From d2b93d531e0df7a325fa9a8b04f653e9695f1855 Mon Sep 17 00:00:00 2001
From: Wes Lambert <wlambertts@gmail.com>
Date: Thu, 28 May 2020 12:36:29 +0000
Subject: [PATCH] Basic syslog config

---
 salt/elasticsearch/files/ingest/syslog | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 salt/elasticsearch/files/ingest/syslog

diff --git a/salt/elasticsearch/files/ingest/syslog b/salt/elasticsearch/files/ingest/syslog
new file mode 100644
index 000000000..d34e79d4a
--- /dev/null
+++ b/salt/elasticsearch/files/ingest/syslog
@@ -0,0 +1,13 @@
+{
+  "description" : "syslog",
+  "processors" : [
+    {
+        "dissect": {
+                "field": "message",
+                "pattern" : "%{message}",
+                "on_failure": [ { "drop" : { } } ]
+        }
+    },
+    { "pipeline":       { "name": "common"                                             } }
+  ]
+}