From da9717bc79dcbd3ae5deb91a6d00fde768e81144 Mon Sep 17 00:00:00 2001 From: reyesj2 <94730068+reyesj2@users.noreply.github.com> Date: Fri, 14 Nov 2025 08:15:40 -0600 Subject: [PATCH] don't attempt rename if field doesn't exist -- reducing pipeline stat errors --- salt/elasticsearch/files/ingest/suricata.alert | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/salt/elasticsearch/files/ingest/suricata.alert b/salt/elasticsearch/files/ingest/suricata.alert index a6ce3d3a0..ca5bef437 100644 --- a/salt/elasticsearch/files/ingest/suricata.alert +++ b/salt/elasticsearch/files/ingest/suricata.alert @@ -18,6 +18,7 @@ "rename": { "field": "message2.alert", "target_field": "rule", + "ignore_missing": true, "ignore_failure": true } }, @@ -25,6 +26,7 @@ "rename": { "field": "rule.signature", "target_field": "rule.name", + "ignore_missing": true, "ignore_failure": true } }, @@ -32,6 +34,7 @@ "rename": { "field": "rule.ref", "target_field": "rule.version", + "ignore_missing": true, "ignore_failure": true } }, @@ -39,6 +42,7 @@ "rename": { "field": "rule.signature_id", "target_field": "rule.uuid", + "ignore_missing": true, "ignore_failure": true } }, @@ -46,6 +50,7 @@ "rename": { "field": "rule.signature_id", "target_field": "rule.signature", + "ignore_missing": true, "ignore_failure": true } }, @@ -53,6 +58,7 @@ "rename": { "field": "message2.payload_printable", "target_field": "network.data.decoded", + "ignore_missing": true, "ignore_failure": true } },