From 57039d83c89f49c6afe9868c0c5689737b7bedee Mon Sep 17 00:00:00 2001
From: Mike Reeves <luke@geekempire.com>
Date: Tue, 16 Oct 2018 16:21:50 -0400
Subject: [PATCH] Logstash Module - Change some fields so dashboards load

---
 salt/filebeat/etc/filebeat.yml                    | 4 ++++
 salt/logstash/files/dynamic/0006_input_beats.conf | 3 +++
 2 files changed, 7 insertions(+)

diff --git a/salt/filebeat/etc/filebeat.yml b/salt/filebeat/etc/filebeat.yml
index 05197a29c..cbdc5ba79 100644
--- a/salt/filebeat/etc/filebeat.yml
+++ b/salt/filebeat/etc/filebeat.yml
@@ -1,5 +1,9 @@
 {%- set MASTER = salt['pillar.get']('sensor:master', '') %}
+{%- set HOSTNAME = salt['grains.get']('host', '') %}
 
+beat.name: {{ HOSTNAME }}
+beat.hostname: {{ HOSTNAME }}
+ 
 #==========================  Modules configuration ============================
 filebeat.modules:
 #=========================== Filebeat prospectors =============================
diff --git a/salt/logstash/files/dynamic/0006_input_beats.conf b/salt/logstash/files/dynamic/0006_input_beats.conf
index bac23e150..bdfa4eefc 100644
--- a/salt/logstash/files/dynamic/0006_input_beats.conf
+++ b/salt/logstash/files/dynamic/0006_input_beats.conf
@@ -11,8 +11,11 @@ input {
 filter {
   if "ids" in [tags] {
     mutate {
+      add_field => {"sensor_name" => "%{beat.name}"}
+      add_field => {"syslog-host_from" => "%{beat.hostname}"}
       remove_tag => ["beat"]
       rename => { "host" => "beat_host" }
+      remove_field => ["beat.name", "beat.hostname"]
     }
   }