From d8f70397f75e2f8ab9e98b96eec8d0c1acd5fcc4 Mon Sep 17 00:00:00 2001
From: Wes Lambert <wlambertts@gmail.com>
Date: Wed, 30 Sep 2020 14:57:56 +0000
Subject: [PATCH] Fix Filebeat config for Wazuh

---
 salt/filebeat/etc/filebeat.yml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/salt/filebeat/etc/filebeat.yml b/salt/filebeat/etc/filebeat.yml
index 61c5a7b7c..01febed92 100644
--- a/salt/filebeat/etc/filebeat.yml
+++ b/salt/filebeat/etc/filebeat.yml
@@ -203,15 +203,14 @@ filebeat.inputs:
 
 - type: log
   paths:
-    - /wazuh/alerts/alerts.json
+    - /wazuh/archives/archives.json
   fields:
     module: ossec
-    dataset: alert
     category: host
   processors:
   - drop_fields:
       fields: ["source", "prospector", "input", "offset", "beat"]
-
+  pipeline: "ossec"
   fields_under_root: true
   clean_removed: false
   close_removed: false