From 50fcf8307fad68760cfbd7a8f96ff414045c171a Mon Sep 17 00:00:00 2001
From: Wes Lambert <wlambertts@gmail.com>
Date: Tue, 18 Feb 2020 02:46:31 +0000
Subject: [PATCH] Add initia/basic Strelka config

---
 salt/logstash/conf/pipelines/eval/7200_strelka.conf   | 8 ++++++++
 salt/logstash/conf/pipelines/search/7200_strelka.conf | 8 ++++++++
 2 files changed, 16 insertions(+)
 create mode 100644 salt/logstash/conf/pipelines/eval/7200_strelka.conf
 create mode 100644 salt/logstash/conf/pipelines/search/7200_strelka.conf

diff --git a/salt/logstash/conf/pipelines/eval/7200_strelka.conf b/salt/logstash/conf/pipelines/eval/7200_strelka.conf
new file mode 100644
index 000000000..b2b57bf05
--- /dev/null
+++ b/salt/logstash/conf/pipelines/eval/7200_strelka.conf
@@ -0,0 +1,8 @@
+filter {
+  if [type] =~ "strelka" {
+    json {
+      source => "message"
+    }
+  }
+}
+
diff --git a/salt/logstash/conf/pipelines/search/7200_strelka.conf b/salt/logstash/conf/pipelines/search/7200_strelka.conf
new file mode 100644
index 000000000..b2b57bf05
--- /dev/null
+++ b/salt/logstash/conf/pipelines/search/7200_strelka.conf
@@ -0,0 +1,8 @@
+filter {
+  if [type] =~ "strelka" {
+    json {
+      source => "message"
+    }
+  }
+}
+