Update Import and Zeek integration policies; also update Zeek ingest node pipelines to set event.dataset.

2025-12-13 04:32:48 +01:00 · 2023-01-23 21:44:46 +00:00
parent d342f3c4b8
commit 40c6b380df
113 changed files with 129 additions and 27 deletions
--- a/salt/elasticsearch/files/ingest/zeek.bsap_serial_rdb_ext
+++ b/salt/elasticsearch/files/ingest/zeek.bsap_serial_rdb_ext
@@ -1,6 +1,7 @@
 {
  "description" : "zeek.bsap_serial_rdb_ext",
  "processors" : [
+    { "set": { "field": "event.dataset", "value": "bsap_serial_rdb_ext" } },
    { "remove":         { "field": ["host"],								"ignore_failure": true  } },
    { "json":		{ "field": "message",		"target_field": "message2",			"ignore_failure": true	} },
    { "rename": 	{ "field": "message2.dfun",	"target_field": "bsap.destination.function",	"ignore_missing": true 	} },