define ZEEKLOGLOOKUP in the yaml

2025-12-07 09:42:46 +01:00 · 2021-05-25 17:18:58 -04:00
parent ecf7e25a51
commit 525d4325c7
2 changed files with 3 additions and 5 deletions
--- a/salt/filebeat/map.jinja
+++ b/salt/filebeat/map.jinja
@@ -4,7 +4,3 @@
 {% import_yaml 'filebeat/securityoniondefaults.yaml' as SODEFAULTS %}
 {% set SO = SODEFAULTS.securityonion_filebeat %}
 {#% set SO = salt['pillar.get']('filebeat:third_party_filebeat', default=SODEFAULTS.third_party_filebeat, merge=True) %#}
-
-{% set ZEEKLOGLOOKUP = {
-    'conn': 'connection',
-} %}
--- a/salt/filebeat/securityoniondefaults.yaml
+++ b/salt/filebeat/securityoniondefaults.yaml
@@ -1,5 +1,7 @@
 {%- set ZEEKVER = salt['pillar.get']('global:mdengine', '') %}
-{% from 'filebeat/map.jinja' import ZEEKLOGLOOKUP with context %}
+{% set ZEEKLOGLOOKUP = {
+    'conn': 'connection',
+} %}

 securityonion_filebeat:
  modules: