -- -*`user_agent.minor`*:: +*`user_agent.os.name`*:: + -- -type: long +type: keyword -Minor version of the user agent. +example: Mac OS X + +Operating system name. + + +-- + +*`user_agent.os.family`*:: ++ +-- +type: keyword + +example: debian + +OS family (such as redhat, debian, freebsd, windows). + + +-- + +*`user_agent.os.version`*:: ++ +-- +type: keyword + +example: 10.12.6-rc2 + +Operating system version as a raw string. + + +-- + +*`user_agent.os.kernel`*:: ++ +-- +type: keyword + +example: 4.4.0-112-generic + +Operating system kernel version as a raw string. + + +-- + +*`beat.name`*:: ++ +-- +type: alias + +alias to: agent.type + +-- + +*`beat.hostname`*:: ++ +-- +type: alias + +alias to: agent.hostname + +-- + +*`agent.hostname`*:: ++ +-- +type: keyword + +Hostname of the agent. -- @@ -2132,34 +3112,32 @@ Patch version of the user agent. -- -*`user_agent.name`*:: +*`user_agent.minor`*:: + -- type: keyword -example: Chrome - -Name of the user agent. +Minor version of the user agent. -- -*`user_agent.os.name`*:: +*`user_agent.major`*:: + -- type: keyword -Name of the operating system. +Major version of the user agent. -- -*`user_agent.os.version`*:: +*`user_agent.device`*:: + -- type: keyword -Version of the operating system. +Name of the physical device. -- @@ -2184,21 +3162,13 @@ Minor version of the operating system. -- -*`beat.name`*:: +*`url.hostname`*:: + -- -type: alias - -alias to: agent.type - --- +type: keyword -*`beat.hostname`*:: -+ --- -type: alias +Hostname of the request, such as "elastic.co". -alias to: agent.hostname -- @@ -2496,18 +3466,6 @@ The XML representation of the event is useful for troubleshooting purposes. The Info collected for the host machine. - - -*`host.os.kernel`*:: -+ --- -type: keyword - -The operating system's kernel version. - - --- - [[exported-fields-kubernetes-processor]] == Kubernetes fields diff --git a/winlogbeat/include/fields.go b/winlogbeat/include/fields.go index f7915ece82f..6233c469c39 100644 --- a/winlogbeat/include/fields.go +++ b/winlogbeat/include/fields.go @@ -31,5 +31,5 @@ func init() { // Asset returns asset data func Asset() string { - return "eJzkfWFzGzmO6Pf5FSxP1Ztkn6xIsuMkvtp3l00mM65NJqk4ubl6t7cW1U1JPLfIHpJtWfPu/fdXBEg22d2SW5Yye1UvW7WZqLsBEARBAATAU3LLNpeEZfo7Qgw3BbskP765/o6QnOlM8dJwKS7J//qOEGIfkDlnRa6H3xH3X5fwBP7vlAi6YpeELpgw8EsA+Tr6aaFkVV6SiftnBx7758uSISCHh2RSGMoFMUtGcmoooTNZGfgnvPcsK7j9Sy95WTJFzJKaAC1TjBqWw9vsjgkzdI/mUhohDYtR/3hPV2XB9CW5QnQZ1YzIOfkLo0aTuVSkkAs9qHEP7cAJ12TOCzZj1AzJO6nI608fBoQb+8AsWYCPw1KVEFwsiBsSLctnmqk7nrFhNHgu5lKtqOUOySXTREhDsiUVC0b4PIAEhnBNtP3GLJWsFkvyW8Uqi0FvtGErTQp+y8hf6fyWDshnlnM9IFKRUsmMaR29GKDqKlsSqsl7udCG6iXBMZFrpu6Y8iw0m5Jd4qx6pkaSEQvGHVOaSxF+99/ess1aqjz6fYtQ2D//ikDsfNT8r4UQ/zCcwktyMRwNR6cqm7SIsagPo+QXO+n9yPBy0aJiKbWx/3UYJT87KA1qWth4fhier4L/VjHCcyYMn3OmECHXTlqf8DmRghF2z7XRT1v8CGvrEtYHrif4fi2rIiczRmD18HzYxcWX9Hz+fDTKW+Ni5ZKtmKLFzaEj/NFDOmSQX+zLPCfCLt2i2LgFqwnNlNSaKKYNVUYPyKwyZIqzxfNpWOG7Rj9vK9wZ1SzVt3+pf3HqdvywurVgiGbGq1pNaFF49btecqsMFCMSFZaRJSnYHStAXWnmX7SvZHK1ksIP10KxU6EtI0H76v11x8m/GL6yfFuVJ60pzqmJV5Biv1VcsfySGFXFD8ol1eySnHWx92QyGl+cjp6fTs6+jF5ejp5fnp0PXz4/+98n/STnLTXsmaWRrJdM1DsNkYovuLDbT4eovMPNxLEFxQy3CxhUJ8A11WTBBFMW5oBQkScg7Q4BX3B8VTHahfmzYxJyHHY1O1Hx/LR1Jl3oHuur5um//+2kVDKvMsuxv50MyN9OmLib/O3kP3py9T3XxoqNQ6JJpe02Li0phNFsGW/nLXoLOmNFm2I5+0+WmS6C/88t24wvyR0tKjYeWKwT96/J/+1H8F/Z5hl8QErKVZOR9s8bKqyi8wOheU5WzG7f0VZvpJ8Icr0E1Qj7vjOBBNOGpZOOQ9JD8rookGBcidpIO8dUew7u0snTXGa3TE2tSJHp7Us9dRzcwt4V05ou2nuXYfemverGnRLyMysKSX6Vqsh7ikRryTBPiBPloL7sI/ume9wx9CtBpFkyZWcDzLxOeOmEZVJk1DCR6hxCcj6fM2UXqON/rTKNXY5zxVixIZpRlS3prGBDcjUnq6owvCxSUA6/xj0GDM2NJyOTqxkXLCdcGAkbUXt4foKyQlZ5ujO8iX7qZ4m/Q72uWIEmtESb2MKxBiEXc0W1UVVmKhyqm5na3sUdwVqYcyVXPU3vOfnAjOKZNQisSvT2st1XBPnxzQRsJxDVOTPZkmm0gi0KwiP09rVBRLNdZ6mMJO4E12RFsyUXOD81EQGgqoQGMohiK2mYf5/IymieswhXN3WUOEs/Bhk7A/Ax0twQaQRbgwJpdehjH8MhSBm3/65bKnnHc6a6li6LjOqD7Wccl0c39IIQqzKWTQZkkTHrtTQW3oIbWsiMUbFFU9E7ygs64wU3m5vfpWBdA6r0KaPanI6zw8b1OkJGLDI7ragMQLxAbuuJ2UKyYot+vlKb/n5kfgYEj6KNC22oyNiwl7kdCOSn48nZ+fOLFy9fjegsy9l81I/UK4ePXL31AgOE+oX6AJWHO1iBgNjL6kGCf9rT2QycMpPhiuW8WvUj74PXAJtyH+polskKXI99aLu4uHjx4sXLly9fvXrVj7wvtT5EjHbfkGpBBf8d7R2eh+3V+V2bej9NYNmHhjNt5Zbi7nlqN2NhCBN3XEmx6vLE463l9a/XgRCeD8hPUi4Khjsj+fj5J3KVQ2TEWQbg8yagatewa89FVR10pt93Gz/323vDV7F3BZyy9nrLbKxDYrpkGZ/zrEUOgcCY9zG0rFQGIhOBaTh0S1aUJJMKDQDce6yrWAtHwKHd/iY2VoFY32X/Lcd9eNh6/YxAyIoKurCbHyi3QGenf43Gb1uLHCdmEnCTOLgRkKysAXe4noq3VICJm2vAbf3BWcULE1kDTSoMXRxGRC20jgS6aOM6fKw1GgurjaGv84c/3DxmV4DhtVwkT0DOtLGOf72NO13wtvWgnzaIvvOLE9+cMZIzQ3mhIxUQobciQQOYkma3zDxL4uD91ycvWyxNftrFr0/W21VMay+jEY3bPWVrQVlt5zwlcvXp7tz+cPXp7sIDZLoj3FlKZVrEFlIs+pH7SSrTSWjXNn+YLH94/WYna1oYc7mivI912OF87wpiRTKDKDpwL5hsIY4lp4kjwfATk4XMnAxL1ZYA/NOUvnR/5YIJc9NQIdt5sHPIDT/EQ4/GHeOuhFGbG67lTSbzo2B/gzDJ1fVHYmF2IvYs60C4YPKmlLxhJu1E+V6KBTdVzsA/LaiBf3QiRi/kaKx2Pgcq7C4GW//sWMjeWP9rKyo3smNOpRtdYybr7SBy+cNOEP3WdxMAx75pDxrpvWerSLj9ihZbjMOEkm0GIZgQqVEIJpQ7p6FkzhVb06IYEMHMWqpbB3dAmMn231e+jQ5NBvqNtjA4s20h+TYne9uw3TGRJ2GRzkjsTs0PYoVwkonvwHWEY9yAD2C1kWimOC1uRLWasfa4HoMKIRKE2EZo/YXfpWBDOZ9rZoaateWxv+3wxUEjCC1xyrkgmmVS5F2nA78AefZ99w4GXvkds0v865c3EJW0sBxkrsnpaHx5Nkrif/YPHkOseVHYBXv6/Hw06nR84EmbHwefj1u3P45IoOzWEVdQJ42wcBOAghCmsMqN5WwOge/CnQl5eJuS6SG5livmxwR6MQE1ZSKHXXI6IFOvuex/81zDXyX8VSp5v5l2csl/1LbzmVKy4e3/GP3UO9+ldrkzKohipWKQzwHwQd9Yx/qWi3xIvmpg5ApsKPdCkvGypGXJILRXMAxBW0a7MxNY4e68Yw1Mrk8XudGsmEdnwALhJ/Ozh7tw9JQDO2Igt0XV3idTuxIBLPQtJ0e1OZgfuEQQi4XjPTkMVrRHF4TtrpVc9ePdY5KrcLa7wkp26tm92WY8wNIFIXmE83gcabh6a5Vh8H1bWV1kZ9ZIh1MUZpQatpBqc+CsAms9rG0JIu48j1rGWz8IlVv6VWMoKziM0t3SeLjCfo3qesHvmMBzPq5B34TEDXdUEJ+IWomBqW8fF4Shggp3uTB+oLMNzJsdfOdYxYKL+1NtqNGnO8dNM3OwNQIJdwCHZLQ0laoJRMFKNjP3Juysd1RtYP9K4GEmneWh+69ZBTt1wW9ZsYEwt8gK8MAAlrbYNMsqZX0Wd3inBylMl403K2R2Cwd6ivxWUUWtx8rF4p/swzUrCvv3SiqGSSI8CzgshAQk1aSQCy7cvjCAPDXCn0mXGHi/sdO7piqvN4/ufdoZG4+ZaMVCQK6tx2VeFUeMiSI8FOy+NoiV30gTpl9EUF1uChcur02qkDjZvZg3+reie9iWNM3asatHj9sB3DJ3mRQZK8GmomTq3p2SJ1YarIn5zCseZp7a8afjpDqKLaKgzpzJ6xgzJFcmPXGPGYoqxbK1UooJU2xSaJjBwkVNBKbbUpFHP7mZlYo4qodpVDhiPOiUbsZrdsfsEnzI8t+Z0vKiZyLLtUMWNjLngvuf3dw5BfSr9dJhLjvPxcJX7sR8xagAPX3HVHSWRmbMrBkTdcKLnZwfNKlKYmQCEc8QyoKtmDBMWaW1oreM6EoFIjnzCX9Cc20sApf0tzOPzKXEFT0EvIPT35OvVnxMJagBbWqXqGM/aiBD9FKuBZ5aZabYkA0zVlD/i+QSE+Skuk1AckEMndlVbFVo8uhKk//x/Xhy/k8+SBJM8xBc/y9ItpPq1hICawkMqdrATgBiwIZnt7pTPk+uWUnGr8jo5eXk4nI8Qq/xzY/vLkdIx7XbKPBfyaTZaVOMGjj4YgrfGA/dh+PRqPObtVQruztkTOt5ZZW3NrIsWe4/w7+1yv48Hg3t/8YNCLk2f54Mx8PJcKJL8+fx5GzScxUQ8pmuwTAPaVfW2hCGqyD7X12EK2crKbRR1GBiFxeGLSwnOhSbU92YP+Okgouc3TNMy8lldhNll+Rc2+nPUVdRYV+fsQZEzN1iOSbucuMNIWXVELuz1pDdE6Y3GEZLHEnAfUnmtNAx2JqM+FlrxSypXj5utdRiVSdfdP3X67+8edt7yn6mekmelEwtaQk2BNYHzLlYMFUqLsxTO4uKrt0EGAm27sxuvrIpOz1ndf/409ZE4AdMQYehK5/QP6LCe1BSQWEMze0618TIbVYEQtNLH0J18VrIziwpnjXVKa1B33JDSqk1nzWSBGE9GJbBm7iJWjpaBM6Y3by67DZcXf4DriGjLckKhj220gYTESHnos4RJlddZw6zkPkYU1PHFx7gE/NmAInoGg3Hw+7YFTzZYkRVqnlmsm8U760DkWzFlguCCtkdwwueJFYctZA3UtV3IMfZ8ZVLzYTFzqxw9/I2AQwZ9JanOdeGi8ygyvqX6JnAE4HoJ4+8ZR+44iHYztzLQ5+gC6RqRsxa1k+D29ttxVAcX4MYVAsFF2j0NQbOMcUdI2EoFwnM2Ya8c+U3oOlhI4BwUkaLIZnW45yirMeVZuFZOjX3RtHMeH0fUzhozFsgNgyBxyn5seBra9XiAQstS3QTS5rd2i0RvVLrdWC8rmNyWvHf+pUOev2ZjUdgGdtNeVsoH5C1KwwtIv/Sybf8D7wfxKOo1aK1jrblRHJ9e6Mzqdou4byQtGdo7zPXtwSgoJvLZcvcJk/YcDGMPHJZVOBDP02n7atmZCMr5dz8H3QwbZ1DbCfrwcHcWJ/5kBH9Aj43/53lAPWBwQ0weVlntABba2QFbewPBzqjNyvKRbGxUzOvCsLndtDgQkCcwSypgCwNH/aw6oNqzRcNlVETp6FuBcCsKW52mjFCXfgAhoIcjIqIXH1iR1TU+nwOUyMC6mKk7+oXtqa5FyH+7k9S06Qa2Jstpr5xz5CHQk1tvHUEohOKPlGz9En2MTKCCTA3W/Pm6PqweEELcZh9OyvilApabH4PpoE/NUaZSCBBLdFiodgCds90i6xridSCmZu9ePMFvgF+AhK9WRVcxG5UN4+2cenRJ/3H41VPbrF7w0Ri9XZTvpVqEO8ApbXUgXyng2lRyDVhVG/s2AyDbWe2weBgABExPVhjpTOsmlMdR6Z70A20QrAVQlADknMFGbluvp92sqiZ1fAwnrf+QHJb/kO9/hq4uIiPfnqgurIf1IEDf8qD8VYR/hs1XCfKKjo72XPuv7jwK7l6S558vXr7FHjp97boaO3JNTysB0/kWjDVSQ882XtW4asfYCWoOkDXAL3Yb6ifFF9RtUFFDGP8qTGMbixJytreeOKsjK04Vg+LSe3KXJyPuhF/sLITzwoXRGaGFo1IVCcJmv/eJCFxgNpzZL+wKGYbw7Rdgi6CIq0JQPPc24ZTC21KeLrHTy2F0+4lukoyuzscooSY91QbMB5x0HAs6YzPlcytxOadWLJDsKyYoXAygDXbeYexUec/OuPip/BDv+PXn5iMT/ozqtQmLkKjdfp+yJWMyu+8Zx/gSWVpSoLqsKkIcvUJEe1/Urs1zfLQQq86wbKNcmt25aPSw5t5lU18HUmV21Mqd9Uob0mnbOLrzqV8THVDnEXZ4mJHCuVj2FcnT5LmAlhK3UhB+Ln+pd8SsB80re1YfmNxB3xD8hrj4P7YPIAqlxtt3Ulf7DQglNxxZar4J7scyFuo8GiWgQRAv/iTyyhTKzn3a5TAhrLPuoKONVZmUqr/LJNFwTLj48dxVS8cCYSYSLGxPpZgLGePWLr/32Wy7Yp618ltLT4dvkhAMH3vH8+VZolgV4QExdgHmtbWAJ36b6dEMVMprDH+Kvi993tdQXBVNE5If6toAbuhS9mHgTmRB2LcbtI4i8eYExNpea8db8bzEMRF1htpv9nK8xZre+X57Fea4FJ/UO66wk6vdc1+d95DizXdaFfCN4CAhTvywRCFYnBOysWi6ZZxgXGdXjWFl0ncuvJnWFPoZQNT2lFr9fgcZNCdvPSJyNtLTw8T7p9dAekDeI6QJ+rSarYslndSudpMXx7u+qQ41ZmUwFtQ0OdqGkpop2nI7mpO7lYDXxDoYo5JldwgDiVHlaDRbpBArEVou9jgn+5F8z35WNodwjqF1xhB60IVHC89LAtq5l0xw734XmN1cTsPljzJmDBSD0g1q4SpBmTNRS7XGlP7n3bp2ZyqtStI6qK4p66tDys/0Ix8vCb/1vNIsjWWlnOZkDOnK170yfKrCcrZjFPRl5xrgijIE8XyJTUDgt8PoA3ITOedPO0itf9pZ3TSOxqOJ8OLx/IuScpv0URVtuSGQbuPvai6f3lxc3H+WKJitF02qTFlwyb98uXTXjZpu9GJBQFHokwbDda9YrqUAsoN42H3KmxGOMMVM0t5YB7sz8aUHiBBgJ3Hoz/9+GVAPn28tv//9UsHSTiaoTbUVLrb6+pvKjqqECZBmA3fK6LtfHS+naCZzNvLs3/29hdnKIFY1CRZqJ20YBeitVRFu7ncUcpdgDWtYpeIgvFw3BbqQi5SmX4fftgtw3XroRBJMDLqmrS/9EKrt8N48F4uEIy3jgM9Hbt+q5yDTH99/fmX6YBMf/z82f519cu7j92lGj9+/tzWpAelnG3PzSpkRgswSj9s7IBi9bZXys9W9jUEu24QF44aox5XoKSSXAFYBtEbCbgZm0sQkoIbULbckApO3UO1dUlVZ9LvFfovCsJn6BBPHYqpO/aok8W9p0NFdBZtIScgI7FwkJyd1pGH4wc/aA1w2OVqLekdI7RQjOYboq1sYQgRI0AaDtw51BbdMsJEJnOXYS1YemBUcME0NH66c+3ACkYFpE8+2G3sUQlpREuXafZDKyPtt4opcOtcbQY6a72S0hI945IBUl3zS/LjY7fQUBtKDd1f63Sajf23AQg8YjnDbEMkmBRQKSWJZi4pHoWOK09p9z4KG+2vfM6jp9vOGrefNu46b3zgxPGQwbTYWippZCYP1Oe/+BQSB41szbiOjLPovI4rdoTSjbcejFcfXuKMovM5zzrW4WeWydWKidwnGcCKu2xw/E+Ei5msRHOa/kRkZbofVOJWyLXoYkEMq8UKV2TB8ptDwwJRfXLIPHJnmtEjt4FAhUe3NfJqMhwPx8NJSu/3rh2ebo3ADW8IZ0YHmJBephw8PIPqJvFl23z0VGCHk2PS4SB2U9JuLu0l5Gj88AD3ZEig43gcCZTsyRIjDS2Oxg+A5piBgcxqhW2sIr6T/9mYiE5azy5ebiH2GzKti2b3LKa6TUEge3Le3sfjnmrpZv6x/aR/qWjSqs0d2jChrHEHp5ZrbpZbqkUzuSqp2FhLCjq31U5dXAZOtZYZx6xDbpZdDcg2siJUKWh8j0U+hikEUFcIUYEWFWyQadeggDcezCP8oAMtkngedsWovl3ZdDz+YSo9uiEzjajk3nLz8bp5eUO3kMhGrGcYQ0k7i8u5weIlO9/QbBVjs6Vic37P9CCUScJ5ylDq4Z+mVg6mlWbqBlutw4/7T/03j7oC6VtCr0+7e9bVUdcHhfSPibbGZPyBUVY/6w9FW58e0s6kFWA9VVnfMqdtQVYon4RCGW1UKKGO6btlSvQKvdTknQ/Ph6PT8Xhy6kqAH0sk4t5Na6JDXEFAqkg+JT8+ph/GVvVBPcYtOgN8f79/1E0sXd1oWodqd7EAj/D8WbKMXOfm2MNHLTf1FJQ8nzoFpQ3daJ/Yh8h8Yw3r6kcpU5kseZ1SsCjkjBZRS35PcjMc319rUdWrZ/+uxGDHEaoW1WpLCfgHuiEz5rbl0I4KqpM0E5rDsX9nV6FIbv/95LQ4GZATq6rt377W8OLkPx6r4noMq2MXJi4ACeUJJKNFweD0caHoyiX+KaL5ihe0u6ZdR9V6YWl07Ol7NCMMYpki3IHvOAhLCqfarSP3OtvEHFqh71EBqC1VYXaRwfOBW2LGV8xQHdbslnyltNu6U0rXyY/9jRrfWb3ZgNPEz6C/MaqMOjUIbWUar32XD7TN4J1zkbuIrtdcUFgF2X0htB/gefT2i64zvH9k1x4XnPHN6P1VV12TjZfnuGR0zN0oNnVfaIgIR1dlQXnKLdO7CiUb/ItaB+BcieigZDtpId3jau78EUbYfckUZyKD6LnWcPGD3UksTMVy6B6BzcMH9qMEoN2dnCcjXdUdz30tjCcQkgr9rMM7mosFZAG7/uZNSmvz8OwFe85mczai7CI7f/Viks/Yq/lo/OKcji/OXsxmLyfnL+YX0be783p6at2dJyisoNrwDGupexomcQapl/K6f4dbRTvaiKHSblzkgXncHcsrEQ+7htMLA0hPEQFY2KYbJxIaJcTE+mvYph4g5n/5y7ASyFMQpulhWTj7pVw5FQnQtuDVJq1nPQ7iNy6VCqA35v0QA36nXJ4NJ8O+2QmNS+i8SMZavo9cco3FNhpPZ+UtodakxagGM5hxnyr7YIsnLZ1JUyhj/vxBt6N5Jhz9fjQ/sP43pKW7P4S/G5t//NuWAeM7PRptpzVD7kC755bbkQ4IR+SXJKlybZ0EbJ2kdoNSJC/pgfu4xtqdbbW3U7u9yiSmN26y3aC0K5NxO7re1VAdfWK3IG402T4CbidTjdbaXY2124Kztal2s6W2H41//g8s8ejA+W1rPFoIv3WRRwvht6nyaDPy6GUe20ZynKna3Ru7UkWqoL9+fr9bO3/9/L5ZP0LhtKFghtmnAzTDdWa3rIG7BYzCEYw7YYiQ+Fsg6twJ3+Nsd3i5UsXwT1O76gIgtxsNyV8Zw6SQ+nK0qE3WeskEu2MqVNLXA3qkz7ZHhtOOeXpXFYWdDuRQSFbpc4/g1H62VGw+xULof4eNBWH8x5OlMaW+fPZsvV4PnQswzOSzRcVz9oyJZwmoxEd4phiUxWTs2cVwkr6IFwA5vi3Nqvj+Jk7LuLEycOM3uBtXlq30UxyecyFSM6o50nhcVn4M06Z73ENf9j1tOPRMQOcjO9VGWh+YUMjd2RC6oNaN25oLVamCaMOLwnUXqzO1XMaRFRvrNlr7CesYu2amnhVBGrXpGiOPJVUo8XVA1FdaZdjiJfWp3R3T03TcdsVgUpJODI4kE8RKQS0Bl+fnZ89wov/5tz8nE/+9ke20EVzQhwn5NcAIMQnMo63X9glQedJV0wT3FULU93Lqk7h87yZY6wB5axJMO3Hi27SJbw+pZvhJMjOQyAcJcditjoJEreiGwKpz9abWqhT5M6nA+HOpO8UGdSzE4ROQUR3SEC9Rh3INzbCEKU5SAVd3IUMKYV0FlRSuJpysx9JiZ+eVL9BQLKly2hWMjAzSFhvPz8+6c5nPz9qkxJ0t9j8phhYTW6fTrZiTmJo/OB/Nygnupa/37nmxretFTCwoyAMYaFcpKlkkKO2yiU/wHKvJ5nQ/8CxvKKcu9QCK4Z9BMbB76O8bdVyKMULpIy61zt5aQlo4sFpCB/xoLL5yEp9RwGldZf/WoKGrU0agY+7OuwRhq9LUdMEQ8I1pAgUhNEJooWKVU8NCb1Hf+An7i/5jJRTJtir6W8npXNHFKm1k9pgzEKniJEa779M5tF21E/L9NFr7RpZbhe/7zl3Jk9gm3vfhOIz4rw5KYyG10ZVU6wbYR3UqQiid6L5rDq/hWOg9r2AMzVOagaDuXBZ41cuUYgW7o5FoGEninr7vokNqeocBGQYebRyWsb9waNQbh/wA0dK3+g4tuHg+qB0iASlTG0cPdhzHVlpyXtO0rDNu/rgToo+N2FPVPDEKwZm0cfjxzn/jkEWNo7WkggtEPXh0I6EaHbvEEiNvmeC/s46bHdmK8kcWnTyw4BB0Wp1LjtIy9uGDPS98y/RwrdWBBF+EzDwpNito62Zf6eD119BbDlK1INrr87bcuYhPA8mkmKOgNK+4auRkhz6+zaaCsX7ApLC2liDx7/vpCgTpNUYd5rZmtssjmSm5tki87rLfbvBoO4DTS7l25ThrNgsBdjhXavagd/5bFQhv5BMdIY7Q3/T6Khw5d+k5SZSD10LbaN918JIObUG2X5l1hLq+xkHQg0hX9D87runqn5XxwX7fxVayha0rLg5DaL/fB2FJTdZH7+x2fbLlPjj3zXd8s1Ry1bMNb3Ob2EZD/yL3nsi2Z8U+qjq8vxD3QvxNBLkf5m8h0W3M3xHyPfnCVqVUcMULv4ecAWbIi+GI5FQvZ5KqXENgzina7106SqUNWUif/8cyPdys4FoWiCavuWYQRdQkl+IHvDggTcUOnUMS7U0LHrKHrOd96WQRDv/b3zdCS7thhJe/++7USg/C+C7siH/Bf3Xw9Y0vy8zkaiUFfBdStu8oLyD2GbcOB1LAYon3oIR238Po4f3Wv4nZv6ZS0Z0zzVlNWzXZIcXRX5eb1DiaOKmbFJ8knIxaynX2mUezJHkvKKDX1cLKyOTCLMlkNL4YkPHk8uz55fOz4dlZDyOj7pvcaIZdyAVRLLPOUdJ7qjEoQ0NS6BYsr9WMG5B8+y56EM7518yQkinkH5yoWJdHUaEbVzFh3kiCGCc84WNyIfeOy7i3EBrED5QzmIaLSoHM+eOUhILktr6WUbQFCd7TlmYjW7FqXLXqb9WDTv5wKd/wAWPr8O45SBqy2q1cXIj12j15gyvzVy4KubDr66TfUj5gFUcD61wdO4S7luTXn66wpY+PN0Gjd3T5rYxjuMon/UW1nAHeyZoLgFfIxUmogfkViwHcRW3vHSapyIl/d8FF/X4tBv59+9h+E4XSLSWt57AIc6b5Qrir0jzqa6bumCKT0aiOHEePJ6PRqKW+NATT/Sv/yrWhg3TtW7wBHBdzRevDxzWWRzhihuRjA5RFb704VeOtPZG4A1k399y9UMNIygitjLSuWUbjnmV4a4VvUgFzDO3FgD92hsNlY+DqDOstyc/Od+ndh5HWe0Cu4cDPeWB+GE3FuU2irXK742ZTZ1F1rdZa2OPWDtuUrEv4Lzbt+IdPB3X/xqi17zHmaYEFEMC52z1Db7OymhVcL11VHZ7CRAjglfjsKjZfA4ZUe2ZyVVaGqZuWYbGNDf3WvEjyRxAHDiRsYcm6/3UJZWBWUtw8plyI7q1zPSRCBijGrGvPeZoYS9PmdmGh3Vi5edSmtZc4BOV3GrL9oG1Co3HEqjIVyAycMWh+x2B+AxgsdbNfTodxqnJ9hwSyCBaDFN4U1nhbQL17yy5VU1JFV8wwBeUt05o9U7xcg65YTqbw1nhan0PgL5Mpxs60JFIMyIxl1K77egVG0OFKUoHwoiQsRlVhhTcQLeeezM6ZayzWyE143LZUr59heu9h3Ghnd1ZgXdgFkqKPpU0sOR5mcjF8VlCt+XwTOgc3CCnk4luu53p6k4IIiI8HSxWuREFB9yyt90URYFm4Olq7OMl2m5j6hFto1ip8Jhpag1hylA46amh0FNYnrY3qW0MVg7mY22UKr+hwm2piVgdYdhu3aK/xPrYBuaojnAPyK1UClBrYfQPyusq5qd+1qwt+CuDeUV5Ay7Rk9GkzoFZ8b+/B+/ZDYWbau2oX/pu2NX6o/kRz2PJVZrBd5u4SbG9ZWBYhQ0Mb/pj6Wv9hP58G4Tia9F76YywYtxREaJrbyUR3IqG0CWtHcRPHjKP+4HiZmm6AHqOQYF4bPkJtgc+jPB/NfqswyF5sQq/eFJhiNFs622RF7/mqWrnl+2Ty97PJ3wMsb3m3LWRLzOTvF+d/322dPx0kEyPYvWnQ4tsDj1ozBs2Ibv472G+ehnBlWwAFvbRkAboQfOk5U1hIOXTygS2VnOLAvBljrSA4ObTqtDb8IxtPu4ZA02j403gXS5klyyjV8ygLEiGG24C5SPQj1bcojviWlUOzKdFh8PtXc1wbtzRdyrODCB28fBY07jPpxfZx5R3q2MbYfXvZm0X1DxQRTwU+REIT0e/awV0BZC9rp+e81SA7KMRyzbZ53kUbGkLHNjA6zKs4+PWkKRJw44kK9700JCFSbU9boTJ9e8z1YOH991wN2MXa3T+P6Fwcta21n0hBSsVSD6E22JqBC7g22m1V4WZ5l+CXcntpt+ljynGA2BRjfNBXioNP9Qe6geQwNzDyzToGM6z10N7iHeLY16fj0+enk/Hp2fPz8fnZ6NXk5elk9Hz8YjyejEen47NX47OX52cXr07Ho9H44WF7cXrwciKaQSVJs3NQpCi5DvMYfr2ax9Eplx2gmJbFHa6N66u3eOWEgBb6xgfXoyyEQepnDzHX1Tm2+JOBe3Fc8NSbJXJlpT9vWMjDmDbrqOdcZ/KOqZjQmkpoxnP1Vg+IYnecrUPTybgCIcMoqEYjw90aXio5K9gKMntnrfKLeiDHVHUuDdh4GrZMWjRZmGezYs4I7iIzCiwfRx+77vMPE9egJj16fYyiiq8a7jD8f9C4T/AO7/V+tct3PdyfU3RN/u3D+46rzustRM6gX74TaR+EAS1V2/3p5VHhIMHCam4SRFdlKVXwypqBvTTe/OQDz5TUcm4aYWy7DgVbM/W0qTGFrPd9lw0HW1zO5rQqTH3b8Yy5kg14rBl6ilP3zc39qkAzpc6Qhc44SbiByNJENzFxkfM7nle0qI2VWDVZpj/E8JCliq6SktWsYHopZRKrLytVSu374mGJi79hznVntVzGsaXq0A4cOrbFbqCLZ8WALKGQ/UsXQuqgXHR9AlXIKq+j9On1DeGOre5g/Qd/AxeIVda4+QHvH3N2Cc3zG3jhJlzb5YxTqeIwfiP0YOgQvhp6sM1tjWUPnMEm5Y4JhUPyqX0cZQEOyCLD2yRyvuCGFjJjtLmsI9p8d4faFtpCy5V7kVy9TS7ncXdi9MAQmeYP4RCNy20exuJeuIn0duBzuKNjN/YP8e0eeyF3CocX1vGN8gkCBZU+ZVSb03H2gBsXASKQbsBFHMnEa2n0lhyCVOTASgyzWl+eiU9O7/uLnvvE0vKTlIuC4Urbjh1LOncjcJWaD4zPLfQcrtSqV/pb/+8O4O76LW2oaXZHcM/smtVLqcwNqtJ6u6IiW0rl8Z2GVb7lrC6QRfZKfaxvBjtSA5wAMOnb1IFulXZmPzB1DMCFWmwkYE01mVW8MCTuvtUm5Qg1xQGn6L6hLuAq6IwV7e5kiVdFdntWD9ByBZxAPEFo3f116d11HUCuxFzGgurik6nqqWXT/v6gZMZ35/VPydXD3l0AH6iIalpdP+hGk7/ApdtqZh9gv17Hq7/Gv3Vgqp/XF2kmO3YNlMSc2r3o648eZG9C9H5MLmV+BOGPOFDKHDNTO1FVh6qYCNMnmZOvV2/biOC4rKSH5lVHqGqIbWQyZ8flIFya3M3CvqqjHyKERla0bGOCKAEWfx0LXQSyG+cx1XGEN0s08y60R9iQOvEi3P8XAAD//yDLDXI=" + return "eJzsvXlzHDeSKP6/PwWCjvhZ2tdsNg8d5ov57dKSbDOsgytK4z1mh42uQnfDrALKAIqt9u5+9xfIBFBAHWTzaM1MBGciLKmqOpEAEom8c5dcsvUxYZn+hhDDTcGOyZtX598QkjOdKV4ZLsUx+f+/IYTYF2TOWZHr8TfE/e0Y3sB/domgJTsmdMGEgScB5En0aKFkXR2TA/fPnnHs/z4tGQJy45BMCkO5IGbJSE4NJXQmawP/1HJuVlQxwoThZj0ifE6oWI+IWVJDMlkULDN6RHJm8C9SETnTTF0xTdgVE0YTKQglS6kNvDX0kmlSMqprxcr0gzF584WWVcE04SIr6pyRHxg1eoyz1KSka0ILLYmqhf2ZG0rpMawgzGr8T35eekmLgswYqWRVF9SwnKy4WVpkKS80kXOYI66FqoXgYmGh2ocWnWgyiqyWTDF4BdMiS1pVTLAc5rRk8YzIimqYpxi7RZ9LaYQ0LN4GP9VjcopDZlQzixNMmcylIoVc6FGD49gSAeGazHnBZoyaMflRKnJy9m5EuLEvzJIF+Om03PbSqtqzE+IZG0eEwMVcqpJaSiG5ZJoIaUi2pGLBCJ8HkEAcXBNtf2OWStaLJfm9ZrUdQa+1YaUmBb9k5Bc6v6Qj8pHlHImiUjJjWkcfBqi6zpaEavJWLrSheklwTuQcFt4voVlX7Bgp3C9q+5TEJ8USBZciPCekYFesOCaZVCx6imAv2XolVR49Hzg79n9/RtAJ+YxTLAhhuLvH5Pl4Mp7squygH0/7320g+d6SyrUYWkbAtd1OCli4I02FPTELfsUEMZJQ4X6OX7vXS1ZU87qIaQPJXPmJE7OS5EdHp4QLbajImCaWl7SOmraD2/OWwJrVxnKFuqSCKEZzOisY0ayiCsmUayIYy+0BFGS15NmyO1wC0BNvJks7+FzJsmdNTudESOIPGiwDnkD/SM4NE6Rgc0NYWZn1uG/T51L2b7fdyW1s96d1tcF2++NuByDa0LUmtFjZP8I+UJETvZR1kTdkMFtHfLLWLB+nSyYC6wo70Hy/AlhumBlrPgE+zueWUBJww0STEExJsyUXrH/5HYj+PeD5Nnbgs+C/14zw3N6Uc84Uboc9XrAOT/icSMEI+8K10U979ueNR98ydbwE4PcrvxvA8nneO+WX9Gj+bDLJ+6fMqiUrmaLFRd/k2RfDRM7y+y3AGz/GfdYAWVJOhL2OimLtLiFNaKak1kQxbaiygoblD1MkdZ5Pw6113eLMuwLVjGqWylM/NE+cOLV/szhlwRDNjBel7LkqvBiCzMnSsKNfIytceriCNfMf2k8yWZZWHsLpWih2K0BWQXFqs/swnuPOvxhe2nUrq53OFufU3MyQFPu95orlx8SomvWt8M7BZP/57uTZ7sHhp8nL48mz48Oj8ctnh/+xsxnxvKaG7Vk0rZwlIjFLKr7gwspuPdTyI8pIXtA07j5zcmw/QCubLZhgysIcWX6XgLSCD/yC46f26ukZ+aNbEVx0uPjsXsVb1OX9dKHvzHmalf7Pv+xUSuZ1ZtfxLzsj8pcdJq4O/rLzXxuu9VtuRdu5H0QDS7d3vaELwmi2xGkMzKKgM1ZsOg85+41lpm8a/83E1TFpJjKyomnBM4oYz6XcnVH1v5vN6Be23ruiRc1IRblqr7/93yuUW/xMaZ6Tkll5IBJ8jfT7R87xBgQp2ClHgmnDUlrB2VntpCgIjI9nWBtpSYNqv8TXMftpLrNLpqZw804vX+qpW+KB9S+Z1nSxqRBh2Jfe5d/5mRWFJL9KVeQbkk3nsDGPizsEgffZV/ZL97pPyhJEmiVTdkNAeOiFl+5ZJkVGDRMpwyIk5/M5U/Zouy1o+K2xB3muGCvWRDOqsqWVIsdWyCvrwvCqSEG58TVeUCD3rT0amSxn3Op7XBgJt1h3en6PsoJ39PRX8bPNFPUTB8jytJzNYXSKK8UFN5waCTcsJYKZlVSXdo0Eg/OEsjhulWILqnJQvawKJoUeRV+ifjbjOVf4gBZkXsgVUSyz7AGVzE+vzhw4FIcbzDro2Af28wgZUC00Ezl+fv7v70lFs0tmnuinCB/JoVLSyEwWnUGQY1uBoDWcgsuJ2SPndVy/GEZRoSkgMCbnsmRBRbVUBxcxUyXZ8VeMVDuWzhSbM5UML1rT0ag6u9fu8sY9nLFgXYiMKDAssaiIhd/BBniMM3JeRyyxXFDrGqbfmDK4sCj9huwTDRvOVOEMSaQHTLOOlrc1wCy14I7sAjsJnPBu2jevNuRPyYfXMJ/TM8uzFdPBaoPrN8zq7QmVKpxzcnp2dWQfnJ5dPfew2BCTraQyG86gkGKx2RzOpDLXYh9YPM22oaG8O3m10SJ6NHJZUr4VC4qjSxygNfq35B0zime6g89sbdimgkdrV8K9t//yaDMUf7CDoaFrrmQZH1krKdlTHZmnugQEZ+ne2B5sSFk42kbodlBdsFj/drfVT8nD1nV1AzY/MRksy1SQjCq1ju3KlOiKZXzOM1JIFPiIYsiH0OIEzCcVtZTFM7VTMsWvLOuy86XCsggYddxZ3phtkYh1RY+CdOsQSgbv37oAncmLSvIWwtesDyFvpVhwU+dobimogX+kVpVABN/9N9kppNg5JrsvDsfP949eHk5GZKegZueYHD0bP5s8+37/Jfnf7/rmY2UyLpgwFy1D402z6p7nG+YUGxzDqANTei+VWZKTkime0X60a2HUeutIv8JxYNQBXF9RQfNeJBVbcCm2juNHGOY6FP+1ZjOW9a4jN19hEbm5dgXfSWEUo8V1G821vMhk/lU2+/T8A7FjDW34yTWb/TXwdBt+I5q7//qqD9Oh7e6x8t0Zxc+aqV2vkkRfojbimeiIOEswipRyThaKirqgylKMU64Uw2th/E13u9DsGazvyF24wsskY8Iw5TSFeSGlIqIuZ0yBkxJsQV4m1y3QiGJBquVac/sX793MPCnrDjrvJdjN7efFGpVSLgitjSzh5low6ec9sGMzqY0Uu7k7qY2yKOu8rSs2jzZTFX/E+za6RlECkDU4KLmYK6qNqjNTx17MZmGc7TH1jNzouJw7YQ3t9Tr27FBB3rw6QD+qveXmzGRLpnHv4M7m0fDoHm5wthd9alBIHNNcB/t/ikQAqGrhHMuKldIEfwGRtdE8Z9FY/dhR4vykMcjYlQo/dtSX2j8QbAMKTBtu+NhD6wZIF+729t1KySueM9UVNnuOfKBGlh3cT4hPLnyYsUckuPFjoxjLDkZkkbERkSplNHzBDS1kxmhbFwhhD1eUF3TGC3ud/SFFj/XruqnWepdRbXb3s/vN+CRCg1g0LCmgtQlIEmi92cyByeBNstEMbjQGh5ltNgF3s9wFa++MG9/TgRRQ57v7B4dHz56/ePn9hM6ynM0nm03i1GFCTl978oMpJA7BYfz7He4P4wILqEXX1SbI+bf93uG7rK45GJcs53W5GeLvPHeK3Mgb4E0zkN8ejCaeP3/+4sWLly9ffv/995sh/qnh4ogLxOyoBRX8DxcnkAcLsvNLrhuTcXpRWyGAQ+wRoWg42jVMUGEIE1dcSVH2W5yaC/Hk1/OACM9H5CcpFwXD+5x8+PgTOc0xRAqN3+AyTkA1rtM+szJeMIHTe2mh9XgziSH8KrUyOltgxzkSWTO98t5Gh6CZ15mEtaxVBsQUgWk5PJesqKzYjGIL3pgzqiOiCWNor+evLaMyvNE2bmmadL/eFgv4iOBJSQVd2BsdeGyYRq97Gj1AA3xrm8EKAS3C2z6qMH5JF9tlmrEcAaMFEwKitqKazGpemCAcDSBp6GJbODaHxWFIh+7Jba5Ug0WjbXcQGPLPDqLQ8dHig4u73H+wOB33ZTAoM224iO1rjoO97rzYjIdFv9vADRMND3pqAIPG2j3ne+kBer0DRsQeGOR6TSgv+bt0nkRL8Y/qQRmewtd3o9yMy/Z8KTG5/qM5VOIT6d0UcID+jr0q1+DcwffRtfLoWunO6tG18uha2XQRH10rj66VR9fKXV0rLAg9Sf4d2VjBeMcM3Y1vxnC9GmmB/Y2Skwbjsa8Lz3917sfFHcRw6EzC7DQxckymLNNj99EUM4NUGuhsL9Wy1gYjJGGbhsKe7f9+XTJBfq+ZWkPkGwa1B4WCi5xnTJPdXWePLunaI2QXWBd8sTTFOj08IdwzmhHAgFkhmoWV27gwbIHZQprQ/DeLNkpsCUCdLVlJw9q4e3ZwSmBxrBUGnLrfcE32Ic1rxgzdJ71GnuiDBmggVKVky6r3Jnq0cV5nY1rLIG2qUgykV4AP6goVa3LJRT62jMbOtMRIUfzALCMXGmY42q0pGDrI7Cb6pE4It8TQ3XZqJDeaFfMoF0Ig/GQ1N/dvfa18nbnL5Ozi+kDR19edTjvmQMB0c6HnW8kdw7EtdM/V0W7ZXYlArled8OY3V3dJQ0Z66TNAW+JhX8yADbqQC4JWasWzhOrG5ATepiHTXvHxNGknGGUBa1kys8RZ0ya1d0zeNvHuwPV8VjIED/OS2VvYu9LsUwui+XVIZpbzOHLeA6E+KZZATpP3mztfeBPUjVovmTGM4PbKKPXGJqvYxWopeBh6Y8JnzKwYs2O42EDLzqkPG8YBXGw1JjZnhdR2Jid+qW9eVm81kopZoQH0kAJgUcMWEv+ZpH9bJPoXtD+nOlnXmASapS1ZKdWaWPZnAXhAeSsX/aouBFPo0eVNVrr7TGdU2IlCZvrdLvqtsq7T13brg8Ez8N875AfaG6GL6cNYre05t/CTm3Uo9W/Br8AB1z70K3suvXcySdrxEBNY/uoZgVXWAnCnJxLfvDaN11mMW+PRS4Ba/jSFL6YjMtWGGmb/QguqyumY/EqVPQCQzj+vIc4mSCdybqWVEVmlokdVUDAiucAJKzy73CyaZawykPPsYijwdvISzohUBaMaGGYCEqzQGa3bwnIgBMB74ILBE7reyiWDfMKNMLT9QWRY8sXSZSL03wADO3ea0gHXyIgg7cFu+5IKt4djzAyZjnw8j2ZCuyT4RhmhKVk59Bs8gyxLfWbIBmSQbhh7ADJIINaa9ZBBHy3UVtcETyXw2H6qwJltgyYgIR1vpoxWBjivyzW/lkkE3dMlAzX0wUVKDIEAmoO/pKkF0lGD39ppdL3AgQdev0vz3J51d2HvwoXN8mm6ldM5L9huppi9PqeYJIRpiVw3Gc3+/nQz5XasEhTu3vMKe1RRre267mI6dP9GydpkcnveRzsbN8RNrPw0eh3tFhVuu0cRCes0zK8ZITWm2GPpc7ma+x8/djul68xujsuknFNe1IqljDmBOcykb3MiU5CDTHrDE+nm0L/B2yoe8ZGBBIiCt1uVeiBz8wxnRK8kBNaECIcmD9oSLJiRhlQomdfF1mue4CjOVrVR5Q8sPRAzk+QXEVQdbFRYpUGqULum9wiXa/170b8YFjXNNvWU3nk13DBD5gwpLFGjhXHqvp2SJ5adaWbInpOyNTNP7aqks7d6QGpQqWf2V1Y4x+UCTpyc8niZUdy3i41WlZa9xyVTc9EggXWQwBQVHrn9tgSMWI/bZvNEAho4YZpdMcXNphLQkIdx58WGOdXnbrzWlebRaAk3vy6d0bc/fi38yokKJQMXobAcLop5C1pgyL22+/OdJnVFjGxx3eR+shyxpJeMgE7lhuPMF64QmmsDWiXa+a4thuCSbos7U/635LMlIlMLahjkBXMdig9xrGCll3IlMMAsM8WarJmx5Po/JJdY6EGqywSklR8sb9dkxYoieXWqyf/37f7B0f/1AW7BuhYiSv4HikZIdWkRgRMFlozGRpYAxKhEnl3qXirdOWcV2f+eTF4eHzw/3p9gPOarNz8eTxCPc5bVdrvxX8m+2Z2zUgiKdgq/2B+7H+5PJr2/WUlV+gtoXltRRRtZVSz3P8M/tcr+tD8Z2//vtyDk2vzpYLw/Phgf6Mr8af/g8GDDg0DIR7oCe1koAiDn4DtQgfw/uzDOnJVSaKOoQUMQ2nm56dMqHFvH28lRBRc5+8LQlp3L7CIKUs+5ttufI8eiwn4+Yy2IWEmA5ViDhoeaWcoyIxb85tMLtM9M4+2FsY/JnBaJ0N6gEb/rHJol1ct7iXcNdTXB131/O/nh1euNd+5nqpfkScXUklYaatZBFbc5FwumKsWFeWo3U9GV2wcj7XKBDNViOGTjzQ0XaK3aUQUPE2v02gFOeLBlEIIKqVkmRd7nHjh1dXrGoCIAjeG/mciBxC6F5UnArVA3aKpttT0TnmVnLPBswEQg7eIITShsV17kJds4W+JOGkE4Ws0kolqLSeGd7zQJZYiaGoPOYJfeOg7tVPMvFKP5mjxh48XY6lC0Lgw5X2tLJAGwfop3WQJPVq6qBURdr7juk2tPGrk+jI+jA2c4JtQecynAfHn62uGx86ZWsmJ7J6U2TOW03HmaqoR0NlPsCu2p/ifnn3aegolWkJ9/Pi7L5mrmtPBf7U6eHU8mO+0aWcFUg0rmhlTfKvJ0zZY6ZRihdxKweospuY+HJOpm060kzrXhInMW7H+J3rkaIdEjP3hHInFKONye7uOxr04DqGqsPthQhefQ/XKTK8jRQgbZT8EFSpqtiXOsDBVXPExgztZRoTvFkNbB1ZTRYkymzTyn6FmIa7CGd+nWfDGKZsZfLzGGo9a+BWTDFHhcyarZH1dLL8MafVVl5SgJDgd7A6NRxipA6OHr2ZwOz2o+6cE39mjYARru2Ma8S5Q30JovQgjrl26+Xf+w9qN4Fg3XaqoadnUCy2ZvwUJve9iQjd941JzJyTKO3kWimeFXVvq36zTnShtfu3ZoYuxWNv/bTsveUjdOCoaKpxSmkUC0UyrozTNSXF9e6BYLvI4xzgtJN/TQfuT6kgBsLGfLZUdDc7xbO8GcaFmAucdXOvT/+6wZWctaucJA3+mgDTmRwJ62G6d4IaQqb7GBt5jre7BV8j9YDuPdMO1RcJcVILVPLA/Zn0yuqThbUi4w1AeryNrlAH0UjLVgpbcXsCuchMY/rfmidRs0yGmo5AdgVhSLnmjGCHVmV5gKrm1UWdGVg+pxcM950SoC6Z3Zzt39Y/PB0DqeAJS2x5Q400jqwwKnsyYzK+J5VugcufY5BNt4tyTYNwDzMaDhy9D5S45qLTPeVLsGvdGX7krqTOGi7TmbifehAhGPiFlKzVyBPrRWw2CnXh4n76TgRsL18J8/nr77L1/MD+xhLrUZqntB+Aiaer09tZucQedzhpeF/bw9h7gepDP63Moj2wSQm0aBGjow/ZJwss1n1CIlXfJ3kR7Wpt6jWjBz8VBjfgJwMAUQO/S6LLi41L1jwwBJjNk9Ro6ZA+xmgN454nDA3bVKi0KuCKN6bdfIMCCV2doRmwcRWT+Cdlo5Ja29oLH9+x7zgTmAMxlMnCOScwVnzS3p094lzVlSDeAe478GSAPZkteSFBdxDNA9UDi1gBoTlg/4QY4lwt8dn+lDpY5iGx6Itqw8Ct4Dq199Pn39FDmJu02jSK0n5/CyWSwiV6JViysYGldxhup9qQagfQcmcNVJwgtpHw+zNGeKl1StkbfBmvzUmnb/6ElKxoONH6e0D45d3p08w+GfPD+a9CP0ztJsvOtcEJkZWrRssb2oaf7HpqglRqIuDVhIdmhIn7IsxNkWpRVpaJ57NWZqoU0JT2UWcBJP+1lMmWQmX49kIo8nSL61kjIEU8EiuUgJEKJLmdsTlPeOnm1j9JIZijHl4LnOe4StmGB9jlT0aPNoQiTUKJqwZE4WbCJh4RvtREplWWDBrqjoRAYnkVQPEPX1MBa34aBVnLsvkA9se68qqLFS5t8gVTl2PgJqPfsetXxw2/5z82TTCrm+ekkiY7sqpySTZVUbjGp05T8gahwi+qI2MT22y7hPTCOlYlcYEYUops1gsLiDuDmE0c7UVXb3MYtLqvIVVWxErrgyNS188Q09Iq+hQkBUDQHVnV/qGVOCGTCm5uyuCcd2Vv3EcH8v9M8OdlxVpM98Y6KS/95qsPL+zqnHcAr18e3UFTO1whJPGxYr2dYM3280O0jXdDY+mFc0p2gunwX/4vVSl35TFy2P+O81LYCLu3xfmJkP+rXIuGCnJsbISisYjqTt2W7VX2IZz0PZbFSSjbS/Gaq2sM2gVjzPfRa+Ex0I1XvyXFcRrKMyAgOCc+YF/m6vAC4W87pIgHGBFpiNCrscJ0kftfdOTqEfB2zhuLtID53EDxyDVz71/OvmvP/sjtcNo2+7u83A8fpRKldix1cgc70gnEUkqb9mQUGLqmmokTRNzXOnc3JVjnzhlihTLrDfUWz3jwr6REadBGJDhBsQXoi7VNmSGwYV++68qI3D98vL5xfPjzZ06n6omKKmadaVINOT6C5jGddd5g2Mc4ARfXG7pHd7+D6ct5vV9YcFyxbi8c4qVoN3/ziBbmR14da07ZW3y1eBVSr9yW7oCtd63GlitQus9yJu20fukjvvJbkE+BaSTzv77gcmT6BLW8aEkXpE6lktTD0iKy5yuWrbt5vCRlStuNhiJm1D3u9oZonk33buMVlU6HuwndOSty7h++Kbsxmn4jbYnjs03FZAb5p8Sc2IIKwRdLqY6Tzelp7JdJNP7z+b/cl4/2D8fFdlB/fZAJ9PCUK8oiuijYKShD3TuLSSb/GgszgaH40nu/v7B7suX+A+c0H8NpjSY7GQnt19LBbyWCwkxfWxWMhjsZDHYiEtFB+LhTxcsZClMS0r9M+fPp25J3etwm5BhJiWu1YsxQZX45KZpdyaaflnYyo/FMGheuPSf3rzaUTOPpzb/37+dD3G0EpLbViZ/E6JSwi/ybuC9fbD96Fvd1kf7+3NCrkYu6fjTJZ7QzPRlRSajbWhptZtnnPTbDYPN3bLj6MRHK3DdsIsjiZHN+A7k3lPFsvDZQLO66KAxWyQtkP2You9BldSFQPp54P1cB6QtN0YA7VZemqyFHKRsoO34cH1x7/pPxinmzcFIO7IBmBJukt0f+vaW7lobgYfNTqU2gl99FiSIfvrycf30xGZvvn40f5x+v7HD9PeZX7z8WP/1O6dDDScNQMXDBiV363txGKV7lbJGIPL2DoaTQvaENQX9cIERSMJi4SDFH2RgJuxOWYvF9ygH8uQGgKUQ+J5RVVvnaJT9DcoGqoekakbYuqC9pFQY8+E1flC2G6Vxr2SmDwcpDiRt5XH6yY/6kywZWxF18iSXrEQ468tjaGrOvPlm6qq4CxHyy0TmYR2llbUYKtUyOKCaej5ceXahhaMCshtu7Er6Z1ShYiWLgfou06u0O81U+CGcdZJdK5slC6UsCIXtZeyo/fJw8295D4EsNtUNJNlWQu35hhoJq+Y8gzNeT9VGkTofJ+uJ6Z7dSfnqgcbIpnbUYDeInFHBrp1f3folo9WaCioJYl2TUMbsdkvUq94BfLXr3zO+yexLRfLKfpRP5yfQphN0Wo9b985giNv6ZqpMZSDHkExaPvfc5aNyNnpuxFhJuubmP28f0qcCnqBKsO2toeQ05P3J+TMtZcl72E08sRLg6vVamzRGEu12MNIY6hNtOcb0u4ift0H4y9LUxYtAzgh54aKnKocAo997YDQ3XaMrIYWfCEw1RQJ/D0zPxZy1WlKToj+ETvy4gGCRBc8lb6Vbd/8egns+QBdKSr0LYp232r5zyFfWwfCj3bcJVEKbRhtCgow8gvCjxXOVGH2+JLCkiN58vn12Yh8enWGJLl7+urdGdDi+GnfKnx6dda/DlEX8m0R4wlOCrkFGlqjUR1t+GBuNeNGUcWLtYuAxzIN6VosuVhovBtLninpo69xcWmhZZPcE3+sL9cVGxGe/Z5mrc1pxmZSXo6IWXFjMHggZgde7dbc1O6GbooAXjGRtzBsIsJDKhazyk1OvC8j5AjhLbiXWzZ4eoYBlzpFz247dq1eceXT9HqJ/eT0Xf82+6O4FXn6RWCVfhg0yxH2ZQw604gUQPy/0cyucSDlHqwSxbV/LqFx9zYm89oD99Jf1F17Pvdh+C2t3AoSmNrTCEzHLY72T4SLmaw7nO6fiKxN/wsuDFOpmoAv7LnsfVELSLft4giFSUtaVVFJS1dVz0o5u9CFhpRNioOrRzgKYgxckOmpwRIonpAtnO80AZeEXbwrzlZDJVL7MfFLLRWpmOIlM0wNY9Y6IhGWbcwSlOyfEJEQkvP8UL0nKt60DiXOpVpRlbP8YjvhL1Eji5Aw5iLno1dO/aqU/NJvj9j//mC8P94fH/TPwonBZn2xvUDOE8jlx9qTgD9oGFFrgdMzLIzoeB11YgINc2szCtLYQlNBfhyUUkqMlMUuXQipDc+IdkJK3BsrpehCrvp0y7eMKoG5WtQEk9qCm2U9A2Oa3Woo3rsXFnOX57u6Ylnvjny3f7z88H/0+6Of/8+7n569+/e9l8tT9W9nv2dH//Gvf0z+9F2KwlY6Wlxn75KGFi7cG5g1WB1hrWfSqjKeRw4UBJi6BhEAwZWniluG+Oe+OsCITL2k5F4hSXNFdF32LuDh85cDF919WmbcuCYO+r1WxcHoWZfmTc/KhJc3rs3BUVejbgXw+JCl9OmGMcgiQOsm+1Us47TwvHUUslkwXLOR+lx2UWhVlzPDMjPykOFzTAy8GdauVxPcbRIVSvLCpZfjKMlqbWQZgo8RDvQwhHhSN69WhqIUc76Acn1GElWLW8xTy7mxA0VV3HwA9JwrtqJFoUf2ple1xnUxSEV7lYL5ABAfIOvvrOg61ExoqfSIrNgsGTkCD36rQmpN+oDa9To5e+fm7gwbfotjywYtimsMG05eQrDgC6NiPcKlxFnpsL/aJ2LiHuvm8r9mKdsJkeSdszH+XrMaQZI3n95CFLwUQAr+inAlFNJ63o5GQr0CqOiUM6iH62YPvRHfvDof36GM99drx9SJzvuKnbUCnXQG/5pR9sNYdJSzB8MhMEEcImn72IPG/TogXBe72uDR8vg0Vd4Up8WWTU4BDRzN+cS7yGwtZnqZtnMN2+PrAW5SEdGq9GAKt4zS32zenNVAXFdMj7uuoQTY1CsHajoiU8+M7d95ruGPSrsSq1/W8BdZFPgxsnT7t4Yt93uYPNjHCOXHCOXHCOXHCOXHCOVr5vIYoXwfhvcYofwYoZzi+hih/Bih/Bih3ELxMUL54SKUpVpQwf/oaaD+oftm84CgGKy/jplQPFvi8oFVa6gLS1lRsbaXLi5MABxrma04nnHaqW7JigoKt1GlqFj4Gu7GdRGICsBTgQFZEGKTNicP48aTuWuk5TYDheKdIp0KQn/bGiLx2o1Tymv10RzQnDenuftqy11NeVBL7tOQe/XjjnbcoxvfkpJ6tOKHpaYH0IbbunDvRO59JK7Xg28zxWsOTUcLvg+eXf33OizvpPv2TuIhguFv1Htvs+CDCmIv+h2t9z7YX6vv3mYON+m6pO0gdB6SlO2dJQ/v0pV1kNmFZpDjgV9S0dyU0NECwju8zyZpqAKxsqG5JM/3ktPrgkviUGjkyb671bji+ZTIuWGCaEPX2lcE9D0gsb2rVUijCJhMVhzVcqj5VMgZLaKuQB7lSOi5LS/duO7M5l7ss7BGKUd0jWJct4WvKiB4lHrYHHH5F1DAmljxkkHJk4WipZN7FdG85AXtD94ZnFDVu7gPkNbkZ1NRqJ3TKezTFDtZ9MQoPOyKUrWoy4Guzu/o2ioQKHciGVdKGpYZcChzw69Yv0crWt7/3NF6uTMiO7uF/a8VHuyfvlnK853/6p88+8KyGnoPbGsJTmZQi5phUL87o55BNMP3zmqv1mpvxsXeIPUAd9z27sEgAw2s7Ezg/QhzR/CAGF/enuowV4zDfEUFRsXGPQFSD0pU4IdQMlNypcGX59NwHEJ+LVdsRiqome+bWFnRVQxWKof+PPn4PqeuSQY8ONrYTwVNC05fb6fUfXNvH0z2n+9Onu0eHH6avDyePDs+PBq/fHb4Hxte3598N+CYTF0B/AHUV1JdcrG4wKij3iamd5FA9payZHu0iCv/3oi6w4UEXLy1M7niE3HDWbVTceNj8nBTcaPpycKw/6UvgjmnGS+4sWJDxa8kEDJVsoYe0BVnWH+46dxHfLofvNPtquUukFszBn03SyrWVv3IWBMk8ikeNMDE/kngd0bFsxwRyCEK4cJ4qLiTGnQlBaR7udSsRjSeumUbR97gE2hnp5hhcTewJlCD6VGU+DZjpBY5U74ntNMKRy4sc0SSvtrYNXtE/EdWBPLxaHHs65icYkl7Ny1aFBDQaWSDMq+mIxTmKEhXwq0LLAp12QGnZ8QofsVpUaxHREhSUmMgIws88wYGoAp6Ua0h3WxtFyoa5JiOZ+NsnE/vWsu0J2Rm8CBtGjZzUoRcU7ssQELSF0ZrJZ5GQRudeL3zO0TruR/1pL85SoM6bv390+FSwHgpxRZU5RhwpqGO+Sj6ErMTZjzEQFpZGDN4Mqlyjf1qPr06C4X4se2fxwzRyRi3/3YrhY3ZC3L+7+9d3OUTHapBW1DN8Agea9KFpKP2GK5IarHuTr4V5y+077wK7MAFyhGamdqbOLHvClMl2QmQdrDy7tzFnPiRRQtZ7StTwmun7nh7bE+aoK9IlyED0y3gMe6ucdx5AppCd1PEvAnd4xDW+FstskaHck3y8Xd9YJolFNJEwCyd4Ba5Htb3Svz+ClFrcbRY8ukr5JEtaysk89kHp2dXzxvGOnA13yKr7BaKhVTmWuy/ftjhtWhgqdZtYOLIEgdojb6VSPkmj+Ll0WYo/gCh81B/u8nzcrFjrhE/HLUhArpPDHuD7YZC8pmLad8E3Q6qjyESjyES3Vk9hkg8hkhsuoiPIRKPIRKPIRJ3DZFwWeZdNbF5uLmT2qest3USE7+zipbCe7Pp+oBxEzT2jhQFeKGHgh/m3HX1bXw7UOUBrQH+jo9sKDi8/UUrz+EBmpU8WDX/KMjA3WaqFgK1ZpjAUBUeHloKY3H/IvR/cp3e/e/x85JeMk241cG05rNWM1Yj26sapcThDoqoWNcwaqEfgDfvKAbhBYozkYFdWOuaadQeLUzFcjsZ13wE7D0JQCvSuVgX3weQ5755YcjHEnlDC/CN5mIB7Y9cU5M2po1L//AFe8Zmczah7Hl29P2Lg3zGvp9P9l8c0f3nhy9ms5cHRy/mAzVB7pWt1BiDWUG14Rmat3bdrDa0BMeCkKf5JnnFnalr8ldiXhcAQEaLazYC/cbA2BaKshRypYHrrdLm5H65G4UPmm34k6ga4vZteOx713ggJUjk1mlPYgyQch07pp4IRdNeIgFxUmDdKYeuJY2ca6P4rLZgfAUQpBdVg30tqO9LqY1u915vjgjag7xdxE8aCw+4qQ14J10VIejEK+fkTbzz8RbAtFwaatz5OCtqbVpJK+iy+VEq8gOjRnfBcG1XzbcEpySTVbC4h3WEXlwJXGdNnhMhiYcTOqdso8HFwIm4jU8kyue602kAAN7u7VKNsXNUz9WTMEl7v8kWGXsULNQbuCUAbOWYphinxDJq7VwoPZOMME0Wsn1MIq+W2UqK3SvXEQYGaO3LbYN7bk1Dh+OD8abtPP7swl5apBNLKpvQT8MdoZ6lvLQiKXVRmsxgA7xUYAkRN1aW7SOegXVi1ZKVTNFiizU43vgxOmJKI1+QJ3wONzm04O3EbJFIXmn6V0GnO+07DSsGnktXjCmQNc+nJJfQuau/dtFLejR/NpnMmxEDQYNvqiXjxs82E3HxJ5tY3ENz0mYL0Sa35y3sCajNLexxxRNnZr+jFPsVbORYrqJLAP8YNvI+7P8GNvLr0NiijRzp8x/ORo5oO6NzXBplgIr+Hgzlwzh38H20lj9ay7uzerSWP1rLN13ER2v5o7X80Vp+G2t5oknUqkjViM8f316vNHz++NbfsK7ZJtYbrApmmH07QsleZ1a5Grm4OqhkSM3yjtL9cH+Ah0qJ843Rm6L9tYJqiz68sen1PKgHvJdgO6PGft+tTDaKy/DksJAlRp1TrJFvFy8BCFF+FMIpaQYxsIVcOKqzP+faZWn8VmvT9Dj3xeeaBe/qq6HKfU+LdA+egkV9RXVAehR2ui0hDSmx6TrH5bad6WacyeOjo8M9NOH88+9/Skw63xpZWfADr/upxS7mtijldB72CvVcXlrVza0hBDDWGg2gI2QzTQH8kMiaQJzWqhhbmNOR3XCI2TPJFimWSaGNqsE6IxXxG4VkmZ74Dom2NuROW9C/znjEt7XS5wA9uI2wpc8o1IvegYnsDBxD7Ng8PZ76Rg4VjVRhgDy8OrdTTh9mtq+xk/fgbNPt6pv2qcDcB0t69vR7/uICMKXTU1ydQSg3jdGpxRpZNuhH6T3ctBcfo2kfCpM70k6q8QKNL2ToNII/nXbVorDU6YwG9Nleq8hw+LEwbJF4DzY0jnTW++josL/v0tHhkOZtltuijTNoxDFEGe7YtknCIwYx4dvCzB4yGMAxqyD0AK74BjMs2/gnYMJcWqynj8zhXP8znGv2BeqGRoWt4xEhBh+PgW9MkwAS0sIBSg5F7qK5wM/DOwpjzmoTvkpnYFoLgdbipmtJWZkGL5gCfpF6pBBCyz2T+AfJjJkVc5WvzUriaR/KhlZ0UabWjIelS6lM5FUAgWluXLT39NtpRKRGVoOb+W0vk/bID8yt1kxtMwvzs4PfottBu5vWLdgPzAEQ/jA28bq0JHp9ywwJuyngFW87BvorNMCnKPVC50N2RSOSM5I0ovPYd0gLHZ/AswKacWw5t08403iCAygYaEk11h03Syrg5zwfNZqIgCIiay+FA38ApxWR8wan5YZ1JIyqbyojgYHAyaPI5Jk87xSX6ClAkXp2/h4CeT60vBp1O7AnmPbt/gycj4cJJKHFjCXywHXS49Je7z4nupCLRri6Bk8rhrdtVvdIHjwBhMkb6G6TyI43cJ7vNGoZFhWsHH1FedFk6HYQZyXl29OO7cGDEby8N4DFkuqtCUEuoMwzgWUa1BWzJnRAw4dQM0iKdQltmOwnPZfQZ83mdWFXeQqkAcUPlPsHhN+EEBUofA6UT4uUHba6lWRU2AvNXeMDy9X2DTzoev0EUR2BQXM0CMD9Oo5NAEn3v1DaF1DTlvRSmYllTGuq1gM3T1oqp7l/SPz8drcQgvR3UeNjt6qOq2Thk7P9rWh/u0bLSACnl3LlOieu2Cx49yEsJSqCjFm6VFnZqw6IJ1VC/jbGq6FWldcdGDePqzT4o1nUXg1n5538gxcF3Xs2npAn/GwpBfu/5NXZZ4J/Jx/Oyf7BxT42kPK1fJ6Sk6oq2K9s9gs3e88nz8b74/1n5MkvP39693aE3/7Eskv51Mei7O0fjCfknZzxgu3tP3uzf/SSnNM5VXzv+eRovL9zm5vkLswZB9tsLWMHU0MWt6hq/jBn+s/dnWxjkrhxx5P+RcReE+OHW0skjduvpUPksVr3Y7Xux2rdj9W6H6t1XzOXjap1f0s+sbKSioIl6guE9zJDXownJKd6OZNU5drXJxn7n0AGRa0NWcjg6sr0eF2CBwzKCKy4ZsQwbTTJpfjOkKaBbYiWYtTEdwquEC14SIOpqFkeuxsLIqm7v281SbkeRvg4nkjo3AwlSPybD68/HPc1KnP2xj2W6T1M3tjbf/Eywas11vD2D+xnuzeLu7EdZufsCkJQu7LuiikWGlljhHR7Qp+r3Go/c14wu3p7nOs95ymkWSahPkWxHg/I6eOKmmx5+wmd2Z/1iZWxMNIzXMlF6Dxzi+He2Z/dZTj6252Gsz+7w3Aoy9x+vFgeCkEBXjAaGEvqntlF4Xy3mVq/hDMwaGcHNxi0b/u6gzq6rlURjhq4njc6AOe14hk1lJQyr7EoV63BIj2OQz6jqIcHPM9dl0ziqPtm14JF9vZNEGZ/wH/1DPHKd9HPZFlKAb8LgdXeDASWjcLVFXH9d75J9dCErRpesj8aEf0andt/ifKAqZVokpLau0akiHIe7ZTigpAuGWqccvmdf4HibIaW1U6y9lEtMbuiXLE8scCidJ581xja6oW9vg6emyU5mOw/H5H9g+PDZ8fPDseHhxsYGgJKTVtRXNlCLlzJHiBGrPcCRciSSRkaqhcOlR1yfZzX8C3ap0MBLUMqhtlNGCjDVFx1J8DANJtkYNzwZB3l7DeWeeUA/3FxC+oO5Acsz3f6A5rzAfoJBkypFkuI1ZCBQd7YH7UUMCjmk+fcVUuy6hikDLhUMhgnZAcM9Zhr5WfdJSkEUMOldicXD2Jzdnde4cn8lYtCLuz52tnsKN/jFEcT6z0d1xB3Q8knZ6eYAeZ9i1AN0NWakgpzk0MKbdS7OcDbWXEB8Aq52Al1w39F9YC8gZHeupGkIjv+2wUXzfcNGfjv7Wv7m0gwt5h03sMhzFnTBj0M7YrgHEwmhwFE9PpgMpl02JeGoAb/yZ+5NnSUnn07bgDHxVxRDMOplb+cPDJj8qEFCvwOFDJ7/bgBVGg1Obx6HJs1jiMq8xF/GAf4TUPM0EvScWLYY7z+7PrYHQ5dHsHcOf4mXEl+dxrSftPiejfQNQRDOiusn0abcQ5RtGVuV0mT5b7T2hB7bEwZrO2GZYeLdddN5ZOr3b8xQsEV6wy4wAEI4FylN/ghVYxU9azgeun7fBrM+woDwCdxmFFskggjpNwzk2VVG6YubhBFbnvmRRIRj2PgRMIVlpx7aEJeQz9Qt4/pKvjO3i6MkWMhVbjBMD6hsZ5PEz1u2r4uLLQLSzd3urRuRQ6B+e2GpA8obtmOgKxdGTuIJ9H8isH+BjDgCAKUp+M48T+jlalVc7jgMEjhRV1NKsWjTptG9rGaiioKzdYhynPaLA82PbaLlpMpfLU/bWJO8MnBFCNrtSRSjMiMZdSe++YERtAhJ08gvMgVyagqeNMrE5y5Ds3enWsd1kj8v9u11JwfvHzgzokysTMfUdbkIDbhBCmCjlL0Q3ETi46H6VIa8dbMCqo1n69DulALkUIutnmem+1Nio64QFEnqUJ1YSR0v6TNvSgCLIg3j84ubrK9JqY+IdhqbT4730uDUTpXmDS7CtazB1n6ELgfhY9gQ1K7F3N7TOETINmYVaNYHWDZa9wOe16DYWREThtD/4j8SpUApgZy34ic1Dk3zbfQCto+CuB+pLyoVVsOd4X0k/kb9sXcdfIOXrMz3Vu1b/yLrjR+X/6J4rBdV5nBdZlbiitYkCzsEuGCgmhlWtg3/G8J7tYW4jibtBXvQxwYdxQQbvfkxPLunCuInsezo7iJ/cZRUiD8sDllDvQ+EgnWWnXVXZF1w/vIaqzZ7zWGDhRrH13YAqYYzZZONinpF17WpTu+Tw7+enjw1wDLS95dCdkic/DX50d/vV46fzpKNkawL6aFy4pjd/NJZ8cgXfLi70F+8zjYbQI+GEBZpVLJAngh6NJzprCu/9jRR9IiH+OXoQozxKVZdtoI/pGMp10a0DSa/jS+xVodu6ooY+tBDiRCDKWL48yUMflE9SWSI35l6bCVOBQVfYkKKrEmHdZBTDrn4z3DFIuOUVzdCnlsa+4uKE9dLOq/IYl4LPAlIpqQft8N7uq0byTtbLhvDcgeDLHBQVc878MNBaGHFjB6xKvY+PWkTRJSRVVEqGlRQsTannZMZfryIc+Dhff3eRoAvYwatpDKDefsqF2u/UQKUimWagiNwNY2XDy195C7qlBA9gpNe7Wh4cND0nGA2CZjfLEpFQed6iuqgeR+amCkm/VMZtzwoVuTdxOTtLu/+2z3YH/38NnR/tHh5PuDl7sHk2f7L/b3D/Ynu/uH3+8fvjw6fP797v5ksn/ztD05aZbVkPgaMcsn56evQ/l4mkE2dLtTY8QouQ77GJ6ezmPrlIt5VEzL4grPxvnpa5CgXCCr8cb1KLZylOrZzl/jFFt8hAWgvFfUiSWytNSftyTkcYybVdRzrjN5xVSMaIMlBBOdvtYjotgVZysvpFrZqREl0AqqUchwacWVkrOClS6Ds48eknyxByFil45lPA4DmxZtFoZ9lswJwX1oRoblh+HHrkTZzci1sEnDSO7CqMB+4PyMPYL/d67hA+/RXr+U1+mu99fnFF2Rf3v3tkmypXHmDO6VnBkKtxiQtDfCAJdq5H7PraDUVuNIsLDalwTRdVVJFbSytmEvtTc/ecczJbWcm5YZG3ucrJh62uaYQjb3vsu1yJNKfCLHsJIZI0xYPOG176E0db+5+FK6XIsmGwqiWxJzA5FVE90NfWD5Fc9rWjTCSsya7KLftOBoYp/XBapKStazgumllImtvqpVJTVzXSqw2h5yMceRFLOrjHNL2aGdOHTIjdVAXxgnAmQRhUwvuhBSB+aiGw9UIeu8sdK/sv9sJNuSGequ0h4SfOfeIlllyU81oXneyCU0zy/ggwsP0gunUsVm/JbpwdAx/GrswbavNZbd4INNCrgkGI7JWdcdZQGOyCJj0GUl5wtuaCEzRtvHOsLN17FsZKEBXE7dh+T0tUdpKbXxdTw3GCESzW8aI7brbTaK++Ai4tthnc3BuGQ5r8vrR3+HIJJqkpsN7hgOL6ziG8UTBAxqvcuoNrv72Q1qXASIQLgBF7ElE9DheiCGICU5kBLDrgZU3JvdL5uTnvuJxeUnKRcFw5M2PDpWZrl+AFdS5Yb5uYOey+wSzo876a/9v3uA4zsoPtmu3uje2TOrl1KZC2SlzXVFRbaUyo+3G075gK8uoEVuTH8grQpQ9kpTaZ+7u2f/BIBJw86e4crGGHvHEWO6AHChuhQisKKazGpeGBIXXemi0gpMvkuV0TBmWuioO1ZBZ6zQndESrYpcr1ndgMsprASOE4jWRak7kv0Z/9UD5FTMZUyozj6Zsp6GNu3zPsok//2/fuTLesaUYFilz43/S/ysB4vmfbg401uwAUri0a8/SM2PbjxMCdK3O1CVzB+AoKIVqGROmgja9lD1fY9tNNKZzMnn09fdgcAFVdHs4SbVQOwOJvNO3ss9B5M5G1jCTY/jZgMhNFLSqjsSaN4g4T7YcBHI/jEfksVF42YJt7tu2Adg8r3jItz/FwAA//8GWE8+" } diff --git a/x-pack/functionbeat/docs/fields.asciidoc b/x-pack/functionbeat/docs/fields.asciidoc index ffe5d10ad5f..5bf94bf6a2f 100644 --- a/x-pack/functionbeat/docs/fields.asciidoc +++ b/x-pack/functionbeat/docs/fields.asciidoc @@ -216,7 +216,7 @@ ECS fields. [float] == agent fields -The agent fields contain the data about the agent/client/shipper that created the event. +The agent fields contain the data about the software entity, if any, that collects, detects, or observes events on a host, or takes measurements on a host. Examples include Beats. Agents may also run on observers. ECS agent.* fields shall be populated with details of the agent running on the host or observer where the event happened or the measurement was taken. @@ -232,24 +232,29 @@ Version of the agent. -- -*`agent.type`*:: +*`agent.name`*:: + -- type: keyword -example: filebeat +example: foo Name of the agent. +This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. +If no name is given, the name is often left empty. -- -*`agent.hostname`*:: +*`agent.type`*:: + -- type: keyword -Hostname of the agent. +example: filebeat + +Type of the agent. +The agent type stays always the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine. -- @@ -320,7 +325,7 @@ List of keywords used to tag each event. -- type: object -example: {'key2': 'value2', 'key1': 'value1'} +example: {'application': 'foo-bar', 'env': 'production'} Key/value pairs. Can be used to add meta information to events. Should not contain nested objects. All values are stored as keyword. @@ -340,6 +345,183 @@ For log events the message field contains the log message. In other use cases the message field can be used to concatenate different values which are then freely searchable. If multiple messages exist, they can be combined into one message. +-- + +[float] +== client fields + +A client is defined as the initiator of a network connection for events regarding sessions, connections, or bidirectional flow records. For TCP events, the client is the initiator of the TCP connection that sends the SYN packet(s). For other protocols, the client is generally the initiator or requestor in the network transaction. Some systems use the term "originator" to refer the client in TCP connections. The client fields describe details about the system acting as the client in the network event. Client fields are usually populated in conjuction with server fields. Client fields are generally not populated for packet-level events. + + + +*`client.ip`*:: ++ +-- +type: ip + +IP address of the client. +Can be one or multiple IPv4 or IPv6 addresses. + + +-- + +*`client.port`*:: ++ +-- +type: long + +Port of the client. + + +-- + +*`client.mac`*:: ++ +-- +type: keyword + +MAC address of the client. + + +-- + +*`client.domain`*:: ++ +-- +type: keyword + +Client domain. + + +-- + +*`client.bytes`*:: ++ +-- +type: long + +example: 184 + +Bytes sent from the client to the server. + + +-- + +*`client.packets`*:: ++ +-- +type: long + +example: 12 + +Packets sent from the client to the server. + + +-- + +[float] +== geo fields + +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + + + +*`client.geo.location`*:: ++ +-- +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +Longitude and latitude. + + +-- + +*`client.geo.continent_name`*:: ++ +-- +type: keyword + +example: North America + +Name of the continent. + + +-- + +*`client.geo.country_name`*:: ++ +-- +type: keyword + +example: Canada + +Country name. + + +-- + +*`client.geo.region_name`*:: ++ +-- +type: keyword + +example: Quebec + +Region name. + + +-- + +*`client.geo.city_name`*:: ++ +-- +type: keyword + +example: Montreal + +City name. + + +-- + +*`client.geo.country_iso_code`*:: ++ +-- +type: keyword + +example: CA + +Country ISO code. + + +-- + +*`client.geo.region_iso_code`*:: ++ +-- +type: keyword + +example: CA-QC + +Region ISO code. + + +-- + +*`client.geo.name`*:: ++ +-- +type: keyword + +example: boston-dc + +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. + + -- [float] @@ -504,7 +686,7 @@ Image labels. [float] == destination fields -Destination fields describe details about the destination of a packet/event. +Destination fields describe details about the destination of a packet/event. Destination fields are usually populated in conjunction with source fields. @@ -549,161 +731,154 @@ Destination domain. -- -[float] -== geo fields - -Geolocation for destination. - - -*`destination.geo.continent_name`*:: +*`destination.bytes`*:: + -- -type: keyword +type: long -Name of the continent. +example: 184 + +Bytes sent from the destination to the source. -- -*`destination.geo.country_iso_code`*:: +*`destination.packets`*:: + -- -type: keyword +type: long -Country ISO code. +example: 12 + +Packets sent from the destination to the source. -- +[float] +== geo fields + +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + + + *`destination.geo.location`*:: + -- type: geo_point +example: { "lon": -73.614830, "lat": 45.505918 } + Longitude and latitude. -- -*`destination.geo.region_name`*:: +*`destination.geo.continent_name`*:: + -- type: keyword -Region name. +example: North America + +Name of the continent. -- -*`destination.geo.city_name`*:: +*`destination.geo.country_name`*:: + -- type: keyword -City name. +example: Canada + +Country name. -- -*`destination.geo.region_iso_code`*:: +*`destination.geo.region_name`*:: + -- type: keyword -Region ISO code. - - --- - -[float] -== device fields +example: Quebec -Device fields are used to provide additional information about the device that is the source of the information. This could be a firewall, network device, etc. +Region name. +-- -*`device.mac`*:: +*`destination.geo.city_name`*:: + -- type: keyword -MAC address of the device +example: Montreal - --- - -*`device.ip`*:: -+ --- -type: ip - -IP address of the device. +City name. -- -*`device.hostname`*:: +*`destination.geo.country_iso_code`*:: + -- type: keyword -Hostname of the device. - - --- - -*`device.vendor`*:: -+ --- -type: text +example: CA -Device vendor information. +Country ISO code. -- -*`device.version`*:: +*`destination.geo.region_iso_code`*:: + -- type: keyword -Device version. +example: CA-QC + +Region ISO code. -- -*`device.serial_number`*:: +*`destination.geo.name`*:: + -- type: keyword -Device serial number. +example: boston-dc +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. --- -*`device.timezone.offset.sec`*:: -+ -- -type: long -example: -5400 +[float] +== ecs fields -Timezone offset of the host in seconds. -Number of seconds relative to UTC. If the offset is -01:30 the value will be -5400. +Meta-information specific to ECS. --- -*`device.type`*:: +*`ecs.version`*:: + -- type: keyword -example: firewall +example: 1.0.0-beta1 + +required: True -The type of the device the data is coming from. -There is no predefined list of device types. Some examples are `endpoint`, `firewall`, `ids`, `ips`, `proxy`. +ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. +When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. +The current version is 1.0.0-beta1 . -- @@ -748,7 +923,7 @@ Error code describing the error. [float] == event fields -The event fields are used for context information about the data itself. +The event fields are used for context information about the log or metric event itself. A log is defined as an event containing details of something that happened. Log events must include the time at which the thing happened. Examples of log events include a process starting on a host, a network packet being sent from a source to a destination, or a network connection between a client and a server being initiated or closed. A metric is defined as an event containing one or more numerical or categorical measurements and the time at which the measurement was taken. Examples of metric events include memory pressure measured on a host, or vulnerabilities measured on a scanned host. @@ -762,6 +937,19 @@ example: 8a4f500d Unique ID to describe the event. +-- + +*`event.kind`*:: ++ +-- +type: keyword + +example: state + +The kind of the event. +This gives information about what type of information the event contains, without being specific to the contents of the event. Examples are `event`, `state`, `alarm`. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. + + -- *`event.category`*:: @@ -769,36 +957,47 @@ Unique ID to describe the event. -- type: keyword -example: metrics +example: user-management Event category. -This can be a user defined category. +This contains high-level information about the contents of the event. It is more generic than `event.action`, in the sense that typically a category contains multiple actions. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. -- -*`event.type`*:: +*`event.action`*:: + -- type: keyword -example: nginx-stats-metrics +example: user-password-change -A type given to this kind of event which can be used for grouping. -This is normally defined by the user. +The action captured by the event. +This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer. -- -*`event.action`*:: +*`event.outcome`*:: + -- type: keyword -example: reject +example: success + +The outcome of the event. +If the event describes an action, this fields contains the outcome of that action. Examples outcomes are `success` and `failure`. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. + + +-- + +*`event.type`*:: ++ +-- +type: keyword -The action captured by the event. The type of action will vary from system to system but is likely to include actions by security services, such as blocking or quarantining; as well as more generic actions such as login events, file i/o or proxy forwarding events. -The value is normally defined by the user. +Reserved for future usage. +Please avoid using this field for user data. -- @@ -868,29 +1067,24 @@ Hash (perhaps logstash fingerprint) of raw field to be able to demonstrate log i -- -*`event.version`*:: +*`event.duration`*:: + -- -type: keyword - -example: 0.1.0 - -required: True +type: long -The version field contains the version an event for ECS adheres to. -This field should be provided as part of each event to make it possible to detect to which ECS version an event belongs. -event.version is a required field and must exist in all events. It describes which ECS version the event adheres to. -The current version is 0.1.0. +Duration of the event in nanoseconds. +If event.start and event.end are known this value should be the difference between the end and start time. -- -*`event.duration`*:: +*`event.timezone`*:: + -- -type: long +type: keyword -Duration of the event in nanoseconds. +This field should be populated when the event's timestamp does not include timezone information already (e.g. default Syslog timestamps). It's optional otherwise. +Acceptable timezone formats are: a canonical ID (e.g. "Europe/Amsterdam"), abbreviated (e.g. "EST") or an HH:mm differential (e.g. "-05:00"). -- @@ -907,12 +1101,32 @@ In case the two timestamps are identical, @timestamp should be used. -- -*`event.risk_score`*:: +*`event.start`*:: + -- -type: float +type: date -Risk score or priority of the event (e.g. security solutions). Use your system's original value here. +event.start contains the date when the event started or when the activity was first observed. + + +-- + +*`event.end`*:: ++ +-- +type: date + +event.end contains the date when the event ended or when the activity was last observed. + + +-- + +*`event.risk_score`*:: ++ +-- +type: float + +Risk score or priority of the event (e.g. security solutions). Use your system's original value here. -- @@ -931,45 +1145,25 @@ This is mainly useful if you use more than one system that assigns risk scores, [float] == file fields -File fields provide details about each file. +A file is defined as a set of information that has been created on, or has existed on a filesystem. File objects can be associated with host events, network events, and/or file events (e.g., those produced by File Integrity Monitoring [FIM] products or services). File fields provide details about the affected file associated with the event or metric. *`file.path`*:: + -- -type: text - -Path to the file. - -*`file.path.raw`*:: -+ --- type: keyword -Path to the file. This is a non-analyzed field that is useful for aggregations. - - --- +Path to the file. -- *`file.target_path`*:: + -- -type: text - -Target path for symlinks. - -*`file.target_path.raw`*:: -+ --- type: keyword -Path to the file. This is a non-analyzed field that is useful for aggregations. - - --- +Target path for symlinks. -- @@ -1089,193 +1283,284 @@ Last time file metadata changed. -- [float] -== geo fields +== group fields -Geo fields can carry data about a specific location related to an event or geo information for an IP field. +The group fields are meant to represent groups that are relevant to the event. -*`geo.continent_name`*:: +*`group.id`*:: + -- type: keyword -Name of the continent. +Unique identifier for the group on the system/platform. -- -*`geo.country_iso_code`*:: +*`group.name`*:: + -- type: keyword -Country ISO code. +Name of the group. -- -*`geo.location`*:: +[float] +== host fields + +A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or on which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes. + + + +*`host.hostname`*:: + -- -type: geo_point +type: keyword -Longitude and latitude. +Hostname of the host. +It normally contains what the `hostname` command returns on the host machine. -- -*`geo.region_name`*:: +*`host.name`*:: + -- type: keyword -Region name. +Name of the host. +It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. -- -*`geo.city_name`*:: +*`host.id`*:: + -- type: keyword -City name. +Unique host id. +As hostname is not always unique, use values that are meaningful in your environment. +Example: The current usage of `beat.name`. + + +-- + +*`host.ip`*:: ++ +-- +type: ip + +Host ip address. + + +-- + +*`host.mac`*:: ++ +-- +type: keyword + +Host mac address. + + +-- + +*`host.type`*:: ++ +-- +type: keyword + +Type of host. +For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. + + +-- + +*`host.architecture`*:: ++ +-- +type: keyword + +example: x86_64 + +Operating system architecture. -- [float] -== host fields +== os fields -Host fields provide information related to a host. A host can be a physical machine, a virtual machine, or a Docker container. -Normally the host information is related to the machine on which the event was generated/collected, but they can be used differently if needed. +The OS fields contain information about the operating system. -*`host.timezone.offset.sec`*:: +*`host.os.platform`*:: + -- -type: long +type: keyword -example: -5400 +example: darwin -Timezone offset of the host in seconds. -Number of seconds relative to UTC. If the offset is -01:30 the value will be -5400. +Operating system platform (such centos, ubuntu, windows). -- -*`host.name`*:: +*`host.os.name`*:: + -- type: keyword -host.name is the hostname of the host. -It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. +example: Mac OS X + +Operating system name. -- -*`host.id`*:: +*`host.os.family`*:: + -- type: keyword -Unique host id. -As hostname is not always unique, use values that are meaningful in your environment. -Example: The current usage of `beat.name`. +example: debian + +OS family (such as redhat, debian, freebsd, windows). -- -*`host.ip`*:: +*`host.os.version`*:: + -- -type: ip +type: keyword -Host ip address. +example: 10.12.6-rc2 + +Operating system version as a raw string. -- -*`host.mac`*:: +*`host.os.kernel`*:: + -- type: keyword -Host mac address. +example: 4.4.0-112-generic + +Operating system kernel version as a raw string. -- -*`host.type`*:: +[float] +== geo fields + +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + + + +*`host.geo.location`*:: ++ +-- +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +Longitude and latitude. + + +-- + +*`host.geo.continent_name`*:: + -- type: keyword -Type of host. -For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. +example: North America + +Name of the continent. -- -*`host.os.platform`*:: +*`host.geo.country_name`*:: + -- type: keyword -example: darwin +example: Canada -Operating system platform (centos, ubuntu, windows, etc.) +Country name. -- -*`host.os.name`*:: +*`host.geo.region_name`*:: + -- type: keyword -example: Mac OS X +example: Quebec -Operating system name. +Region name. -- -*`host.os.family`*:: +*`host.geo.city_name`*:: + -- type: keyword -example: debian +example: Montreal -OS family (redhat, debian, freebsd, windows, etc.) +City name. -- -*`host.os.version`*:: +*`host.geo.country_iso_code`*:: + -- type: keyword -example: 10.12.6 +example: CA -Operating system version. +Country ISO code. -- -*`host.architecture`*:: +*`host.geo.region_iso_code`*:: + -- type: keyword -example: x86_64 +example: CA-QC -Operating system architecture. +Region ISO code. + + +-- + +*`host.geo.name`*:: ++ +-- +type: keyword + +example: boston-dc + +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. -- @@ -1283,7 +1568,7 @@ Operating system architecture. [float] == http fields -Fields related to HTTP requests and responses. +Fields related to HTTP activity. @@ -1297,6 +1582,18 @@ example: GET, POST, PUT Http request method. +-- + +*`http.request.referrer`*:: ++ +-- +type: keyword + +example: https://blog.example.com/ + +Referrer for this HTTP request. + + -- *`http.response.status_code`*:: @@ -1314,7 +1611,7 @@ Http response status code. *`http.response.body`*:: + -- -type: text +type: keyword example: Hello world @@ -1375,186 +1672,448 @@ Field is not indexed. [float] == network fields -Fields related to network data. +The network is defined as the communication path over which a host or network event happens. The network.* fields should be populated with details about the network activity associated with an event. *`network.name`*:: + -- -type: text +type: keyword example: Guest Wifi Name given by operators to sections of their network. -*`network.name.raw`*:: +-- + +*`network.type`*:: + -- type: keyword -Name given by operators to sections of their network. +example: IPv4 +In the OSI Model this would be the Network Layer. IPv4, IPv6, IPSec, PIM, etc --- -- -*`network.protocol`*:: +*`network.iana_number`*:: + -- type: keyword -example: http +example: 6 -Network protocol name. +IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Standardized list of protocols. This aligns well with NetFlow and sFlow related logs which use the IANA Protocol Number. -- -*`network.direction`*:: +*`network.transport`*:: + -- type: keyword -example: inbound +example: TCP -Direction of the network traffic. -Recommended values are: - * inbound - * outbound - * unknown +Same as network.iana_number, but instead using the Keyword name of the transport layer (UDP, TCP, IPv6-ICMP, etc.) -- -*`network.forwarded_ip`*:: +*`network.application`*:: + -- -type: ip +type: keyword -example: 192.1.1.2 +example: AIM -Host IP address when the source IP address is the proxy. +A name given to an application. This can be arbitrarily assigned for things like microservices, but also apply to things like skype, icq, facebook, twitter. This would be used in situations where the vendor or service can be decoded such as from the source/dest IP owners, ports, or wire format. -- -*`network.inbound.bytes`*:: +*`network.protocol`*:: + -- -type: long +type: keyword -example: 184 +example: http -Network inbound bytes. +L7 Network protocol name. ex. http, lumberjack, transport protocol -- -*`network.inbound.packets`*:: +*`network.direction`*:: + -- -type: long +type: keyword -example: 12 +example: inbound + +Direction of the network traffic. +Recommended values are: + * inbound + * outbound + * internal + * external + * unknown -Network inbound packets. +When mapping events from a host-based monitoring context, populate this field from the host's point of view. +When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of your network perimeter. -- -*`network.outbound.bytes`*:: +*`network.forwarded_ip`*:: + -- -type: long +type: ip -example: 184 +example: 192.1.1.2 -Network outbound bytes. +Host IP address when the source IP address is the proxy. -- -*`network.outbound.packets`*:: +*`network.community_id`*:: + -- -type: long +type: keyword -example: 12 +example: 1:hO+sN4H+MG5MY/8hIrXPqc4ZQz0= -Network outbound packets. +A hash of source and destination IPs and ports, as well as the protocol used in a communication. This is a tool-agnostic standard to identify flows. +Learn more at https://github.com/corelight/community-id-spec. -- -*`network.total.bytes`*:: +*`network.bytes`*:: + -- type: long example: 368 -Network total bytes. The sum of inbound.bytes + outbound.bytes. +Total bytes transferred in both directions. +If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. -- -*`network.total.packets`*:: +*`network.packets`*:: + -- type: long example: 24 -Network outbound packets. The sum of inbound.packets + outbound.packets +Total packets transferred in both directions. +If `source.packets` and `destination.packets` are known, `network.packets` is their sum. -- [float] -== organization fields +== observer fields -The organization fields enrich data with information about the company or entity the data is associated with. These fields help you arrange or filter data stored in an index by one or multiple organizations. +An observer is defined as a special network, security, or application device used to detect, observe, or create network, security, or application-related events and metrics. This could be a custom hardware appliance or a server that has been configured to run special network, security, or application software. Examples include firewalls, intrusion detection/prevention systems, network monitoring sensors, web application firewalls, data loss prevention systems, and APM servers. The observer.* fields shall be populated with details of the system, if any, that detects, observes and/or creates a network, security, or application event or metric. Message queues and ETL components used in processing events or metrics are not considered observers in ECS. -*`organization.name`*:: +*`observer.mac`*:: + -- -type: text +type: keyword -Organization name. +MAC address of the observer -- -*`organization.id`*:: +*`observer.ip`*:: + -- -type: keyword +type: ip -Unique identifier for the organization. +IP address of the observer. -- -[float] -== os fields +*`observer.hostname`*:: ++ +-- +type: keyword -The OS fields contain information about the operating system. These fields are often used inside other prefixes, such as `host.os.*` or `user_agent.os.*`. +Hostname of the observer. +-- -*`os.platform`*:: +*`observer.vendor`*:: + -- type: keyword -example: darwin +observer vendor information. -Operating system platform (such centos, ubuntu, windows). + +-- + +*`observer.version`*:: ++ +-- +type: keyword + +Observer version. + + +-- + +*`observer.serial_number`*:: ++ +-- +type: keyword + +Observer serial number. + + +-- + +*`observer.type`*:: ++ +-- +type: keyword + +example: firewall + +The type of the observer the data is coming from. +There is no predefined list of observer types. Some examples are `forwarder`, `firewall`, `ids`, `ips`, `proxy`, `poller`, `sensor`, `APM server`. + + +-- + +[float] +== os fields + +The OS fields contain information about the operating system. + + + +*`observer.os.platform`*:: ++ +-- +type: keyword + +example: darwin + +Operating system platform (such centos, ubuntu, windows). + + +-- + +*`observer.os.name`*:: ++ +-- +type: keyword + +example: Mac OS X + +Operating system name. + + +-- + +*`observer.os.family`*:: ++ +-- +type: keyword + +example: debian + +OS family (such as redhat, debian, freebsd, windows). + + +-- + +*`observer.os.version`*:: ++ +-- +type: keyword + +example: 10.12.6-rc2 + +Operating system version as a raw string. + + +-- + +*`observer.os.kernel`*:: ++ +-- +type: keyword + +example: 4.4.0-112-generic + +Operating system kernel version as a raw string. + + +-- + +[float] +== geo fields + +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + + + +*`observer.geo.location`*:: ++ +-- +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +Longitude and latitude. + + +-- + +*`observer.geo.continent_name`*:: ++ +-- +type: keyword + +example: North America + +Name of the continent. + + +-- + +*`observer.geo.country_name`*:: ++ +-- +type: keyword + +example: Canada + +Country name. + + +-- + +*`observer.geo.region_name`*:: ++ +-- +type: keyword + +example: Quebec + +Region name. + + +-- + +*`observer.geo.city_name`*:: ++ +-- +type: keyword + +example: Montreal + +City name. + + +-- + +*`observer.geo.country_iso_code`*:: ++ +-- +type: keyword + +example: CA + +Country ISO code. + + +-- + +*`observer.geo.region_iso_code`*:: ++ +-- +type: keyword + +example: CA-QC + +Region ISO code. + + +-- + +*`observer.geo.name`*:: ++ +-- +type: keyword + +example: boston-dc + +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. + + +-- + +[float] +== organization fields + +The organization fields enrich data with information about the company or entity the data is associated with. These fields help you arrange or filter data stored in an index by one or multiple organizations. + + + +*`organization.name`*:: ++ +-- +type: keyword + +Organization name. + + +-- + +*`organization.id`*:: ++ +-- +type: keyword + +Unique identifier for the organization. + + +-- + +[float] +== os fields + +The OS fields contain information about the operating system. + + + +*`os.platform`*:: ++ +-- +type: keyword + +example: darwin + +Operating system platform (such centos, ubuntu, windows). -- @@ -1614,12 +2173,45 @@ These fields contain information about a process. These fields can help you corr +*`process.pid`*:: ++ +-- +type: long + +Process id. + + +-- + +*`process.name`*:: ++ +-- +type: keyword + +example: ssh + +Process name. +Sometimes called program name or similar. + + +-- + +*`process.ppid`*:: ++ +-- +type: long + +Process parent id. + + +-- + *`process.args`*:: + -- type: keyword -example: ['-l', 'user', '10.0.0.16'] +example: ['ssh', '-l', 'user', '10.0.0.16'] Process arguments. May be filtered to protect sensitive information. @@ -1627,46 +2219,255 @@ May be filtered to protect sensitive information. -- -*`process.name`*:: +*`process.executable`*:: + -- type: keyword -example: ssh +example: /usr/bin/ssh -Process name. -Sometimes called program name or similar. +Absolute path to the process executable. -- -*`process.pid`*:: +*`process.title`*:: ++ +-- +type: keyword + +Process title. +The proctitle, some times the same as process name. Can also be different: for example a browser setting its title to the web page currently opened. + + +-- + +*`process.thread.id`*:: + -- type: long -Process id. +example: 4242 + +Thread ID. -- -*`process.ppid`*:: +*`process.start`*:: ++ +-- +type: date + +example: 2016-05-23T08:05:34.853Z + +The time the process started. + + +-- + +*`process.working_directory`*:: ++ +-- +type: keyword + +example: /home/alice + +The working directory of the process. + + +-- + +[float] +== related fields + +This field set is meant to facilitate pivoting around a piece of data. Some pieces of information can be seen in many places in ECS. To facilitate searching for them, append values to their corresponding field in `related.`. A concrete example is IP addresses, which can be under host, observer, source, destination, client, server, and network.forwarded_ip. If you append all IPs to `related.ip`, you can then search for a given IP trivially, no matter where it appeared, by querying `related.ip:a.b.c.d`. + + + +*`related.ip`*:: ++ +-- +type: ip + +All of the IPs seen on your event. + + +-- + +[float] +== server fields + +A Server is defined as the responder in a network connection for events regarding sessions, connections, or bidirectional flow records. For TCP events, the server is the receiver of the initial SYN packet(s) of the TCP connection. For other protocols, the server is generally the responder in the network transaction. Some systems actually use the term "responder" to refer the server in TCP connections. The server fields describe details about the system acting as the server in the network event. Server fields are usually populated in conjunction with client fields. Server fields are generally not populated for packet-level events. + + + +*`server.ip`*:: ++ +-- +type: ip + +IP address of the server. +Can be one or multiple IPv4 or IPv6 addresses. + + +-- + +*`server.port`*:: ++ +-- +type: long + +Port of the server. + + +-- + +*`server.mac`*:: ++ +-- +type: keyword + +MAC address of the server. + + +-- + +*`server.domain`*:: ++ +-- +type: keyword + +Server domain. + + +-- + +*`server.bytes`*:: + -- type: long -Process parent id. +example: 184 + +Bytes sent from the server to the client. + + +-- + +*`server.packets`*:: ++ +-- +type: long + +example: 12 + +Packets sent from the server to the client. + + +-- + +[float] +== geo fields + +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + + + +*`server.geo.location`*:: ++ +-- +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +Longitude and latitude. + + +-- + +*`server.geo.continent_name`*:: ++ +-- +type: keyword + +example: North America + +Name of the continent. + + +-- + +*`server.geo.country_name`*:: ++ +-- +type: keyword + +example: Canada + +Country name. + + +-- + +*`server.geo.region_name`*:: ++ +-- +type: keyword + +example: Quebec + +Region name. + + +-- + +*`server.geo.city_name`*:: ++ +-- +type: keyword + +example: Montreal + +City name. + + +-- + +*`server.geo.country_iso_code`*:: ++ +-- +type: keyword + +example: CA + +Country ISO code. + + +-- + +*`server.geo.region_iso_code`*:: ++ +-- +type: keyword + +example: CA-QC + +Region ISO code. -- -*`process.title`*:: +*`server.geo.name`*:: + -- type: keyword -Process title. -The proctitle, often the same as process name. +example: boston-dc + +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. -- @@ -1697,11 +2498,12 @@ Example: If you are experiencing issues with one redis instance, you can filter -- type: keyword -example: elasticsearch +example: elasticsearch-metrics Name of the service data is collected from. -The name can be used to group and correlate logs and metrics from one service. -Example: If logs or metrics are collected from Redis, `service.name` would be `redis`. +The name of the service is normally user given. This allows if two instances of the same service are running on the same machine they can be differentiated by the `service.name`. +Also it allows for distributed services that run on multiple hosts to correlate the related instances based on the name. +In the case of Elasticsearch the service.name could contain the cluster name. For Beats the service.name is by default a copy of the `service.type` field if no name is specified. -- @@ -1711,7 +2513,11 @@ Example: If logs or metrics are collected from Redis, `service.name` would be `r -- type: keyword -Service type. +example: elasticsearch + +The type of the service data is collected from. +The type can be used to group and correlate logs and metrics from one service type. +Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. -- @@ -1755,7 +2561,7 @@ This id normally changes across restarts, but `service.id` does not. [float] == source fields -Source fields describe details about the source of the event. +Source fields describe details about the source of a packet/event. Source fields are usually populated in conjunction with destination fields. @@ -1798,40 +2604,71 @@ type: keyword Source domain. +-- + +*`source.bytes`*:: ++ +-- +type: long + +example: 184 + +Bytes sent from the source to the destination. + + +-- + +*`source.packets`*:: ++ +-- +type: long + +example: 12 + +Packets sent from the source to the destination. + + -- [float] == geo fields -Geolocation for source. +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. -*`source.geo.continent_name`*:: + +*`source.geo.location`*:: + -- -type: keyword +type: geo_point -Name of the continent. +example: { "lon": -73.614830, "lat": 45.505918 } + +Longitude and latitude. -- -*`source.geo.country_iso_code`*:: +*`source.geo.continent_name`*:: + -- type: keyword -Country ISO code. +example: North America + +Name of the continent. -- -*`source.geo.location`*:: +*`source.geo.country_name`*:: + -- -type: geo_point +type: keyword -Longitude and latitude. +example: Canada + +Country name. -- @@ -1841,6 +2678,8 @@ Longitude and latitude. -- type: keyword +example: Quebec + Region name. @@ -1851,9 +2690,23 @@ Region name. -- type: keyword +example: Montreal + City name. +-- + +*`source.geo.country_iso_code`*:: ++ +-- +type: keyword + +example: CA + +Country ISO code. + + -- *`source.geo.region_iso_code`*:: @@ -1861,15 +2714,31 @@ City name. -- type: keyword +example: CA-QC + Region ISO code. +-- + +*`source.geo.name`*:: ++ +-- +type: keyword + +example: boston-dc + +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. + + -- [float] == url fields -URL fields provide a complete URL, with scheme, host, and path. The URL object can be reused in other prefixes, such as `host.url.*` for example. Keep the structure consistent whenever you use URL fields. +URL fields provide a complete URL, with scheme, host, and path. @@ -1878,11 +2747,24 @@ URL fields provide a complete URL, with scheme, host, and path. The URL object c -- type: keyword -example: https://elastic.co:443/search?q=elasticsearch#top +example: https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch + + +Unmodified original url as seen in the event source. +Note that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path. +This field is meant to represent the URL as it was observed, complete or not. + + +-- + +*`url.full`*:: ++ +-- +type: keyword + +example: https://www.elastic.co:443/search?q=elasticsearch#top -Full url. The field is stored as keyword. -`url.href` is a [multi field](https://www.elastic.co/guide/en/ elasticsearch/reference/6.2/ multi-fields.html#_multi_fields_with_multiple_analyzers). The data is stored as keyword `url.href` and test `url.href.analyzed`. These fields enable you to run a query against part of the url still works splitting up the URL at ingest time. -`href` is an analyzed field so the parsed information can be accessed through `href.analyzed` in queries. +If full URLs are important to your use case, they should be stored in `url.full`, whether this field is reconstructed or present in the event source. -- @@ -1900,15 +2782,15 @@ Note: The `:` is not part of the scheme. -- -*`url.hostname`*:: +*`url.domain`*:: + -- type: keyword -example: elastic.co +example: www.elastic.co -Hostname of the request, such as "elastic.co". -In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `hostname` field. +Domain of the request, such as "www.elastic.co". +In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field. -- @@ -1928,42 +2810,22 @@ Port of the request, such as 443. *`url.path`*:: + -- -type: text - -Path of the request, such as "/search". - - -*`url.path.raw`*:: -+ --- type: keyword -URL path. A non-analyzed field that is useful for aggregations. - +Path of the request, such as "/search". --- -- *`url.query`*:: + -- -type: text +type: keyword The query field describes the query string of the request, such as "q=elasticsearch". The `?` is excluded from the query string. If a URL contains no `?`, there is no query field. If there is a `?` but no query, the query field exists with an empty string. The `exists` query can be used to differentiate between the two cases. -*`url.query.raw`*:: -+ --- -type: keyword - -URL query part. A non-analyzed field that is useful for aggregations. - - --- - -- *`url.fragment`*:: @@ -2019,8 +2881,21 @@ One or multiple unique identifiers of the user. -- type: keyword -Name of the user. -The field is a keyword, and will not be tokenized. +example: albert + +Short name or login of the user. + + +-- + +*`user.full_name`*:: ++ +-- +type: keyword + +example: Albert Einstein + +User's full name, if available. -- @@ -2044,6 +2919,16 @@ Unique user hash to correlate information for a user in anonymized form. Useful if `user.id` or `user.name` contain confidential information and cannot be used. +-- + +*`user.group`*:: ++ +-- +type: keyword + +Group the user is a part of. This field can contain a list of groups, if necessary. + + -- [float] @@ -2056,19 +2941,25 @@ The user_agent fields normally come from a browser request. They often show up i *`user_agent.original`*:: + -- -type: text +type: keyword + +example: Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1 Unparsed version of the user_agent. +Field is not indexed. + -- -*`user_agent.device`*:: +*`user_agent.name`*:: + -- type: keyword -Name of the physical device. +example: Safari + +Name of the user agent. -- @@ -2078,134 +2969,201 @@ Name of the physical device. -- type: keyword -Version of the physical device. +example: 12.0 + +Version of the user agent. -- -*`user_agent.major`*:: +*`user_agent.device.name`*:: + -- -type: long +type: keyword -Major version of the user agent. +example: iPhone + +Name of the device. -- -*`user_agent.minor`*:: +[float] +== os fields + +The OS fields contain information about the operating system. + + + +*`user_agent.os.platform`*:: + -- -type: long +type: keyword -Minor version of the user agent. +example: darwin + +Operating system platform (such centos, ubuntu, windows). -- -*`user_agent.patch`*:: +*`user_agent.os.name`*:: + -- type: keyword -Patch version of the user agent. +example: Mac OS X + +Operating system name. -- -*`user_agent.name`*:: +*`user_agent.os.family`*:: + -- type: keyword -example: Chrome +example: debian -Name of the user agent. +OS family (such as redhat, debian, freebsd, windows). -- -*`user_agent.os.name`*:: +*`user_agent.os.version`*:: + -- type: keyword -Name of the operating system. +example: 10.12.6-rc2 + +Operating system version as a raw string. -- -*`user_agent.os.version`*:: +*`user_agent.os.kernel`*:: + -- type: keyword -Version of the operating system. +example: 4.4.0-112-generic + +Operating system kernel version as a raw string. -- -*`user_agent.os.major`*:: +*`beat.name`*:: + -- -type: long +type: alias -Major version of the operating system. +alias to: agent.type + +-- + +*`beat.hostname`*:: ++ +-- +type: alias +alias to: agent.hostname -- -*`user_agent.os.minor`*:: +*`agent.hostname`*:: + -- -type: long +type: keyword -Minor version of the operating system. +Hostname of the agent. -- -*`beat.name`*:: +*`user_agent.patch`*:: + -- -type: alias +type: keyword + +Patch version of the user agent. -alias to: agent.type -- -*`beat.hostname`*:: +*`user_agent.minor`*:: + -- -type: alias +type: keyword + +Minor version of the user agent. -alias to: agent.hostname -- -[[exported-fields-functionbeat]] -== Functionbeat fields +*`user_agent.major`*:: ++ +-- +type: keyword -None +Major version of the user agent. -[[exported-fields-host-processor]] -== Host fields -Info collected for the host machine. +-- + +*`user_agent.device`*:: ++ +-- +type: keyword +Name of the physical device. +-- -*`host.os.kernel`*:: +*`user_agent.os.major`*:: ++ +-- +type: long + +Major version of the operating system. + + +-- + +*`user_agent.os.minor`*:: ++ +-- +type: long + +Minor version of the operating system. + + +-- + +*`url.hostname`*:: + -- type: keyword -The operating system's kernel version. +Hostname of the request, such as "elastic.co". -- +[[exported-fields-functionbeat]] +== Functionbeat fields + +None + +[[exported-fields-host-processor]] +== Host fields + +Info collected for the host machine. + + [[exported-fields-kubernetes-processor]] == Kubernetes fields diff --git a/x-pack/functionbeat/include/fields.go b/x-pack/functionbeat/include/fields.go index 9c812456674..0a633e365a5 100644 --- a/x-pack/functionbeat/include/fields.go +++ b/x-pack/functionbeat/include/fields.go @@ -18,5 +18,5 @@ func init() { // Asset returns asset data func Asset() string { - return "eJzkff1zGzmu4O/5K1hO1U2yJ8ufcTJ+tfdeNh8zrp1MUnFyc3U7WxbVDUl8bpEdkm1Zc+/+9yuCZDfZzZZbljL7w3mqxnF/ACAIggAIoA/JLawvCWTqCSGa6QIuybs3108IyUFlkpWaCX5J/scTQoi5QWYMilyNnxD3r0u8g/87JJwu4ZLQOXCNV2qQr4NLcymq8pKcuj8TeMzPlwVYQA4PyQTXlHGiF0ByqimhU1Fp/BOfO8oKZn6pBStLkEQvqK6hZRKohhyfhjvgeuxuzYTQXGgIUb+7p8uyAHVJriy6jCogYkb+BlQrMhOSFGKuRg3usRk4YYrMWAFToHpM3gtJXn/6MCJMmxt6ATV8OyxZcc74nLgh0bI8UiDvWAbjYPCMz4RcUsMdkgtQhAtNsgXlcyBsVoNEhjBFlHlHL6So5gvyrYLKYFBrpWGpSMFugfydzm7piHyGnKkREZKUUmSgVPBgDVVV2YJQRX4Rc6WpWhA7JnIN8g6kZ6Fel3BpZ9UzNZCMUDDuQComeH3dv3sL65WQeXC9RyjMz/+0QMx8NPxvhND+gJ3CS3IxPh4fH8rstEOMQb0bJb+aSR9GhpeLDhULobT5126U/OygtKjpYGP5bni+cvatAsJy4JrNGEiLkCknrc/YjAgOBO6Z0up5hx/12rrE9WHXE76/ElWRkykQXD0sH6e4+Iqez14cH+edcUG5gCVIWtzsOsJ3HtIug/xiHmY54WbpFsXaLVhFaCaFUkSC0lRqNSLTSpOJnS2WT+oVvmn0s67CnVIFsb79W3PFqduTh9WtAUMUaK9qFaFF4dXvasGMMpBAhFVYWpSkgDsoUF0p8A+aRzKxXAruh2ugmKlQhpGofdX2uuPgPzRbGr4ty4POFOdUhytIwreKScgviZZVeKNcUAWX5CzF3oPT45OLw+MXh6dnX45fXR6/uDw7H796cfa/D4ZJzluq4cjQSFYL4M1OQ4Rkc8bN9pMQlfd2M3FssWJmtwscVBLgiioyBw7SwBwRyvMIpNkh8A1mH5VAU5g/OyZZjuOuZiYqnJ+uzqRzNWB9NTz9x+8HpRR5lRmO/X4wIr8fAL87/f3gnwO5+gtT2oiNQ6JIpcw2LgwpBGi2CLfzDr0FnULRpVhM/xMynSL4/9zC+uSS3NGigpORwXrq/jr9v8MI/jusj/AFUlIm24w0P28oN4rOD4TmOVmC2b6DrV4LPxHkeoGqEfd9ZwJxUBriSbdDUmPyuigswXYlKi3MHFPlObhJJ09ykd2CnBiRIpPbV2riONjD3iUoRefdvUvDve6uupOkhPwMRSHIb0IW+UCR6CwZ8IQ4Ua7Vl7llnnS3E0O/4kToBUgzG2jmJeHFE5YJnlENPNY5hORsNgNpFqjjf6MytVmOMwlQrIkCKrMFnRYwJlczsqwKzcoiBuXwK7vHoKG59mRkYjllHHLCuBa4EXWH5ycoK0SVxzvDm+DSMEv8vdXrEgprQgtrExs4xiBkfCap0rLKdGWH6mamsXftjmAszJkUy4Gm94x8AC1ZZgwCoxK9vWz2FU7evTlF2wlFdQY6W4CyVrBBQViA3jw2Cmg26yyWkcidYIosabZg3M5PQ0QNUFZcIRlEwlJo8M8TUWnFcghwpamjxFn6IcjQGcCXLc0tkbZgG1AorQ596GM4BDHjtt91SynuWA4ytXQhMKp3tp/tuDy6sReEUJVBdjoi8wyM19JaeHOmaSEyoLxHU9E7ygo6ZQXT65s/BIfUgCp1CFTpw5Nst3G9DpARg8xMq1UGKF4ot83E9JAsYT7MV+rSP4zMz4jgUbQxrjTlGYwHmds1gezw5PTs/MXFy1c/HtNplsPseBipVw4fuXrrBQYJ9Qv1ASp3d7BqAkIvawAJ/u5AZ7PmlD4dLyFn1XIYeR+8BliX21BHs0xU6HpsQ9vFxcXLly9fvXr1448/DiPvS6MPLUazbwg5p5z9Ye0dltfbq/O71s1+GsEyNzUDZeSW2t3z0GzGXBPgd0wKvkx54uHW8vq365oQlo/IT0LMC7A7I/n4+SdylWNkxFkG6PNGoBrXMLXnWlVd60y/77YuD9t767dC7wo5Zez1jtnYhMRUCRmbsaxDDsHAmPcxlKhkhiITgGk5dAsoSpIJaQ0Au/cYV7ERjhqHcvsbXxsFYnyX7bcc9+Ju6/WzBUKWlNO52fxQudV0Jv1ra/x2tch+YiY1bhIGN2okS2PA7a6nwi0VYdrNtcZt/MFpxQodWANtKjSd70ZEI7SOBDrv4tp9rA0aA6uLYajzZy/cPGZXwOF1XCRPQA5KG8e/2cadLnjbuTFMGwTv+cVpn5wCyUFTVqhABQTojUjQGkxJs1vQR1EcfPj6ZGWHpdGlTfz6ZLxdCUp5GQ1o7PeUjQVltJ3zlMjVp7tzc+Hq092FBwgqEe4shdQdYgvB58PI/SSkThKa2uZ3k+UPr99sZE0HYy6WlA2xDhPO96YgViAzFkUC9xxEB3EoOW0cEYafQBQiczIsZFcC7E9b+uL9lXHg+qalQvp5sHHILT/EQw/GHeKuuJbrG6bETSbyvWB/Y2GSq+uPxMBMIvYsSyCcg7gpBWuZSRtR/iL4nOkqB/RPC6rxjyRi64XsjdXO57AKO8Vg45/tC9kb43/1onIj2+dUutG1ZrLZDgKXv94JgmtDNwF07Nv2oBbeezaKhJm3aNFjHEaU9BmEaELERiGaUO6chpIZk7CiRTEiHPRKyFsHd0RAZ9vvK99Hh0YD/U5bGJ7ZdpB8n5O9Pmx3wPMoLJKMxG7U/ChWFk408QlcezjGrfEhrC4SBZLR4oZXyyl0x/UYVBYisRC7CI2/8IfgMBazmQI9VtCVx+G2wxcHjVhokVPOOFGQCZ6nTgd+RfLM8+4ZG3hld2CW+NcvbzAqaWA5yEyRw+OTy7PjKP5nfuwxxIoVhVmwhy/Oj4+Tjg/e6fJj5/Nx4/aHEQkru03EFdVJKyzcBiAxhMmNcoMcZhj4LtyZkIe3LkGNybVYgh8T6sUI1AR4jrvkZEQmXnOZf7Nc4a8Sf5VS3K8nSS75l7p2PkgpWt7+u+DS4HyXxuXOKCcSSgmYz4HwUd8Yx/qW8XxMvipk5BJtKPdAlPGyoGUJGNorwIagDaPdmQmucHfesUImN6eLTCsoZsEZMLfwo/nZwl3Ye8qBGTGS26Fq65OpTYkABnrPyVFjDuY7LhGLxcDxnpwNVnRHVwvbXSe56t3dY5Kr7Gynwkpm6uFe9xkPuHRRSB7hPO5HGq7eGmVY+76drC6yMWsk4RTVM0o1zIVc7ziryFoPqy9BxJ3nUcN44wdZ5Ra/1RrKEg+jVFoad1fYr626nrM74PacjynUN3XihjsqCE9EjcTg1HePC+qhogp3uTB+oNM1zpsZfHKsfM74/aHSVKvDjeOmmd7ZGsGEO4RDMlrqSjYEWsGKNjP3JO6sd1Sucf+K4NlMOsND969phTt1wW6hWGOYm2cFemAISxlsCrJKGp/FHd6pUQzTZeNNC5Hd4oGeJN8qKqnxWBmf/5u5uYKiML+XQoJNEmFZjcNAiEBSRQoxZ9ztCyPMUyPsSLjEwPu1md4VlXmzeaT3aWdsPGaiJdQBua4eF3lV7DEmauFZwR5qgxj5DTRh/EYA1eWmMO7y2oSsEyfTi3mtvhXpYRvSFHRjV48etwPYM3eZ4BmUaFNRMnHPTsgzIw3GxDzyigf0czP+eJxUBbFFK6hTZ/I6xozJlY5P3EOGWpVi2FpJCVwX6xiazWBhvCHCpttSngeX3MwKSRzV4zgqHDAedUqa8QruwCzBhyz/jSktLwcmslw7ZPVG5lxwf9nNnVNAvxkvHecyeS5Wv+VOzJdAOerpO5DBWRqZgl4B8CbhxUzOD4pUJdEigmjPEMoClsA1SKO0lvQWiKpkTSQDn/DHFVPaIHBJfxvzyFxKXDFAwBOcfkq+GvHRFacatalZoo79VgNpohZixe2pVaaLNVmDNoL6XyQXNkFOyNsIJONE06lZxUaFRreuFPlvT09Oz//NB0lq07wOrv8XJtsJeWsIwbWEhlRjYEcAbcCGZbcqKZ8H11CSkx/J8avL04vLk2PrNb559/7y2NJx7TYK+1c0aWbaJFCNB18g7RMnY/fiyfFx8p2VkEuzO2Sg1KwyyltpUZaQ+9fsbyWzv54cj81/Jy0IudJ/PR2fjE/Hp6rUfz05PTsduAoI+UxXaJjXaVfG2uCayVr2v7oIVw5LwZWWVNvELsY1zA0nEorNqW6bP+OkgvEc7sGm5eQiuwmyS3KmzPTnVldRbh6fQguizd2C3CbuMu0NIWnUENwZa8jsCZMbG0aLHEnEfUlmtFAh2IaM8F5nxSyoWjxutTRi1SRfpP71+m9v3g6esp+pWpBnJcgFLdGGsPUBM8bnIEvJuH5uZlHSlZsALdDWnZrNV7RlZ+Csbh9/6k0EfsAUdBhS+YT+FuXegxISC2Nobta5Ilr0WREWmlr4EKqL12J2ZkntWVOT0lrrW6ZJKZRi01aSIK4HDRk+aTdRQ0eHwCmYzStlt9nV5V9gCjPaoqxg3GMrpW0iIuZcNDnC5Cp15jCtMx9Dapr4wgN8Am8GkICu4/HJOB27wjs9RlQl22cm20bx3joQ0VZsuMApF+kYXu1J2oqjDvJWqvoG5HZ2fOVSO2ExmRXuHu4TwDqD3vA0Z0oznmmrsv4juMftiUBwySPv2AeueAi3M/fw2CfoIqkKiF6J5m7t9qatGGrH1yLGqoWCcWv0tQbObIq7jYRZuYhgTtfkvSu/QU2PGwGGkzJajMmkGefEynpYaVbfi6fmXkuaaa/vQwpHrXmria2HwMKU/FDwlbFq7QELLUvrJpY0uzVbovVKjddh43WJyenEf5tHEvT6MxuPwDA2TXlXKB+QtSsbWrT8iyff8L/m/SgcRaMWjXXUlxPJ1O2NyoTsuoSzQtCBob3PTN0ShGLdXCY65jZ5BuP5OPDIRVGhD/08nravCshaVNK5+T+o2rR1DrGZrAcHc2N85l1G9Cv63OwPyBHqA4Mb2eRlldECba1jI2gn/nAgGb1ZUsaLtZmaWVUQNjODRhcC4wx6QTlmafiwh1EfVCk2b6mMhjiFdSsIZkXtZqcACHXhAxyK5WBQROTqExNRUePzOUytCKiLkb5vHuhNcy/q+Ls/SY2TanBvNpiGxj3rPBSqG+MtEYiOKPpE9cIn2YfIiE2AuenNm6Or3eIFHcT17JtZ4YeU02L9R20a+FNjKxMRJKwlms8lzHH3jLfIppZIzkHfbMWbL/gO8hORqPWyYDx0o9I86uPSo0/698ergdyCew08snrTlPdSjeJdQ+ksdSTf6WBaFGJFgKq1GZsG3HamaxscrEEETK+tsdIZVu2pDiPTA+hGWjHYiiGoEcmZxIxcN9/PkyxqZzU8jOetP5Dsy39o1l8LF+Ph0c8AVFfmhSZw4E95bLyV1/+2Gi6JsgrOTrac+y8u/Equ3pJnX6/ePkde+r0tOFp7do03m8ETseIgk/Tgna1nFd/6AVeCbAJ0LdDz7Yb6SbIllWuriHGMP7WGkcYSpaxtjSfMyujFsXxYTBpX5uL8OI34g5GdcFYYJyLTtGhFopIkKPZHm4TIAerOkXnDoJiuNSizBF0ERRgTgOa5tw0nBtqEsHiPnxgKJ+kluowyuxMOUUTML1RpNB7toPFY0hmfS5Ebic2TWLJdsCxBUzwZsDXbecLYaPIfnXHxU31h2PHrTyDCk/6MSrkOi9Bok75f50oG5Xfes6/hCWloioLquKlwcvXJItr+pLY3zXLXQq8mwbKLsje78lHp4e28yja+RFJlf0rlphrlnnTKNr50LuVjqhvCLMoOFxMplI9hX5M8SdoLYCFUKwXh5+bKsCVgXmhb26H8huKO+MbktY2D+2PzGlS5WCvjTvpipxGh5I5JXYWXzHIgb7HCo10GUgP61Z9cBpla0blfqwS2LvtsKuigtTKjUv2jTBQFZNrHj8OqXjwSqGMixdr4WBwgh0cs3f/vMtk2Rb2b5LYOn3ZfJCiYvveP50q7RDAVIbFi7ANNK2OATvy7EyJBV9LWGH/l7N77va4guCpaJ6TfKlrgbuhS9nFgTuSRGLebtM7ibcwJeFzea8absbwO4lrWa2He6eV5h7WD8ny2K01wqT9W7lJhp9eqYb8776HFiq6VK+EbYcDCHfnYEIUEPCdlfN52yxi3cZ1BNYWXUdy68mdYE+xlg1OaqLV6fA4y6k5W+kTk/tLT3YT7Z1dA+gCePeSJurSansXyXkhXm+nLw12fFKc6oxJ4Awr7XE3qEtpJHLK7mpG75cgXBLqYY1QlNwpDyUElaLAbRBAbEeoXG/uTXjRPycfS7BDGKby2EbQUqtrxUuOyoHqWihluxfcGq4vbebDkWQZcCzUi1bTiuhqRFeO5WCmb2v88pWdzKleuIClF8UBd2xxWfqAZ+XhN/tfAI8nOWDrOZUTOjC5ZMSTLryEohymjfCg518SiIM8k5AuqR8S+P8I2IFOVJ3maInX4aWdw0ns8PjkdXzyWd1FSfocmKrMF04DtPrai6v7Vxc3F+WOJCtGmbFKty5ZN+uXLp61s0m6jEwMCj0RBaYXWvQRVCo7lhuGwBxU2WzjjJeiF2DEP9metSw+QWIDJ49Gf3n0ZkU8fr83/v35JkGRHM1aa6kqlva7hpqKjysIkFmbL9wpoOz8+7ydoKvLu8hyevf3FGUooFg1JBmqSFtuFaCVk0W0ut5dyF2RNp9gloOBkfNIV6kLMY5n+pb6wWYab1kN1JEGLoGvS9tKLrd5248EvYm7BeOu4piex63fKOcjkt9eff52MyOTd58/m19Wv7z+mSzXeff7c1aQ7pZz152YVIqMFGqUf1mZAoXrbKuWnl30twW4axNVHjUGPK1RSUa4ALoPgiQjcFGYChaRgGpUt06TCU/e62rqkMpn0e2X9F4nhM+sQTxyKiTv2aJLFvadDeXAWbSBHIAOxcJCcnZbIw/GDH3UGOE65Wgt6B4QWEmi+JsrIlg0h2giQwgN3hrVFt0CAZyJ3GdYc4gOjgnFQ2PjpzrUDK4ByTJ98sNvYoxLSiBIu0+yHTkbatwokunWuNsM6a4OS0iI945IBYl3za3TxsVtoXRtKNd1e6yTNxuHbAAYebTnDdE0EmhRYKSWIApcUb4WOSU9peh/FjfY3NmPB3b6zxv7Txk3njQ+cOO4ymA5bSym0yMSO+vxXn0LioJHejOvAOAvO65iEPZRuvPVgvPrwEqclnc1YlliHnyETyyXw3CcZ4Iq7bHH8L4Txqah4e5r+QkSl0zcqfsvFiqdYEMLqsMIVWUB+s2tYIKhPrjOP3JlmcMttIFjhkbZGfjwdn4xPxqcxvU9dOzzVGYEb3hjPjHYwIb1MOXj2DCpN4quu+eipsB1O9kmHg5impNtc2kvI3vjhAW7JkJqO/XGkpmRLlmihabE3fiA0xwwbyKyWto1VwHfy31sTkaT17OJVD7HfkWkpmt29kOouBTXZp+fdfTzsqRZv5h+7d4aXikat2tyhDXBpjDs8tVwxveipFs3EsqR8bSwp7NzWOHVhGThVSmTMZh0yvUg1IFuLilApsfG9LfLRIC2ApkKIcmtR4QYZdw2q8YaDeYQftKNFEs7DphjV9yubDsc/jqVHtWSmFZXcWm4+Xrc/3pAWEtGK9YxDKHFncTHTtnjJzDc2W7Wx2VLCjN2DGtVlknieMhZq/JeJkYNJpUDe2FbreHH7qf/uUVckvSf0+jzds66Juj4opH9OtDUk40+MsvpZfyja+nyXdiadAOuhzIaWOfUFWbF8EgtllJZ1CXVI3y1IPij00pB3Pj4fHx+enJweuhLgxxJpcW+mNdIhriAgViSfoouP6YfRqz6ox9ijM9D39/tH08TS1Y3GdahmF6vhEZYfRcvIdW4OPXyr5SaegpLlE6eglKZr5RP7LDLfWMO4+kHKVCZK1qQUzAsxpUXQkt+T3A7HD9daVA7q2b8pMdhxhMp5tewpAf9A12QKbluu21FhdZICrhge+ye7CgVy+4+Dw+JgRA6Mqja/fa3hxcE/H6viBgwrsQsTF4DE8gSS0aIAPH2cS7p0iX+SKLZkBU3XtKugWq9eGok9fYtmhLVYxgg34NsPwpLiqXbnyL3JNtG7Vuh7VAiqpyrMLDK8P3JLTPuKGarqNduTrxR3W3dK6Tq6ONyo8Z3V2w04dXgP+xtbldGkBllbmYZr3+UD9Rm8M8ZzF9H1mgsLqzC7rw7t1/A8evNG6gzvX9m1xwVnfDN6/6mr1GTbj+e4ZHSbu1Gsm77QGBEOPpWF5Sm3oDYVSrb4F7QOsHPFg4OSftLqdI+rmfNHgMB9CZIBzzB6rhR++MHsJAamhBy7R9jm4SPzUgTQ7E7OkxGu6o7lvhbGE4hJhX7W8RnF+ByzgF1/8zaljXl49hJewHQGxxQusvMfX57mU/hxdnzy8pyeXJy9nE5fnZ6/nF0E727O6xmodTeeoEBBlWaZraUeaJiEGaReypv+HW4VbWgjZpV260MeNo87sbwi8TBrOP5gABkoIgjLtum2E4mNEkJi/WfYJh6gzf/yH8OKIE9QmCa7ZeFsl3LlVCRC68GrdFzPuh/Eb1wqFUJvzfsuBvxGuTwbn46HZie0PkLnRTLU8kPkkilbbKPs6ay4JdSYtDaqAdpm3MfKvrbFo5bOpC2UIX/+pK+jeSbs/ftofmDDv5AW7/4Y/m5t/uG1ngHbZwY02o5rhtyB9sAtN5EOiEfklySqcu2cBPROUrdBqSUv6oH7uMbaybba/dT2V5mE9IZNtluUpjIZ+9ENroZK9IntQdxqsr0H3E6mWq21U421u4LT21S73VLbj8bf/xeWeCRwft8ajw7C713k0UH4fao8uozce5lH30j2M1Wbe2NXsogV9NfPv2zWzl8//9KuH6F42lCABnN3ZM1wlZkta+S+AkbxCMadMARI/FcgmtwJ3+Nsc3i5ksX4LxOz6mpAbjcak78D2KSQ5uNoQZus1QI43IGsK+mbAT3SZ9siw2nDPL2visJMh+VQnawy5DuCE/PaQsJsYguh/4Ebi4Xxz2cLrUt1eXS0Wq3GzgUYZ+JoXrEcjoAfRaAiH+FIApbFZHB0MT6NH7QfAHJ8W+hl8fQmTMu4MTJw4ze4G1eWLdVzOzznQsRmVHuk4biM/GhQOj3usS/7nrQceuDY+chMtRbGByYUc3fWhM6pceN6c6EqWRClWVG47mJNppbLODJiY9xGYz/ZOsbUzDSzwkmrNl3ZyGNJpZX4JiDqK60y2+Il9qndN6Yn8bjNirFJSSoyOKJMECMFjQRcnp+fHdmJ/vdvf40m/qkW3bQRu6B3E/JrhFHHJGwebbO2D5DKg1RNE36vEKO+lxOfxOV7N+FaR8i9STDdxInv0ya+O6SG4QfRzGAiHybE2W51FCVqSdcEV52rNzVWJc+PhETjz6XuFGurYzEOH4EM6pDG9iPqWK6hwJYwhUkq6OrORZ1C2FRBRYWrESebsXTYmfzkCzYUi6qcNgUjA4O0w8bz87N0LvP5WZeUsLPF9ifF2GKidzrdijkIqfmT89GMnNi99PXWPS/6ul6ExKKC3IGBZpVaJWsJirts2jv2HKvN5ng/8CxvKaeUekDF8O+oGOAe+/sGHZdCjFj6aJdasrcWFwYOrpa6A34wFl85ae9RxGlcZf/UqKWrY0ZYx9ydd3ECy1I3dOEQ7BOTCIqF0Aqh1RWrjGqoe4v6xk+2v+i/VkIt2UZFfy85nUk6X8aNzB5zBiJkmMRo9n06w7arZkKeToK1r0XZK3xPk7uSJ7FLvO/DsRvxXx2U1kLqoiupUi2wj+pUZKEk0T1pD6/lWKgtP8FYN09pB4LSuSz4qJcpCQXc0UA0tCBhT9/3wSE1vbMBGUCPNgzLmCsMG/WGIT9EtPCtvusWXCwfNQ4Rx5SptaPHdhy3rbTErKFp0WTc/HknRB9bsaeqfWJUB2fixuH7O/8NQxYNjs6Sql0g6sFbNxKr0W2XWKLFLXD2ByS+7AhLyh5ZdPLAgrOg4+pcspeWsQ8f7HnhW8SHa50OJPZBzMwTfL3Etm7mkQSvv9a95TBVC6O9Pm/LnYv4NJBM8JkVlPYnrlo52XUf33ZTwVA/2KSwrpYg4fXtdIUF6TVGE+Y2ZrbLI5lKsTJIvO4y767t0XYNTi3EypXjrGBaB9jxXKndg975b1VNeCufaA9xhOGm11fuyLmLz0mCHLwO2lb7rp2XdN0WpP+TWXuo62sdBD2IdEn/M/GZruFZGR/M+ym2kh62LhnfDaF5fxuEJdXZEL2z2fXJFtvg3Dbf8c1CiuXANrztbaKPhuFF7gOR9WfFPqo6fLgQD0L8XQR5GObvIdFdzE8IeUq+wLIUEj/xwu4xZwA0eTk+JjlVi6mgMlcYmHOK9qlLR6mUJnPh8/8gU+P1Ej/LgtHkFVOAUURFcsF/sB8OiFOx684hkfamBauzh4znfelkEQ//u++3QkubYdQPP3lyaKTHwnhS74h/s38l+PrGl2VmYrkUHN+rU7bvKCsw9hm2DkdS0GIJ96CIdt/D6OH91j9ps391JYNvzrRnNW7VZIYURn9dblLraOKgaVJ8EHEyaCmX7DNvzZLouVoBva7mRkZOL/SCnB6fXIzIyenl2YvLF2fjs7MBRkbTN7nVDLsQcyIhM85R1HuqNShN66TQHiyv5ZRplHzzrPUgnPOvQJMSpOUfnqgYl0dSrlqfYrJ5IxFiO+ERH6MPcm/4GHcPobX4oXJG03BeSZQ5f5wSURB9ra9jFPUgsd9pi7ORjVi1PrXqv6qHnfzxo3zjB4yt3bvnWNIsq93KnVUcJyJewe/jq63DZE+gA5EVosqbd+P+O3WTxLRC+OBbKKJxmrVa99gGkm6B0jy/wQdu6r6LLpfTfvzOUxXNoHl0jG+NPdj2+oLsgUUUnVdHFI7JJ5dEGNSGGoAjMs9sO6CczZmmhciA8nEvbT49r8m66aHlyj1Irt5G3dVcU6MBGAIt/xAO3upO9jAW98BNIKo1n+smS5uxfwjbM22F3G0grGB6fRNsCDUFlToEqvThSfaAPgsAEdwvWLMXMOX6iqmeTSAWOVRR9aw23Y/tncP74aLnXjG0/CTEvAC70vqx2zP5zQjcUfsD43MLPceeiM1Kf+v/TgB3/RPx+1ntTEZ7z6xZtRBS31hF3DS4oDxbCOnxHdarvMcIqMlKq+lNKS22teOeMphrgFHifQLdMvW50Ufb/ggu7kqG+/m0YoUmqe8lN6TsISmkxpmu62pwFXQKRbe8JNrSyeZt/QFarpATFk8ttK4Badx8NAHkyuzJgaC6EshY9TSyaa4/KJlh89PhMRU1HlzG9cCRVtum/UG1qrRqLt1WU3PDFlw7Xv09vJbA1NxvOiFHO3YDlISc2rzom5ceZG9E9HZMLkW+B+EPOFCK3IYWkqiqXVVMgOmTyMnXq7ddROb/qqS7BsYCVA3ELjKRw345iF3v0ywcqjqGIbLQyJKWXUwYBLand/tCF4BM49ynOg7wZpFm3oR2DxtSEq+F+/8CAAD//5eSup0=" + return "eJzsvflyHDeSOPy/nwJBR3yWd5vFQ9Rhbsy3S+uwGdbBFaX1HrOhRlehu2FWAWUAxVZ7dt79F8gEUEAdZPNozUwEZyIsqasqkUgkEok8d8kFWx8TlutvCDHclOyYvHpx/g0hBdO54rXhUhyT//8bQoh9QOaclYXOviHub8fwBP6zSwSt2DGhCyYM/BJAnkQ/LZRs6mNy6P45MI7938clQ0BuHJJLYSgXxCwZKaihhM5kY+CfWs7NiipGmDDcrCeEzwkV6wkxS2pILsuS5UZPSMEM/kUqImeaqUumCbtkwmgiBaFkKbWBp4ZeME0qRnWjWJW+kJFXX2hVl0wTLvKyKRj5kVGjM5ylJhVdE1pqSVQj7GduKKUzoCDMKvsnPy+9pGVJZozUsm5KalhBVtwsLbKUl5rIOcwRaaEaIbhYWKj2R4tONBlFVkumGDyCaZElrWsmWAFzWrJ4RmRFNcxTZI7ocymNkIbFy+CnekxOccicamZxgimTuVSklAs9aXHMLBMQrsmcl2zGqMnIa6nIydnbCeHGPjBLFuCn03LLS+t6z06I5yyLGIGLuVQVtZxCCsk0EdKQfEnFghE+DyCBObgm2n5jlko2iyX5vWGNHUGvtWGVJiW/YOQXOr+gE/KBFRyZolYyZ1pHLwaousmXhGryRi60oXpJcE7kHAjvSWjWNTtGDvdE7e6SeKdYpuBShN8JKdklK49JLhWLfkWwF2y9kqqIfh/ZO/Z//4GgE/bJUiwIYbi6x+Rptp/t76r8cBhP+99tIPnOssqVGFpBwLVdTgpYuC1Nhd0xC37JBDGSUOE+x7fd4yUr63lTxryBbK78xIlZSfLa8SnhQhsqcqaJlSWdrabt4Ha/JbBmjbFSoamoIIrRgs5KRjSrqUI25ZoIxgq7AQVZLXm+7A+XAPTMm8vKDj5XshqgyemcCEn8RgMy4A70P8m5YYKUbG4Iq2qzzoYWfS7l8HLbldzGcn9c1xsst9/udgCiDV1rQsuV/SOsAxUF0UvZlEXLBrN1JCcbzYosJZkIoiusQPv+CmC5YWasfQXkOJ9bRknAjTNNwjAVzZdcsGHyOxDDa8CLbazAJ8F/bxjhhT0p55wpXA67vYAOj/icSMEI+8K10d8PrM8rj74V6ngIwPcrvxog8nkxOOXn9Gj+ZH+/GJ4yq5esYoqWn4cmz74YJgpW3I0Ar/wYd6EBiqSCCHscleXaHUKa0FxJrYli2lBlFQ0rH6bI6ryYhlPrKuLM+wrVjGqW6lM/tr84dergenXKgiGaGa9K2X1VejUEhZPlYce/RtZIejiCNfMv2ldyWVVWH8LpWih2KUBXQXVqs/MwnuPOvxleWbpV9U5viQtqrhdIiv3ecMWKY2JUw4YovHO4f/B0d//J7uHjj/vPj/efHD8+yp4/efzfO5sxz0tq2J5F0+pZIlKzpOILLqzuNsAtr1FH8oqmceeZ02OHAVrdbMEEUxbmxMq7BKRVfOALjq/ao2dg5A+OIkh0OPjsWsVL1Jf9dKFvLXlaSv/Pn3dqJYsmt3T8886E/HmHicvDP+/874a0fsOtajv3g2gQ6fasN3RBGM2XOI2RWZR0xspN5yFnv7HcDE3jL0xcHpN2IhOrmpY8p4jxXMrdGVV/3WxGv7D13iUtG0ZqylWX/vZ/L1Bv8TOlRUEqZvWBSPE10q8fOccTELRgdzkSTBuW8grOzt5OypLA+LiHtZGWNaj2JL5K2E8LmV8wNYWTd3rxXE8diUfoXzGt6WJTJcKwL4Pk3/mZlaUkv0pVFhuyTW+zMY+L2wRB9tlH9k33eEjLEkSaJVN2QUB5GISXrlkuRU4NE6nAIqTg8zlTdmu7JWjlrbEbea4YK9dEM6rypdUiM6vkVU1peF2moNz4Gg8o0PvWHo1cVjNu73tcGAmnWH96fo3ykvfu6S/i3za7qJ84QFamFWwOo1OkFBfccGoknLCUCGZWUl1YGgkG+wl1cVwqxRZUFXD1slcwKfQkehPvZzNecIU/0JLMS7kiiuVWPOAl8+OLMwcO1eEWsx469gf7eoQMXC00EwW+fv5f70hN8wtmHunvET6yQ62kkbkse4OgxLYKQWc4BYcTs1vO33E9MYyiQlNAICPnsmLhimq5Dg5ipiqy448YqXYsnyk2ZyoZXnSmo/Hq7B67wxvXcMaCdSEyosCwxKIiFn4FW+Axzih5HbPEekGjG5h+a8rgwqL0G4pPNGw4U4UzJJEBMC0drWxrgVluwRXZBXESJOHtbt+83lA+JS9eIXxOz6zMVkwHqw3Sb1zU2x0qVdjn5PTs8sj+cHp2+dTDYmNCtpbKbDiDUorFZnM4k8pciX0Q8TTfxg3l7cmLjYjo0ShkRflWLCiOL3GAzujfkrfMKJ7rHj6ztWGbKh6dVQnn3sHzo81Q/NEOhoauuZJVvGWtpmR3dWSe6jMQ7KU7Y3u4IWfhaBuh20N1weL7tzutfkp+7BxX12DzE5PBskwFyalS69iuTImuWc7nPCelRIWPKIZyCC1OIHxSVUtZPFM7JVP80oouO18qrIiAUbMeeWOxRSLRFf0UtFuHUDL48NIF6Ex+riXvIHwFfQh5I8WCm6ZAc0tJDfwjtaoEJvjuL2SnlGLnmOw+e5w9PTh6/nh/QnZKanaOydGT7Mn+kx8OnpO/fjc0H6uTccGE+dwxNF43q/5+vmZOscExjDoypXdSmSU5qZjiOR1GuxFGrbeO9AscB0YdwfUFFbQYRFKxBZdi6zh+gGGuQvHfGzZj+SAdufkKROTmSgq+lcIoRsurFppr+TmXxVdZ7NPz98SONbbgJ1cs9tfA0y34tWju/vuLIUzHlnvAyndrFD9ppnb9lSR6E28jXohOiLMEo0op52ShqGhKqizHuMuVYngsZN/0lwvNnsH6jtKFKzxMciYMU+6mMC+lVEQ01YwpcFKCLcjr5LoDGlEsSb1ca27/4r2buWdl3UPnnQS7uX29XOOllAtCGyMrOLkWTPp5j6zYTGojxW7hdmp7WZRN0b0rtj9tdlV8jedtdIyiBiAbcFByMVdUG9Xkpom9mC1hnO0x9Yxc67icO2UN7fU69uxQQV69OEQ/qj3l5szkS6Zx7eDM5tHw6B5ucbYHfWpQSBzTXAf7f4pEAKga4RzLilXSBH8BkY3RvGDRWMPYUeL8pDHI2JUKHzvuS+0fCLYFBaYNN3zsoXUDpIS7uX23VvKSF0z1lc2BLR+4keWHd1PikwMfZuwRCW782CjG8sMJWeRsQqRKBQ1fcENLmTPavQuEsIdLyks646U9zv6QYsD6ddVUG73LqDa7B/ndZnwSoUEsGpYV0NoELAm83i7myGTwJNloBtcag8PMNpuAO1lug7V3xmV3dCAF1PnuweHjoydPnz3/YZ/O8oLN9zebxKnDhJy+9OwHU0gcguP4Dzvc78cFFlCLjqtNkPNPh73Dt6GuOcwqVvCm2gzxt146RW7kDfCmOehv98YTT58+ffbs2fPnz3/44YfNEP/YSnHEBWJ21IIK/oeLEyiCBdn5JdetyTg9qK0SwCH2iFA0HO0aJqgwhIlLrqSohi1O7YF48ut5QIQXE/KTlIuS4XlO3n/4iZwWGCKFxm9wGSegWtfpkFkZD5gg6b220Pl5M40hfJVaGZ0tsOcciayZ/vLeRYegmdeZhLVsVA7MFIHpODyXrKyt2oxqC56YM6ojpgljaH/PX1tBZXh727ihadJ9vS0R8AHBk4oKurAnOsjYMI1B9zR6gEbk1jaDFQJahHd9VGH8ii62KzRjPQJGCyYERG1FNZk1vDRBORpB0tDFtnBsN4vDkI6dk9ukVItFe9vuITDmnx1FoeejxR8+3+b8A+L03JfBoMy04SK2rzkJ9rL3YDMZFn23gRsmGh7uqQEMGmv3nO9lAOjVDhgRe2BQ6rWhvOTv0nkSkeIf1YMyPoWv70a5Hpft+VJidv1Hc6jEO9K7KWAD/R17Va7AuYfvg2vlwbXSn9WDa+XBtbIpER9cKw+ulQfXym1dKywoPUn+Hdn4gvGWGbobn4zheDXSAvsbJSeNxmNfFZ7/4tyPiyuI4dC5hNlpYmRGpizXmXtpiplBKg10todq1WiDEZKwTGNhz/Z/vy6ZIL83TK0h8g2D2sOFgouC50yT3V1nj67o2iNkCaxLvliacp1unhDuGc0IYMCsEM3S6m1cGLbAbCFNaPGbRRs1tgSgzpesooE27pwdnRJYHBuFAafuG67JAaR5zZihB2TQyBO90AINjKqU7Fj1XkU/bZzX2ZrWckibqhUD7RXgw3WFijW54KLIrKCxM60wUhRfMMvIhYYZjnZpSoYOMruIPqkTwi0xdLebGsmNZuU8yoUQCD+h5ub+ra+VrzN3mZx9XO8p+vqq3WnHHAmYbg/0Yiu5Yzi2he6lOtot+5QI7HrZC29+dXmbNGTklyEDtGUe9sWM2KBLuSBopVY8T7guIyfwNA2Z9hcfz5N2glEWsJYVM0ucNW1TezPypo13B6nns5IheJhXzJ7C3pVmf7Ug2q9DMrOcx5HzHgj1SbEEcpq839z5wtugbrz1khnDCG5/GaXe2GQvdvG1FDwMgzHhM2ZWjNkxXGygFefUhw3jAC62GhOb81JqO5MTT+rryeqtRlIxqzTAPaQEWNSwhcR/JunfFolhgg7nVCd0jVmgJW3FKqnWxIo/C8ADKjq56JdNKZhCjy5vs9Ldazqnwk4UMtNvd9BvVXSdvrRLHwyeQf7eIj/Qngh9TO/Ham33uYWfnKxjqX8LfgkOuO6mX9l96b2TSdKOh5jA8kfPBKyyFoDbPZH65m/TeJzFuLUevQSolU9TeGM6IVNtqGH2L7Skqppm5Feq7AaAdP55A3E2QTuRc6utTMgqVT3qkoIRyQVOWOXZ5WbRPGe1gZxnF0OBp5PXcCakLhnVIDATkGCFzmnTVZYDIwDeIwcM7tD1Vg4ZlBNuhLHlDyrDki+WLhNh+AQYWbnTlA+4RkEEaQ922ZdUuDXMMDNkOvHxPJoJ7ZLg28sITdnKod/iGXRZ6jNDNmCDdMHYPbBBArHRbIANhnihsXdN8FSCjB3mCpzZNngCEtLxZMppbUDyulzzK4VEuHu6ZKCWP7hImSEwQLvxlzS1QDpu8Es7jY4X2PAg63dpUdi97g7sXTiwWTFNl3I65yXbzRWzx+cUk4QwLZHrNqPZn59uptyOVcGFe3C/whrVVGtL111Mhx5eKNmYXG7P+2hn44a4TpSfRo+j1aLCLfckYmGdhvm1I6TGFLstfS5Xe/7jy26ldJPbxXGZlHPKy0axVDAnMMeF9E12ZApyVEhvuCPdHIYXeFvFIz4w0ABR8XZUaUYyN89wRvRSQmBNiHBo86Atw4IZaewKJYum3HrNExzF2ao2qvyBpQdiYZJ8EUHVwUaFVRqkCrVrBrdwtda/l8PEsKhptqmn9NbUcMOMmTOksEyNFsape3dKHllxppkhe07L1sx8b6mSzt7eA1KDSjOzX1nlHMkFkjjZ5TGZUd23xEarSsfe45KpuWiRwDpIYIoKP7n1tgyMWGdds3miAY3sMM0umeJmUw1ozMO482zDnOpzN17nSPNodJSbX5fO6Dscvxa+cqpCxcBFKKyEi2Lewi0w5F7b9flOk6YmRnakbnI+WYlY0QtG4E7lhuPMF64QmmsDt0q0811ZDMEl3Za35vxvySfLRKYR1DDIC+Y6FB/iWMFKL+VKYIBZbso1WTNj2fX/SCGx0INUFwlIqz9Y2a7JipVl8uhUk//v24PDo3/xAW7BuhYiSv4PikZIdWERgR0FlozWRpYAxKhEnl/oQS7dOWc1OfiB7D8/Pnx6fLCP8ZgvXr0+3kc8zlne2OXGfyXrZlfOaiGo2il84yBzHx7s7w9+s5Kq8gfQvLGqijayrlnhP8M/tcr/dLCf2f8fdCAU2vzpMDvIDrNDXZs/HRw+PtxwIxDyga7AXhaKAMg5+A5UYP9PLoyzYJUU2ihq0BCEdl5uhm4VTqzj6eS4gouCfWFoyy5k/jkKUi+4tstfoMSiwr4+Yx2IWEmAFViDhoeaWcoKIxb85tPPaJ+ZxssLYx+TOS0Tpb1FI37W2zRLqpd3Uu9a7mqDr4f+dvLji5cbr9zPVC/Jo5qpJa011KyDKm5zLhZM1YoL871dTEVXbh2MtOQCHaojcMjGixsO0EZ1owruJ9bopQOcyGArIAQVUrNcimLIPXDq6vRkcEUAHsN/M1EAi10IK5NAWuHdoK221fVMeJGdsyCzAROBvIsjtKGwfX2RV2zjbIlb3QjC1monEdVaTArvfKdJKEPU1hh0Brv01HFopzf/UjFarMkjli0ye4eiTWnI+VpbJgmA9fd4liXwZO2qWkDU9YrrIb32pNXrw/g4OkiGY0LtNpcCzJenLx0eO68aJWu2d1Jpw1RBq53v0yshnc0Uu0R7qv/k/OPO92CiFeTnn4+rqj2aOS39W7v7T47393e6NbKCqQYvmRtyfafI0xVL6i7DCL2XgDVYTMm9PKZRt4tuNXGuDRe5s2D/W/TM1QiJfvKD9zQSdwmH09O9nPnqNICqxuqDLVd4CT2sN7mCHB1kUPyUXKCm2Zk4x8pQccXDBOZsHRW6Uwx5HVxNOS0zMm3nOUXPQlyDNTxLl+aLUTQ3/niJMZx01i0gG6bA40pW7fq4Wno51uira6tHSXA42BMYjTL2AoQevoHF6cms9pUBfGOPhh2glY5dzPtMeQ2v+SKEQL908S39A+0n8SxaqdVWNezfCayYvYEIvelmQzF+7VZzJicrOAaJRHPDL632b+k050obX7t2bGLsRjb/m07LnlLXTgqGiqcUppFAtFMq6fUzUlxffNYdEXiVYJyXkm7oof3A9QUB2FjOlsveDc3Jbu0Uc6JlCeYeX+nQ/++TZmQtG+UKA32nw23IqQR2t107xc9CquoGC3iDub4DWyX/gxUw3jXTngR3WQla+76VIQf7+1dUnK0oFxjqg1VkLTngPgrGWrDS2wPYFU5C45/WfNE5DVrkNFTyAzArikVPNGOEOrMrTAVpG1VWdOWgBhzcc152ikB6Z7Zzd79uXxij4wlA6XpMiTONpD4scDprMrMqnheFzpFrf4dgG++WBPsGYJ4BGr4MnT/kqNYy5221a7g3+tJdSZ0pJNqes5l4Hyow8YSYpdTMFehDazUMdur1cfJWCm4kHA//8/r07f/6Yn5gD3OpzVDdC8JH0NTr7an95Aw6nzM8LOzr3TnE9SCd0edGHtk2gNy0F6ixDTOsCSfLfEYtUtIlf5fpZm3rPaoFM5/va8yPAA6mAGqHXlclFxd6cGwYIIkxu8PIsXCA1QzQe1scNrg7VmlZyhVhVK8tjQwDVpmtHbN5EJH1I9xOa3dJ6xI0tn/fYT4wB3Amg4lzQgquYK85kn4/SNKCJdUA7jD+S4A0ki15JUtxEccA3QGFUwuoNWH5gB+UWCL83cmZIVSaKLbhnnjL6qPgPbD3q0+nL79HSeJO0yhS69E5PGyJReRKdGpxBUPjKs5QvSvXALTvwASuekl4Ie3jfkhzpnhF1RplG9Dkp860h0dPUjLubfw4pX107Or27Bk2//7To/1hhN5ano1XnQsic0PLji12EDXN/9gUtcRI1OcBC8kODelTVoQ426K0Kg0tCn+NmVpoU8JTnQWcxNNhEVMlmclXI5no4wmSb6ymDMFUQCQXKQFKdCULu4OKwdHzbYxeMUMxphw818WAshUzrM+Rin7aPJoQGTWKJqyY0wXbSFh4RzuVUlkRWLJLKnqRwUkk1T1Efd2PxW08aBXn7gvkg9jeq0tqrJb5N0hVjp2PgNrAukctH9yy/9z+smmFXF+9JNGxXZVTksuqbgxGNbryHxA1DhF9UZuYAdtl3Cem1VKxK4yIQhTTZjBY3EFcH8JoZ+oqu/uYxSVVxYoqNiGXXJmGlr74hp6Ql1AhIKqGgNedX5oZU4IZMKYW7LYJx3ZWw8xwdy/0zw52XFVkyHxjopL/3mqw8v7OqcdwCvXx7dQVM43CEk8bFivZ1gzfbTQ7SNd0Nj6YVzSnaC6fBP/i76Uu/aYpOx7x3xtaghR3+b4wMx/0a5FxwU5tjJHVVjAcSdu93am/xHJehLLZeEk20n4zVm1hm0GtuJ+HLHwnOjCq9+S5riJYR2UCBgTnzAvy3R4BXCzmTZkA4wItMBsVdjlOkj4a752cQj8OWMKsT6T7TuIHicFrn3r+dXPef3bb65rRt93dZmR7vZbKldjxFchcLwhnEUnqr1lQ0KJqGmokTVPz3OmcXFYTX7glypQL4ncS2/2jgj6RUSeB2DLhBowX4i5VvuSGQcW+WxO1dfh+ef7089OjDZ2672umqGmbdSXIDCS6y1jHdYd5C+McYERv3Czp3W6+9+fdZnXDYcGyg3i8soo14N0/TqAbWX92NO165S35arBKpZ/shq5wnZ97Tax2QfR+jtv2kdvkzntNLgG+heTT3rr7gckj6NKWM2GknpBm1gjTTMiKi0KuuvbttrARVSsutphJ27L3W5pbJvnPnTtMFi/0A9jOacU7h/Bd8S3YjFNxE2zPHRpuKaA3TbGkZkIQ1gQ6Xcx0ES/LwGT6yad3n83BfnZwmD3dVfnhXRbA51OCEq/oimijoCThwDQurOZb3ussjrKjbH/34OBw1+UL3GUuiN8GU3ooFjKwug/FQh6KhaS4PhQLeSgW8lAspIPiQ7GQ+ysWsjSmY4X++ePHM/fLbauwWxAhpuW2FUuxwVVWMbOUWzMt/2xM7YciONRgXPpPrz5OyNn7c/vfTx+vxhhaaakNK5PfKnEJ4bd5V0BvP/wQ+naV9fHe3qyUi8z9muWy2hubia6l0CzThppGd2XOdbPZPNzYkR9HIzhaT+yEWRztH12D70wWA1ks95cJOG/KEojZIm2HHMQWew2upCpH0s9H6+HcI2u7MUZqswzUZCnlIhUHb8IPV2//tv9gnG7eFoC4pRgAkvRJdHfr2hu5aE8GHzU6ltoJffRYkiH768mHd9MJmb768MH+cfru9fvpIJlfffgwPLU7JwONZ83AAQNG5bdrO7H4SnejZIxRMna2RtuCNgT1Rb0w4aKRhEXCRoreSMDN2Byzl0tu0I9lSAMByiHxvKZqsE7RKfobFA1Vj8jUDTF1QfvIqLFnwt75Qthunca9kpg9HKQ4kbeTx+smP+lNsGNsRdfIkl6yEOOvLY+hqzr35ZvquuSsQMstE7mEdpZW1WCrVMnigmno+XHp2oaWjArIbbu2K+mtUoWIli4H6LtertDvDVPghnHWSXSubJQulIgiF7WXiqN3yY+be8l9CGC/qWguq6oRjuYYaCYvmfICzXk/VRpE6Hyfrieme3Qr56oHGyKZu1GA3iJxSwG6dX936JaPVmgoqCWJdk1DW7XZE2lQvQL961c+58OT2JaL5RT9qO/PTyHMpuy0nrfPHMORN3TNVAbloCdQDNr+95zlE3J2+nZCmMmHJmZfH54Sp4J+xivDtpaHkNOTdyfkzLWXJe9gNPLIa4Or1SqzaGRSLfYw0hhqE+35hrS7iF//h+zL0lRlxwBOyLmhoqCqgMBjXzsgdLfNUNTQki8Eppoig79j5nUpV72m5ITo19iRFzcQJLrgrvStbIfmN8hgT0f4SlGhb1C0+0bkP4d8bR0YP1pxl0QptGG0LSjAyC8IP75wphdmjy8pLTuSR59enk3IxxdnyJK7py/engEvZt8PUeHji7NhOkRdyLfFjCc4KZQWaGiNRnW84YO51YwbRRUv1y4CHss0pLRYcrHQeDZWPFfSR18jcWmpZZvcE7+sL9Y1mxCe/55mrc1pzmZSXkyIWXFjMHggFgf+2q25adwJ3RYBvGSi6GDYRoSHVCxmLzcF8b6MkCOEp+BeYcXg6RkGXOoUPbvs2LV6xZVP0xtk9pPTt8PL7LfiVvTpZ0FU+mHQLEfYlwzuTBNSAvP/RnNL48DKA1glF9fhuYTG3duYzEsP3Gt/UXft+dyH4Xdu5VaRwNSeVmE67ki0fyJczGTTk3T/RGRjhh9wYZhKrwn4wO7LwQeNgHTbPo5QmLSidR2VtHRV9ayWswtdaEjVpji4eoSToMbAAZnuGiyB4hnZwvlOE3BJWOJdcrYaK5E6jIkntVSkZopXzDA1jllni0RYdjFLULJ/QkRCSM7zQw3uqHjRepw4l2pFVcGKz9sJf4kaWYSEMRc5Hz1y169ayS/D9oiDHw6zg+wgOxyehVODzfrz9gI5TyCXH2tPAv5ww4haC5yeYWFEJ+uoUxNomFtXUJDWFpoq8lm4lFJipCx36UJIbXhOtFNS4t5YKUeXcjV0t3zDqBKYq0VNMKktuFk2MzCm2aWG4r17gZi7vNjVNcsHV+S7g+Pl+3/W745+/ue3Pz15+197z5en6j/Pfs+P/vvf/9j/03cpClvpaHGVvUsaWrpwbxDWYHUEWs+kvcp4GTlSEGDqGkQABFeeKm4Z4n/31QEmZOo1JfcIWZoroptqkICPnz4fOeju0jLjWpo46HeiioMxQJf2yQBlwsNraXN41L9RdwJ4fMhS+uuGMcgiQOsn+9Us57T0snUSslkwXLPV+lx2UWhVVzDDcjPxkOF1TAy8Htauvya40yQqlOSVS6/HUZI32sgqBB8jHOhhCPGkbl6dDEUp5nwB5fqMJKoRN5inlnNjB4qquPkA6DlXbEXLUk/sSa8ajXQxyEV7tYL5ABAfIOvPrOg41ExoqfSErNgsGTkCD36rUmpNhoBaep2cvXVzd4YNv8SxZYOW5RWGDacvIVjwhVGxniApcVY6rK/2iZi4xro9/K8gZTchkrx1NsbfG9YgSPLq4xuIgpcCWMEfEa6EQlrP2/FIqFcAFZ0KBvVw3eyhN+KrF+fZLcp4f712TL3ovK/YWSvwSW/wrxllP45F73J2bzgEIYhDJG0fB9C4WweEq2JXWzw6Hp+2ypvitNyyySmggaM5n3gfma3FTC/Tdq5heXw9wE0qItorPZjCraD0J5s3Z7UQ1zXTWd81lACb+suBmk7I1Atj+3deaPij1q7E6pc1/EWWJb6MIt3+rRXLwx4mD/YhQvkhQvkhQvkhQvkhQvmKuTxEKN9F4D1EKD9EKKe4PkQoP0QoP0Qod1B8iFC+vwhlqRZU8D8GGqi/7z/ZPCAoBuuPYyYUz5dIPrBqjXVhqWoq1vbQRcIEwPEtsxPHk6Wd6pasrKFwG1WKioWv4W5cF4GoADwVGJAFITZpc/IwbjyZ20ZabjNQKF4p0qsg9LetIRLTLks5r9NHc+TmvDnP3fW23L8pj96Sh27Ig/fj3u144G58Q04auBXfLzfdw224excenMidt8TV9+CbTPGKTdO7Bd8Fz/799yosb3X3HZzEfQTDX3vvvQnBRy+Ig+j3br13wf7K++5N5nDdXZd0HYTOQ5KKvbPkx9t0ZR0VdqEZZDbyJRXtSQkdLSC8w/tskoYqECsbmkvyYi/ZvS64JA6FRpnsu1tlNS+mRM4NE0Qbuta+IqDvAYntXe2FNIqAyWXN8VoONZ9KOaNl1BXIoxwpPTeVpRvXndnci30WaJRKRNcoxnVb+KoKgkdpQMwRl38BBayJVS8ZlDxZKFo5vVcRzSte0uHgndEJ1YPEvYe0Jj+bmkLtnF5hn7bYyWIgRuF+KUrVoqlGujq/pWt7gUC9E9m4VtKw3IBDmRt+yYY9WhF5/2dH6+XOhOzslva/Vnmwf/pmKU93/nd48uwLyxvoPbAtEpzMoBY1w6B+t0e9gGiHH5zVXqPV3oyLvVHuAem47dWDQUYaWNmZwPMJ5o7gBjG+vD3VYa4Yh/mCCoyKjXsCpB6UqMAPoWSm5EqDL8+n4TiEPC1XbEZqqJnvm1hZ1VWMViqH/jxFdpdd1yYDHh5t7KeCpgWnL7dT6r49tw/3D57u7j/ZPXz8cf/58f6T48dH2fMnj/97w+P7o+8GHLOpK4A/gvpKqgsuFp8x6miwieltNJC9pazYHi3jyr/Xou5wIQEXb+1MjvhE3XBW7VTd+JD8uKm60fZkYdj/0hfBnNOcl9xYtaHmlxIYmSrZQA/omjOsP9x27iM+3Q+e6W7VchfIrRmDvpsVFWt7/chZGyTyMR40wMT+SeB3xotnNSGQQxTChXFTcac16FoKSPdyqVmtajx1ZMsib/AJtLNTzLC4G1gbqMH0JEp8mzHSiIIp3xPa3QonLixzQpK+2tg1e0L8S1YF8vFocexrRk6xpL2bFi1LCOg0skWZ19MJKnMUtCvh6AJEoS474PSMGMUvOS3L9YQISSpqDGRkgWfewABUQS+qNaSbrS2hokGOaTbL8qyY3raW6UDIzOhG2jRs5qQMuaaWLMBC0hdG6ySeRkEbvXi981tE67mPBtLfHKdBHbfh/ulwKGC8lGILqgoMONNQx3wSvYnZCTMeYiCtLowZPLlUhcZ+NR9fnIVC/Nj2z2OG6OSM2387SmFj9pKc/9c7F3f5SIdq0BZUOzyCx5p0IemoO4Yrklqu+5PvxPkL7TuvgjhwgXKE5qbxJk7su8JURXYCpB2svDt3MSd+ZNFBVvvKlPDYXXe8PXYgTdBXpMtRgOkO8Bh31zjuPAFNobspYt6G7nEIa/ytEXl7h3JN8vG7ITAtCYU0ETDLJ7hErof1nRK/v0LUWhwtlrz6AmVkx9oKyXz2h9Ozy6etYB05mm+QVXaDi4VU5krsv37Y4ZVoYKnWbWDi2BIH6Iy+lUj5No/i+dFmKP4IofNQf7vN83KxY64RP2y1MQa6Swx7i+2GSvKZi2nfBN0eqg8hEg8hEv1ZPYRIPIRIbErEhxCJhxCJhxCJ24ZIuCzz/jWx/XFzJ7VPWe/eSUz8zF60FJ6bbdcHjJugsXekLMELPRb8MOeuq2/r24EqD2gN8Gd8ZEPB4e0XnTyHe2hWcm/V/KMgA3eaqUYIvDXDBMaq8PDQUhiL+5eh/5Pr9O6/x9cresE04fYOpjWfdZqxGtmlapQShysoomJd46iFfgDevKMYhBcozkQOdmGtG6bx9mhhKlbYybjmI2DvSQBalc7Fuvg+gLzwzQtDPpYoWl6AdzQXC2h/5JqadDFtXfqPn7EnbDZn+5Q9zY9+eHZYzNgP8/2DZ0f04OnjZ7PZ88OjZ/ORmiB3ylZqjcGspNrwHM1bu25WG1qCY0XI83ybvOL21BX5K7GsCwAgo8U1G4F+Y2BsC0VZSrnSIPVWaXNyT+72wgfNNvxOVC1z+zY89rlrPJAyJErrtCcxBki5jh1Tz4SibS+RgDgpse6UQ9eyRsG1UXzWWDC+Agjyi2rAvhau70upje72Xm+3CNqDvF3ETxoLD7ipjXgnXRUh6MQr5+RVvPLxEsC0XBpq3Pk4LxttOkkr6LJ5LRX5kVGj+2C4tlTzLcEpyWUdLO6BjtCLK4HrrMlzIiTxcELnlG00uBjZETfxiUT5XLfaDQDA271dqjF2jho4ehIhac832WFjj4KFeo20BICdHNMU45RZJp2VC6VnkhGmCSG72yTyapmtpNi9cB1hYIDOutw0uOfGPPQ4O8w2befxHy7spcM6saayCf+00hHqWcoLq5JSF6XJDDbASxWWEHFjddkh5hmhE6uXrGKKlluswfHKj9FTU1r9gjziczjJoQVvL2aLRPpK278KOt1p32lYMfBcumJMga15MSWFhM5dw7WLntOj+ZP9/Xk7YmBo8E11dNz4t81UXPxkE4t7aE7aLiHa5Pa8hT0BtbmFPa544szst9Riv4KNHMtV9BngH8NGPoT938BGfhUaW7SRI3/+w9nIEW1ndI5Lo4xw0d+DoXwc5x6+D9byB2t5f1YP1vIHa/mmRHywlj9Yyx+s5Texlic3iUaV6TXi04c3V18aPn14409Y12wT6w3WJTPMPp2gZq9ze7mauLg6qGRIzfKW2v14f4D7SonzjdHbov2NgmqLPryx7fU8eg94J8F2Ro19v1+ZbBKX4SmAkBVGnVOskW+JlwCEKD8K4ZQ0hxjYUi4c19nPuXZZGr812rQ9zn3xuZbg/ftqqHI/0CLdg6dgUV9RHZCehJXuakhjl9iUznG5bWe6yXJ5fHT0eA9NOP/6+58Sk863RtYW/MjjYW6xxNwWp5zOw1rhPZdX9urmaAgBjI1GA+gExUxbAD8ksiYQp40qMwtzOrELDjF7JlkixXIptFENWGekIn6hkC3THd9j0c6C3GoJhumMW3xblD4H6MFthC19JqFe9A5MZGdkG2LH5unx1DdyqGl0FQbI49S52eX0fmb7Ejt5j842Xa6haZ8KzH2wrGd3v5cvLgBTunuKqzMI5aYxOrVco8iG+1F6DrftxTM07UNhcsfaSTVe4PGFDJ1G8NNp/1oUSJ3OaOQ+O2gVGQ8/FoYtEu/BhsaRHr2Pjh4P9106ejx28zbLbfHGGTTiGOMMt227LOERg5jwbWFmNxkM4IRVUHoAV3yCGZZd/BMwYS4d0TPE5rCv/xX2NfsCdUOjwtbxiBCDj9vAN6ZJAAlp4QAnhyJ30Vzg8/CMwpizxoS30hmYDiHQWtx2Lalq0+IFU8A3Uo8UQui4ZxL/IJkxs2Ku8rVZSdztY9nQii6q1Jpxv3wplYm8CqAwzY2L9p5+O42Y1Mh6dDG/HRTSHvmRuTWaqW1mYX5y8Dt8O2p307oD+54lAMIfxyamS0ej1zfMkLCLAl7xrmNguEIDvIpaL3Q+ZJc0YjkjSas6Z75DWuj4BJ4VuBnHlnP7C2cad3AABQMtqca642ZJBXzOi0l7ExFQRGTttXCQD+C0InLe4rTcsI6EUc11ZSQwEDj5KTJ5Jr/3iksMFKBIPTt/D4E87ztejaYb2BNM+3Z9RvbH/QSS0HLGEn3gKu1xaY93nxNdykWrXF2Bp1XDuzarOyQPngDC5BV0t0l0x2skz3cabxkWFawcfUl52Wbo9hBnFeXbux3bjQcjeH1vBIsl1VtTglxAmRcCyzSoKxZN6ICGF6FmkBTrCtow2VcGDqFPms2b0lJ5CqwBxQ+U+weE34QQFSh8DpxPy1QcdrqV5FTYA80d4yPk6voG7pVeP0FURxDQHA0CcL5msQkg6f4XSvsCatqyXqozsZxpTdV65ORJS+W05w+Jf7/ZKYQg/VnU+tjtVcdVsvDJ2f5UtN+u0TISwOmlXLnOiSs2C959CEuJiiBjli5VVvdqAuJJlZC/jfFqrFXlVRvGzeMyDf5oiTp4w9l5K//gZUn3nmT75BE/W0rB/oW8OPtE8O/k/Tk5OPx8gA2kfC2f78lJXZfsVzb7hZu9p/tPsoPs4Al59MvPH9++meC7P7H8Qn7vY1H2Dg6zffJWznjJ9g6evDo4ek7O6Zwqvvd0/yg72LnJSXIb4YyDbUbL2MHUssUNqprfz57+j/5KdjFJ3LjZ/jARsddEdn+0RNa4OS0dIg/Vuh+qdT9U636o1v1QrfuKuWxUrftb8pFVtVQULFFfILyXGfIs2ycF1cuZpKrQvj5J5j+BDIpGG7KQwdWV62xdgQcMygisuGbEMG00KaT4zpC2gW2IlmLUxGcKUoiWPKTB1NQsj92JBZHU/e87TVKuhhFejicSOjdDCRL/5P3L98dDjcqcvXGP5XoPkzf2Dp49T/DqjDW+/CPr2e3N4k5sh9k5u4QQ1L6uu2KKhUbWGCHdndCnurC3nzkvmaXeHud6z3kKaZ5LqE9RrrMRPT2rqcmXN5/Qmf1sSK2MlZGB4SouQueZGwz31n52m+Hob7cazn52i+FQl7n5eLE+FIICvGI0MpbUA7OLwvluMrVhDWdk0N4KbjDo0PL1B3V83agybDVwPW+0Ac4bxXNqKKlk0WBRrkaDRTqLQz6jqId73M99l0ziqPtm14JF8fZNUGZ/xH8NDPHCd9HPZVVJAd+FwGpvBgLLRunqirj+O9+k99BErBpesT9aFf2KO7d/E/UB0yjRJiV1V41IEeU82inFBSFdMlSWSvmdf4PibIZW9U5C+6iWmKUoV6xILLConSfvtYa2ZmGPr8OnZkkO9w+eTsjB4fHjJ8dPHmePH29gaAgotW1FkbKlXLiSPcCMWO8FipAlkzI0VC8cKzvk+jiv4V20T4cCWobUDLObMFCGqbjqToCBaTbJwLjgCR3l7DeW+8sB/uPzDbg7sB+IPN/pD3jOB+gnGDClOiIhvoaMDPLKftS5gEExn6LgrlqSvY5ByoBLJYNxQnbAWI+5Tn7WbZJCADUktdu5c5eykO7g1+mvMchoJzoQeSmbov32hf2n91pAUhQtqKHDAuGte4oiME8+1ZZk7QalRfEZXvjsQfqSc1LF8iFZQftqBl9lHmx3f7H8mk2UROAmGGbkzKXkRr2gLcAJWeTY17LgC25oKXNGRTaKm09EbBOCRnA5dS+S05ceJSvsfSLmBiNE58J1Y8QHwWajuBc+R6wa6GwOs4oVvKmuO8cBRJIOuNng7gDhJTfrz9GBEDBo9C6j2uwe5NfIswgQgfOCt2cB14gO1yOHQMpyIKLCqgZU3JPdLzfQn/ATi8tPUi5KhjttfHQMrb16ABcTe8383EYvZH4B+8ft9Jf+3wPA8RlkD3bT79wzu2f1UirzGQVxa1KiIl9K5cfbDbt8RAkIaA2L6TFx6kQzOEXuJlad+yYATCouDwxX0cUdBXnMFwAupAcgAvY8nzW8NGSoRWSLSseydJs00TBmGqneH6ukM1bq3mjJkU6uPtavweUUKIHjBKZ1ZkbHsj/jvwaAnNozOWJU1zYiFT0tb0Ij/QHOJH/5qx/5opkxJRimWbnxf4l/G8CifR4OzvQUbIGSePSrN1L70bWbKUH6ZhuqlsU9MFREgVoWpDWBdIdq7rpto5HOZEE+nb7sDwQx6zXN729SLcT+YLLoOS7uOJgs2AgJN92Omw2E0EhF6/5I4C7GnjX3NVwEcnjM+xRx0bh5Iu2uGvYehPzguAj3/wUAAP//ENL8aQ==" } From 9b8c4d74c36ef0e1fcb9fd0f0d700966be0afd51 Mon Sep 17 00:00:00 2001 From: Andrew Kroh Date: Sat, 8 Dec 2018 23:15:41 -0500 Subject: [PATCH 2/2] Convert Packetbeat Flows to ECS The makes changes to the event format generated by Packetbeat's flow feature. Field Changes - type -> event.type - transport -> network.transport - flow_id -> flow.id - final -> flow.final - vlan -> flow.vlan - start_time -> event.start - last_time -> event.end - source.stats.net_bytes_total -> source.bytes - source.stats.net_packets_total -> source.packets - dest.stats.net_bytes_total -> destination.bytes - dest.stats.net_packets_total -> destination.packets Added - network.bytes - network.packets - event.duration Frames with multiple levels of encapsulation like 802.1q with "Q-in-Q" will result in certain fields becoming an array with the outer most metadata being listed first (e.g. source.ip, destination.ip, flow.vlan). Any dashboards associated with flows are not updated in this change. Part of #7968. --- CHANGELOG.asciidoc | 2 + packetbeat/_meta/fields.common.yml | 181 +- packetbeat/_meta/sample_outputs/flow.json | 34 + packetbeat/decoder/decoder.go | 4 +- packetbeat/docs/fields.asciidoc | 1742 ++++++++++++----- packetbeat/docs/packetbeat-options.asciidoc | 64 +- packetbeat/flows/flows_test.go | 9 +- packetbeat/flows/worker.go | 131 +- packetbeat/flows/worker_test.go | 123 ++ packetbeat/tests/system/packetbeat.py | 7 +- .../system/pcaps/802.1q-q-in-q-icmp.pcap | Bin 0 -> 122 bytes packetbeat/tests/system/test_0060_flows.py | 102 +- 12 files changed, 1589 insertions(+), 810 deletions(-) create mode 100644 packetbeat/_meta/sample_outputs/flow.json create mode 100644 packetbeat/flows/worker_test.go create mode 100644 packetbeat/tests/system/pcaps/802.1q-q-in-q-icmp.pcap diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc index 12959bb5147..04dab8e0ed2 100644 --- a/CHANGELOG.asciidoc +++ b/CHANGELOG.asciidoc @@ -27,6 +27,8 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha1...master[Check the HEAD d *Packetbeat* +- Renamed the flow event fields to follow Elastic Common Schema. {pull}9121[9121] + *Winlogbeat* *Functionbeat* diff --git a/packetbeat/_meta/fields.common.yml b/packetbeat/_meta/fields.common.yml index d25bac0b732..3deafbfd909 100644 --- a/packetbeat/_meta/fields.common.yml +++ b/packetbeat/_meta/fields.common.yml @@ -97,185 +97,22 @@ description: > These fields contain data about the flow itself. fields: - - name: "start_time" - type: date - required: true - format: YYYY-MM-DDTHH:MM:SS.milliZ - example: 2015-01-24T14:06:05.071Z - description: > - The time, the first packet for the flow has been seen. - - - name: "last_time" - type: date - required: true - format: YYYY-MM-DDTHH:MM:SS.milliZ - example: 2015-01-24T14:06:05.071Z - description: > - The time, the most recent processed packet for the flow has been seen. - - - name: final + - name: flow.final + type: boolean description: > Indicates if event is last event in flow. If final is false, the event reports an intermediate flow state only. - - name: flow_id - description: > - Internal flow id based on connection meta data and address. - - - name: vlan + - name: flow.id description: > - Innermost VLAN address used in network packets. - - - name: outer_vlan - description: > - Second innermost VLAN address used in network packets. - - - - name: source - type: group - description: > - Properties of the source host - fields: - - name: ip_location - type: geo_point - example: "40.715, -74.011" - description: > - The GeoIP location of the `ip_source` IP address. The field is a string - containing the latitude and longitude separated by a comma. + Internal flow ID based on connection meta data and address. - - name: outer_ip - description: > - Second innermost IPv4 source address as indicated by first packet seen - for the current flow. - - - name: outer_ip_location - type: geo_point - example: "40.715, -74.011" - description: > - The GeoIP location of the `outer_ip_source` IP address. The field is a - string containing the latitude and longitude separated by a comma. - - - name: ipv6 - description: > - Innermost IPv6 source address as indicated by first packet seen for the - current flow. - - - name: ipv6_location - type: geo_point - example: "60.715, -76.011" - description: > - The GeoIP location of the `ipv6_source` IP address. The field is a string - containing the latitude and longitude separated by a comma. - - - name: outer_ipv6 - description: > - Second innermost IPv6 source address as indicated by first packet seen - for the current flow. - - - name: outer_ipv6_location - type: geo_point - example: "60.715, -76.011" - description: > - The GeoIP location of the `outer_ipv6_source` IP address. The field is a - string containing the latitude and longitude separated by a comma. - - - name: stats - type: group - description: > - Object with source to destination flow measurements. - fields: - - name: net_packets_total - type: long - description: > - Total number of packets - - - name: net_bytes_total - type: long - description: > - Total number of bytes - - - name: dest - type: group - description: > - Properties of the destination host - fields: - - name: mac - description: > - Destination MAC address as indicated by first packet seen for the current flow. - - - name: ip - description: > - Innermost IPv4 destination address as indicated by first packet seen for the - current flow. - - - name: ip_location - type: geo_point - example: "40.715, -74.011" - description: > - The GeoIP location of the `ip_dest` IP address. The field is a string - containing the latitude and longitude separated by a comma. - - - name: outer_ip - description: > - Second innermost IPv4 destination address as indicated by first packet - seen for the current flow. - - - name: outer_ip_location - type: geo_point - example: "40.715, -74.011" - description: > - The GeoIP location of the `outer_ip_dest` IP address. The field is a - string containing the latitude and longitude separated by a comma. - - - name: ipv6 - description: > - Innermost IPv6 destination address as indicated by first packet seen for the - current flow. - - - name: ipv6_location - type: geo_point - example: "60.715, -76.011" - description: > - The GeoIP location of the `ipv6_dest` IP address. The field is a string - containing the latitude and longitude separated by a comma. - - - name: outer_ipv6 - description: > - Second innermost IPv6 destination address as indicated by first packet - seen for the current flow. - - - name: outer_ipv6_location - type: geo_point - example: "60.715, -76.011" - description: > - The GeoIP location of the `outer_ipv6_dest` IP address. The field is a - string containing the latitude and longitude separated by a comma. - - - name: port - description: > - Destination port number as indicated by first packet seen for the current flow. - - - name: stats - type: group - description: > - Object with destination to source flow measurements. - fields: - - name: net_packets_total - type: long - description: > - Total number of packets - - - name: net_bytes_total - type: long - description: > - Total number of bytes - - name: icmp_id - description: > - ICMP id used in ICMP based flow. - - - name: connection_id + - name: flow.vlan + type: long description: > - optional TCP connection id + VLAN identifier from the 802.1q frame. In case of a multi-tagged frame + this field will be an array with the outer tag's VLAN identifier listed + first. - key: trans_event title: "Transaction Event" diff --git a/packetbeat/_meta/sample_outputs/flow.json b/packetbeat/_meta/sample_outputs/flow.json new file mode 100644 index 00000000000..a7cb0bf8379 --- /dev/null +++ b/packetbeat/_meta/sample_outputs/flow.json @@ -0,0 +1,34 @@ +{ + "@timestamp": "2018-11-15T14:41:24.000Z", + "destination": { + "bytes": 460, + "ip": "198.51.100.2", + "mac": "06:05:04:03:02:01", + "packets": 2, + "port": 80 + }, + "event": { + "duration": 3000000000, + "end": "2018-11-15T14:41:24.000Z", + "start": "2018-11-15T14:41:21.000Z", + "type": "flow" + }, + "flow": { + "final": true, + "id": "FQQA/wz/Dv//////Fv8BAQEBAgMEBQYGBQQDAgGrAMsAcQPGM2QC9ZdQAA", + "vlan": 171 + }, + "network": { + "bytes": 470, + "packets": 3, + "transport": "tcp", + "type": "ipv4" + }, + "source": { + "bytes": 10, + "ip": "203.0.113.3", + "mac": "01:02:03:04:05:06", + "packets": 1, + "port": 38901 + } +} \ No newline at end of file diff --git a/packetbeat/decoder/decoder.go b/packetbeat/decoder/decoder.go index 5a76d4ae4e3..d5b1d28848a 100644 --- a/packetbeat/decoder/decoder.go +++ b/packetbeat/decoder/decoder.go @@ -67,8 +67,8 @@ type Decoder struct { } const ( - netPacketsTotalCounter = "net_packets_total" - netBytesTotalCounter = "net_bytes_total" + netPacketsTotalCounter = "packets" + netBytesTotalCounter = "bytes" ) // New creates and initializes a new packet decoder. diff --git a/packetbeat/docs/fields.asciidoc b/packetbeat/docs/fields.asciidoc index fa9bd4ff270..f8a93649d21 100644 --- a/packetbeat/docs/fields.asciidoc +++ b/packetbeat/docs/fields.asciidoc @@ -2258,7 +2258,7 @@ ECS fields. [float] == agent fields -The agent fields contain the data about the agent/client/shipper that created the event. +The agent fields contain the data about the software entity, if any, that collects, detects, or observes events on a host, or takes measurements on a host. Examples include Beats. Agents may also run on observers. ECS agent.* fields shall be populated with details of the agent running on the host or observer where the event happened or the measurement was taken. @@ -2274,24 +2274,29 @@ Version of the agent. -- -*`agent.type`*:: +*`agent.name`*:: + -- type: keyword -example: filebeat +example: foo Name of the agent. +This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. +If no name is given, the name is often left empty. -- -*`agent.hostname`*:: +*`agent.type`*:: + -- type: keyword -Hostname of the agent. +example: filebeat + +Type of the agent. +The agent type stays always the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine. -- @@ -2362,7 +2367,7 @@ List of keywords used to tag each event. -- type: object -example: {'key2': 'value2', 'key1': 'value1'} +example: {'application': 'foo-bar', 'env': 'production'} Key/value pairs. Can be used to add meta information to events. Should not contain nested objects. All values are stored as keyword. @@ -2382,6 +2387,183 @@ For log events the message field contains the log message. In other use cases the message field can be used to concatenate different values which are then freely searchable. If multiple messages exist, they can be combined into one message. +-- + +[float] +== client fields + +A client is defined as the initiator of a network connection for events regarding sessions, connections, or bidirectional flow records. For TCP events, the client is the initiator of the TCP connection that sends the SYN packet(s). For other protocols, the client is generally the initiator or requestor in the network transaction. Some systems use the term "originator" to refer the client in TCP connections. The client fields describe details about the system acting as the client in the network event. Client fields are usually populated in conjuction with server fields. Client fields are generally not populated for packet-level events. + + + +*`client.ip`*:: ++ +-- +type: ip + +IP address of the client. +Can be one or multiple IPv4 or IPv6 addresses. + + +-- + +*`client.port`*:: ++ +-- +type: long + +Port of the client. + + +-- + +*`client.mac`*:: ++ +-- +type: keyword + +MAC address of the client. + + +-- + +*`client.domain`*:: ++ +-- +type: keyword + +Client domain. + + +-- + +*`client.bytes`*:: ++ +-- +type: long + +example: 184 + +Bytes sent from the client to the server. + + +-- + +*`client.packets`*:: ++ +-- +type: long + +example: 12 + +Packets sent from the client to the server. + + +-- + +[float] +== geo fields + +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + + + +*`client.geo.location`*:: ++ +-- +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +Longitude and latitude. + + +-- + +*`client.geo.continent_name`*:: ++ +-- +type: keyword + +example: North America + +Name of the continent. + + +-- + +*`client.geo.country_name`*:: ++ +-- +type: keyword + +example: Canada + +Country name. + + +-- + +*`client.geo.region_name`*:: ++ +-- +type: keyword + +example: Quebec + +Region name. + + +-- + +*`client.geo.city_name`*:: ++ +-- +type: keyword + +example: Montreal + +City name. + + +-- + +*`client.geo.country_iso_code`*:: ++ +-- +type: keyword + +example: CA + +Country ISO code. + + +-- + +*`client.geo.region_iso_code`*:: ++ +-- +type: keyword + +example: CA-QC + +Region ISO code. + + +-- + +*`client.geo.name`*:: ++ +-- +type: keyword + +example: boston-dc + +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. + + -- [float] @@ -2546,7 +2728,7 @@ Image labels. [float] == destination fields -Destination fields describe details about the destination of a packet/event. +Destination fields describe details about the destination of a packet/event. Destination fields are usually populated in conjunction with source fields. @@ -2591,161 +2773,154 @@ Destination domain. -- -[float] -== geo fields - -Geolocation for destination. - - -*`destination.geo.continent_name`*:: +*`destination.bytes`*:: + -- -type: keyword +type: long -Name of the continent. +example: 184 + +Bytes sent from the destination to the source. -- -*`destination.geo.country_iso_code`*:: +*`destination.packets`*:: + -- -type: keyword +type: long -Country ISO code. +example: 12 + +Packets sent from the destination to the source. -- +[float] +== geo fields + +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + + + *`destination.geo.location`*:: + -- type: geo_point +example: { "lon": -73.614830, "lat": 45.505918 } + Longitude and latitude. -- -*`destination.geo.region_name`*:: +*`destination.geo.continent_name`*:: + -- type: keyword -Region name. +example: North America + +Name of the continent. -- -*`destination.geo.city_name`*:: +*`destination.geo.country_name`*:: + -- type: keyword -City name. +example: Canada + +Country name. -- -*`destination.geo.region_iso_code`*:: +*`destination.geo.region_name`*:: + -- type: keyword -Region ISO code. - - --- - -[float] -== device fields +example: Quebec -Device fields are used to provide additional information about the device that is the source of the information. This could be a firewall, network device, etc. +Region name. +-- -*`device.mac`*:: +*`destination.geo.city_name`*:: + -- type: keyword -MAC address of the device +example: Montreal - --- - -*`device.ip`*:: -+ --- -type: ip - -IP address of the device. +City name. -- -*`device.hostname`*:: +*`destination.geo.country_iso_code`*:: + -- type: keyword -Hostname of the device. - - --- - -*`device.vendor`*:: -+ --- -type: text +example: CA -Device vendor information. +Country ISO code. -- -*`device.version`*:: +*`destination.geo.region_iso_code`*:: + -- type: keyword -Device version. +example: CA-QC + +Region ISO code. -- -*`device.serial_number`*:: +*`destination.geo.name`*:: + -- type: keyword -Device serial number. +example: boston-dc +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. --- -*`device.timezone.offset.sec`*:: -+ -- -type: long -example: -5400 +[float] +== ecs fields -Timezone offset of the host in seconds. -Number of seconds relative to UTC. If the offset is -01:30 the value will be -5400. +Meta-information specific to ECS. --- -*`device.type`*:: +*`ecs.version`*:: + -- type: keyword -example: firewall +example: 1.0.0-beta1 + +required: True -The type of the device the data is coming from. -There is no predefined list of device types. Some examples are `endpoint`, `firewall`, `ids`, `ips`, `proxy`. +ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. +When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. +The current version is 1.0.0-beta1 . -- @@ -2790,7 +2965,7 @@ Error code describing the error. [float] == event fields -The event fields are used for context information about the data itself. +The event fields are used for context information about the log or metric event itself. A log is defined as an event containing details of something that happened. Log events must include the time at which the thing happened. Examples of log events include a process starting on a host, a network packet being sent from a source to a destination, or a network connection between a client and a server being initiated or closed. A metric is defined as an event containing one or more numerical or categorical measurements and the time at which the measurement was taken. Examples of metric events include memory pressure measured on a host, or vulnerabilities measured on a scanned host. @@ -2804,6 +2979,19 @@ example: 8a4f500d Unique ID to describe the event. +-- + +*`event.kind`*:: ++ +-- +type: keyword + +example: state + +The kind of the event. +This gives information about what type of information the event contains, without being specific to the contents of the event. Examples are `event`, `state`, `alarm`. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. + + -- *`event.category`*:: @@ -2811,36 +2999,47 @@ Unique ID to describe the event. -- type: keyword -example: metrics +example: user-management Event category. -This can be a user defined category. +This contains high-level information about the contents of the event. It is more generic than `event.action`, in the sense that typically a category contains multiple actions. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. -- -*`event.type`*:: +*`event.action`*:: + -- type: keyword -example: nginx-stats-metrics +example: user-password-change -A type given to this kind of event which can be used for grouping. -This is normally defined by the user. +The action captured by the event. +This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer. -- -*`event.action`*:: +*`event.outcome`*:: + -- type: keyword -example: reject +example: success + +The outcome of the event. +If the event describes an action, this fields contains the outcome of that action. Examples outcomes are `success` and `failure`. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution. + + +-- + +*`event.type`*:: ++ +-- +type: keyword -The action captured by the event. The type of action will vary from system to system but is likely to include actions by security services, such as blocking or quarantining; as well as more generic actions such as login events, file i/o or proxy forwarding events. -The value is normally defined by the user. +Reserved for future usage. +Please avoid using this field for user data. -- @@ -2910,29 +3109,24 @@ Hash (perhaps logstash fingerprint) of raw field to be able to demonstrate log i -- -*`event.version`*:: +*`event.duration`*:: + -- -type: keyword - -example: 0.1.0 - -required: True +type: long -The version field contains the version an event for ECS adheres to. -This field should be provided as part of each event to make it possible to detect to which ECS version an event belongs. -event.version is a required field and must exist in all events. It describes which ECS version the event adheres to. -The current version is 0.1.0. +Duration of the event in nanoseconds. +If event.start and event.end are known this value should be the difference between the end and start time. -- -*`event.duration`*:: +*`event.timezone`*:: + -- -type: long +type: keyword -Duration of the event in nanoseconds. +This field should be populated when the event's timestamp does not include timezone information already (e.g. default Syslog timestamps). It's optional otherwise. +Acceptable timezone formats are: a canonical ID (e.g. "Europe/Amsterdam"), abbreviated (e.g. "EST") or an HH:mm differential (e.g. "-05:00"). -- @@ -2949,12 +3143,32 @@ In case the two timestamps are identical, @timestamp should be used. -- -*`event.risk_score`*:: +*`event.start`*:: + -- -type: float +type: date -Risk score or priority of the event (e.g. security solutions). Use your system's original value here. +event.start contains the date when the event started or when the activity was first observed. + + +-- + +*`event.end`*:: ++ +-- +type: date + +event.end contains the date when the event ended or when the activity was last observed. + + +-- + +*`event.risk_score`*:: ++ +-- +type: float + +Risk score or priority of the event (e.g. security solutions). Use your system's original value here. -- @@ -2973,45 +3187,25 @@ This is mainly useful if you use more than one system that assigns risk scores, [float] == file fields -File fields provide details about each file. +A file is defined as a set of information that has been created on, or has existed on a filesystem. File objects can be associated with host events, network events, and/or file events (e.g., those produced by File Integrity Monitoring [FIM] products or services). File fields provide details about the affected file associated with the event or metric. *`file.path`*:: + -- -type: text - -Path to the file. - -*`file.path.raw`*:: -+ --- type: keyword -Path to the file. This is a non-analyzed field that is useful for aggregations. - - --- +Path to the file. -- *`file.target_path`*:: + -- -type: text - -Target path for symlinks. - -*`file.target_path.raw`*:: -+ --- type: keyword -Path to the file. This is a non-analyzed field that is useful for aggregations. - - --- +Target path for symlinks. -- @@ -3131,193 +3325,284 @@ Last time file metadata changed. -- [float] -== geo fields +== group fields -Geo fields can carry data about a specific location related to an event or geo information for an IP field. +The group fields are meant to represent groups that are relevant to the event. -*`geo.continent_name`*:: +*`group.id`*:: + -- type: keyword -Name of the continent. +Unique identifier for the group on the system/platform. -- -*`geo.country_iso_code`*:: +*`group.name`*:: + -- type: keyword -Country ISO code. +Name of the group. -- -*`geo.location`*:: +[float] +== host fields + +A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or on which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes. + + + +*`host.hostname`*:: + -- -type: geo_point +type: keyword -Longitude and latitude. +Hostname of the host. +It normally contains what the `hostname` command returns on the host machine. -- -*`geo.region_name`*:: +*`host.name`*:: + -- type: keyword -Region name. +Name of the host. +It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. -- -*`geo.city_name`*:: +*`host.id`*:: + -- type: keyword -City name. +Unique host id. +As hostname is not always unique, use values that are meaningful in your environment. +Example: The current usage of `beat.name`. + + +-- + +*`host.ip`*:: ++ +-- +type: ip + +Host ip address. + + +-- + +*`host.mac`*:: ++ +-- +type: keyword + +Host mac address. + + +-- + +*`host.type`*:: ++ +-- +type: keyword + +Type of host. +For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. + + +-- + +*`host.architecture`*:: ++ +-- +type: keyword + +example: x86_64 + +Operating system architecture. -- [float] -== host fields +== os fields -Host fields provide information related to a host. A host can be a physical machine, a virtual machine, or a Docker container. -Normally the host information is related to the machine on which the event was generated/collected, but they can be used differently if needed. +The OS fields contain information about the operating system. -*`host.timezone.offset.sec`*:: +*`host.os.platform`*:: + -- -type: long +type: keyword -example: -5400 +example: darwin -Timezone offset of the host in seconds. -Number of seconds relative to UTC. If the offset is -01:30 the value will be -5400. +Operating system platform (such centos, ubuntu, windows). -- -*`host.name`*:: +*`host.os.name`*:: + -- type: keyword -host.name is the hostname of the host. -It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. +example: Mac OS X + +Operating system name. -- -*`host.id`*:: +*`host.os.family`*:: + -- type: keyword -Unique host id. -As hostname is not always unique, use values that are meaningful in your environment. -Example: The current usage of `beat.name`. +example: debian + +OS family (such as redhat, debian, freebsd, windows). -- -*`host.ip`*:: +*`host.os.version`*:: + -- -type: ip +type: keyword -Host ip address. +example: 10.12.6-rc2 + +Operating system version as a raw string. -- -*`host.mac`*:: +*`host.os.kernel`*:: + -- type: keyword -Host mac address. +example: 4.4.0-112-generic + +Operating system kernel version as a raw string. -- -*`host.type`*:: +[float] +== geo fields + +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + + + +*`host.geo.location`*:: ++ +-- +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +Longitude and latitude. + + +-- + +*`host.geo.continent_name`*:: + -- type: keyword -Type of host. -For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. +example: North America + +Name of the continent. -- -*`host.os.platform`*:: +*`host.geo.country_name`*:: + -- type: keyword -example: darwin +example: Canada -Operating system platform (centos, ubuntu, windows, etc.) +Country name. -- -*`host.os.name`*:: +*`host.geo.region_name`*:: + -- type: keyword -example: Mac OS X +example: Quebec -Operating system name. +Region name. -- -*`host.os.family`*:: +*`host.geo.city_name`*:: + -- type: keyword -example: debian +example: Montreal -OS family (redhat, debian, freebsd, windows, etc.) +City name. -- -*`host.os.version`*:: +*`host.geo.country_iso_code`*:: + -- type: keyword -example: 10.12.6 +example: CA -Operating system version. +Country ISO code. -- -*`host.architecture`*:: +*`host.geo.region_iso_code`*:: + -- type: keyword -example: x86_64 +example: CA-QC -Operating system architecture. +Region ISO code. + + +-- + +*`host.geo.name`*:: ++ +-- +type: keyword + +example: boston-dc + +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. -- @@ -3325,7 +3610,7 @@ Operating system architecture. [float] == http fields -Fields related to HTTP requests and responses. +Fields related to HTTP activity. @@ -3339,6 +3624,18 @@ example: GET, POST, PUT Http request method. +-- + +*`http.request.referrer`*:: ++ +-- +type: keyword + +example: https://blog.example.com/ + +Referrer for this HTTP request. + + -- *`http.response.status_code`*:: @@ -3356,7 +3653,7 @@ Http response status code. *`http.response.body`*:: + -- -type: text +type: keyword example: Hello world @@ -3417,1155 +3714,1528 @@ Field is not indexed. [float] == network fields -Fields related to network data. +The network is defined as the communication path over which a host or network event happens. The network.* fields should be populated with details about the network activity associated with an event. *`network.name`*:: + -- -type: text +type: keyword example: Guest Wifi Name given by operators to sections of their network. -*`network.name.raw`*:: +-- + +*`network.type`*:: + -- type: keyword -Name given by operators to sections of their network. +example: IPv4 +In the OSI Model this would be the Network Layer. IPv4, IPv6, IPSec, PIM, etc --- -- -*`network.protocol`*:: +*`network.iana_number`*:: + -- type: keyword -example: http +example: 6 -Network protocol name. +IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Standardized list of protocols. This aligns well with NetFlow and sFlow related logs which use the IANA Protocol Number. -- -*`network.direction`*:: +*`network.transport`*:: + -- type: keyword -example: inbound +example: TCP -Direction of the network traffic. -Recommended values are: - * inbound - * outbound - * unknown +Same as network.iana_number, but instead using the Keyword name of the transport layer (UDP, TCP, IPv6-ICMP, etc.) -- -*`network.forwarded_ip`*:: +*`network.application`*:: + -- -type: ip +type: keyword -example: 192.1.1.2 +example: AIM -Host IP address when the source IP address is the proxy. +A name given to an application. This can be arbitrarily assigned for things like microservices, but also apply to things like skype, icq, facebook, twitter. This would be used in situations where the vendor or service can be decoded such as from the source/dest IP owners, ports, or wire format. -- -*`network.inbound.bytes`*:: +*`network.protocol`*:: + -- -type: long +type: keyword -example: 184 +example: http -Network inbound bytes. +L7 Network protocol name. ex. http, lumberjack, transport protocol -- -*`network.inbound.packets`*:: +*`network.direction`*:: + -- -type: long +type: keyword -example: 12 +example: inbound + +Direction of the network traffic. +Recommended values are: + * inbound + * outbound + * internal + * external + * unknown -Network inbound packets. +When mapping events from a host-based monitoring context, populate this field from the host's point of view. +When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of your network perimeter. -- -*`network.outbound.bytes`*:: +*`network.forwarded_ip`*:: + -- -type: long +type: ip -example: 184 +example: 192.1.1.2 -Network outbound bytes. +Host IP address when the source IP address is the proxy. -- -*`network.outbound.packets`*:: +*`network.community_id`*:: + -- -type: long +type: keyword -example: 12 +example: 1:hO+sN4H+MG5MY/8hIrXPqc4ZQz0= -Network outbound packets. +A hash of source and destination IPs and ports, as well as the protocol used in a communication. This is a tool-agnostic standard to identify flows. +Learn more at https://github.com/corelight/community-id-spec. -- -*`network.total.bytes`*:: +*`network.bytes`*:: + -- type: long example: 368 -Network total bytes. The sum of inbound.bytes + outbound.bytes. +Total bytes transferred in both directions. +If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. -- -*`network.total.packets`*:: +*`network.packets`*:: + -- type: long example: 24 -Network outbound packets. The sum of inbound.packets + outbound.packets +Total packets transferred in both directions. +If `source.packets` and `destination.packets` are known, `network.packets` is their sum. -- [float] -== organization fields +== observer fields -The organization fields enrich data with information about the company or entity the data is associated with. These fields help you arrange or filter data stored in an index by one or multiple organizations. +An observer is defined as a special network, security, or application device used to detect, observe, or create network, security, or application-related events and metrics. This could be a custom hardware appliance or a server that has been configured to run special network, security, or application software. Examples include firewalls, intrusion detection/prevention systems, network monitoring sensors, web application firewalls, data loss prevention systems, and APM servers. The observer.* fields shall be populated with details of the system, if any, that detects, observes and/or creates a network, security, or application event or metric. Message queues and ETL components used in processing events or metrics are not considered observers in ECS. -*`organization.name`*:: +*`observer.mac`*:: + -- -type: text +type: keyword -Organization name. +MAC address of the observer -- -*`organization.id`*:: +*`observer.ip`*:: + -- -type: keyword +type: ip -Unique identifier for the organization. +IP address of the observer. -- -[float] -== os fields +*`observer.hostname`*:: ++ +-- +type: keyword -The OS fields contain information about the operating system. These fields are often used inside other prefixes, such as `host.os.*` or `user_agent.os.*`. +Hostname of the observer. +-- -*`os.platform`*:: +*`observer.vendor`*:: + -- type: keyword -example: darwin - -Operating system platform (such centos, ubuntu, windows). - - --- - -*`os.name`*:: -+ --- -type: keyword - -example: Mac OS X - -Operating system name. +observer vendor information. -- -*`os.family`*:: +*`observer.version`*:: + -- type: keyword -example: debian - -OS family (such as redhat, debian, freebsd, windows). +Observer version. -- -*`os.version`*:: +*`observer.serial_number`*:: + -- type: keyword -example: 10.12.6-rc2 - -Operating system version as a raw string. +Observer serial number. -- -*`os.kernel`*:: +*`observer.type`*:: + -- type: keyword -example: 4.4.0-112-generic +example: firewall -Operating system kernel version as a raw string. +The type of the observer the data is coming from. +There is no predefined list of observer types. Some examples are `forwarder`, `firewall`, `ids`, `ips`, `proxy`, `poller`, `sensor`, `APM server`. -- [float] -== process fields +== os fields -These fields contain information about a process. These fields can help you correlate metrics information with a process id/name from a log message. The `process.pid` often stays in the metric itself and is copied to the global field for correlation. +The OS fields contain information about the operating system. -*`process.args`*:: +*`observer.os.platform`*:: + -- type: keyword -example: ['-l', 'user', '10.0.0.16'] +example: darwin -Process arguments. -May be filtered to protect sensitive information. +Operating system platform (such centos, ubuntu, windows). -- -*`process.name`*:: +*`observer.os.name`*:: + -- type: keyword -example: ssh +example: Mac OS X -Process name. -Sometimes called program name or similar. +Operating system name. -- -*`process.pid`*:: +*`observer.os.family`*:: + -- -type: long +type: keyword -Process id. +example: debian + +OS family (such as redhat, debian, freebsd, windows). -- -*`process.ppid`*:: +*`observer.os.version`*:: + -- -type: long +type: keyword -Process parent id. +example: 10.12.6-rc2 + +Operating system version as a raw string. -- -*`process.title`*:: +*`observer.os.kernel`*:: + -- type: keyword -Process title. -The proctitle, often the same as process name. +example: 4.4.0-112-generic + +Operating system kernel version as a raw string. -- [float] -== service fields +== geo fields -The service fields describe the service for or from which the data was collected. These fields help you find and correlate logs for a specific service and version. +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. -*`service.id`*:: +*`observer.geo.location`*:: + -- -type: keyword +type: geo_point -example: d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6 +example: { "lon": -73.614830, "lat": 45.505918 } -Unique identifier of the running service. -This id should uniquely identify this service. This makes it possible to correlate logs and metrics for one specific service. -Example: If you are experiencing issues with one redis instance, you can filter on that id to see metrics and logs for that single instance. +Longitude and latitude. -- -*`service.name`*:: +*`observer.geo.continent_name`*:: + -- type: keyword -example: elasticsearch +example: North America -Name of the service data is collected from. -The name can be used to group and correlate logs and metrics from one service. -Example: If logs or metrics are collected from Redis, `service.name` would be `redis`. +Name of the continent. -- -*`service.type`*:: +*`observer.geo.country_name`*:: + -- type: keyword -Service type. +example: Canada + +Country name. -- -*`service.state`*:: +*`observer.geo.region_name`*:: + -- type: keyword -Current state of the service. +example: Quebec + +Region name. -- -*`service.version`*:: +*`observer.geo.city_name`*:: + -- type: keyword -example: 3.2.4 +example: Montreal -Version of the service the data was collected from. -This allows to look at a data set only for a specific version of a service. +City name. -- -*`service.ephemeral_id`*:: +*`observer.geo.country_iso_code`*:: + -- type: keyword -example: 8a4f500f +example: CA -Ephemeral identifier of this service (if one exists). -This id normally changes across restarts, but `service.id` does not. +Country ISO code. -- -[float] -== source fields +*`observer.geo.region_iso_code`*:: ++ +-- +type: keyword -Source fields describe details about the source of the event. +example: CA-QC +Region ISO code. -*`source.ip`*:: +-- + +*`observer.geo.name`*:: + -- -type: ip +type: keyword -IP address of the source. -Can be one or multiple IPv4 or IPv6 addresses. +example: boston-dc +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. --- -*`source.port`*:: -+ -- -type: long -Port of the source. +[float] +== organization fields +The organization fields enrich data with information about the company or entity the data is associated with. These fields help you arrange or filter data stored in an index by one or multiple organizations. --- -*`source.mac`*:: + +*`organization.name`*:: + -- type: keyword -MAC address of the source. +Organization name. -- -*`source.domain`*:: +*`organization.id`*:: + -- type: keyword -Source domain. +Unique identifier for the organization. -- [float] -== geo fields +== os fields -Geolocation for source. +The OS fields contain information about the operating system. -*`source.geo.continent_name`*:: + +*`os.platform`*:: + -- type: keyword -Name of the continent. +example: darwin + +Operating system platform (such centos, ubuntu, windows). -- -*`source.geo.country_iso_code`*:: +*`os.name`*:: + -- type: keyword -Country ISO code. - - --- - -*`source.geo.location`*:: -+ --- -type: geo_point +example: Mac OS X -Longitude and latitude. +Operating system name. -- -*`source.geo.region_name`*:: +*`os.family`*:: + -- type: keyword -Region name. +example: debian + +OS family (such as redhat, debian, freebsd, windows). -- -*`source.geo.city_name`*:: +*`os.version`*:: + -- type: keyword -City name. +example: 10.12.6-rc2 + +Operating system version as a raw string. -- -*`source.geo.region_iso_code`*:: +*`os.kernel`*:: + -- type: keyword -Region ISO code. +example: 4.4.0-112-generic + +Operating system kernel version as a raw string. -- [float] -== url fields +== process fields -URL fields provide a complete URL, with scheme, host, and path. The URL object can be reused in other prefixes, such as `host.url.*` for example. Keep the structure consistent whenever you use URL fields. +These fields contain information about a process. These fields can help you correlate metrics information with a process id/name from a log message. The `process.pid` often stays in the metric itself and is copied to the global field for correlation. -*`url.original`*:: +*`process.pid`*:: + -- -type: keyword - -example: https://elastic.co:443/search?q=elasticsearch#top +type: long -Full url. The field is stored as keyword. -`url.href` is a [multi field](https://www.elastic.co/guide/en/ elasticsearch/reference/6.2/ multi-fields.html#_multi_fields_with_multiple_analyzers). The data is stored as keyword `url.href` and test `url.href.analyzed`. These fields enable you to run a query against part of the url still works splitting up the URL at ingest time. -`href` is an analyzed field so the parsed information can be accessed through `href.analyzed` in queries. +Process id. -- -*`url.scheme`*:: +*`process.name`*:: + -- type: keyword -example: https +example: ssh -Scheme of the request, such as "https". -Note: The `:` is not part of the scheme. +Process name. +Sometimes called program name or similar. -- -*`url.hostname`*:: +*`process.ppid`*:: + -- -type: keyword - -example: elastic.co +type: long -Hostname of the request, such as "elastic.co". -In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `hostname` field. +Process parent id. -- -*`url.port`*:: +*`process.args`*:: + -- -type: integer +type: keyword -example: 443 +example: ['ssh', '-l', 'user', '10.0.0.16'] -Port of the request, such as 443. +Process arguments. +May be filtered to protect sensitive information. -- -*`url.path`*:: +*`process.executable`*:: + -- -type: text +type: keyword -Path of the request, such as "/search". +example: /usr/bin/ssh + +Absolute path to the process executable. -*`url.path.raw`*:: +-- + +*`process.title`*:: + -- type: keyword -URL path. A non-analyzed field that is useful for aggregations. - +Process title. +The proctitle, some times the same as process name. Can also be different: for example a browser setting its title to the web page currently opened. --- -- -*`url.query`*:: +*`process.thread.id`*:: + -- -type: text +type: long -The query field describes the query string of the request, such as "q=elasticsearch". -The `?` is excluded from the query string. If a URL contains no `?`, there is no query field. If there is a `?` but no query, the query field exists with an empty string. The `exists` query can be used to differentiate between the two cases. +example: 4242 + +Thread ID. -*`url.query.raw`*:: +-- + +*`process.start`*:: + -- -type: keyword +type: date -URL query part. A non-analyzed field that is useful for aggregations. +example: 2016-05-23T08:05:34.853Z +The time the process started. --- -- -*`url.fragment`*:: +*`process.working_directory`*:: + -- type: keyword -Portion of the url after the `#`, such as "top". -The `#` is not part of the fragment. +example: /home/alice +The working directory of the process. --- -*`url.username`*:: -+ -- -type: keyword -Username of the request. +[float] +== related fields +This field set is meant to facilitate pivoting around a piece of data. Some pieces of information can be seen in many places in ECS. To facilitate searching for them, append values to their corresponding field in `related.`. A concrete example is IP addresses, which can be under host, observer, source, destination, client, server, and network.forwarded_ip. If you append all IPs to `related.ip`, you can then search for a given IP trivially, no matter where it appeared, by querying `related.ip:a.b.c.d`. --- -*`url.password`*:: + +*`related.ip`*:: + -- -type: keyword +type: ip -Password of the request. +All of the IPs seen on your event. -- [float] -== user fields +== server fields -The user fields describe information about the user that is relevant to the event. Fields can have one entry or multiple entries. If a user has more than one id, provide an array that includes all of them. +A Server is defined as the responder in a network connection for events regarding sessions, connections, or bidirectional flow records. For TCP events, the server is the receiver of the initial SYN packet(s) of the TCP connection. For other protocols, the server is generally the responder in the network transaction. Some systems actually use the term "responder" to refer the server in TCP connections. The server fields describe details about the system acting as the server in the network event. Server fields are usually populated in conjunction with client fields. Server fields are generally not populated for packet-level events. -*`user.id`*:: +*`server.ip`*:: + -- -type: keyword +type: ip -One or multiple unique identifiers of the user. +IP address of the server. +Can be one or multiple IPv4 or IPv6 addresses. -- -*`user.name`*:: +*`server.port`*:: + -- -type: keyword +type: long -Name of the user. -The field is a keyword, and will not be tokenized. +Port of the server. -- -*`user.email`*:: +*`server.mac`*:: + -- type: keyword -User email address. +MAC address of the server. -- -*`user.hash`*:: +*`server.domain`*:: + -- type: keyword -Unique user hash to correlate information for a user in anonymized form. -Useful if `user.id` or `user.name` contain confidential information and cannot be used. +Server domain. -- -[float] -== user_agent fields +*`server.bytes`*:: ++ +-- +type: long -The user_agent fields normally come from a browser request. They often show up in web service logs coming from the parsed user agent string. +example: 184 +Bytes sent from the server to the client. -*`user_agent.original`*:: -+ -- -type: text -Unparsed version of the user_agent. +*`server.packets`*:: ++ +-- +type: long + +example: 12 + +Packets sent from the server to the client. -- -*`user_agent.device`*:: +[float] +== geo fields + +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + + + +*`server.geo.location`*:: ++ +-- +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +Longitude and latitude. + + +-- + +*`server.geo.continent_name`*:: + -- type: keyword -Name of the physical device. +example: North America + +Name of the continent. -- -*`user_agent.version`*:: +*`server.geo.country_name`*:: + -- type: keyword -Version of the physical device. +example: Canada + +Country name. -- -*`user_agent.major`*:: +*`server.geo.region_name`*:: + -- -type: long +type: keyword -Major version of the user agent. +example: Quebec + +Region name. -- -*`user_agent.minor`*:: +*`server.geo.city_name`*:: + -- -type: long +type: keyword -Minor version of the user agent. +example: Montreal + +City name. -- -*`user_agent.patch`*:: +*`server.geo.country_iso_code`*:: + -- type: keyword -Patch version of the user agent. +example: CA + +Country ISO code. -- -*`user_agent.name`*:: +*`server.geo.region_iso_code`*:: + -- type: keyword -example: Chrome +example: CA-QC -Name of the user agent. +Region ISO code. -- -*`user_agent.os.name`*:: +*`server.geo.name`*:: + -- type: keyword -Name of the operating system. +example: boston-dc + +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. -- -*`user_agent.os.version`*:: +[float] +== service fields + +The service fields describe the service for or from which the data was collected. These fields help you find and correlate logs for a specific service and version. + + + +*`service.id`*:: + -- type: keyword -Version of the operating system. +example: d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6 + +Unique identifier of the running service. +This id should uniquely identify this service. This makes it possible to correlate logs and metrics for one specific service. +Example: If you are experiencing issues with one redis instance, you can filter on that id to see metrics and logs for that single instance. -- -*`user_agent.os.major`*:: +*`service.name`*:: + -- -type: long +type: keyword -Major version of the operating system. +example: elasticsearch-metrics + +Name of the service data is collected from. +The name of the service is normally user given. This allows if two instances of the same service are running on the same machine they can be differentiated by the `service.name`. +Also it allows for distributed services that run on multiple hosts to correlate the related instances based on the name. +In the case of Elasticsearch the service.name could contain the cluster name. For Beats the service.name is by default a copy of the `service.type` field if no name is specified. -- -*`user_agent.os.minor`*:: +*`service.type`*:: ++ +-- +type: keyword + +example: elasticsearch + +The type of the service data is collected from. +The type can be used to group and correlate logs and metrics from one service type. +Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. + + +-- + +*`service.state`*:: ++ +-- +type: keyword + +Current state of the service. + + +-- + +*`service.version`*:: ++ +-- +type: keyword + +example: 3.2.4 + +Version of the service the data was collected from. +This allows to look at a data set only for a specific version of a service. + + +-- + +*`service.ephemeral_id`*:: ++ +-- +type: keyword + +example: 8a4f500f + +Ephemeral identifier of this service (if one exists). +This id normally changes across restarts, but `service.id` does not. + + +-- + +[float] +== source fields + +Source fields describe details about the source of a packet/event. Source fields are usually populated in conjunction with destination fields. + + + +*`source.ip`*:: ++ +-- +type: ip + +IP address of the source. +Can be one or multiple IPv4 or IPv6 addresses. + + +-- + +*`source.port`*:: + -- type: long -Minor version of the operating system. +Port of the source. -- -*`beat.name`*:: +*`source.mac`*:: + -- -type: alias +type: keyword + +MAC address of the source. -alias to: agent.type -- -*`beat.hostname`*:: +*`source.domain`*:: + -- -type: alias +type: keyword + +Source domain. -alias to: agent.hostname -- -[[exported-fields-flows_event]] -== Flow Event fields +*`source.bytes`*:: ++ +-- +type: long -These fields contain data about the flow itself. +example: 184 +Bytes sent from the source to the destination. -*`start_time`*:: +-- + +*`source.packets`*:: + -- -type: date +type: long -example: 2015-01-24 14:06:05.071000 +example: 12 -format: YYYY-MM-DDTHH:MM:SS.milliZ +Packets sent from the source to the destination. -required: True -The time, the first packet for the flow has been seen. +-- + +[float] +== geo fields + +Geo fields can carry data about a specific location related to an event or geo information derived from an IP field. + +*`source.geo.location`*:: ++ -- +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +Longitude and latitude. + -*`last_time`*:: +-- + +*`source.geo.continent_name`*:: + -- -type: date +type: keyword -example: 2015-01-24 14:06:05.071000 +example: North America -format: YYYY-MM-DDTHH:MM:SS.milliZ +Name of the continent. -required: True -The time, the most recent processed packet for the flow has been seen. +-- + +*`source.geo.country_name`*:: ++ +-- +type: keyword + +example: Canada + +Country name. -- -*`final`*:: +*`source.geo.region_name`*:: + -- -Indicates if event is last event in flow. If final is false, the event reports an intermediate flow state only. +type: keyword + +example: Quebec + +Region name. -- -*`flow_id`*:: +*`source.geo.city_name`*:: + -- -Internal flow id based on connection meta data and address. +type: keyword + +example: Montreal + +City name. -- -*`vlan`*:: +*`source.geo.country_iso_code`*:: + -- -Innermost VLAN address used in network packets. +type: keyword + +example: CA + +Country ISO code. -- -*`outer_vlan`*:: +*`source.geo.region_iso_code`*:: + -- -Second innermost VLAN address used in network packets. +type: keyword + +example: CA-QC + +Region ISO code. + + +-- + +*`source.geo.name`*:: ++ +-- +type: keyword + +example: boston-dc + +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. -- [float] -== source fields +== url fields -Properties of the source host +URL fields provide a complete URL, with scheme, host, and path. -*`source.ip_location`*:: +*`url.original`*:: + -- -type: geo_point +type: keyword -example: 40.715, -74.011 +example: https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch -The GeoIP location of the `ip_source` IP address. The field is a string containing the latitude and longitude separated by a comma. + +Unmodified original url as seen in the event source. +Note that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path. +This field is meant to represent the URL as it was observed, complete or not. -- -*`source.outer_ip`*:: +*`url.full`*:: + -- -Second innermost IPv4 source address as indicated by first packet seen for the current flow. +type: keyword + +example: https://www.elastic.co:443/search?q=elasticsearch#top + +If full URLs are important to your use case, they should be stored in `url.full`, whether this field is reconstructed or present in the event source. -- -*`source.outer_ip_location`*:: +*`url.scheme`*:: + -- -type: geo_point +type: keyword -example: 40.715, -74.011 +example: https -The GeoIP location of the `outer_ip_source` IP address. The field is a string containing the latitude and longitude separated by a comma. +Scheme of the request, such as "https". +Note: The `:` is not part of the scheme. -- -*`source.ipv6`*:: +*`url.domain`*:: + -- -Innermost IPv6 source address as indicated by first packet seen for the current flow. +type: keyword + +example: www.elastic.co + +Domain of the request, such as "www.elastic.co". +In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field. -- -*`source.ipv6_location`*:: +*`url.port`*:: + -- -type: geo_point +type: integer -example: 60.715, -76.011 +example: 443 -The GeoIP location of the `ipv6_source` IP address. The field is a string containing the latitude and longitude separated by a comma. +Port of the request, such as 443. -- -*`source.outer_ipv6`*:: +*`url.path`*:: + -- -Second innermost IPv6 source address as indicated by first packet seen for the current flow. +type: keyword + +Path of the request, such as "/search". -- -*`source.outer_ipv6_location`*:: +*`url.query`*:: + -- -type: geo_point +type: keyword + +The query field describes the query string of the request, such as "q=elasticsearch". +The `?` is excluded from the query string. If a URL contains no `?`, there is no query field. If there is a `?` but no query, the query field exists with an empty string. The `exists` query can be used to differentiate between the two cases. + + +-- + +*`url.fragment`*:: ++ +-- +type: keyword + +Portion of the url after the `#`, such as "top". +The `#` is not part of the fragment. + -example: 60.715, -76.011 +-- + +*`url.username`*:: ++ +-- +type: keyword + +Username of the request. + + +-- + +*`url.password`*:: ++ +-- +type: keyword -The GeoIP location of the `outer_ipv6_source` IP address. The field is a string containing the latitude and longitude separated by a comma. +Password of the request. -- [float] -== stats fields +== user fields -Object with source to destination flow measurements. +The user fields describe information about the user that is relevant to the event. Fields can have one entry or multiple entries. If a user has more than one id, provide an array that includes all of them. -*`source.stats.net_packets_total`*:: +*`user.id`*:: + -- -type: long +type: keyword -Total number of packets +One or multiple unique identifiers of the user. -- -*`source.stats.net_bytes_total`*:: +*`user.name`*:: + -- -type: long +type: keyword + +example: albert -Total number of bytes +Short name or login of the user. + + +-- + +*`user.full_name`*:: ++ +-- +type: keyword + +example: Albert Einstein + +User's full name, if available. + + +-- + +*`user.email`*:: ++ +-- +type: keyword + +User email address. + + +-- + +*`user.hash`*:: ++ +-- +type: keyword + +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + + +-- + +*`user.group`*:: ++ +-- +type: keyword + +Group the user is a part of. This field can contain a list of groups, if necessary. -- [float] -== dest fields +== user_agent fields -Properties of the destination host +The user_agent fields normally come from a browser request. They often show up in web service logs coming from the parsed user agent string. -*`dest.mac`*:: +*`user_agent.original`*:: + -- -Destination MAC address as indicated by first packet seen for the current flow. +type: keyword + +example: Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1 + +Unparsed version of the user_agent. +Field is not indexed. + -- -*`dest.ip`*:: +*`user_agent.name`*:: + -- -Innermost IPv4 destination address as indicated by first packet seen for the current flow. +type: keyword + +example: Safari + +Name of the user agent. -- -*`dest.ip_location`*:: +*`user_agent.version`*:: + -- -type: geo_point +type: keyword -example: 40.715, -74.011 +example: 12.0 -The GeoIP location of the `ip_dest` IP address. The field is a string containing the latitude and longitude separated by a comma. +Version of the user agent. -- -*`dest.outer_ip`*:: +*`user_agent.device.name`*:: + -- -Second innermost IPv4 destination address as indicated by first packet seen for the current flow. +type: keyword + +example: iPhone + +Name of the device. -- -*`dest.outer_ip_location`*:: +[float] +== os fields + +The OS fields contain information about the operating system. + + + +*`user_agent.os.platform`*:: + -- -type: geo_point +type: keyword -example: 40.715, -74.011 +example: darwin -The GeoIP location of the `outer_ip_dest` IP address. The field is a string containing the latitude and longitude separated by a comma. +Operating system platform (such centos, ubuntu, windows). -- -*`dest.ipv6`*:: +*`user_agent.os.name`*:: + -- -Innermost IPv6 destination address as indicated by first packet seen for the current flow. +type: keyword + +example: Mac OS X + +Operating system name. -- -*`dest.ipv6_location`*:: +*`user_agent.os.family`*:: + -- -type: geo_point +type: keyword -example: 60.715, -76.011 +example: debian -The GeoIP location of the `ipv6_dest` IP address. The field is a string containing the latitude and longitude separated by a comma. +OS family (such as redhat, debian, freebsd, windows). -- -*`dest.outer_ipv6`*:: +*`user_agent.os.version`*:: + -- -Second innermost IPv6 destination address as indicated by first packet seen for the current flow. +type: keyword + +example: 10.12.6-rc2 + +Operating system version as a raw string. -- -*`dest.outer_ipv6_location`*:: +*`user_agent.os.kernel`*:: + -- -type: geo_point +type: keyword -example: 60.715, -76.011 +example: 4.4.0-112-generic -The GeoIP location of the `outer_ipv6_dest` IP address. The field is a string containing the latitude and longitude separated by a comma. +Operating system kernel version as a raw string. -- -*`dest.port`*:: +*`beat.name`*:: + -- -Destination port number as indicated by first packet seen for the current flow. +type: alias +alias to: agent.type -- -[float] -== stats fields +*`beat.hostname`*:: ++ +-- +type: alias -Object with destination to source flow measurements. +alias to: agent.hostname +-- +*`agent.hostname`*:: ++ +-- +type: keyword + +Hostname of the agent. + + +-- -*`dest.stats.net_packets_total`*:: +*`user_agent.patch`*:: + -- -type: long +type: keyword -Total number of packets +Patch version of the user agent. -- -*`dest.stats.net_bytes_total`*:: +*`user_agent.minor`*:: + -- -type: long +type: keyword -Total number of bytes +Minor version of the user agent. -- -*`icmp_id`*:: +*`user_agent.major`*:: + -- -ICMP id used in ICMP based flow. +type: keyword + +Major version of the user agent. -- -*`connection_id`*:: +*`user_agent.device`*:: + -- -optional TCP connection id +type: keyword + +Name of the physical device. -- -[[exported-fields-host-processor]] -== Host fields +*`user_agent.os.major`*:: ++ +-- +type: long -Info collected for the host machine. +Major version of the operating system. + + +-- + +*`user_agent.os.minor`*:: ++ +-- +type: long +Minor version of the operating system. +-- -*`host.os.kernel`*:: +*`url.hostname`*:: + -- type: keyword -The operating system's kernel version. +Hostname of the request, such as "elastic.co". -- +[[exported-fields-flows_event]] +== Flow Event fields + +These fields contain data about the flow itself. + + + +*`flow.final`*:: ++ +-- +type: boolean + +Indicates if event is last event in flow. If final is false, the event reports an intermediate flow state only. + + +-- + +*`flow.id`*:: ++ +-- +Internal flow ID based on connection meta data and address. + + +-- + +*`flow.vlan`*:: ++ +-- +type: long + +VLAN identifier from the 802.1q frame. In case of a multi-tagged frame this field will be an array with the outer tag's VLAN identifier listed first. + + +-- + +[[exported-fields-host-processor]] +== Host fields + +Info collected for the host machine. + + [[exported-fields-http]] == HTTP fields diff --git a/packetbeat/docs/packetbeat-options.asciidoc b/packetbeat/docs/packetbeat-options.asciidoc index 52741d4837c..9cdd06255ef 100644 --- a/packetbeat/docs/packetbeat-options.asciidoc +++ b/packetbeat/docs/packetbeat-options.asciidoc @@ -284,45 +284,51 @@ Here’s an example of a flow information sent by Packetbeat. See ["source","json",subs="attributes"] -------------------------------------------------------------------------------- { - "@timestamp": "2017-05-03T19:42:40.003Z", - "beat": { + "@timestamp": "2018-11-15T14:41:24.000Z", + "agent": { "hostname": "host.example.com", "name": "host.example.com", "version": "{stack-version}" }, - "connection_id": "AQAAAAAAAAA=", - "dest": { - "ip": "192.0.2.0", - "mac": "fe:ff:20:00:01:00", - "port": 80, - "stats": { - "net_bytes_total": 19236, - "net_packets_total": 16 - } + "destination": { + "bytes": 460, + "ip": "198.51.100.2", + "mac": "06:05:04:03:02:01", + "packets": 2, + "port": 80 }, - "final": false, <1> - "flow_id": "EQwA////DP//////FBgBAAEAAAEAAAD+/yAAAQCR/qDtQdDk3ywNUAABAAAAAAAAAA", - "last_time": "2017-05-03T19:42:24.151Z", - "source": { - "ip": "203.0.113.0", - "mac": "00:00:01:00:00:00", - "port": 3372, - "stats": { - "net_bytes_total": 1243, - "net_packets_total": 14 - } + "event": { + "duration": 3000000000, + "end": "2018-11-15T14:41:24.000Z", + "start": "2018-11-15T14:41:21.000Z", + "type": "flow" + }, + "flow": { + "final": true, <1> + "id": "FQQA/wz/Dv//////Fv8BAQEBAgMEBQYGBQQDAgGrAMsAcQPGM2QC9ZdQAA", + "vlan": 171 + }, + "network": { + "bytes": 470, + "packets": 3, + "transport": "tcp", + "type": "ipv4" }, - "start_time": "2017-05-03T19:42:24.151Z", - "transport": "tcp", - "type": "flow" + "source": { + "bytes": 10, + "ip": "203.0.113.3", + "mac": "01:02:03:04:05:06", + "packets": 1, + "port": 38901 + } } -------------------------------------------------------------------------------- -<1> Packetbeat sets the `final` flag to `false` to indicate that the event +<1> Packetbeat sets the `flow.final` flag to `false` to indicate that the event contains an intermediate report about a flow that it's tracking. When the flow -completes, Packetbeat sends one last event with `final` set to `true`. If you -want to aggregate sums of traffic, you need to filter on `final:true`, or use -some other technique, so that you get only the latest update from each flow. +completes, Packetbeat sends one last event with `flow.final` set to `true`. If +you want to aggregate sums of traffic, you need to filter on `final:true`, or +use some other technique, so that you get only the latest update from each flow. You can disable intermediate reports by setting `period: -1s`. [float] diff --git a/packetbeat/flows/flows_test.go b/packetbeat/flows/flows_test.go index b76e8c59344..06c903bd2a4 100644 --- a/packetbeat/flows/flows_test.go +++ b/packetbeat/flows/flows_test.go @@ -131,7 +131,8 @@ func TestFlowsCounting(t *testing.T) { t.Logf("event: %v", event) source := event["source"].(common.MapStr) - dest := event["dest"].(common.MapStr) + dest := event["destination"].(common.MapStr) + network := event["network"].(common.MapStr) // validate generated event assert.Equal(t, net.HardwareAddr(mac1).String(), source["mac"]) @@ -140,9 +141,9 @@ func TestFlowsCounting(t *testing.T) { assert.Equal(t, net.IP(ip2).String(), dest["ip"]) assert.Equal(t, uint16(256), source["port"]) assert.Equal(t, uint16(512), dest["port"]) - assert.Equal(t, "tcp", event["transport"]) + assert.Equal(t, "tcp", network["transport"]) - stat := source["stats"].(map[string]interface{}) + stat := source assert.Equal(t, int64(-1), stat["int1"]) assert.Equal(t, nil, stat["int2"]) assert.Equal(t, uint64(1), stat["uint1"]) @@ -150,7 +151,7 @@ func TestFlowsCounting(t *testing.T) { assert.Equal(t, 3.14, stat["float1"]) assert.Equal(t, nil, stat["float2"]) - stat = dest["stats"].(map[string]interface{}) + stat = dest assert.Equal(t, nil, stat["int1"]) assert.Equal(t, int64(-1), stat["int2"]) assert.Equal(t, nil, stat["uint1"]) diff --git a/packetbeat/flows/worker.go b/packetbeat/flows/worker.go index 8ce9bdbc901..2cc97c24d08 100644 --- a/packetbeat/flows/worker.go +++ b/packetbeat/flows/worker.go @@ -18,7 +18,6 @@ package flows import ( - "encoding/base64" "encoding/binary" "errors" "net" @@ -206,14 +205,22 @@ func createEvent( intNames, uintNames, floatNames []string, ) beat.Event { timestamp := ts + + event := common.MapStr{ + "start": common.Time(f.createTS), + "end": common.Time(f.ts), + "duration": f.ts.Sub(f.createTS), + "type": "flow", + } + flow := common.MapStr{ + "id": common.NetString(f.id.Serialize()), + "final": isOver, + } fields := common.MapStr{ - "start_time": common.Time(f.createTS), - "last_time": common.Time(f.ts), - "type": "flow", - "flow_id": common.NetString(f.id.Serialize()), - "final": isOver, + "event": event, + "flow": flow, } - + network := common.MapStr{} source := common.MapStr{} dest := common.MapStr{} tuple := common.IPPortTuple{} @@ -227,59 +234,65 @@ func createEvent( // add vlan if vlan := f.id.OutterVLan(); vlan != nil { - fields["outer_vlan"] = binary.LittleEndian.Uint16(vlan) + vlanID := uint64(binary.LittleEndian.Uint16(vlan)) + putOrAppendUint64(flow, "vlan", vlanID) } if vlan := f.id.VLan(); vlan != nil { - fields["vlan"] = binary.LittleEndian.Uint16(vlan) + vlanID := uint64(binary.LittleEndian.Uint16(vlan)) + putOrAppendUint64(flow, "vlan", vlanID) } // add icmp if icmp := f.id.ICMPv4(); icmp != nil { - fields["icmp_id"] = binary.LittleEndian.Uint16(icmp) + network["transport"] = "icmp" } else if icmp := f.id.ICMPv6(); icmp != nil { - fields["icmp_id"] = binary.LittleEndian.Uint16(icmp) + network["transport"] = "ipv6-icmp" } // ipv4 layer meta data if src, dst, ok := f.id.OutterIPv4Addr(); ok { srcIP, dstIP := net.IP(src), net.IP(dst) - source["outer_ip"] = srcIP.String() - dest["outer_ip"] = dstIP.String() + source["ip"] = srcIP.String() + dest["ip"] = dstIP.String() tuple.SrcIP = srcIP tuple.DstIP = dstIP tuple.IPLength = 4 + network["type"] = "ipv4" } if src, dst, ok := f.id.IPv4Addr(); ok { srcIP, dstIP := net.IP(src), net.IP(dst) - source["ip"] = srcIP.String() - dest["ip"] = dstIP.String() + putOrAppendString(source, "ip", srcIP.String()) + putOrAppendString(dest, "ip", dstIP.String()) // Save IPs for process matching if an outer layer was not present if tuple.IPLength == 0 { tuple.SrcIP = srcIP tuple.DstIP = dstIP tuple.IPLength = 4 } + network["type"] = "ipv4" } // ipv6 layer meta data if src, dst, ok := f.id.OutterIPv6Addr(); ok { srcIP, dstIP := net.IP(src), net.IP(dst) - source["outer_ipv6"] = srcIP.String() - dest["outer_ipv6"] = dstIP.String() + putOrAppendString(source, "ip", srcIP.String()) + putOrAppendString(dest, "ip", dstIP.String()) tuple.SrcIP = srcIP tuple.DstIP = dstIP tuple.IPLength = 6 + network["type"] = "ipv6" } if src, dst, ok := f.id.IPv6Addr(); ok { srcIP, dstIP := net.IP(src), net.IP(dst) - source["ipv6"] = net.IP(src).String() - dest["ipv6"] = net.IP(dst).String() + putOrAppendString(source, "ip", srcIP.String()) + putOrAppendString(dest, "ip", dstIP.String()) // Save IPs for process matching if an outer layer was not present if tuple.IPLength == 0 { tuple.SrcIP = srcIP tuple.DstIP = dstIP tuple.IPLength = 6 } + network["type"] = "ipv6" } // udp layer meta data @@ -287,7 +300,7 @@ func createEvent( tuple.SrcPort = binary.LittleEndian.Uint16(src) tuple.DstPort = binary.LittleEndian.Uint16(dst) source["port"], dest["port"] = tuple.SrcPort, tuple.DstPort - fields["transport"] = "udp" + network["transport"] = "udp" proto = applayer.TransportUDP } @@ -296,23 +309,45 @@ func createEvent( tuple.SrcPort = binary.LittleEndian.Uint16(src) tuple.DstPort = binary.LittleEndian.Uint16(dst) source["port"], dest["port"] = tuple.SrcPort, tuple.DstPort - fields["transport"] = "tcp" + network["transport"] = "tcp" proto = applayer.TransportTCP } - if id := f.id.ConnectionID(); id != nil { - fields["connection_id"] = base64.StdEncoding.EncodeToString(id) - } - + var totalBytes, totalPackets uint64 if f.stats[0] != nil { - source["stats"] = encodeStats(f.stats[0], intNames, uintNames, floatNames) + // Source stats. + stats := encodeStats(f.stats[0], intNames, uintNames, floatNames) + for k, v := range stats { + source[k] = v + } + + if v, found := stats["bytes"]; found { + totalBytes += v.(uint64) + } + if v, found := stats["packets"]; found { + totalPackets += v.(uint64) + } } if f.stats[1] != nil { - dest["stats"] = encodeStats(f.stats[1], intNames, uintNames, floatNames) + // Destination stats. + stats := encodeStats(f.stats[1], intNames, uintNames, floatNames) + for k, v := range stats { + dest[k] = v + } + + if v, found := stats["bytes"]; found { + totalBytes += v.(uint64) + } + if v, found := stats["packets"]; found { + totalPackets += v.(uint64) + } } + network["bytes"] = totalBytes + network["packets"] = totalPackets + fields["network"] = network fields["source"] = source - fields["dest"] = dest + fields["destination"] = dest // Set process information if it's available if tuple.IPLength != 0 && tuple.SrcPort != 0 { @@ -376,3 +411,43 @@ func encodeStats( return report } + +func putOrAppendString(m common.MapStr, key, value string) { + old, found := m[key] + if !found { + m[key] = value + return + } + + if old != nil { + switch v := old.(type) { + case string: + m[key] = []string{v, value} + case []string: + m[key] = append(v, value) + } + } +} + +func putOrAppendUint64(m common.MapStr, key string, value uint64) { + old, found := m[key] + if !found { + m[key] = value + return + } + + if old != nil { + switch v := old.(type) { + case uint8: + m[key] = []uint64{uint64(v), value} + case uint16: + m[key] = []uint64{uint64(v), value} + case uint32: + m[key] = []uint64{uint64(v), value} + case uint64: + m[key] = []uint64{uint64(v), value} + case []uint64: + m[key] = append(v, value) + } + } +} diff --git a/packetbeat/flows/worker_test.go b/packetbeat/flows/worker_test.go new file mode 100644 index 00000000000..912c170c37c --- /dev/null +++ b/packetbeat/flows/worker_test.go @@ -0,0 +1,123 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package flows + +import ( + "encoding/json" + "flag" + "io/ioutil" + "testing" + "time" + + "github.com/elastic/beats/libbeat/common" + "github.com/elastic/beats/libbeat/common/mapval" + "github.com/elastic/beats/libbeat/logp" +) + +var ( + // Use `go test -data` to update sample event files. + dataFlag = flag.Bool("data", false, "Write updated data.json files") +) + +func TestCreateEvent(t *testing.T) { + logp.TestingSetup() + + // Build biflow event. + start := time.Unix(1542292881, 0) + end := start.Add(3 * time.Second) + vlan := uint16(171) + mac1 := []byte{1, 2, 3, 4, 5, 6} + mac2 := []byte{6, 5, 4, 3, 2, 1} + ip1 := []byte{203, 0, 113, 3} + ip2 := []byte{198, 51, 100, 2} + port1 := uint16(38901) + port2 := uint16(80) + + id := newFlowID() + id.AddEth(mac1, mac2) + id.AddVLan(vlan) + id.AddIPv4(ip1, ip2) + id.AddTCP(port1, port2) + + bif := &biFlow{ + id: id.rawFlowID, + killed: 1, + createTS: start, + ts: end, + dir: flowDirForward, + } + bif.stats[0] = &flowStats{uintFlags: []uint8{1, 1}, uints: []uint64{10, 1}} + bif.stats[1] = &flowStats{uintFlags: []uint8{1, 1}, uints: []uint64{460, 2}} + event := createEvent(time.Now(), bif, true, nil, []string{"bytes", "packets"}, nil) + + // Validate the contents of the event. + validate := mapval.MustCompile(mapval.Map{ + "source": mapval.Map{ + "mac": "01:02:03:04:05:06", + "ip": "203.0.113.3", + "port": port1, + "bytes": uint64(10), + "packets": uint64(1), + }, + "destination": mapval.Map{ + "mac": "06:05:04:03:02:01", + "ip": "198.51.100.2", + "port": port2, + "bytes": uint64(460), + "packets": uint64(2), + }, + "flow": mapval.Map{ + "id": mapval.KeyPresent, + "final": true, + "vlan": mapval.KeyPresent, + }, + "network": mapval.Map{ + "bytes": uint64(470), + "packets": uint64(3), + "type": "ipv4", + "transport": "tcp", + }, + "event": mapval.Map{ + "start": mapval.KeyPresent, + "end": mapval.KeyPresent, + "duration": mapval.KeyPresent, + "type": "flow", + }, + }) + + result := validate(event.Fields) + if errs := result.Errors(); len(errs) > 0 { + for _, err := range errs { + t.Error(err) + } + t.FailNow() + } + + // Write the event to disk if -data is used. + if *dataFlag { + event.Fields.Put("@timestamp", common.Time(end)) + output, err := json.MarshalIndent(&event.Fields, "", " ") + if err != nil { + t.Fatal(err) + } + + if err := ioutil.WriteFile("../_meta/sample_outputs/flow.json", output, 0644); err != nil { + t.Fatal(err) + } + } +} diff --git a/packetbeat/tests/system/packetbeat.py b/packetbeat/tests/system/packetbeat.py index c614d9cabf5..d1cc555c2b8 100644 --- a/packetbeat/tests/system/packetbeat.py +++ b/packetbeat/tests/system/packetbeat.py @@ -11,7 +11,8 @@ TRANS_REQUIRED_FIELDS = ["@timestamp", "type", "status", "agent.type", "agent.hostname", "agent.version"] -FLOWS_REQUIRED_FIELDS = ["@timestamp", "type", +FLOWS_REQUIRED_FIELDS = ["@timestamp", "event.type", "event.start", + "event.end", "event.duration", "flow.id", "agent.type", "agent.hostname", "agent.version"] @@ -113,7 +114,9 @@ def read_output(self, with open(os.path.join(self.working_dir, output_file), "r") as f: for line in f: document = self.flatten_object(json.loads(line), self.dict_fields) - if not types or document["type"] in types: + if not types or \ + ("type" in document and document["type"] in types) or \ + ("event.type" in document and document["event.type"] in types): jsons.append(document) self.all_have_fields(jsons, required_fields or TRANS_REQUIRED_FIELDS) self.all_fields_are_expected(jsons, self.expected_fields) diff --git a/packetbeat/tests/system/pcaps/802.1q-q-in-q-icmp.pcap b/packetbeat/tests/system/pcaps/802.1q-q-in-q-icmp.pcap new file mode 100644 index 0000000000000000000000000000000000000000..98f14f645a73de1e16294fd893d464e25587e547 GIT binary patch literal 122 zcmca|c+)~A1{MYw`2U}Qff2|tbW{&awqRfg02CL>b9zWjSLK_jSNf? z91N}u3^o!U85kNE=hYlo!N>^2OdJf_F-!~!42em}DXD4c8JStxIk|cH1%*Y$C8cHM GaA5%LiXlh< literal 0 HcmV?d00001 diff --git a/packetbeat/tests/system/test_0060_flows.py b/packetbeat/tests/system/test_0060_flows.py index e6d23780f53..2fae71c4754 100644 --- a/packetbeat/tests/system/test_0060_flows.py +++ b/packetbeat/tests/system/test_0060_flows.py @@ -34,22 +34,22 @@ def test_mysql_flow(self): pprint(objs) assert len(objs) == 1 check_fields(objs[0], { - 'final': True, + 'flow.final': True, 'source.mac': '0a:00:27:00:00:00', - 'dest.mac': '08:00:27:76:d7:41', - 'dest.ip': '192.168.33.14', + 'destination.mac': '08:00:27:76:d7:41', + 'destination.ip': '192.168.33.14', 'source.ip': '192.168.33.1', - 'transport': 'tcp', + 'network.transport': 'tcp', 'source.port': 60137, - 'dest.port': 3306, - 'source.stats.net_packets_total': 22, - 'source.stats.net_bytes_total': 1480, - 'dest.stats.net_packets_total': 10, - 'dest.stats.net_bytes_total': 181133, + 'destination.port': 3306, + 'source.packets': 22, + 'source.bytes': 1480, + 'destination.packets': 10, + 'destination.bytes': 181133, }) - start_ts = parse_timestamp(objs[0]['start_time']) - last_ts = parse_timestamp(objs[0]['last_time']) + start_ts = parse_timestamp(objs[0]['event.start']) + last_ts = parse_timestamp(objs[0]['event.end']) assert last_ts > start_ts def test_memcache_udp_flow(self): @@ -68,16 +68,16 @@ def test_memcache_udp_flow(self): pprint(objs) assert len(objs) == 1 check_fields(objs[0], { - 'final': True, + 'flow.final': True, 'source.mac': 'ac:bc:32:77:41:0b', - 'dest.mac': '08:00:27:dd:3b:28', + 'destination.mac': '08:00:27:dd:3b:28', 'source.ip': '192.168.188.37', - 'dest.ip': '192.168.188.38', - 'transport': 'udp', + 'destination.ip': '192.168.188.38', + 'network.transport': 'udp', 'source.port': 63888, - 'dest.port': 11211, - 'source.stats.net_packets_total': 3, - 'source.stats.net_bytes_total': 280, + 'destination.port': 11211, + 'source.packets': 3, + 'source.bytes': 280, }) def test_icmp4_ping(self): @@ -96,17 +96,16 @@ def test_icmp4_ping(self): pprint(objs) assert len(objs) == 1 check_fields(objs[0], { - 'final': True, + 'flow.final': True, 'source.mac': '00:00:00:00:00:01', - 'dest.mac': '00:00:00:00:00:02', - 'vlan': 10, + 'destination.mac': '00:00:00:00:00:02', + 'flow.vlan': 10, 'source.ip': '10.0.0.1', - 'dest.ip': '10.0.0.2', - 'icmp_id': 5, - 'source.stats.net_bytes_total': 50, - 'source.stats.net_packets_total': 1, - 'dest.stats.net_bytes_total': 50, - 'dest.stats.net_packets_total': 1, + 'destination.ip': '10.0.0.2', + 'source.bytes': 50, + 'source.packets': 1, + 'destination.bytes': 50, + 'destination.packets': 1, }) def test_icmp6_ping(self): @@ -125,15 +124,44 @@ def test_icmp6_ping(self): pprint(objs) assert len(objs) == 1 check_fields(objs[0], { - 'final': True, + 'flow.final': True, + 'flow.vlan': 10, 'source.mac': '00:00:00:00:00:01', - 'dest.mac': '00:00:00:00:00:02', - 'vlan': 10, - 'source.ipv6': '::1', - 'dest.ipv6': '::2', - 'icmp_id': 5, - 'source.stats.net_bytes_total': 70, - 'source.stats.net_packets_total': 1, - 'dest.stats.net_bytes_total': 70, - 'dest.stats.net_packets_total': 1, + 'source.ip': '::1', + 'source.bytes': 70, + 'source.packets': 1, + 'destination.mac': '00:00:00:00:00:02', + 'destination.ip': '::2', + 'destination.bytes': 70, + 'destination.packets': 1, + 'network.bytes': 140, + 'network.packets': 2, + }) + + def test_q_in_q_flow(self): + self.render_config_template( + flows=True, + shutdown_timeout="1s", + ) + self.run_packetbeat( + pcap="802.1q-q-in-q-icmp.pcap", + debug_selectors=["*"]) + + objs = self.read_output( + types=["flow"], + required_fields=FLOWS_REQUIRED_FIELDS) + + pprint(objs) + assert len(objs) == 1 + check_fields(objs[0], { + 'flow.final': True, + 'flow.vlan': [101, 600], + 'source.ip': '192.168.1.1', + 'source.bytes': 82, + 'source.packets': 1, + 'source.mac': '08:00:27:3d:25:4e', + 'destination.mac': '1c:af:f7:70:ed:7c', + 'destination.ip': '192.168.1.2', + 'network.bytes': 82, + 'network.packets': 1, })