From 7be70faab638737c02dbd26928573da92b4b80e1 Mon Sep 17 00:00:00 2001
From: reyesj2 <94730068+reyesj2@users.noreply.github.com>
Date: Thu, 13 Nov 2025 10:49:37 -0600
Subject: [PATCH] format json

---
 salt/elasticsearch/files/ingest/suricata.dns | 133 ++++++++++++++++---
 1 file changed, 113 insertions(+), 20 deletions(-)

diff --git a/salt/elasticsearch/files/ingest/suricata.dns b/salt/elasticsearch/files/ingest/suricata.dns
index 3ef68f28b..e9fab994c 100644
--- a/salt/elasticsearch/files/ingest/suricata.dns
+++ b/salt/elasticsearch/files/ingest/suricata.dns
@@ -1,21 +1,114 @@
 {
-  "description" : "suricata.dns",
-  "processors" : [
-    { "rename": 	{ "field": "message2.proto", 			"target_field": "network.transport",		"ignore_missing": true 	} },
-    { "rename": 	{ "field": "message2.app_proto", 		"target_field": "network.protocol",		"ignore_missing": true 	} },
-    { "rename": 	{ "field": "message2.dns.type", 		"target_field": "dns.query.type",		"ignore_missing": true 	} },
-    { "rename": 	{ "field": "message2.dns.tx_id",		"target_field": "dns.id",			"ignore_missing": true 	} },
-    { "rename": 	{ "field": "message2.dns.version", 		"target_field": "dns.version",			"ignore_missing": true 	} },
-    { "rename": 	{ "field": "message2.dns.rrname", 		"target_field": "dns.query.name",		"ignore_missing": true 	} },
-    { "rename": 	{ "field": "message2.dns.rrtype", 		"target_field": "dns.query.type_name",		"ignore_missing": true 	} },
-    { "rename": 	{ "field": "message2.dns.flags", 		"target_field": "dns.flags",			"ignore_missing": true 	} },
-    { "rename": 	{ "field": "message2.dns.qr", 			"target_field": "dns.qr",			"ignore_missing": true 	} },
-    { "rename": 	{ "field": "message2.dns.rd", 			"target_field": "dns.recursion.desired",	"ignore_missing": true 	} },
-    { "rename": 	{ "field": "message2.dns.ra", 			"target_field": "dns.recursion.available",	"ignore_missing": true 	} },
-    { "rename": 	{ "field": "message2.dns.rcode", 		"target_field": "dns.response.code_name",	"ignore_missing": true 	} },
-    { "rename":		{ "field": "message2.dns.grouped.A", 		"target_field": "dns.answers.data",		"ignore_missing": true 	} },
-    { "rename":		{ "field": "message2.dns.grouped.CNAME",	"target_field": "dns.answers.name",		"ignore_missing": true 	} },
-    { "pipeline":	{ "if": "ctx.dns.query?.name != null && ctx.dns.query.name.contains('.')", "name": "dns.tld"				} },
-    { "pipeline": 	{ "name": "common"													} }
-  ]
-}
+    "description": "suricata.dns",
+    "processors": [
+        {
+            "rename": {
+                "field": "message2.proto",
+                "target_field": "network.transport",
+                "ignore_missing": true
+            }
+        },
+        {
+            "rename": {
+                "field": "message2.app_proto",
+                "target_field": "network.protocol",
+                "ignore_missing": true
+            }
+        },
+        {
+            "rename": {
+                "field": "message2.dns.type",
+                "target_field": "dns.query.type",
+                "ignore_missing": true
+            }
+        },
+        {
+            "rename": {
+                "field": "message2.dns.tx_id",
+                "target_field": "dns.id",
+                "ignore_missing": true
+            }
+        },
+        {
+            "rename": {
+                "field": "message2.dns.version",
+                "target_field": "dns.version",
+                "ignore_missing": true
+            }
+        },
+        {
+            "rename": {
+                "field": "message2.dns.rrname",
+                "target_field": "dns.query.name",
+                "ignore_missing": true
+            }
+        },
+        {
+            "rename": {
+                "field": "message2.dns.rrtype",
+                "target_field": "dns.query.type_name",
+                "ignore_missing": true
+            }
+        },
+        {
+            "rename": {
+                "field": "message2.dns.flags",
+                "target_field": "dns.flags",
+                "ignore_missing": true
+            }
+        },
+        {
+            "rename": {
+                "field": "message2.dns.qr",
+                "target_field": "dns.qr",
+                "ignore_missing": true
+            }
+        },
+        {
+            "rename": {
+                "field": "message2.dns.rd",
+                "target_field": "dns.recursion.desired",
+                "ignore_missing": true
+            }
+        },
+        {
+            "rename": {
+                "field": "message2.dns.ra",
+                "target_field": "dns.recursion.available",
+                "ignore_missing": true
+            }
+        },
+        {
+            "rename": {
+                "field": "message2.dns.rcode",
+                "target_field": "dns.response.code_name",
+                "ignore_missing": true
+            }
+        },
+        {
+            "rename": {
+                "field": "message2.dns.grouped.A",
+                "target_field": "dns.answers.data",
+                "ignore_missing": true
+            }
+        },
+        {
+            "rename": {
+                "field": "message2.dns.grouped.CNAME",
+                "target_field": "dns.answers.name",
+                "ignore_missing": true
+            }
+        },
+        {
+            "pipeline": {
+                "if": "ctx.dns.query?.name != null && ctx.dns.query.name.contains('.')",
+                "name": "dns.tld"
+            }
+        },
+        {
+            "pipeline": {
+                "name": "common"
+            }
+        }
+    ]
+}
\ No newline at end of file