Custom pipeline configuration

salt/logstash/defaults.yaml

@@ -42,6 +42,24 @@ logstash:
     custom2: []
     custom3: []
     custom4: []
+  pipeline_config:
+    custom01: |-
+      filter {
+        if [event][module] =~ "zeek" {
+          mutate {
+            add_tag => ["network_stuff"]
+          }
+        }
+      }
+    custom02: PLACEHOLDER
+    custom03: PLACEHOLDER
+    custom04: PLACEHOLDER
+    custom05: PLACEHOLDER
+    custom06: PLACEHOLDER
+    custom07: PLACEHOLDER
+    custom08: PLACEHOLDER
+    custom09: PLACEHOLDER
+    custom10: PLACEHOLDER
   settings:
     lsheap: 500m
   config: