Merge pull request #1473 from Security-Onion-Solutions/fix/logstash_output_wazuh

Remove dataset name since pipeline no longer in use
2025-12-06 17:22:49 +01:00 · 2020-10-07 11:49:40 -04:00
parent 8015676e01 8e829b47ae
commit 7787f81bdd
1 changed files with 1 additions and 1 deletions
--- a/salt/logstash/pipelines/config/so/9600_output_ossec.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9600_output_ossec.conf.jinja
@@ -7,7 +7,7 @@
 output {
  if [module] =~ "ossec" {
    elasticsearch {
-      pipeline => "%{module}.%{dataset}"
+      pipeline => "%{module}"
      hosts => "{{ ES }}"
      index => "so-ossec-%{+YYYY.MM.dd}"
      template_name => "so-ossec"