From 6cc757e1decc0ebe8ed4f863b10007014e603adc Mon Sep 17 00:00:00 2001
From: Wes Lambert <wlambertts@gmail.com>
Date: Wed, 1 Apr 2020 13:02:36 +0000
Subject: [PATCH] add strelka index

---
 salt/filebeat/etc/filebeat.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/salt/filebeat/etc/filebeat.yml b/salt/filebeat/etc/filebeat.yml
index 0f9b0dcf2..5d659a406 100644
--- a/salt/filebeat/etc/filebeat.yml
+++ b/salt/filebeat/etc/filebeat.yml
@@ -193,6 +193,9 @@ output.elasticsearch:
     - index: "so-ossec-%{+yyyy.MM.dd}"
       when.contains:
         module: "ossec"
+    - index: "so-strelka-%{+yyyy.MM.dd}"
+      when.contains:
+        module: "strelka"
 
 #output.logstash:
   # Boolean flag to enable or disable the output module.