From b9f62699257154aaacec758fbb8f951ae0b21b92 Mon Sep 17 00:00:00 2001
From: Josh Brower <josh@defensivedepth.com>
Date: Tue, 1 Jan 2019 11:20:01 -0500
Subject: [PATCH] Moved to dynamic

---
 .../custom/parsers/7100_osquery_wel.conf      | 23 -------------------
 1 file changed, 23 deletions(-)
 delete mode 100644 salt/logstash/files/custom/parsers/7100_osquery_wel.conf

diff --git a/salt/logstash/files/custom/parsers/7100_osquery_wel.conf b/salt/logstash/files/custom/parsers/7100_osquery_wel.conf
deleted file mode 100644
index 3dea60269..000000000
--- a/salt/logstash/files/custom/parsers/7100_osquery_wel.conf
+++ /dev/null
@@ -1,23 +0,0 @@
-# Author: Josh Brower
-# Last Update: 12/28/2018
-# If log is tagged osquery and there is an eventid column, then cleanup and parse out the EventData column
-
-filter {
-  if "osquery" in [tags] and [osquery][columns][eventid] {
-
-	mutate {
-     gsub => ["[osquery][columns][data]", "\\x0A", ""]
-    }
-
-	json {
-      source => "[osquery][columns][data]"
-      target => "[osquery][columns][data]"
-     }
-
- 	mutate {
-     merge => { "[osquery][columns]" => "[osquery][columns][data]" }
-     remove_field => ["[osquery][columns][data]"]
-  	}
-
-  }
-}