Additional field renames and updates

2026-04-24 05:31:54 +02:00 · 2022-11-30 15:01:41 +00:00
parent 768225ff5a
commit 5d72f8d55a
11 changed files with 25 additions and 25 deletions
--- a/salt/elasticsearch/files/ingest/zeek.opcua_binary_create_session
+++ b/salt/elasticsearch/files/ingest/zeek.opcua_binary_create_session
@@ -4,12 +4,12 @@
    { "remove":   { "field": ["host"],                                                                                      "ignore_failure": true } },
    { "json":     { "field": "message",			            "target_field": "message2",		                    "ignore_failure": true} },
    { "rename":   { "field": "message2.opcua_link_id",              "target_field": "opcua.link_id",                        "ignore_missing": true } },
-    { "rename":   { "field": "message2.session_id_encoding_mask",   "target_field": "opcua.session_id.encoding_mask",       "ignore_missing": true } },
-    { "rename":   { "field": "message2.session_id_namespace_idx",   "target_field": "opcua.session_id.namespace_index",     "ignore_missing": true } },
-    { "rename":   { "field": "message2.session_id_guid",            "target_field": "opcua.session_id.guid",                "ignore_missing": true } },
-    { "rename":   { "field": "message2.auth_token_encoding_mask",   "target_field": "opcua.auth_token.encoding_mask",       "ignore_missing": true } },
-    { "rename":   { "field": "message2.auth_token_namespace_idx",   "target_field": "opcua.auth_token.namespace_index",     "ignore_missing": true } },
-    { "rename":   { "field": "message2.auth_token_guid",            "target_field": "opcua.auth_token.guid",                "ignore_missing": true } },
+    { "rename":   { "field": "message2.session_id_encoding_mask",   "target_field": "opcua.session_id_encoding_mask",       "ignore_missing": true } },
+    { "rename":   { "field": "message2.session_id_namespace_idx",   "target_field": "opcua.session_id_namespace_index",     "ignore_missing": true } },
+    { "rename":   { "field": "message2.session_id_guid",            "target_field": "opcua.session_id_guid",                "ignore_missing": true } },
+    { "rename":   { "field": "message2.auth_token_encoding_mask",   "target_field": "opcua.auth_token_encoding_mask",       "ignore_missing": true } },
+    { "rename":   { "field": "message2.auth_token_namespace_idx",   "target_field": "opcua.auth_token_namespace_index",     "ignore_missing": true } },
+    { "rename":   { "field": "message2.auth_token_guid",            "target_field": "opcua.auth_token_guid",                "ignore_missing": true } },
    { "rename":   { "field": "message2.revised_session_timeout",    "target_field": "opcua.revised_session_timeout",        "ignore_missing": true } },
    { "rename":   { "field": "message2.server_nonce",               "target_field": "opcua.server_nonce",                   "ignore_missing": true } },
    { "rename":   { "field": "message2.endpoint_link_id",           "target_field": "opcua.endpoint_link_id",               "ignore_missing": true } },