parse Bro logs using Elasticsearch ingest node

2025-12-10 11:12:51 +01:00 · 2019-09-23 16:04:23 -04:00
parent c685089b2b
commit 8472b24a67
48 changed files with 1375 additions and 123 deletions
--- a/salt/elasticsearch/files/ingest/bro_common
+++ b/salt/elasticsearch/files/ingest/bro_common
@@ -0,0 +1,9 @@
+{
+  "description" : "bro_common",
+  "processors" : [
+    { "rename":		{ "field": "@timestamp",	"target_field": "timestamp",	"ignore_missing": true					} },
+    { "date":		{ "field": "message2.ts",	"target_field": "@timestamp",	"formats": ["ISO8601", "UNIX"], "ignore_failure": true	} },
+    { "remove":		{ "field": "message2.ts",	"ignore_failure": true									} },
+    { "pipeline":	{ "name": "common" 													} }
+  ]
+}