Fix Filebeat config for Wazuh

2025-12-06 09:12:45 +01:00 · 2020-09-30 14:57:56 +00:00
parent dac2ad5dbf
commit d8f70397f7
1 changed files with 2 additions and 3 deletions
--- a/salt/filebeat/etc/filebeat.yml
+++ b/salt/filebeat/etc/filebeat.yml
@@ -203,15 +203,14 @@ filebeat.inputs:

 - type: log
  paths:
-    - /wazuh/alerts/alerts.json
+    - /wazuh/archives/archives.json
  fields:
    module: ossec
-    dataset: alert
    category: host
  processors:
  - drop_fields:
      fields: ["source", "prospector", "input", "offset", "beat"]
-
+  pipeline: "ossec"
  fields_under_root: true
  clean_removed: false
  close_removed: false