From af451573ebfe432d435f3903864448a937cb5eab Mon Sep 17 00:00:00 2001
From: Wes Lambert <wlambertts@gmail.com>
Date: Tue, 23 Jun 2020 17:43:28 +0000
Subject: [PATCH] Move dataset from files to file

---
 salt/elasticsearch/files/ingest/zeek.files | 1 +
 1 file changed, 1 insertion(+)

diff --git a/salt/elasticsearch/files/ingest/zeek.files b/salt/elasticsearch/files/ingest/zeek.files
index f72bde097..53600180f 100644
--- a/salt/elasticsearch/files/ingest/zeek.files
+++ b/salt/elasticsearch/files/ingest/zeek.files
@@ -30,6 +30,7 @@
     { "rename": 	{ "field": "message2.extracted",	"target_field": "file.extracted.filename",		"ignore_missing": true 	} },
     { "rename": 	{ "field": "message2.extracted_cutoff",	"target_field": "file.extracted.cutoff",	"ignore_missing": true 	} },
     { "rename": 	{ "field": "message2.extracted_size",	"target_field": "file.extracted.size",	"ignore_missing": true 	} },
+    { "set":            { "field": "dataset",                   "value": "file"                                                 } },
     { "pipeline":       { "name": "zeek.common"                                                                                   } }
   ]
 }