Filebeat - Modify config for IDS type

2026-01-30 11:54:13 +01:00 · 2018-11-30 13:15:35 +00:00
parent 53284a7173
commit 2695a8e1a7
1 changed files with 2 additions and 2 deletions
--- a/salt/filebeat/etc/filebeat.yml
+++ b/salt/filebeat/etc/filebeat.yml
@@ -30,9 +30,9 @@ filebeat.prospectors:
    paths:
      - /suricata/eve.json
    fields:
-      type: snort
+      type: ids
+      engine: suricata
    fields_under_root: true
-    tags: ["ids"]
    clean_removed: false
    close_removed: false