From 335ac027200094215bb438949ae7dd1f281bdc22 Mon Sep 17 00:00:00 2001
From: Mike Reeves <luke@geekempire.com>
Date: Tue, 16 Oct 2018 17:25:21 -0400
Subject: [PATCH] Logstash Module - Change it to arrays

---
 salt/filebeat/etc/filebeat.yml                    |  1 -
 salt/logstash/files/dynamic/0006_input_beats.conf | 11 ++++-------
 2 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/salt/filebeat/etc/filebeat.yml b/salt/filebeat/etc/filebeat.yml
index cbdc5ba79..91fff5455 100644
--- a/salt/filebeat/etc/filebeat.yml
+++ b/salt/filebeat/etc/filebeat.yml
@@ -2,7 +2,6 @@
 {%- set HOSTNAME = salt['grains.get']('host', '') %}
 
 beat.name: {{ HOSTNAME }}
-beat.hostname: {{ HOSTNAME }}
  
 #==========================  Modules configuration ============================
 filebeat.modules:
diff --git a/salt/logstash/files/dynamic/0006_input_beats.conf b/salt/logstash/files/dynamic/0006_input_beats.conf
index 46cb2e51f..a2ac0cb97 100644
--- a/salt/logstash/files/dynamic/0006_input_beats.conf
+++ b/salt/logstash/files/dynamic/0006_input_beats.conf
@@ -11,21 +11,18 @@ input {
 filter {
   if "ids" in [tags] {
     mutate {
-      add_field => {"sensor_name" => "%{[beat][name]}"}
-      add_field => {"syslog-host_from" => "%{[beat][hostname]}"}
+      rename => { "[beat][name]", "sensor_name" }
+      rename => { "[beat][hostname]", "syslog-host_from" }
       remove_tag => ["beat"]
       rename => { "host" => "beat_host" }
-      remove_field => ["[beat][name]", "[beat][hostname]"]
     }
   }
-
   if "bro" in [tags] {
     mutate {
-      add_field => {"sensor_name" => "%{[beat][name]}"}
-      add_field => {"syslog-host_from" => "%{[beat][hostname]}"}
+      rename => { "[beat][name]", "sensor_name" }
+      rename => { "[beat][hostname]", "syslog-host_from" }
       remove_tag => ["beat"]
       rename => { "host" => "beat_host" }
-      remove_field => ["[beat][name]", "[beat][hostname]"]
     }
   }
 }