Logstash Module - Change it to arrays

2025-12-07 17:52:46 +01:00 · 2018-10-16 17:41:04 -04:00
parent 335ac02720
commit ea7ddfc2da
1 changed files with 7 additions and 7 deletions
--- a/salt/logstash/files/dynamic/0006_input_beats.conf
+++ b/salt/logstash/files/dynamic/0006_input_beats.conf
@@ -11,18 +11,18 @@ input {
 filter {
  if "ids" in [tags] {
    mutate {
      rename => { "[beat][name]", "sensor_name" }
      rename => { "[beat][hostname]", "syslog-host_from" }
      remove_tag => ["beat"]
      rename => { "host" => "beat_host" }
      remove_tag => ["beat"]
      copy => {"%{beat[name]}" => "sensor_name"}
      copy => {"%{beat[name]}" => "syslog-host_from"}
    }
  }
  if "bro" in [tags] {
    mutate {
-      rename => { "[beat][name]", "sensor_name" }
+    rename => { "host" => "beat_host" }
-      rename => { "[beat][hostname]", "syslog-host_from" }
+    remove_tag => ["beat"]
-      remove_tag => ["beat"]
+    copy => {"%{beat[name]}" => "sensor_name"}
-      rename => { "host" => "beat_host" }
+    copy => {"%{beat[name]}" => "syslog-host_from"}
    }
  }
 }