From 7e5daf7f7fe79bfc6402f0ef20d2926972f66a51 Mon Sep 17 00:00:00 2001
From: Jorge Reyes <94730068+reyesj2@users.noreply.github.com>
Date: Tue, 24 Feb 2026 12:46:20 -0600
Subject: [PATCH] fix suricata filestream dataset

---
 .../files/integrations/grid-nodes_general/suricata-logs.json  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/salt/elasticfleet/files/integrations/grid-nodes_general/suricata-logs.json b/salt/elasticfleet/files/integrations/grid-nodes_general/suricata-logs.json
index 22fbf8726..26dae5225 100644
--- a/salt/elasticfleet/files/integrations/grid-nodes_general/suricata-logs.json
+++ b/salt/elasticfleet/files/integrations/grid-nodes_general/suricata-logs.json
@@ -17,7 +17,7 @@
             "paths": [
               "/nsm/suricata/eve*.json"
             ],
-            "data_stream.dataset": "filestream.generic",
+            "data_stream.dataset": "suricata",
             "pipeline": "suricata.common",
             "parsers": "#- ndjson:\n#    target: \"\"\n#    message_key: msg\n#- multiline:\n#    type: count\n#    count_lines: 3\n",
             "exclude_files": [
@@ -41,4 +41,4 @@
     }
   },
   "force": true
-}
\ No newline at end of file
+}