From 1853dc398bc377dc367cd0aaeeaefece7acec3c5 Mon Sep 17 00:00:00 2001
From: Wes <wlambertts@gmail.com>
Date: Wed, 31 Jan 2024 20:17:33 +0000
Subject: [PATCH] Custom pipeline configuration

---
 salt/logstash/defaults.yaml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/salt/logstash/defaults.yaml b/salt/logstash/defaults.yaml
index e4c18cc64..2cafce6fd 100644
--- a/salt/logstash/defaults.yaml
+++ b/salt/logstash/defaults.yaml
@@ -42,6 +42,24 @@ logstash:
     custom2: []
     custom3: []
     custom4: []
+  pipeline_config:
+    custom01: |-
+      filter {
+        if [event][module] =~ "zeek" {
+          mutate {
+            add_tag => ["network_stuff"]
+          }
+        }
+      }
+    custom02: PLACEHOLDER
+    custom03: PLACEHOLDER
+    custom04: PLACEHOLDER
+    custom05: PLACEHOLDER
+    custom06: PLACEHOLDER
+    custom07: PLACEHOLDER
+    custom08: PLACEHOLDER
+    custom09: PLACEHOLDER
+    custom10: PLACEHOLDER
   settings:
     lsheap: 500m
   config: