diff --git a/salt/elasticsearch/files/ingest/zeek.bacnet b/salt/elasticsearch/files/ingest/zeek.bacnet index c3f1582e3..a96a05b56 100644 --- a/salt/elasticsearch/files/ingest/zeek.bacnet +++ b/salt/elasticsearch/files/ingest/zeek.bacnet @@ -3,7 +3,7 @@ "processors" : [ { "remove": { "field": ["host"], "ignore_failure": true } }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true } }, - { "rename": { "field": "message2.is_orig", "target_field": "bacnet.is.originator", "ignore_missing": true } }, + { "rename": { "field": "message2.is_orig", "target_field": "bacnet.is_orig", "ignore_missing": true } }, { "rename": { "field": "message2.bvlc_function", "target_field": "bacnet.bclv.function", "ignore_missing": true } }, { "rename": { "field": "message2.pdu_type", "target_field": "bacnet.pdu.type", "ignore_missing": true } }, { "rename": { "field": "message2.pdu_service", "target_field": "bacnet.pdu.service", "ignore_missing": true } }, diff --git a/salt/elasticsearch/files/ingest/zeek.bacnet_discovery b/salt/elasticsearch/files/ingest/zeek.bacnet_discovery index 149a3b3d9..c51cbf5c1 100644 --- a/salt/elasticsearch/files/ingest/zeek.bacnet_discovery +++ b/salt/elasticsearch/files/ingest/zeek.bacnet_discovery @@ -3,7 +3,7 @@ "processors" : [ { "remove": { "field": ["host"], "ignore_failure": true } }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true } }, - { "rename": { "field": "message2.is_orig", "target_field": "bacnet.is.originator", "ignore_missing": true } }, + { "rename": { "field": "message2.is_orig", "target_field": "bacnet.is_orig", "ignore_missing": true } }, { "rename": { "field": "message2.pdu_service", "target_field": "bacnet.pdu.service", "ignore_missing": true } }, { "rename": { "field": "message2.object_type", "target_field": "bacnet.object.type", "ignore_missing": true } }, { "rename": { "field": "message2.instance_number", "target_field": "bacnet.instance.number", "ignore_missing": true } }, diff --git a/salt/elasticsearch/files/ingest/zeek.bacnet_property b/salt/elasticsearch/files/ingest/zeek.bacnet_property index b58c54c86..d04c4c327 100644 --- a/salt/elasticsearch/files/ingest/zeek.bacnet_property +++ b/salt/elasticsearch/files/ingest/zeek.bacnet_property @@ -3,7 +3,7 @@ "processors" : [ { "remove": { "field": ["host"], "ignore_failure": true } }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true } }, - { "rename": { "field": "message2.is_orig", "target_field": "bacnet.is.originator", "ignore_missing": true } }, + { "rename": { "field": "message2.is_orig", "target_field": "bacnet.is_orig", "ignore_missing": true } }, { "rename": { "field": "message2.instance_number", "target_field": "bacnet.instance.number", "ignore_missing": true } }, { "rename": { "field": "message2.pdu_service", "target_field": "bacnet.pdu.service", "ignore_missing": true } }, { "rename": { "field": "message2.object_type", "target_field": "bacnet.object.type", "ignore_missing": true } }, diff --git a/salt/elasticsearch/files/ingest/zeek.bsap_ip_rdb b/salt/elasticsearch/files/ingest/zeek.bsap_ip_rdb index 7139983cf..f5ebd3a0a 100644 --- a/salt/elasticsearch/files/ingest/zeek.bsap_ip_rdb +++ b/salt/elasticsearch/files/ingest/zeek.bsap_ip_rdb @@ -10,7 +10,7 @@ { "rename": { "field": "message2.sequence", "target_field": "bsap.function.sequence", "ignore_missing": true } }, { "rename": { "field": "message2.app_func_code", "target_field": "bsap.application.function", "ignore_missing": true } }, { "rename": { "field": "message2.node_status", "target_field": "bsap.node.status", "ignore_missing": true } }, - { "rename": { "field": "message2.func_code", "target_field": "bsap.application.sub.function", "ignore_missing": true } }, + { "rename": { "field": "message2.func_code", "target_field": "bsap.application.sub_function", "ignore_missing": true } }, { "rename": { "field": "message2.variable_count", "target_field": "bsap.variable.count", "ignore_missing": true } }, { "rename": { "field": "message2.variables", "target_field": "bsap.vector.variables", "ignore_missing": true } }, { "rename": { "field": "message2.variable_value", "target_field": "bsap.vector.variable.value", "ignore_missing": true } }, diff --git a/salt/elasticsearch/files/ingest/zeek.bsap_serial_header b/salt/elasticsearch/files/ingest/zeek.bsap_serial_header index e4262b3c3..e04862783 100644 --- a/salt/elasticsearch/files/ingest/zeek.bsap_serial_header +++ b/salt/elasticsearch/files/ingest/zeek.bsap_serial_header @@ -3,7 +3,7 @@ "processors" : [ { "remove": { "field": ["host"], "ignore_failure": true } }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true } }, - { "rename": { "field": "message2.ser", "target_field": "bsap.message.serial.number", "ignore_missing": true } }, + { "rename": { "field": "message2.ser", "target_field": "bsap.message.serial_number", "ignore_missing": true } }, { "rename": { "field": "message2.dadd", "target_field": "bsap.destination.address", "ignore_missing": true } }, { "rename": { "field": "message2.sadd", "target_field": "bsap.source.address", "ignore_missing": true } }, { "rename": { "field": "message2.ctl", "target_field": "bsap.control.byte", "ignore_missing": true } }, diff --git a/salt/elasticsearch/files/ingest/zeek.cip b/salt/elasticsearch/files/ingest/zeek.cip index e03237ad6..a9c47e43e 100644 --- a/salt/elasticsearch/files/ingest/zeek.cip +++ b/salt/elasticsearch/files/ingest/zeek.cip @@ -3,7 +3,7 @@ "processors" : [ { "remove": { "field": ["host"], "ignore_failure": true } }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true } }, - { "rename": { "field": "message2.is_orig", "target_field": "cip.is.origin", "ignore_missing": true } }, + { "rename": { "field": "message2.is_orig", "target_field": "cip.is_orig", "ignore_missing": true } }, { "rename": { "field": "message2.cip_sequence_count", "target_field": "cip.sequence_count", "ignore_missing": true } }, { "rename": { "field": "message2.direction", "target_field": "cip.direction", "ignore_missing": true } }, { "rename": { "field": "message2.cip_service_code", "target_field": "cip.service_code", "ignore_missing": true } }, diff --git a/salt/elasticsearch/files/ingest/zeek.cip_identity b/salt/elasticsearch/files/ingest/zeek.cip_identity index 8a9cacb29..a3522f86a 100644 --- a/salt/elasticsearch/files/ingest/zeek.cip_identity +++ b/salt/elasticsearch/files/ingest/zeek.cip_identity @@ -13,7 +13,7 @@ { "rename": { "field": "message2.product_code", "target_field": "cip.device.product.code", "ignore_missing": true } }, { "rename": { "field": "message2.revision", "target_field": "cip.device.revision", "ignore_missing": true } }, { "rename": { "field": "message2.device_status", "target_field": "cip.device.status", "ignore_missing": true } }, - { "rename": { "field": "message2.serial_number", "target_field": "cip.device.serial.number", "ignore_missing": true } }, + { "rename": { "field": "message2.serial_number", "target_field": "cip.device.serial_number", "ignore_missing": true } }, { "rename": { "field": "message2.product_name", "target_field": "cip.device.product.name", "ignore_missing": true } }, { "rename": { "field": "message2.device_state", "target_field": "cip.device.state", "ignore_missing": true } }, { "pipeline": { "name": "zeek.common" } } diff --git a/salt/elasticsearch/files/ingest/zeek.cip_io b/salt/elasticsearch/files/ingest/zeek.cip_io index 73aed8cae..6c61fbb78 100644 --- a/salt/elasticsearch/files/ingest/zeek.cip_io +++ b/salt/elasticsearch/files/ingest/zeek.cip_io @@ -3,7 +3,7 @@ "processors" : [ { "remove": { "field": ["host"], "ignore_failure": true } }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true } }, - { "rename": { "field": "message2.is_orig", "target_field": "cip.is.origin", "ignore_missing": true } }, + { "rename": { "field": "message2.is_orig", "target_field": "cip.is_orig", "ignore_missing": true } }, { "rename": { "field": "message2.connection_id", "target_field": "cip.connection.id", "ignore_missing": true } }, { "rename": { "field": "message2.sequence_number", "target_field": "cip.sequence.count", "ignore_missing": true } }, { "rename": { "field": "message2.data_length", "target_field": "cip.data.length", "ignore_missing": true } }, diff --git a/salt/elasticsearch/files/ingest/zeek.ecat_coe_info b/salt/elasticsearch/files/ingest/zeek.ecat_coe_info index 79721c920..e425e3173 100644 --- a/salt/elasticsearch/files/ingest/zeek.ecat_coe_info +++ b/salt/elasticsearch/files/ingest/zeek.ecat_coe_info @@ -5,7 +5,7 @@ { "json": { "field": "message", "target_field": "message2", "ignore_failure": true } }, { "rename": { "field": "message2.number", "target_field": "ecat.message.number", "ignore_missing": true } }, { "rename": { "field": "message2.Type", "target_field": "ecat.message.type", "ignore_missing": true } }, - { "rename": { "field": "message2.req_resp", "target_field": "ecat.request.response.type", "ignore_missing": true } }, + { "rename": { "field": "message2.req_resp", "target_field": "ecat.request.response_type", "ignore_missing": true } }, { "rename": { "field": "message2.index", "target_field": "ecat.index", "ignore_missing": true } }, { "rename": { "field": "message2.subindex", "target_field": "ecat.sub.index", "ignore_missing": true } }, { "rename": { "field": "message2.dataoffset", "target_field": "ecat.data_offset", "ignore_missing": true } }, diff --git a/salt/elasticsearch/files/ingest/zeek.ecat_dev_info b/salt/elasticsearch/files/ingest/zeek.ecat_dev_info index aab20781b..d01289e9a 100644 --- a/salt/elasticsearch/files/ingest/zeek.ecat_dev_info +++ b/salt/elasticsearch/files/ingest/zeek.ecat_dev_info @@ -2,17 +2,17 @@ "description" : "zeek.ecat_dev_info", "processors" : [ { "remove": { "field": ["host"], "ignore_failure": true } }, - { "json": { "field": "message", "target_field": "message2", "ignore_failure": true } }, - { "rename": { "field": "message2.slave_id", "target_field": "ecat.slave.address", "ignore_missing": true } }, - { "rename": { "field": "message2.revision", "target_field": "ecat.revision", "ignore_missing": true } }, - { "rename": { "field": "message2.dev_type", "target_field": "ecat.device.type", "ignore_missing": true } }, - { "rename": { "field": "message2.build", "target_field": "ecat.build.version", "ignore_missing": true } }, - { "rename": { "field": "message2.fmmucnt", "target_field": "ecat.fieldbus.mem.mgmt.unit", "ignore_missing": true } }, - { "rename": { "field": "message2.smcount", "target_field": "ecat.sync.manager.count", "ignore_missing": true } }, - { "rename": { "field": "message2.ports", "target_field": "ecat.port", "ignore_missing": true } }, - { "convert": { "field": "ecat.port", "type": "integer", "ignore_missing": true } }, - { "rename": { "field": "message2.dpram", "target_field": "ecat.ram.size", "ignore_missing": true } }, - { "rename": { "field": "message2.features", "target_field": "ecat.features", "ignore_missing": true } }, + { "json": { "field": "message", "target_field": "message2", "ignore_failure": true } }, + { "rename": { "field": "message2.slave_id", "target_field": "ecat.slave.address", "ignore_missing": true } }, + { "rename": { "field": "message2.revision", "target_field": "ecat.revision", "ignore_missing": true } }, + { "rename": { "field": "message2.dev_type", "target_field": "ecat.device.type", "ignore_missing": true } }, + { "rename": { "field": "message2.build", "target_field": "ecat.build.version", "ignore_missing": true } }, + { "rename": { "field": "message2.fmmucnt", "target_field": "ecat.fieldbus.memory_mgmt_unit", "ignore_missing": true } }, + { "rename": { "field": "message2.smcount", "target_field": "ecat.sync.manager_count", "ignore_missing": true } }, + { "rename": { "field": "message2.ports", "target_field": "ecat.port", "ignore_missing": true } }, + { "convert": { "field": "ecat.port", "type": "integer", "ignore_missing": true } }, + { "rename": { "field": "message2.dpram", "target_field": "ecat.ram.size", "ignore_missing": true } }, + { "rename": { "field": "message2.features", "target_field": "ecat.features", "ignore_missing": true } }, { "pipeline": { "name": "zeek.common" } } ] } diff --git a/salt/elasticsearch/files/ingest/zeek.enip b/salt/elasticsearch/files/ingest/zeek.enip index de4d2a989..fee3b058b 100644 --- a/salt/elasticsearch/files/ingest/zeek.enip +++ b/salt/elasticsearch/files/ingest/zeek.enip @@ -3,7 +3,7 @@ "processors" : [ { "remove": { "field": ["host"], "ignore_failure": true } }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true } }, - { "rename": { "field": "message2.is_orig", "target_field": "enip.is.origin", "ignore_missing": true } }, + { "rename": { "field": "message2.is_orig", "target_field": "enip.is_orig", "ignore_missing": true } }, { "rename": { "field": "message2.enip_command_code", "target_field": "enip.command_code", "ignore_missing": true } }, { "rename": { "field": "message2.enip_command", "target_field": "enip.command", "ignore_missing": true } }, { "rename": { "field": "message2.length", "target_field": "enip.length", "ignore_missing": true } }, diff --git a/salt/elasticsearch/files/ingest/zeek.modbus_detailed b/salt/elasticsearch/files/ingest/zeek.modbus_detailed index 723027679..635566c6a 100644 --- a/salt/elasticsearch/files/ingest/zeek.modbus_detailed +++ b/salt/elasticsearch/files/ingest/zeek.modbus_detailed @@ -3,7 +3,7 @@ "processors" : [ { "remove": { "field": ["host"], "ignore_failure": true } }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true } }, - { "rename": { "field": "message2.unit_id", "target_field": "modbus.unit.id", "ignore_missing": true } }, + { "rename": { "field": "message2.unit_id", "target_field": "modbus.unit_id", "ignore_missing": true } }, { "rename": { "field": "message2.func", "target_field": "modbus.function", "ignore_missing": true } }, { "rename": { "field": "message2.network_direction", "target_field": "modbus.network.direction", "ignore_missing": true } }, { "rename": { "field": "message2.address", "target_field": "modbus.address", "ignore_missing": true } }, diff --git a/salt/elasticsearch/files/ingest/zeek.modbus_mask_write_register b/salt/elasticsearch/files/ingest/zeek.modbus_mask_write_register index b03ff569a..d548fe615 100644 --- a/salt/elasticsearch/files/ingest/zeek.modbus_mask_write_register +++ b/salt/elasticsearch/files/ingest/zeek.modbus_mask_write_register @@ -2,13 +2,13 @@ "description" : "zeek.modbus_mask_write_register", "processors" : [ { "remove": { "field": ["host"], "ignore_failure": true } }, - { "json": { "field": "message", "target_field": "message2", "ignore_failure": true } }, - { "rename": { "field": "message2.unit_id", "target_field": "modbus.unit.id", "ignore_missing": true } }, - { "rename": { "field": "message2.func", "target_field": "modbus.function", "ignore_missing": true } }, - { "rename": { "field": "message2.network_direction", "target_field": "modbus.network.direction", "ignore_missing": true } }, - { "rename": { "field": "message2.address", "target_field": "modbus.address", "ignore_missing": true } }, - { "rename": { "field": "message2.and_mask", "target_field": "modbus.and.mask", "ignore_missing": true } }, - { "rename": { "field": "message2.or_mask", "target_field": "modbus.or.maks", "ignore_missing": true } }, + { "json": { "field": "message", "target_field": "message2", "ignore_failure": true } }, + { "rename": { "field": "message2.unit_id", "target_field": "modbus.unit_id", "ignore_missing": true } }, + { "rename": { "field": "message2.func", "target_field": "modbus.function", "ignore_missing": true } }, + { "rename": { "field": "message2.network_direction", "target_field": "modbus.network.direction", "ignore_missing": true } }, + { "rename": { "field": "message2.address", "target_field": "modbus.address", "ignore_missing": true } }, + { "rename": { "field": "message2.and_mask", "target_field": "modbus.and_mask", "ignore_missing": true } }, + { "rename": { "field": "message2.or_mask", "target_field": "modbus.or_mask", "ignore_missing": true } }, { "pipeline": { "name": "zeek.common" } } ] } diff --git a/salt/elasticsearch/files/ingest/zeek.modbus_read_write_multiple_registers b/salt/elasticsearch/files/ingest/zeek.modbus_read_write_multiple_registers index c0b37fa99..234faa34f 100644 --- a/salt/elasticsearch/files/ingest/zeek.modbus_read_write_multiple_registers +++ b/salt/elasticsearch/files/ingest/zeek.modbus_read_write_multiple_registers @@ -3,7 +3,7 @@ "processors" : [ { "remove": { "field": ["host"], "ignore_failure": true } }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true } }, - { "rename": { "field": "message2.unit_id", "target_field": "modbus.unit.id", "ignore_missing": true } }, + { "rename": { "field": "message2.unit_id", "target_field": "modbus.unit_id", "ignore_missing": true } }, { "rename": { "field": "message2.func", "target_field": "modbus.function", "ignore_missing": true } }, { "rename": { "field": "message2.network_direction", "target_field": "modbus.network.direction", "ignore_missing": true } }, { "rename": { "field": "message2.write_start_address", "target_field": "modbus.write.start.address", "ignore_missing": true } }, diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_binary_activate_session_client_software_cert b/salt/elasticsearch/files/ingest/zeek.opcua_binary_activate_session_client_software_cert index 0abadc290..fe6f577eb 100644 --- a/salt/elasticsearch/files/ingest/zeek.opcua_binary_activate_session_client_software_cert +++ b/salt/elasticsearch/files/ingest/zeek.opcua_binary_activate_session_client_software_cert @@ -3,7 +3,7 @@ "processors" : [ { "remove": { "field": ["host"], "ignore_failure": true } }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true } }, - { "rename": { "field": "message2.client_software_cert_link_id", "target_field": "opcua.client_software_cert.link_id", "ignore_missing": true } }, + { "rename": { "field": "message2.client_software_cert_link_id", "target_field": "opcua.client_software_cert_link_id", "ignore_missing": true } }, { "rename": { "field": "message2.cert_data", "target_field": "opcua.certificate.data", "ignore_missing": true } }, { "rename": { "field": "message2.cert_signature", "target_field": "opcua.certificate.signature", "ignore_missing": true } }, { "pipeline": { "name": "zeek.common" } } diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_binary_activate_session_diagnostic_info b/salt/elasticsearch/files/ingest/zeek.opcua_binary_activate_session_diagnostic_info index 90cdf2b62..283d1c78e 100644 --- a/salt/elasticsearch/files/ingest/zeek.opcua_binary_activate_session_diagnostic_info +++ b/salt/elasticsearch/files/ingest/zeek.opcua_binary_activate_session_diagnostic_info @@ -3,8 +3,8 @@ "processors" : [ { "remove": { "field": ["host"], "ignore_failure": true } }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true } }, - { "rename": { "field": "message2.activate_session_diag_info_link_id", "target_field": "opcua.activate_session_diag_info.link_id", "ignore_missing": true } }, - { "rename": { "field": "message2.diag_info_link_id", "target_field": "opcua.diag_info.link_id", "ignore_missing": true } }, + { "rename": { "field": "message2.activate_session_diag_info_link_id", "target_field": "opcua.activate_session_diag_info_link_id", "ignore_missing": true } }, + { "rename": { "field": "message2.diag_info_link_id", "target_field": "opcua.diag_info_link_id", "ignore_missing": true } }, { "pipeline": { "name": "zeek.common" } } ] } diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_binary_browse b/salt/elasticsearch/files/ingest/zeek.opcua_binary_browse index f6e2f3630..fa2f24335 100644 --- a/salt/elasticsearch/files/ingest/zeek.opcua_binary_browse +++ b/salt/elasticsearch/files/ingest/zeek.opcua_binary_browse @@ -11,7 +11,7 @@ { "rename": { "field": "message2.browse_view_id_numeric", "target_field": "opcua.identifier_numeric", "ignore_missing": true } }, { "rename": { "field": "message2.browse_view_description_timestamp", "target_field": "opcua.view.description_timestamp", "ignore_missing": true } }, { "rename": { "field": "message2.browse_view_description_view_version", "target_field": "opcua.description.view_version", "ignore_missing": true } }, - { "rename": { "field": "message2.browse_description_link_id", "target_field": "opcua.description.link_id", "ignore_missing": true } }, + { "rename": { "field": "message2.browse_description_link_id", "target_field": "opcua.description_link_id", "ignore_missing": true } }, { "rename": { "field": "message2.req_max_ref_nodes", "target_field": "opcua.request.max_ref_nodes", "ignore_missing": true } }, { "pipeline": { "name": "zeek.common" } } ] diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_binary_browse_diagnostic_info b/salt/elasticsearch/files/ingest/zeek.opcua_binary_browse_diagnostic_info index 3d58d8030..43560f4f0 100644 --- a/salt/elasticsearch/files/ingest/zeek.opcua_binary_browse_diagnostic_info +++ b/salt/elasticsearch/files/ingest/zeek.opcua_binary_browse_diagnostic_info @@ -3,8 +3,8 @@ "processors" : [ { "remove": { "field": ["host"], "ignore_failure": true } }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true } }, - { "rename": { "field": "message2.browse_diag_info_link_id", "target_field": "opcua.browse_session_diag_info.link_id", "ignore_missing": true } }, - { "rename": { "field": "message2.diag_info_link_id", "target_field": "opcua.diag_info.link_id", "ignore_missing": true } }, + { "rename": { "field": "message2.browse_diag_info_link_id", "target_field": "opcua.browse_session_diag_info_link_id", "ignore_missing": true } }, + { "rename": { "field": "message2.diag_info_link_id", "target_field": "opcua.diag_info_link_id", "ignore_missing": true } }, { "pipeline": { "name": "zeek.common" } } ] } diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_binary_browse_result b/salt/elasticsearch/files/ingest/zeek.opcua_binary_browse_result index 857e7ffb5..d9eabbd87 100644 --- a/salt/elasticsearch/files/ingest/zeek.opcua_binary_browse_result +++ b/salt/elasticsearch/files/ingest/zeek.opcua_binary_browse_result @@ -3,9 +3,9 @@ "processors" : [ { "remove": { "field": ["host"], "ignore_failure": true } }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true } }, - { "rename": { "field": "message2.browse_response_link_id", "target_field": "opcua.response.link_id", "ignore_missing": true } }, - { "rename": { "field": "message2.browse_reference.link_id", "target_field": "opcua.reference.link_id", "ignore_missing": true } }, - { "rename": { "field": "message2.status_code.link_id", "target_field": "opcua.status_code.link_id", "ignore_missing": true } }, + { "rename": { "field": "message2.browse_response_link_id", "target_field": "opcua.response_link_id", "ignore_missing": true } }, + { "rename": { "field": "message2.browse_reference_link_id", "target_field": "opcua.reference_link_id", "ignore_missing": true } }, + { "rename": { "field": "message2.status_code_link_id", "target_field": "opcua.status_code_link_id", "ignore_missing": true } }, { "pipeline": { "name": "zeek.common" } } ] } diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_binary_create_session_user_token b/salt/elasticsearch/files/ingest/zeek.opcua_binary_create_session_user_token index 722ca2fd0..e699aad0a 100644 --- a/salt/elasticsearch/files/ingest/zeek.opcua_binary_create_session_user_token +++ b/salt/elasticsearch/files/ingest/zeek.opcua_binary_create_session_user_token @@ -3,7 +3,7 @@ "processors" : [ { "remove": { "field": ["host"], "ignore_failure": true } }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true } }, - { "rename": { "field": "message2.user_token_link_id", "target_field": "opcua.user_token.link_id", "ignore_missing": true } }, + { "rename": { "field": "message2.user_token_link_id", "target_field": "opcua.user_token_link_id", "ignore_missing": true } }, { "rename": { "field": "message2.user_token_link_id", "target_field": "opcua.user_token.policy_id", "ignore_missing": true } }, { "rename": { "field": "message2.user_token_link_id", "target_field": "opcua.user_token.type", "ignore_missing": true } }, { "pipeline": { "name": "zeek.common" } } diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_binary_get_endpoints_user_token b/salt/elasticsearch/files/ingest/zeek.opcua_binary_get_endpoints_user_token index 524456511..88fabe801 100644 --- a/salt/elasticsearch/files/ingest/zeek.opcua_binary_get_endpoints_user_token +++ b/salt/elasticsearch/files/ingest/zeek.opcua_binary_get_endpoints_user_token @@ -3,7 +3,7 @@ "processors" : [ { "remove": { "field": ["host"], "ignore_failure": true } }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true } }, - { "rename": { "field": "message2.user_token_link_id", "target_field": "opcua.user_token.link_id", "ignore_missing": true } }, + { "rename": { "field": "message2.user_token_link_id", "target_field": "opcua.user_token_link_id", "ignore_missing": true } }, { "rename": { "field": "message2.user_token_type", "target_field": "opcua.user_token.type", "ignore_missing": true } }, { "rename": { "field": "message2.user_token_sec_policy_uri", "target_field": "opcua.user_token.security_policy_uri", "ignore_missing": true } }, { "pipeline": { "name": "zeek.common" } }