From 085420997c682e489e859b067bd4535455004897 Mon Sep 17 00:00:00 2001 From: Doug Burks Date: Wed, 23 Nov 2022 12:11:04 -0500 Subject: [PATCH] move status_code before status_code.link_id --- .../files/ingest/zeek.opcua_binary_status_code_detail | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_binary_status_code_detail b/salt/elasticsearch/files/ingest/zeek.opcua_binary_status_code_detail index a102b9e1a..1b43fd19d 100644 --- a/salt/elasticsearch/files/ingest/zeek.opcua_binary_status_code_detail +++ b/salt/elasticsearch/files/ingest/zeek.opcua_binary_status_code_detail @@ -3,11 +3,11 @@ "processors" : [ { "remove": { "field": ["host"], "ignore_failure": true } }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, + { "rename": { "field": "message2.status_code", "target_field": "opcua.status_code", "ignore_missing": true } }, { "rename": { "field": "message2.status_code_link_id", "target_field": "opcua.status_code.link_id", "ignore_missing": true } }, { "rename": { "field": "message2.source", "target_field": "opcua.source", "ignore_missing": true } }, { "rename": { "field": "message2.source_str", "target_field": "opcua.source_string", "ignore_missing": true } }, { "rename": { "field": "message2.source_level", "target_field": "opcua.source_level", "ignore_missing": true } }, - { "rename": { "field": "message2.status_code", "target_field": "opcua.status_code", "ignore_missing": true } }, { "rename": { "field": "message2.severity", "target_field": "opcua.severity", "ignore_missing": true } }, { "rename": { "field": "message2.severity_str", "target_field": "opcua.severity_string", "ignore_missing": true } }, { "rename": { "field": "message2.sub_code", "target_field": "opcua.sub_code", "ignore_missing": true } },