diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_binary_read_array_dims b/salt/elasticsearch/files/ingest/zeek.opcua_binary_read_array_dims
new file mode 100644
index 000000000..a0955f534
--- /dev/null
+++ b/salt/elasticsearch/files/ingest/zeek.opcua_binary_read_array_dims
@@ -0,0 +1,10 @@
+{
+  "description" : "zeek.opcua_binary_read_array_dims",
+  "processors" : [
+    { "remove":   { "field": ["host"],										"ignore_failure": true } },
+    { "json":     { "field": "message",				"target_field": "message2",			"ignore_failure": true } },
+    { "rename":   { "field": "message2.array_dim_link_id",	"target_field": "opcua.array_dim_link_id",	"ignore_missing": true } },
+    { "rename":   { "field": "message2.dimension",		"target_field": "opcua.dimension",		"ignore_missing": true } },
+    { "pipeline": { "name": "zeek.common" } }
+  ]
+}
diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_binary_read_array_dims_link b/salt/elasticsearch/files/ingest/zeek.opcua_binary_read_array_dims_link
new file mode 100644
index 000000000..94644246f
--- /dev/null
+++ b/salt/elasticsearch/files/ingest/zeek.opcua_binary_read_array_dims_link
@@ -0,0 +1,10 @@
+{
+  "description" : "zeek.opcua_binary_read_array_dims_link",
+  "processors" : [
+    { "remove":   { "field": ["host"],												"ignore_failure": true } },
+    { "json":     { "field": "message",					"target_field": "message2",				"ignore_failure": true } },
+    { "rename":   { "field": "message2.variant_data_array_dim_link_id",	"target_field": "opcua.variant_data_array_dim_link_id",	"ignore_missing": true } },
+    { "rename":   { "field": "message2.array_dim_link_id",		"target_field": "opcua.array_dim_link_id",		"ignore_missing": true } },
+    { "pipeline": { "name": "zeek.common" } }
+  ]
+}
diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_binary_read_diagnostic_info b/salt/elasticsearch/files/ingest/zeek.opcua_binary_read_diagnostic_info
new file mode 100644
index 000000000..64376bd08
--- /dev/null
+++ b/salt/elasticsearch/files/ingest/zeek.opcua_binary_read_diagnostic_info
@@ -0,0 +1,10 @@
+{
+  "description" : "zeek.opcua_binary_read_diagnostic_info",
+  "processors" : [
+    { "remove":   { "field": ["host"],										"ignore_failure": true } },
+    { "json":     { "field": "message",				"target_field": "message2",			"ignore_failure": true } },
+    { "rename":   { "field": "message2.read_diag_info_link_id",	"target_field": "opcua.read_diag_info_link_id",	"ignore_missing": true } },
+    { "rename":   { "field": "message2.diag_info_link_id",	"target_field": "opcua.diag_info_link_id",	"ignore_missing": true } },
+    { "pipeline": { "name": "zeek.common" } }
+  ]
+}
diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_binary_read_extension_object b/salt/elasticsearch/files/ingest/zeek.opcua_binary_read_extension_object
new file mode 100644
index 000000000..8ef46251b
--- /dev/null
+++ b/salt/elasticsearch/files/ingest/zeek.opcua_binary_read_extension_object
@@ -0,0 +1,14 @@
+{
+  "description" : "zeek.opcua_binary_read_extension_object",
+  "processors" : [
+    { "remove":   { "field": ["host"],													"ignore_failure": true } },
+    { "json":     { "field": "message",					"target_field": "message2",					"ignore_failure": true } },
+    { "rename":   { "field": "message2.ext_obj_link_id",		"target_field": "opcua.ext_obj_link_id",			"ignore_missing": true } },
+    { "rename":   { "field": "message2.ext_obj_node_id_encoding_mask",	"target_field": "opcua.ext_obj_node_id_encoding_mask",		"ignore_missing": true } },
+    { "rename":   { "field": "message2.ext_obj_node_id_namespace_idx",	"target_field": "opcua.ext_obj_node_id_namespace_index",	"ignore_missing": true } },
+    { "rename":   { "field": "message2.ext_obj_node_id_numeric",	"target_field": "opcua.ext_obj_node_id_numeric",		"ignore_missing": true } },
+    { "rename":   { "field": "message2.ext_obj_type_id_str",		"target_field": "opcua.ext_obj_type_id_string",			"ignore_missing": true } },
+    { "rename":   { "field": "message2.ext_obj_encoding",		"target_field": "opcua.ext_obj_encoding",			"ignore_missing": true } },
+    { "pipeline": { "name": "zeek.common" } }
+  ]
+}
diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_binary_read_extension_object_link b/salt/elasticsearch/files/ingest/zeek.opcua_binary_read_extension_object_link
new file mode 100644
index 000000000..0aae27ca1
--- /dev/null
+++ b/salt/elasticsearch/files/ingest/zeek.opcua_binary_read_extension_object_link
@@ -0,0 +1,10 @@
+{
+  "description" : "zeek.opcua_binary_read_extension_object_link",
+  "processors" : [
+    { "remove":   { "field": ["host"],												"ignore_failure": true } },
+    { "json":     { "field": "message",					"target_field": "message2",				"ignore_failure": true } },
+    { "rename":   { "field": "message2.variant_data_ext_obj_link_id",	"target_field": "opcua.variant_data_ext_obj_link_id",	"ignore_missing": true } },
+    { "rename":   { "field": "message2.ext_obj_link_id",		"target_field": "opcua.ext_obj_link_id",		"ignore_missing": true } },
+    { "pipeline": { "name": "zeek.common" } }
+  ]
+}
diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_binary_read_nodes_to_read b/salt/elasticsearch/files/ingest/zeek.opcua_binary_read_nodes_to_read
index cbc829a04..39c0c25b1 100644
--- a/salt/elasticsearch/files/ingest/zeek.opcua_binary_read_nodes_to_read
+++ b/salt/elasticsearch/files/ingest/zeek.opcua_binary_read_nodes_to_read
@@ -1,15 +1,15 @@
 {
   "description" : "zeek.opcua_binary_read_nodes_to_read",
   "processors" : [
-    { "remove":   { "field": ["host"],												"ignore_failure": true } },
-    { "json":     { "field": "message",					"target_field": "message2",				"ignore_failure": true } },
-    { "rename":   { "field": "message2.nodes_to_read_link_id",		"target_field": "opcua.nodes_to_read_link_id",		"ignore_missing": true } },
-    { "rename":   { "field": "message2.node_id_encoding_mask",		"target_field": "opcua.node_id_encoding_mask",		"ignore_missing": true } },
-    { "rename":   { "field": "message2.node_id_numeric",		"target_field": "opcua.node_id_numeric",		"ignore_missing": true } },
-    { "rename":   { "field": "message2.attribute_id",			"target_field": "opcua.attribute_id",			"ignore_missing": true } },
-    { "rename":   { "field": "message2.attribute_id_str",		"target_field": "opcua.attribute_id_string",		"ignore_missing": true } },
-    { "rename":   { "field": "message2.data_encoding_name_idx",		"target_field": "opcua.data_encoding_name_index",	"ignore_missing": true } },
-    { "rename":   { "field": "message2.data_encoding_name",		"target_field": "opcua.data_encoding_name",		"ignore_missing": true } },
+    { "remove":   { "field": ["host"],											"ignore_failure": true } },
+    { "json":     { "field": "message",					"target_field": "message2",			"ignore_failure": true } },
+    { "rename":   { "field": "message2.nodes_to_read_link_id",	"target_field": "opcua.nodes_to_read_link_id",		"ignore_missing": true } },
+    { "rename":   { "field": "message2.node_id_encoding_mask",	"target_field": "opcua.node_id_encoding_mask",		"ignore_missing": true } },
+    { "rename":   { "field": "message2.node_id_numeric",	"target_field": "opcua.node_id_numeric",		"ignore_missing": true } },
+    { "rename":   { "field": "message2.attribute_id",		"target_field": "opcua.attribute_id",			"ignore_missing": true } },
+    { "rename":   { "field": "message2.attribute_id_str",	"target_field": "opcua.attribute_id_string",		"ignore_missing": true } },
+    { "rename":   { "field": "message2.data_encoding_name_idx",	"target_field": "opcua.data_encoding_name_index",	"ignore_missing": true } },
+    { "rename":   { "field": "message2.data_encoding_name",	"target_field": "opcua.data_encoding_name",		"ignore_missing": true } },
     { "pipeline": { "name": "zeek.common" } }
   ]
 }
diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_binary_read_results_link b/salt/elasticsearch/files/ingest/zeek.opcua_binary_read_results_link
index 1dca46473..75245d212 100644
--- a/salt/elasticsearch/files/ingest/zeek.opcua_binary_read_results_link
+++ b/salt/elasticsearch/files/ingest/zeek.opcua_binary_read_results_link
@@ -1,10 +1,10 @@
 {
   "description" : "zeek.opcua_binary_read_results_link",
   "processors" : [
-    { "remove":   { "field": ["host"],										"ignore_failure": true } },
-    { "json":     { "field": "message",				"target_field": "message2",			"ignore_failure": true } },
-    { "rename":   { "field": "message2.read_results_link_id",	"target_field": "opcua.read_results_link_id",	"ignore_missing": true } },
-    { "rename":   { "field": "message2.results_link_id",	"target_field": "opcua.results_link_id",	"ignore_missing": true } },
+    { "remove":   { "field": ["host"],														"ignore_failure": true } },
+    { "json":     { "field": "message",						"target_field": "message2",					"ignore_failure": true } },
+    { "rename":   { "field": "message2.read_results_link_id",			"target_field": "opcua.read_results_link_id",			"ignore_missing": true } },
+    { "rename":   { "field": "message2.results_link_id",			"target_field": "opcua.results_link_id",			"ignore_missing": true } },
     { "pipeline": { "name": "zeek.common" } }
   ]
 }
diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_binary_read_status_code b/salt/elasticsearch/files/ingest/zeek.opcua_binary_read_status_code
new file mode 100644
index 000000000..d3b6ece54
--- /dev/null
+++ b/salt/elasticsearch/files/ingest/zeek.opcua_binary_read_status_code
@@ -0,0 +1,10 @@
+{
+  "description" : "zeek.opcua_binary_read_status_code",
+  "processors" : [
+    { "remove":   { "field": ["host"],												"ignore_failure": true } },
+    { "json":     { "field": "message",					"target_field": "message2",				"ignore_failure": true } },
+    { "rename":   { "field": "message2.read_status_code_link_id",	"target_field": "opcua.read_status_code_link_id",	"ignore_missing": true } },
+    { "rename":   { "field": "message2.status_code_link_id",		"target_field": "opcua.status_code_link_id",		"ignore_missing": true } },
+    { "pipeline": { "name": "zeek.common" } }
+  ]
+}
diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_binary_read_variant_data b/salt/elasticsearch/files/ingest/zeek.opcua_binary_read_variant_data
new file mode 100644
index 000000000..d77404bc5
--- /dev/null
+++ b/salt/elasticsearch/files/ingest/zeek.opcua_binary_read_variant_data
@@ -0,0 +1,10 @@
+{
+  "description" : "zeek.opcua_binary_read_variant_data",
+  "processors" : [
+    { "remove":   { "field": ["host"],														"ignore_failure": true } },
+    { "json":     { "field": "message",						"target_field": "message2",					"ignore_failure": true } },
+    { "rename":   { "field": "message2.read_variant_data_link_id",		"target_field": "opcua.read_variant_data_link_id",		"ignore_missing": true } },
+    { "rename":   { "field": "message2.variant_data_value_signed_numeric",	"target_field": "opcua.variant_data_value_signed_numeric",	"ignore_missing": true } },
+    { "pipeline": { "name": "zeek.common" } }
+  ]
+}
diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_binary_read_variant_data_link b/salt/elasticsearch/files/ingest/zeek.opcua_binary_read_variant_data_link
new file mode 100644
index 000000000..8585789ff
--- /dev/null
+++ b/salt/elasticsearch/files/ingest/zeek.opcua_binary_read_variant_data_link
@@ -0,0 +1,10 @@
+{
+  "description" : "zeek.opcua_binary_read_variant_data_link",
+  "processors" : [
+    { "remove":   { "field": ["host"],														"ignore_failure": true } },
+    { "json":     { "field": "message",						"target_field": "message2",					"ignore_failure": true } },
+    { "rename":   { "field": "message2.read_results_variant_data_link_id",	"target_field": "opcua.read_results_variant_data_link_id",	"ignore_missing": true } },
+    { "rename":   { "field": "message2.read_variant_data_link_id",		"target_field": "opcua.read_variant_data_link_id",		"ignore_missing": true } },
+    { "pipeline": { "name": "zeek.common" } }
+  ]
+}