From 5ada85942bb0ba3d1f3351a7f52251cb668d0654 Mon Sep 17 00:00:00 2001
From: weslambert <wlambertts@gmail.com>
Date: Thu, 8 Oct 2020 07:59:57 -0400
Subject: [PATCH] Lowercase network.transport

---
 salt/elasticsearch/files/ingest/common | 1 +
 1 file changed, 1 insertion(+)

diff --git a/salt/elasticsearch/files/ingest/common b/salt/elasticsearch/files/ingest/common
index d0acaed13..82ab27b2b 100644
--- a/salt/elasticsearch/files/ingest/common
+++ b/salt/elasticsearch/files/ingest/common
@@ -48,6 +48,7 @@
     { "rename":         { "field": "category",            "target_field": "event.category",              "ignore_failure": true, "ignore_missing": true  } },
     { "rename":         { "field": "message2.community_id", "target_field": "network.community_id",  "ignore_failure": true,  "ignore_missing": true  } },
     { "lowercase":         { "field": "event.dataset", "ignore_failure": true,  "ignore_missing": true  } },    
+    { "lowercase":         { "field": "network.transport", "ignore_failure": true,  "ignore_missing": true  } },
     { "convert":         { "field": "destination.port", "type": "integer",  "ignore_failure": true,  "ignore_missing": true  } },
     { "convert":         { "field": "source.port", "type": "integer",  "ignore_failure": true,  "ignore_missing": true  } },
     { "convert":         { "field": "log.id.uid", "type": "string",  "ignore_failure": true,  "ignore_missing": true  } },