From 8d1ba1f4db99ba76c003a0cec25870e30f6644c5 Mon Sep 17 00:00:00 2001
From: Doug Burks <doug.burks@gmail.com>
Date: Sat, 10 Oct 2020 07:38:47 -0400
Subject: [PATCH] fix pfsense firewall udp parsing

---
 salt/elasticsearch/files/ingest/filterlog | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/elasticsearch/files/ingest/filterlog b/salt/elasticsearch/files/ingest/filterlog
index 2e912485b..10d2088c2 100644
--- a/salt/elasticsearch/files/ingest/filterlog
+++ b/salt/elasticsearch/files/ingest/filterlog
@@ -34,7 +34,7 @@
      },
      {
         "dissect": {
-                "if": "ctx.protocol == 'udp'",
+                "if": "ctx.network?.transport == 'udp'",
                 "field": "ip_sub_msg",
                 "pattern" : "%{source.port},%{destination.port},%{data.length}",
                 "on_failure" : [ {"set" : {"field" : "error.message","value" : "{{ _ingest.on_failure_message }}"}}]