From 7fa43a276a1b86772f13b0a21c19343ae1910372 Mon Sep 17 00:00:00 2001
From: weslambert <wlambertts@gmail.com>
Date: Mon, 25 Oct 2021 13:15:20 -0400
Subject: [PATCH 1/2] Rename default headers and host for HTTP input

---
 salt/logstash/pipelines/config/so/0011_input_endgame.conf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/salt/logstash/pipelines/config/so/0011_input_endgame.conf b/salt/logstash/pipelines/config/so/0011_input_endgame.conf
index b87d8e9b2..375585957 100644
--- a/salt/logstash/pipelines/config/so/0011_input_endgame.conf
+++ b/salt/logstash/pipelines/config/so/0011_input_endgame.conf
@@ -3,6 +3,8 @@ input {
     id => "endgame_data"
     port => 3765
     codec => es_bulk
+    request_headers_target_field => client_headers
+    remote_host_target_field => client_host
     ssl => true
     ssl_certificate_authorities => ["/usr/share/filebeat/ca.crt"]
     ssl_certificate => "/usr/share/logstash/filebeat.crt"

From 3be0d05eeab7b6cf714fbabf58c34f2ab1a6c00e Mon Sep 17 00:00:00 2001
From: weslambert <wlambertts@gmail.com>
Date: Mon, 25 Oct 2021 13:16:30 -0400
Subject: [PATCH 2/2] Update field removal based on HTTP input changes

---
 .../logstash/pipelines/config/so/9900_output_endgame.conf.jinja | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/logstash/pipelines/config/so/9900_output_endgame.conf.jinja b/salt/logstash/pipelines/config/so/9900_output_endgame.conf.jinja
index f23913637..b5920fe40 100644
--- a/salt/logstash/pipelines/config/so/9900_output_endgame.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9900_output_endgame.conf.jinja
@@ -8,7 +8,7 @@
 filter {
   if [event][module] =~ "endgame" {
     mutate {
-      remove_field => ["headers", "host"]
+      remove_field => ["client_headers", "client_host"]
     }
   }
 }