From e49de63460b58cd3a5a1862bd7ce2f57f3e40512 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Fri, 13 Dec 2019 13:59:29 -0500
Subject: [PATCH] Helix - Final Parser Fixes

---
 salt/logstash/files/dynamic/9997_output_helix.conf | 2 ++
 setup/so-setup.sh                                  | 1 +
 2 files changed, 3 insertions(+)

diff --git a/salt/logstash/files/dynamic/9997_output_helix.conf b/salt/logstash/files/dynamic/9997_output_helix.conf
index 14cca8352..5dd0036fe 100644
--- a/salt/logstash/files/dynamic/9997_output_helix.conf
+++ b/salt/logstash/files/dynamic/9997_output_helix.conf
@@ -27,9 +27,11 @@ filter {
       #rename => { "%{[source_geo][country_code]}" => "srccountrycode" }
       #rename => { "%{[destination_geo][country_code]}" => "dstcountrycode" }
       rename => { "[beat_host][name]" => "sensor" }
+      copy => { "sensor" => "rawmsghostname" }
       rename => { "message" => "rawmsg" }
       #rename => { "event_type" => "program" }
       copy => { "type" => "class" }
+      copy => { "class" => "program"}
       rename => { "source_port" => "srcport" }
       rename => { "destination_port" => "dstport" }
       remove_field => ["source_ip", "destination_ip"]
diff --git a/setup/so-setup.sh b/setup/so-setup.sh
index c35e9e7aa..81cde370b 100644
--- a/setup/so-setup.sh
+++ b/setup/so-setup.sh
@@ -153,6 +153,7 @@ if (whiptail_you_sure) ; then
     RULESETUP=ETOPEN
     NSMSETUP=BASIC
     HNSENSOR=inherit
+    LS_HEAP_SIZE="1000m"
     calculate_useable_cores
     whiptail_make_changes
     set_hostname