From c9f458e1e2d7dd1c4fa1e5b24b356ea6c28d4cba Mon Sep 17 00:00:00 2001
From: weslambert <wlambertts@gmail.com>
Date: Wed, 25 Jan 2023 08:19:50 -0500
Subject: [PATCH] Set event.dataset for all Kratos logs to 'access' for now

---
 salt/elasticsearch/files/ingest/kratos | 1 +
 1 file changed, 1 insertion(+)

diff --git a/salt/elasticsearch/files/ingest/kratos b/salt/elasticsearch/files/ingest/kratos
index c55ebd60a..f8dcf53e0 100644
--- a/salt/elasticsearch/files/ingest/kratos
+++ b/salt/elasticsearch/files/ingest/kratos
@@ -1,6 +1,7 @@
 {
   "description" : "kratos",
   "processors" : [
+    { "set": { "field": "event.dataset", "value": "access" } },
     { "pipeline":    { "name": "common" } }
   ]
 }