From 2695a8e1a791390860a9dafc66319402f4fea514 Mon Sep 17 00:00:00 2001
From: Wes Lambert <wlambertts@gmail.com>
Date: Fri, 30 Nov 2018 13:15:35 +0000
Subject: [PATCH] Filebeat - Modify config for IDS type

---
 salt/filebeat/etc/filebeat.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/salt/filebeat/etc/filebeat.yml b/salt/filebeat/etc/filebeat.yml
index 8b4520a3a..f8fb5acf5 100644
--- a/salt/filebeat/etc/filebeat.yml
+++ b/salt/filebeat/etc/filebeat.yml
@@ -30,9 +30,9 @@ filebeat.prospectors:
     paths:
       - /suricata/eve.json
     fields:
-      type: snort
+      type: ids
+      engine: suricata
     fields_under_root: true
-    tags: ["ids"]
     clean_removed: false
     close_removed: false