suricata capture_file

2025-12-06 01:02:46 +01:00 · 2025-11-20 14:16:49 -06:00
parent 433dab7376
commit 6f42ff3442
1 changed files with 7 additions and 0 deletions
--- a/salt/elasticsearch/files/ingest/suricata.common
+++ b/salt/elasticsearch/files/ingest/suricata.common
@@ -138,6 +138,13 @@
                "ignore_failure": false
            }
        },
+        {
+            "rename": {
+                "field": "message2.capture_file",
+                "target_field": "suricata.capture_file",
+                "ignore_missing": true
+            }
+        },
        {
            "pipeline": {
                "if": "ctx?.event?.dataset != null",