From b25a3b69860d2ab0f02cf9037816ae468d32c1af Mon Sep 17 00:00:00 2001
From: weslambert <wlambertts@gmail.com>
Date: Wed, 8 Jul 2020 09:39:37 -0400
Subject: [PATCH] Rename uids to uid

---
 salt/elasticsearch/files/ingest/zeek.files | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/elasticsearch/files/ingest/zeek.files b/salt/elasticsearch/files/ingest/zeek.files
index 53600180f..bcbbcaba0 100644
--- a/salt/elasticsearch/files/ingest/zeek.files
+++ b/salt/elasticsearch/files/ingest/zeek.files
@@ -10,7 +10,7 @@
     { "rename": 	{ "field": "message2.tx_hosts.0", 	"target_field": "source.ip",		"ignore_missing": true 	} },
     { "remove": 	{ "field": "message2.rx_hosts",	"ignore_missing": true 	} },
     { "remove":         { "field": "message2.tx_hosts", "ignore_missing": true  } },	        
-    { "rename": 	{ "field": "message2.conn_uids", 	"target_field": "log.id.uids",			"ignore_missing": true 	} },
+    { "rename": 	{ "field": "message2.conn_uids", 	"target_field": "log.id.uid",			"ignore_missing": true 	} },
     { "rename": 	{ "field": "message2.source", 		"target_field": "file.source",		"ignore_missing": true 	} },
     { "rename": 	{ "field": "message2.depth",	 	"target_field": "file.depth",		"ignore_missing": true 	} },
     { "rename": 	{ "field": "message2.analyzers", 	"target_field": "file.analyzer",		"ignore_missing": true 	} },