From 350cc417405f8338c60857e838b40e273a030b31 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Tue, 6 Oct 2020 20:12:23 +0000 Subject: [PATCH] Let zeek.common handle common fields for zeek.tunnels --- salt/elasticsearch/files/ingest/zeek.tunnels | 9 --------- 1 file changed, 9 deletions(-) diff --git a/salt/elasticsearch/files/ingest/zeek.tunnels b/salt/elasticsearch/files/ingest/zeek.tunnels index 4cc7c8d5e..bb4c18268 100644 --- a/salt/elasticsearch/files/ingest/zeek.tunnels +++ b/salt/elasticsearch/files/ingest/zeek.tunnels @@ -3,15 +3,6 @@ "processors" : [ { "remove": { "field": ["host"], "ignore_failure": true } }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true } }, - { "rename": { "field": "message2.uid", "target_field": "log.id.uid", "ignore_missing": true } }, - { "dot_expander": { "field": "id.orig_h", "path": "message2", "ignore_failure": true } }, - { "rename": { "field": "message2.id.orig_h", "target_field": "source.ip", "ignore_missing": true } }, - { "dot_expander": { "field": "id.orig_p", "path": "message2", "ignore_failure": true } }, - { "rename": { "field": "message2.id.orig_p", "target_field": "source.port", "ignore_missing": true } }, - { "dot_expander": { "field": "id.resp_h", "path": "message2", "ignore_failure": true } }, - { "rename": { "field": "message2.id.resp_h", "target_field": "destination.ip", "ignore_missing": true } }, - { "dot_expander": { "field": "id.resp_p", "path": "message2", "ignore_failure": true } }, - { "rename": { "field": "message2.id.resp_p", "target_field": "destination.port", "ignore_missing": true } }, { "rename": { "field": "message2.tunnel_type", "target_field": "tunnel.type", "ignore_missing": true } }, { "rename": { "field": "message2.action", "target_field": "event.action", "ignore_missing": true } }, { "pipeline": { "name": "zeek.common" } }