add more zeek opcua parsers

salt/elasticsearch/files/ingest/zeek.opcua_binary_read_array_dims

@@ -0,0 +1,10 @@
+{
+  "description" : "zeek.opcua_binary_read_array_dims",
+  "processors" : [
+    { "remove":   { "field": ["host"],										"ignore_failure": true } },
+    { "json":     { "field": "message",				"target_field": "message2",			"ignore_failure": true } },
+    { "rename":   { "field": "message2.array_dim_link_id",	"target_field": "opcua.array_dim_link_id",	"ignore_missing": true } },
+    { "rename":   { "field": "message2.dimension",		"target_field": "opcua.dimension",		"ignore_missing": true } },
+    { "pipeline": { "name": "zeek.common" } }
+  ]
+}

salt/elasticsearch/files/ingest/zeek.opcua_binary_read_array_dims_link

@@ -0,0 +1,10 @@
+{
+  "description" : "zeek.opcua_binary_read_array_dims_link",
+  "processors" : [
+    { "remove":   { "field": ["host"],												"ignore_failure": true } },
+    { "json":     { "field": "message",					"target_field": "message2",				"ignore_failure": true } },
+    { "rename":   { "field": "message2.variant_data_array_dim_link_id",	"target_field": "opcua.variant_data_array_dim_link_id",	"ignore_missing": true } },
+    { "rename":   { "field": "message2.array_dim_link_id",		"target_field": "opcua.array_dim_link_id",		"ignore_missing": true } },
+    { "pipeline": { "name": "zeek.common" } }
+  ]
+}

salt/elasticsearch/files/ingest/zeek.opcua_binary_read_diagnostic_info

@@ -0,0 +1,10 @@
+{
+  "description" : "zeek.opcua_binary_read_diagnostic_info",
+  "processors" : [
+    { "remove":   { "field": ["host"],										"ignore_failure": true } },
+    { "json":     { "field": "message",				"target_field": "message2",			"ignore_failure": true } },
+    { "rename":   { "field": "message2.read_diag_info_link_id",	"target_field": "opcua.read_diag_info_link_id",	"ignore_missing": true } },
+    { "rename":   { "field": "message2.diag_info_link_id",	"target_field": "opcua.diag_info_link_id",	"ignore_missing": true } },
+    { "pipeline": { "name": "zeek.common" } }
+  ]
+}

salt/elasticsearch/files/ingest/zeek.opcua_binary_read_extension_object

@@ -0,0 +1,14 @@
+{
+  "description" : "zeek.opcua_binary_read_extension_object",
+  "processors" : [
+    { "remove":   { "field": ["host"],													"ignore_failure": true } },
+    { "json":     { "field": "message",					"target_field": "message2",					"ignore_failure": true } },
+    { "rename":   { "field": "message2.ext_obj_link_id",		"target_field": "opcua.ext_obj_link_id",			"ignore_missing": true } },
+    { "rename":   { "field": "message2.ext_obj_node_id_encoding_mask",	"target_field": "opcua.ext_obj_node_id_encoding_mask",		"ignore_missing": true } },
+    { "rename":   { "field": "message2.ext_obj_node_id_namespace_idx",	"target_field": "opcua.ext_obj_node_id_namespace_index",	"ignore_missing": true } },
+    { "rename":   { "field": "message2.ext_obj_node_id_numeric",	"target_field": "opcua.ext_obj_node_id_numeric",		"ignore_missing": true } },
+    { "rename":   { "field": "message2.ext_obj_type_id_str",		"target_field": "opcua.ext_obj_type_id_string",			"ignore_missing": true } },
+    { "rename":   { "field": "message2.ext_obj_encoding",		"target_field": "opcua.ext_obj_encoding",			"ignore_missing": true } },
+    { "pipeline": { "name": "zeek.common" } }
+  ]
+}

salt/elasticsearch/files/ingest/zeek.opcua_binary_read_extension_object_link

@@ -0,0 +1,10 @@
+{
+  "description" : "zeek.opcua_binary_read_extension_object_link",
+  "processors" : [
+    { "remove":   { "field": ["host"],												"ignore_failure": true } },
+    { "json":     { "field": "message",					"target_field": "message2",				"ignore_failure": true } },
+    { "rename":   { "field": "message2.variant_data_ext_obj_link_id",	"target_field": "opcua.variant_data_ext_obj_link_id",	"ignore_missing": true } },
+    { "rename":   { "field": "message2.ext_obj_link_id",		"target_field": "opcua.ext_obj_link_id",		"ignore_missing": true } },
+    { "pipeline": { "name": "zeek.common" } }
+  ]
+}

salt/elasticsearch/files/ingest/zeek.opcua_binary_read_nodes_to_read

@@ -1,15 +1,15 @@
 {
   "description" : "zeek.opcua_binary_read_nodes_to_read",
   "processors" : [
-    { "remove":   { "field": ["host"],												"ignore_failure": true } },
+    { "remove":   { "field": ["host"],											"ignore_failure": true } },
-    { "json":     { "field": "message",					"target_field": "message2",				"ignore_failure": true } },
+    { "json":     { "field": "message",					"target_field": "message2",			"ignore_failure": true } },
-    { "rename":   { "field": "message2.nodes_to_read_link_id",		"target_field": "opcua.nodes_to_read_link_id",		"ignore_missing": true } },
+    { "rename":   { "field": "message2.nodes_to_read_link_id",	"target_field": "opcua.nodes_to_read_link_id",		"ignore_missing": true } },
-    { "rename":   { "field": "message2.node_id_encoding_mask",		"target_field": "opcua.node_id_encoding_mask",		"ignore_missing": true } },
+    { "rename":   { "field": "message2.node_id_encoding_mask",	"target_field": "opcua.node_id_encoding_mask",		"ignore_missing": true } },
-    { "rename":   { "field": "message2.node_id_numeric",		"target_field": "opcua.node_id_numeric",		"ignore_missing": true } },
+    { "rename":   { "field": "message2.node_id_numeric",	"target_field": "opcua.node_id_numeric",		"ignore_missing": true } },
-    { "rename":   { "field": "message2.attribute_id",			"target_field": "opcua.attribute_id",			"ignore_missing": true } },
+    { "rename":   { "field": "message2.attribute_id",		"target_field": "opcua.attribute_id",			"ignore_missing": true } },
-    { "rename":   { "field": "message2.attribute_id_str",		"target_field": "opcua.attribute_id_string",		"ignore_missing": true } },
+    { "rename":   { "field": "message2.attribute_id_str",	"target_field": "opcua.attribute_id_string",		"ignore_missing": true } },
-    { "rename":   { "field": "message2.data_encoding_name_idx",		"target_field": "opcua.data_encoding_name_index",	"ignore_missing": true } },
+    { "rename":   { "field": "message2.data_encoding_name_idx",	"target_field": "opcua.data_encoding_name_index",	"ignore_missing": true } },
-    { "rename":   { "field": "message2.data_encoding_name",		"target_field": "opcua.data_encoding_name",		"ignore_missing": true } },
+    { "rename":   { "field": "message2.data_encoding_name",	"target_field": "opcua.data_encoding_name",		"ignore_missing": true } },
     { "pipeline": { "name": "zeek.common" } }
   ]
 }

salt/elasticsearch/files/ingest/zeek.opcua_binary_read_results_link

@@ -1,10 +1,10 @@
 {
   "description" : "zeek.opcua_binary_read_results_link",
   "processors" : [
-    { "remove":   { "field": ["host"],										"ignore_failure": true } },
+    { "remove":   { "field": ["host"],														"ignore_failure": true } },
-    { "json":     { "field": "message",				"target_field": "message2",			"ignore_failure": true } },
+    { "json":     { "field": "message",						"target_field": "message2",					"ignore_failure": true } },
-    { "rename":   { "field": "message2.read_results_link_id",	"target_field": "opcua.read_results_link_id",	"ignore_missing": true } },
+    { "rename":   { "field": "message2.read_results_link_id",			"target_field": "opcua.read_results_link_id",			"ignore_missing": true } },
-    { "rename":   { "field": "message2.results_link_id",	"target_field": "opcua.results_link_id",	"ignore_missing": true } },
+    { "rename":   { "field": "message2.results_link_id",			"target_field": "opcua.results_link_id",			"ignore_missing": true } },
     { "pipeline": { "name": "zeek.common" } }
   ]
 }

salt/elasticsearch/files/ingest/zeek.opcua_binary_read_status_code

@@ -0,0 +1,10 @@
+{
+  "description" : "zeek.opcua_binary_read_status_code",
+  "processors" : [
+    { "remove":   { "field": ["host"],												"ignore_failure": true } },
+    { "json":     { "field": "message",					"target_field": "message2",				"ignore_failure": true } },
+    { "rename":   { "field": "message2.read_status_code_link_id",	"target_field": "opcua.read_status_code_link_id",	"ignore_missing": true } },
+    { "rename":   { "field": "message2.status_code_link_id",		"target_field": "opcua.status_code_link_id",		"ignore_missing": true } },
+    { "pipeline": { "name": "zeek.common" } }
+  ]
+}

salt/elasticsearch/files/ingest/zeek.opcua_binary_read_variant_data

@@ -0,0 +1,10 @@
+{
+  "description" : "zeek.opcua_binary_read_variant_data",
+  "processors" : [
+    { "remove":   { "field": ["host"],														"ignore_failure": true } },
+    { "json":     { "field": "message",						"target_field": "message2",					"ignore_failure": true } },
+    { "rename":   { "field": "message2.read_variant_data_link_id",		"target_field": "opcua.read_variant_data_link_id",		"ignore_missing": true } },
+    { "rename":   { "field": "message2.variant_data_value_signed_numeric",	"target_field": "opcua.variant_data_value_signed_numeric",	"ignore_missing": true } },
+    { "pipeline": { "name": "zeek.common" } }
+  ]
+}

salt/elasticsearch/files/ingest/zeek.opcua_binary_read_variant_data_link

@@ -0,0 +1,10 @@
+{
+  "description" : "zeek.opcua_binary_read_variant_data_link",
+  "processors" : [
+    { "remove":   { "field": ["host"],														"ignore_failure": true } },
+    { "json":     { "field": "message",						"target_field": "message2",					"ignore_failure": true } },
+    { "rename":   { "field": "message2.read_results_variant_data_link_id",	"target_field": "opcua.read_results_variant_data_link_id",	"ignore_missing": true } },
+    { "rename":   { "field": "message2.read_variant_data_link_id",		"target_field": "opcua.read_variant_data_link_id",		"ignore_missing": true } },
+    { "pipeline": { "name": "zeek.common" } }
+  ]
+}