don't attempt rename if field doesn't exist -- reducing pipeline stat errors

2025-12-06 17:22:49 +01:00 · 2025-11-14 08:15:40 -06:00
parent 431e0b0780
commit da9717bc79
1 changed files with 6 additions and 0 deletions
--- a/salt/elasticsearch/files/ingest/suricata.alert
+++ b/salt/elasticsearch/files/ingest/suricata.alert
@@ -18,6 +18,7 @@
            "rename": {
                "field": "message2.alert",
                "target_field": "rule",
+                "ignore_missing": true,
                "ignore_failure": true
            }
        },
@@ -25,6 +26,7 @@
            "rename": {
                "field": "rule.signature",
                "target_field": "rule.name",
+                "ignore_missing": true,
                "ignore_failure": true
            }
        },
@@ -32,6 +34,7 @@
            "rename": {
                "field": "rule.ref",
                "target_field": "rule.version",
+                "ignore_missing": true,
                "ignore_failure": true
            }
        },
@@ -39,6 +42,7 @@
            "rename": {
                "field": "rule.signature_id",
                "target_field": "rule.uuid",
+                "ignore_missing": true,
                "ignore_failure": true
            }
        },
@@ -46,6 +50,7 @@
            "rename": {
                "field": "rule.signature_id",
                "target_field": "rule.signature",
+                "ignore_missing": true,
                "ignore_failure": true
            }
        },
@@ -53,6 +58,7 @@
            "rename": {
                "field": "message2.payload_printable",
                "target_field": "network.data.decoded",
+                "ignore_missing": true,
                "ignore_failure": true
            }
        },