From 07a4919cd30894dfb8f710506dca5cab404e397c Mon Sep 17 00:00:00 2001 From: doug Date: Thu, 8 Dec 2022 16:43:11 -0500 Subject: [PATCH] remove old opcua files --- salt/elasticsearch/files/ingest/zeek.opcua | 30 ------------------- .../files/ingest/zeek.opcua_activate_session | 18 ----------- ...pcua_activate_session_client_software_cert | 11 ------- ...eek.opcua_activate_session_diagnostic_info | 10 ------- .../zeek.opcua_activate_session_locale_id | 10 ------- .../files/ingest/zeek.opcua_browse | 16 ---------- .../ingest/zeek.opcua_browse_description | 16 ---------- .../zeek.opcua_browse_response_references | 22 -------------- .../files/ingest/zeek.opcua_browse_result | 11 ------- .../files/ingest/zeek.opcua_create_session | 19 ------------ .../zeek.opcua_create_session_endpoints | 21 ------------- .../zeek.opcua_create_session_user_token | 11 ------- .../ingest/zeek.opcua_create_subscription | 15 ---------- .../files/ingest/zeek.opcua_get_endpoints | 10 ------- .../zeek.opcua_get_endpoints_description | 21 ------------- .../zeek.opcua_get_endpoints_user_token | 11 ------- .../ingest/zeek.opcua_opensecure_channel | 15 ---------- .../files/ingest/zeek.opcua_read | 10 ------- .../ingest/zeek.opcua_read_nodes_to_read | 16 ---------- .../files/ingest/zeek.opcua_read_results | 12 -------- .../files/ingest/zeek.opcua_read_results_link | 10 ------- .../ingest/zeek.opcua_status_code_detail | 21 ------------- 22 files changed, 336 deletions(-) delete mode 100644 salt/elasticsearch/files/ingest/zeek.opcua delete mode 100644 salt/elasticsearch/files/ingest/zeek.opcua_activate_session delete mode 100644 salt/elasticsearch/files/ingest/zeek.opcua_activate_session_client_software_cert delete mode 100644 salt/elasticsearch/files/ingest/zeek.opcua_activate_session_diagnostic_info delete mode 100644 salt/elasticsearch/files/ingest/zeek.opcua_activate_session_locale_id delete mode 100644 salt/elasticsearch/files/ingest/zeek.opcua_browse delete mode 100644 salt/elasticsearch/files/ingest/zeek.opcua_browse_description delete mode 100644 salt/elasticsearch/files/ingest/zeek.opcua_browse_response_references delete mode 100644 salt/elasticsearch/files/ingest/zeek.opcua_browse_result delete mode 100644 salt/elasticsearch/files/ingest/zeek.opcua_create_session delete mode 100644 salt/elasticsearch/files/ingest/zeek.opcua_create_session_endpoints delete mode 100644 salt/elasticsearch/files/ingest/zeek.opcua_create_session_user_token delete mode 100644 salt/elasticsearch/files/ingest/zeek.opcua_create_subscription delete mode 100644 salt/elasticsearch/files/ingest/zeek.opcua_get_endpoints delete mode 100644 salt/elasticsearch/files/ingest/zeek.opcua_get_endpoints_description delete mode 100644 salt/elasticsearch/files/ingest/zeek.opcua_get_endpoints_user_token delete mode 100644 salt/elasticsearch/files/ingest/zeek.opcua_opensecure_channel delete mode 100644 salt/elasticsearch/files/ingest/zeek.opcua_read delete mode 100644 salt/elasticsearch/files/ingest/zeek.opcua_read_nodes_to_read delete mode 100644 salt/elasticsearch/files/ingest/zeek.opcua_read_results delete mode 100644 salt/elasticsearch/files/ingest/zeek.opcua_read_results_link delete mode 100644 salt/elasticsearch/files/ingest/zeek.opcua_status_code_detail diff --git a/salt/elasticsearch/files/ingest/zeek.opcua b/salt/elasticsearch/files/ingest/zeek.opcua deleted file mode 100644 index 78e44c47c..000000000 --- a/salt/elasticsearch/files/ingest/zeek.opcua +++ /dev/null @@ -1,30 +0,0 @@ -{ - "description" : "zeek.opcua", - "processors" : [ - { "remove": { "field": ["host"], "ignore_failure": true } }, - { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, - { "rename": { "field": "message2.msg_type", "target_field": "opcua.message_type", "ignore_missing": true } }, - { "rename": { "field": "message2.is_final", "target_field": "opcua.final", "ignore_missing": true } }, - { "rename": { "field": "message2.msg_size", "target_field": "opcua.message_size", "ignore_missing": true } }, - { "rename": { "field": "message2.snd_buf_size", "target_field": "opcua.sender.buffer_size", "ignore_missing": true } }, - { "rename": { "field": "message2.seq_number", "target_field": "opcua.sequence_number", "ignore_missing": true } }, - { "rename": { "field": "message2.sec_channel_id", "target_field": "opcua.secure_channel.id", "ignore_missing": true } }, - { "rename": { "field": "message2.seq_number", "target_field": "opcua.sequence_number", "ignore_missing": true } }, - { "rename": { "field": "message2.opcua_link_id", "target_field": "opcua.link_id", "ignore_missing": true } }, - { "rename": { "field": "message2.request_id", "target_field": "opcua.request_id", "ignore_missing": true } }, - { "rename": { "field": "message2.namespace_idx", "target_field": "opcua.namespace_index", "ignore_missing": true } }, - { "rename": { "field": "message2.encoding_mask", "target_field": "opcua.encoding_mask", "ignore_missing": true } }, - { "rename": { "field": "message2.identifier", "target_field": "opcua.identifier", "ignore_missing": true } }, - { "rename": { "field": "message2.identifier_str", "target_field": "opcua.identifier_string", "ignore_missing": true } }, - { "rename": { "field": "message2.req_hdr_node_id_type", "target_field": "opcua.request.header.node.id_type", "ignore_missing": true } }, - { "rename": { "field": "message2.req_hdr_node_id_numeric", "target_field": "opcua.request.header.node.id_numeric", "ignore_missing": true } }, - { "rename": { "field": "message2.req_hdr_timestamp", "target_field": "opcua.request.header.timestamp", "ignore_missing": true } }, - { "rename": { "field": "message2.req_hdr_request_handle", "target_field": "opcua.request.handle", "ignore_missing": true } }, - { "rename": { "field": "message2.req_hdr_return_diag", "target_field": "opcua.request.header.return_diag", "ignore_missing": true } }, - { "rename": { "field": "message2.req_hdr_audit_entry_id", "target_field": "opcua.request.header.audit_entry_id", "ignore_missing": true } }, - { "rename": { "field": "message2.req_hdr_timeout_hint", "target_field": "opcua.request.header.timeout_hint", "ignore_missing": true } }, - { "rename": { "field": "message2.req_hdr_add_hdr_type_id", "target_field": "opcua.request.header.type_id", "ignore_missing": true } }, - { "rename": { "field": "message2.req_hdr_add_hdr_enc_mask", "target_field": "opcua.request.header.enc_mask", "ignore_missing": true } }, - { "pipeline": { "name": "zeek.common" } } - ] -} diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_activate_session b/salt/elasticsearch/files/ingest/zeek.opcua_activate_session deleted file mode 100644 index 466e34236..000000000 --- a/salt/elasticsearch/files/ingest/zeek.opcua_activate_session +++ /dev/null @@ -1,18 +0,0 @@ -{ - "description" : "zeek.opcua.activate_session", - "processors" : [ - { "remove": { "field": ["host"], "ignore_failure": true } }, - { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, - { "rename": { "field": "message2.opcua_link_id", "target_field": "opcua.link_id", "ignore_missing": true } }, - { "rename": { "field": "message2.ext_obj_type_id_namespace_idx", "target_field": "opcua.namespace_index", "ignore_missing": true } }, - { "rename": { "field": "message2.ext_obj_type_id_encoding_mask", "target_field": "opcua.encoding_mask", "ignore_missing": true } }, - { "rename": { "field": "message2.ext_obj_type_id_numeric", "target_field": "opcua.identifier_numeric", "ignore_missing": true } }, - { "rename": { "field": "message2.ext_obj_type_id_str", "target_field": "opcua.identifier_string", "ignore_missing": true } }, - { "rename": { "field": "message2.ext_obj_encoding", "target_field": "opcua.encoding", "ignore_missing": true } }, - { "rename": { "field": "message2.ext_obj_policy_id", "target_field": "opcua.policy_id", "ignore_missing": true } }, - { "rename": { "field": "message2.ext_obj_user_name", "target_field": "opcua.user_name", "ignore_missing": true } }, - { "rename": { "field": "message2.ext_obj_password", "target_field": "opcua.password", "ignore_missing": true } }, - { "rename": { "field": "message2.server_nonce", "target_field": "opcua.server_nonce", "ignore_missing": true } }, - { "pipeline": { "name": "zeek.common" } } - ] -} diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_activate_session_client_software_cert b/salt/elasticsearch/files/ingest/zeek.opcua_activate_session_client_software_cert deleted file mode 100644 index 2f2bb1196..000000000 --- a/salt/elasticsearch/files/ingest/zeek.opcua_activate_session_client_software_cert +++ /dev/null @@ -1,11 +0,0 @@ -{ - "description" : "zeek.opcua.activate_session_client_software_cert", - "processors" : [ - { "remove": { "field": ["host"], "ignore_failure": true } }, - { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, - { "rename": { "field": "message2.client_software_cert_link_id", "target_field": "opcua.client_software_cert.link_id", "ignore_missing": true } }, - { "rename": { "field": "message2.cert_data", "target_field": "opcua.certificate.data", "ignore_missing": true } }, - { "rename": { "field": "message2.cert_signature", "target_field": "opcua.certificate.signature", "ignore_missing": true } }, - { "pipeline": { "name": "zeek.common" } } - ] -} diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_activate_session_diagnostic_info b/salt/elasticsearch/files/ingest/zeek.opcua_activate_session_diagnostic_info deleted file mode 100644 index 86c4b5eb7..000000000 --- a/salt/elasticsearch/files/ingest/zeek.opcua_activate_session_diagnostic_info +++ /dev/null @@ -1,10 +0,0 @@ -{ - "description" : "zeek.opcua.activate_session_diagnostic_info", - "processors" : [ - { "remove": { "field": ["host"], "ignore_failure": true } }, - { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, - { "rename": { "field": "message2.activate_session_diag_info_link_id", "target_field": "opcua.activate_session_diag_info.link_id", "ignore_missing": true } }, - { "rename": { "field": "message2.diag_info_link_id", "target_field": "opcua.diag_info.link_id", "ignore_missing": true } }, - { "pipeline": { "name": "zeek.common" } } - ] -} diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_activate_session_locale_id b/salt/elasticsearch/files/ingest/zeek.opcua_activate_session_locale_id deleted file mode 100644 index 42674c864..000000000 --- a/salt/elasticsearch/files/ingest/zeek.opcua_activate_session_locale_id +++ /dev/null @@ -1,10 +0,0 @@ -{ - "description" : "zeek.opcua.activate_session_locale_id", - "processors" : [ - { "remove": { "field": ["host"], "ignore_failure": true } }, - { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, - { "rename": { "field": "message2.opcua_locale_link_id", "target_field": "opcua.locale.link_id", "ignore_missing": true } }, - { "rename": { "field": "message2.local_id", "target_field": "opcua.local_id", "ignore_missing": true } }, - { "pipeline": { "name": "zeek.common" } } - ] -} diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_browse b/salt/elasticsearch/files/ingest/zeek.opcua_browse deleted file mode 100644 index 80cd86fd5..000000000 --- a/salt/elasticsearch/files/ingest/zeek.opcua_browse +++ /dev/null @@ -1,16 +0,0 @@ -{ - "description" : "zeek.opcua.browse", - "processors" : [ - { "remove": { "field": ["host"], "ignore_failure": true } }, - { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, - { "rename": { "field": "message2.opcua_link_id", "target_field": "opcua.link_id", "ignore_missing": true } }, - { "rename": { "field": "message2.browse_service_type", "target_field": "opcua.service_type", "ignore_missing": true } }, - { "rename": { "field": "message2.browse_view_id_encoding_mask", "target_field": "opcua.encoding_mask", "ignore_missing": true } }, - { "rename": { "field": "message2.browse_view_id_numeric", "target_field": "opcua.identifier_numeric", "ignore_missing": true } }, - { "rename": { "field": "message2.browse_view_description_timestamp", "target_field": "opcua.view.description_timestamp", "ignore_missing": true } }, - { "rename": { "field": "message2.browse_view_description_view_version", "target_field": "opcua.description.view_version", "ignore_missing": true } }, - { "rename": { "field": "message2.browse_description_link_id", "target_field": "opcua.description.link_id", "ignore_missing": true } }, - { "rename": { "field": "message2.req_max_ref_nodes", "target_field": "opcua.request.max_ref_nodes", "ignore_missing": true } }, - { "pipeline": { "name": "zeek.common" } } - ] -} diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_browse_description b/salt/elasticsearch/files/ingest/zeek.opcua_browse_description deleted file mode 100644 index 56d6ac655..000000000 --- a/salt/elasticsearch/files/ingest/zeek.opcua_browse_description +++ /dev/null @@ -1,16 +0,0 @@ -{ - "description" : "zeek.opcua.browse_description", - "processors" : [ - { "remove": { "field": ["host"], "ignore_failure": true } }, - { "json": { "field": "message", "target_field": "message2", "ignore_failure": true } }, - { "rename": { "field": "browse_description_encoding_mask", "target_field": "opcua.encoding_mask", "ignore_missing": true } }, - { "rename": { "field": "browse_description_numeric", "target_field": "opcua.identifier_numeric", "ignore_missing": true } }, - { "rename": { "field": "browse_direction", "target_field": "opcua.direction", "ignore_missing": true } }, - { "rename": { "field": "browse_description_ref_encoding_mask", "target_field": "opcua.description.ref_encoding_mask", "ignore_missing": true } }, - { "rename": { "field": "browse_description_ref_numeric", "target_field": "opcua.description.ref_numeric", "ignore_missing": true } }, - { "rename": { "field": "browse_description_include_subtypes", "target_field": "opcua.description.include_subtypes", "ignore_missing": true } }, - { "rename": { "field": "browse_node_class_mask", "target_field": "opcua.node.class_mask", "ignore_missing": true } }, - { "rename": { "field": "browse_result_mask", "target_field": "opcua.result.mask", "ignore_missing": true } }, - { "pipeline": { "name": "zeek.common" } } - ] -} diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_browse_response_references b/salt/elasticsearch/files/ingest/zeek.opcua_browse_response_references deleted file mode 100644 index 07cec4813..000000000 --- a/salt/elasticsearch/files/ingest/zeek.opcua_browse_response_references +++ /dev/null @@ -1,22 +0,0 @@ -{ - "description" : "zeek.opcua_browse_response_references", - "processors" : [ - { "remove": { "field": ["host"], "ignore_failure": true } }, - { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, - { "rename": { "field": "message2.browse_reference_link_id", "target_field": "opcua.link_id", "ignore_missing": true } }, - { "rename": { "field": "message2.browse_response_ref_encoding_mask", "target_field": "opcua.reference_encoding_mask", "ignore_missing": true } }, - { "rename": { "field": "message2.browse_response_ref_numeric", "target_field": "opcua.reference_numeric", "ignore_missing": true } }, - { "rename": { "field": "message2.browse_response_is_forward", "target_field": "opcua.is_forward", "ignore_missing": true } }, - { "rename": { "field": "message2.response_ref_type_encoding_mask", "target_field": "opcua.reference_type_encoding_mask", "ignore_missing": true } }, - { "rename": { "field": "message2.browse_response_ref_type_namespace_idx", "target_field": "opcua.namespace_index", "ignore_missing": true } }, - { "rename": { "field": "message2.browse_response_ref_type_numeric", "target_field": "opcua.reference_type_numeric", "ignore_missing": true } }, - { "rename": { "field": "message2.browse_response_ref_name", "target_field": "opcua.reference_name", "ignore_missing": true } }, - { "rename": { "field": "message2.browse_response_display_name_mask", "target_field": "opcua.display_name_mask", "ignore_missing": true } }, - { "rename": { "field": "message2.browse_response_display_name_locale", "target_field": "opcua.display_name_local", "ignore_missing": true } }, - { "rename": { "field": "message2.browse_response_display_name_text", "target_field": "opcua.display_name_text", "ignore_missing": true } }, - { "rename": { "field": "message2.browse_response_node_class", "target_field": "opcua.node_class", "ignore_missing": true } }, - { "rename": { "field": "message2.browse_response_type_def_encoding_mask", "target_field": "opcua.type_def_encoding_mask", "ignore_missing": true } }, - { "rename": { "field": "message2.browse_response_type_def_numeric", "target_field": "opcua.type_def_numeric", "ignore_missing": true } }, - { "pipeline": { "name": "zeek.common" } } - ] -} diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_browse_result b/salt/elasticsearch/files/ingest/zeek.opcua_browse_result deleted file mode 100644 index 7b29284f9..000000000 --- a/salt/elasticsearch/files/ingest/zeek.opcua_browse_result +++ /dev/null @@ -1,11 +0,0 @@ -{ - "description" : "zeek.opcua_browse_result", - "processors" : [ - { "remove": { "field": ["host"], "ignore_failure": true } }, - { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, - { "rename": { "field": "message2.browse_response_link_id", "target_field": "opcua.response.link_id", "ignore_missing": true } }, - { "rename": { "field": "message2.browse_reference.link_id", "target_field": "opcua.reference.link_id", "ignore_missing": true } }, - { "rename": { "field": "message2.status_code.link_id", "target_field": "opcua.status_code.link_id", "ignore_missing": true } }, - { "pipeline": { "name": "zeek.common" } } - ] -} diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_create_session b/salt/elasticsearch/files/ingest/zeek.opcua_create_session deleted file mode 100644 index 637e5a7bb..000000000 --- a/salt/elasticsearch/files/ingest/zeek.opcua_create_session +++ /dev/null @@ -1,19 +0,0 @@ -{ - "description" : "zeek.opcua_create_session", - "processors" : [ - { "remove": { "field": ["host"], "ignore_failure": true } }, - { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, - { "rename": { "field": "message2.opcua_link_id", "target_field": "opcua.link_id", "ignore_missing": true } }, - { "rename": { "field": "message2.session_id_encoding_mask", "target_field": "opcua.session_id.encoding_mask", "ignore_missing": true } }, - { "rename": { "field": "message2.session_id_namespace_idx", "target_field": "opcua.session_id.namespace_index", "ignore_missing": true } }, - { "rename": { "field": "message2.session_id_guid", "target_field": "opcua.session_id.guid", "ignore_missing": true } }, - { "rename": { "field": "message2.auth_token_encoding_mask", "target_field": "opcua.auth_token.encoding_mask", "ignore_missing": true } }, - { "rename": { "field": "message2.auth_token_namespace_idx", "target_field": "opcua.auth_token.namespace_index", "ignore_missing": true } }, - { "rename": { "field": "message2.auth_token_guid", "target_field": "opcua.auth_token.guid", "ignore_missing": true } }, - { "rename": { "field": "message2.revised_session_timeout", "target_field": "opcua.revised_session_timeout", "ignore_missing": true } }, - { "rename": { "field": "message2.server_nonce", "target_field": "opcua.server_nonce", "ignore_missing": true } }, - { "rename": { "field": "message2.endpoint_link_id", "target_field": "opcua.endpoint_link_id", "ignore_missing": true } }, - { "rename": { "field": "message2.max_req_msg_size", "target_field": "opcua.request.max_message_size", "ignore_missing": true } }, - { "pipeline": { "name": "zeek.common" } } - ] -} diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_create_session_endpoints b/salt/elasticsearch/files/ingest/zeek.opcua_create_session_endpoints deleted file mode 100644 index 2bee814b6..000000000 --- a/salt/elasticsearch/files/ingest/zeek.opcua_create_session_endpoints +++ /dev/null @@ -1,21 +0,0 @@ -{ - "description" : "zeek.opcua", - "processors" : [ - { "remove": { "field": ["host"], "ignore_failure": true } }, - { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, - { "rename": { "field": "message2.endpoint_link_id", "target_field": "opcua.endpoint_link_id", "ignore_missing": true } }, - { "rename": { "field": "message2.endpoint_url", "target_field": "opcua.endpoint_url", "ignore_missing": true } }, - { "rename": { "field": "message2.application_uri", "target_field": "opcua.application_uri", "ignore_missing": true } }, - { "rename": { "field": "message2.product_uri", "target_field": "opcua.product_uri", "ignore_missing": true } }, - { "rename": { "field": "message2.encoding_mask", "target_field": "opcua.encoding_mask", "ignore_missing": true } }, - { "rename": { "field": "message2.locale", "target_field": "opcua.locale", "ignore_missing": true } }, - { "rename": { "field": "message2.text", "target_field": "opcua.text", "ignore_missing": true } }, - { "rename": { "field": "message2.application_type", "target_field": "opcua.application_type", "ignore_missing": true } }, - { "rename": { "field": "message2.message_security_mode", "target_field": "opcua.message_security_mode", "ignore_missing": true } }, - { "rename": { "field": "message2.security_policy_uri", "target_field": "opcua.security_policy_uri", "ignore_missing": true } }, - { "rename": { "field": "message2.user_token_link_id", "target_field": "opcua.user_token_link_id", "ignore_missing": true } }, - { "rename": { "field": "message2.transport_profile_uri", "target_field": "opcua.transport_profile_uri", "ignore_missing": true } }, - { "rename": { "field": "message2.security_level", "target_field": "opcua.security_level", "ignore_missing": true } }, - { "pipeline": { "name": "zeek.common" } } - ] -} diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_create_session_user_token b/salt/elasticsearch/files/ingest/zeek.opcua_create_session_user_token deleted file mode 100644 index ef621a5ff..000000000 --- a/salt/elasticsearch/files/ingest/zeek.opcua_create_session_user_token +++ /dev/null @@ -1,11 +0,0 @@ -{ - "description" : "zeek.opcua_create_session_user_token", - "processors" : [ - { "remove": { "field": ["host"], "ignore_failure": true } }, - { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, - { "rename": { "field": "message2.user_token_link_id", "target_field": "opcua.user_token.link_id", "ignore_missing": true } }, - { "rename": { "field": "message2.user_token_link_id", "target_field": "opcua.user_token.policy_id", "ignore_missing": true } }, - { "rename": { "field": "message2.user_token_link_id", "target_field": "opcua.user_token.type", "ignore_missing": true } }, - { "pipeline": { "name": "zeek.common" } } - ] -} diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_create_subscription b/salt/elasticsearch/files/ingest/zeek.opcua_create_subscription deleted file mode 100644 index 372e6b4fd..000000000 --- a/salt/elasticsearch/files/ingest/zeek.opcua_create_subscription +++ /dev/null @@ -1,15 +0,0 @@ -{ - "description" : "zeek.opcua_create_subscription", - "processors" : [ - { "remove": { "field": ["host"], "ignore_failure": true } }, - { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, - { "rename": { "field": "message2.opcua_link_id", "target_field": "opcua.link_id", "ignore_missing": true } }, - { "rename": { "field": "message2.requested_publishing_interval", "target_field": "opcua.publish_interval", "ignore_missing": true } }, - { "rename": { "field": "message2.requested_lifetime_count", "target_field": "opcua.lifetime_count", "ignore_missing": true } }, - { "rename": { "field": "message2.requested_max_keep_alive_count", "target_field": "opcua.max_keepalive", "ignore_missing": true } }, - { "rename": { "field": "message2.max_notifications_per_publish", "target_field": "opcua.max_notifications", "ignore_missing": true } }, - { "rename": { "field": "message2.publishing_enabled", "target_field": "opcua.publish_enabled", "ignore_missing": true } }, - { "rename": { "field": "message2.priority", "target_field": "opcua.priority", "ignore_missing": true } }, - { "pipeline": { "name": "zeek.common" } } - ] -} diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_get_endpoints b/salt/elasticsearch/files/ingest/zeek.opcua_get_endpoints deleted file mode 100644 index a7b2b2f85..000000000 --- a/salt/elasticsearch/files/ingest/zeek.opcua_get_endpoints +++ /dev/null @@ -1,10 +0,0 @@ -{ - "description" : "zeek.opcua_get_endpoints", - "processors" : [ - { "remove": { "field": ["host"], "ignore_failure": true } }, - { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, - { "rename": { "field": "message2.opcua_link_id", "target_field": "opcua.link_id", "ignore_missing": true } }, - { "rename": { "field": "message2.endpoint_url", "target_field": "opcua.endpoint_url", "ignore_missing": true } }, - { "pipeline": { "name": "zeek.common" } } - ] -} diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_get_endpoints_description b/salt/elasticsearch/files/ingest/zeek.opcua_get_endpoints_description deleted file mode 100644 index c84a9f16a..000000000 --- a/salt/elasticsearch/files/ingest/zeek.opcua_get_endpoints_description +++ /dev/null @@ -1,21 +0,0 @@ -{ - "description" : "zeek.opcua_get_endpoints_description", - "processors" : [ - { "remove": { "field": ["host"], "ignore_failure": true } }, - { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, - { "rename": { "field": "message2.endpoint_description_link_id", "target_field": "opcua.endpoint_description_link_id", "ignore_missing": true } }, - { "rename": { "field": "message2.application_uri", "target_field": "opcua.application_uri", "ignore_missing": true } }, - { "rename": { "field": "message2.endpoint_uri", "target_field": "opcua.endpoint_uri", "ignore_missing": true } }, - { "rename": { "field": "message2.product_uri", "target_field": "opcua.product_uri", "ignore_missing": true } }, - { "rename": { "field": "message2.encoding_mask", "target_field": "opcua.encoding_mask", "ignore_missing": true } }, - { "rename": { "field": "message2.locale", "target_field": "opcua.locale", "ignore_missing": true } }, - { "rename": { "field": "message2.text", "target_field": "opcua.text", "ignore_missing": true } }, - { "rename": { "field": "message2.application_type", "target_field": "opcua.application_type", "ignore_missing": true } }, - { "rename": { "field": "message2.message_security_mode", "target_field": "opcua.message_security_mode", "ignore_missing": true } }, - { "rename": { "field": "message2.security_policy_uri", "target_field": "opcua.security_policy_uri", "ignore_missing": true } }, - { "rename": { "field": "message2.user_token_link_id", "target_field": "opcua.user_token_link_id", "ignore_missing": true } }, - { "rename": { "field": "message2.transport_profile_uri", "target_field": "transport_profile_uri", "ignore_missing": true } }, - { "rename": { "field": "message2.security_level", "target_field": "opcua.security_level", "ignore_missing": true } }, - { "pipeline": { "name": "zeek.common" } } - ] -} diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_get_endpoints_user_token b/salt/elasticsearch/files/ingest/zeek.opcua_get_endpoints_user_token deleted file mode 100644 index 854c35cf0..000000000 --- a/salt/elasticsearch/files/ingest/zeek.opcua_get_endpoints_user_token +++ /dev/null @@ -1,11 +0,0 @@ -{ - "description" : "zeek.opcua_get_endpoints_user_token", - "processors" : [ - { "remove": { "field": ["host"], "ignore_failure": true } }, - { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, - { "rename": { "field": "message2.user_token_link_id", "target_field": "opcua.user_token.link_id", "ignore_missing": true } }, - { "rename": { "field": "message2.user_token_type", "target_field": "opcua.user_token.type", "ignore_missing": true } }, - { "rename": { "field": "message2.user_token_sec_policy_uri", "target_field": "opcua.user_token.security_policy_uri", "ignore_missing": true } }, - { "pipeline": { "name": "zeek.common" } } - ] -} diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_opensecure_channel b/salt/elasticsearch/files/ingest/zeek.opcua_opensecure_channel deleted file mode 100644 index 4e8fb483a..000000000 --- a/salt/elasticsearch/files/ingest/zeek.opcua_opensecure_channel +++ /dev/null @@ -1,15 +0,0 @@ -{ - "description" : "zeek.opcua_opensecure_channel", - "processors" : [ - { "remove": { "field": ["host"], "ignore_failure": true } }, - { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, - { "rename": { "field": "message2.opcua_link_id", "target_field": "opcua.link_id", "ignore_missing": true } }, - { "rename": { "field": "message2.server_proto_ver", "target_field": "opcua.server.protocol.version", "ignore_missing": true } }, - { "rename": { "field": "message2.sec_token_sec_channel_id", "target_field": "opcua.security_token.security_channel_id", "ignore_missing": true } }, - { "rename": { "field": "message2.server_proto_ver", "target_field": "opcua.security_token.id", "ignore_missing": true } }, - { "rename": { "field": "message2.server_proto_ver", "target_field": "opcua.security_token.created", "ignore_missing": true } }, - { "rename": { "field": "message2.server_proto_ver", "target_field": "opcua.security_token.revised", "ignore_missing": true } }, - { "rename": { "field": "message2.server_proto_ver", "target_field": "opcua.server.nonce", "ignore_missing": true } }, - { "pipeline": { "name": "zeek.common" } } - ] -} diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_read b/salt/elasticsearch/files/ingest/zeek.opcua_read deleted file mode 100644 index e5d1c15fe..000000000 --- a/salt/elasticsearch/files/ingest/zeek.opcua_read +++ /dev/null @@ -1,10 +0,0 @@ -{ - "description" : "zeek.opcua_read", - "processors" : [ - { "remove": { "field": ["host"], "ignore_failure": true } }, - { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, - { "rename": { "field": "message2.opcua_link_id", "target_field": "opcua.link_id", "ignore_missing": true } }, - { "rename": { "field": "message2.read_results_link_id", "target_field": "opcua.read_results.link_id", "ignore_missing": true } }, - { "pipeline": { "name": "zeek.common" } } - ] -} diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_read_nodes_to_read b/salt/elasticsearch/files/ingest/zeek.opcua_read_nodes_to_read deleted file mode 100644 index a531531ef..000000000 --- a/salt/elasticsearch/files/ingest/zeek.opcua_read_nodes_to_read +++ /dev/null @@ -1,16 +0,0 @@ -{ - "description" : "zeek.opcua_read_nodes_to_read", - "processors" : [ - { "remove": { "field": ["host"], "ignore_failure": true } }, - { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, - { "rename": { "field": "message2.nodes_to_read_link_id", "target_field": "opcua.nodes_to_read.link_id", "ignore_missing": true } }, - { "rename": { "field": "message2.node_id_encoding_mask", "target_field": "opcua.node_id.encoding_mask", "ignore_missing": true } }, - { "rename": { "field": "message2.node_id_namespace_idx", "target_field": "opcua.node_id.namespace_idx", "ignore_missing": true } }, - { "rename": { "field": "message2.node_id_string", "target_field": "opcua.node_id.string", "ignore_missing": true } }, - { "rename": { "field": "message2.attribute_id", "target_field": "opcua.attribute_id", "ignore_missing": true } }, - { "rename": { "field": "message2.attribute_id_str", "target_field": "opcua.attribute_id_str", "ignore_missing": true } }, - { "rename": { "field": "message2.data_encoding_name_idx", "target_field": "opcua.encoding_name_idx", "ignore_missing": true } }, - { "rename": { "field": "message2.data_encoding_name", "target_field": "opcua.encoding_name", "ignore_missing": true } }, - { "pipeline": { "name": "zeek.common" } } - ] -} diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_read_results b/salt/elasticsearch/files/ingest/zeek.opcua_read_results deleted file mode 100644 index 28c417eba..000000000 --- a/salt/elasticsearch/files/ingest/zeek.opcua_read_results +++ /dev/null @@ -1,12 +0,0 @@ -{ - "description" : "zeek.opcua_read_results", - "processors" : [ - { "remove": { "field": ["host"], "ignore_failure": true } }, - { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, - { "rename": { "field": "message2.results_link_id", "target_field": "opcua.results.link_id", "ignore_missing": true } }, - { "rename": { "field": "message2.level", "target_field": "opcua.level", "ignore_missing": true } }, - { "rename": { "field": "message2.data_value_encoding_mask", "target_field": "opcua.data_value_encoding_mask", "ignore_missing": true } }, - { "rename": { "field": "message2.status_code_link_id", "target_field": "opcua.status_code.link_id", "ignore_missing": true } }, - { "pipeline": { "name": "zeek.common" } } - ] -} diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_read_results_link b/salt/elasticsearch/files/ingest/zeek.opcua_read_results_link deleted file mode 100644 index 0a1edc57b..000000000 --- a/salt/elasticsearch/files/ingest/zeek.opcua_read_results_link +++ /dev/null @@ -1,10 +0,0 @@ -{ - "description" : "zeek.opcua_read_results_link", - "processors" : [ - { "remove": { "field": ["host"], "ignore_failure": true } }, - { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, - { "rename": { "field": "message2.read_results_link_id", "target_field": "opcua.read_results.link_id", "ignore_missing": true } }, - { "rename": { "field": "message2.results_link_id", "target_field": "opcua.results.link_id", "ignore_missing": true } }, - { "pipeline": { "name": "zeek.common" } } - ] -} diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_status_code_detail b/salt/elasticsearch/files/ingest/zeek.opcua_status_code_detail deleted file mode 100644 index 0d4ae984a..000000000 --- a/salt/elasticsearch/files/ingest/zeek.opcua_status_code_detail +++ /dev/null @@ -1,21 +0,0 @@ -{ - "description" : "zeek.opcua_stats_code_detail", - "processors" : [ - { "remove": { "field": ["host"], "ignore_failure": true } }, - { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, - { "rename": { "field": "message2.status_code_link_id", "target_field": "opcua.status_code.link_id", "ignore_missing": true } }, - { "rename": { "field": "message2.source", "target_field": "opcua.source", "ignore_missing": true } }, - { "rename": { "field": "message2.source_str", "target_field": "opcua.source_string", "ignore_missing": true } }, - { "rename": { "field": "message2.source_level", "target_field": "opcua.source_level", "ignore_missing": true } }, - { "rename": { "field": "message2.status_code", "target_field": "opcua.status_code", "ignore_missing": true } }, - { "rename": { "field": "message2.severity", "target_field": "opcua.severity", "ignore_missing": true } }, - { "rename": { "field": "message2.severity_str", "target_field": "opcua.severity_string", "ignore_missing": true } }, - { "rename": { "field": "message2.sub_code", "target_field": "opcua.sub_code", "ignore_missing": true } }, - { "rename": { "field": "message2.sub_code_str", "target_field": "opcua.sub_code_string", "ignore_missing": true } }, - { "rename": { "field": "message2.structure_changed", "target_field": "opcua.structure_changed", "ignore_missing": true } }, - { "rename": { "field": "message2.semantics_changed", "target_field": "opcua.semantics_changed", "ignore_missing": true } }, - { "rename": { "field": "message2.info_type", "target_field": "opcua.info_type", "ignore_missing": true } }, - { "rename": { "field": "message2.info_type_str", "target_field": "opcua.info_type_string", "ignore_missing": true } }, - { "pipeline": { "name": "zeek.common" } } - ] -}