From c5db7c87525c1670a109e2e8a91bdc7587f72cb8 Mon Sep 17 00:00:00 2001
From: reyesj2 <94730068+reyesj2@users.noreply.github.com>
Date: Thu, 20 Nov 2025 14:26:12 -0600
Subject: [PATCH] suricata.capture_file keyword

---
 salt/elasticsearch/templates/component/ecs/suricata.json | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/salt/elasticsearch/templates/component/ecs/suricata.json b/salt/elasticsearch/templates/component/ecs/suricata.json
index 1eb06d266..3f393ff6a 100644
--- a/salt/elasticsearch/templates/component/ecs/suricata.json
+++ b/salt/elasticsearch/templates/component/ecs/suricata.json
@@ -841,6 +841,10 @@
                   "type": "long"
                 }
               }
+            },
+            "capture_file": {
+                "type": "keyword",
+                "ignore_above": 1024
             }
           }
         }