Merge pull request #1014 from Security-Onion-Solutions/fix/strelka_standalone

Fix module eval
2025-12-07 17:52:46 +01:00 · 2020-07-16 09:32:06 -04:00
parent 5190e5d434 8275f458a1
commit f8bb094546
1 changed files with 1 additions and 1 deletions
--- a/salt/logstash/pipelines/config/so/9700_output_strelka.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9700_output_strelka.conf.jinja
@@ -4,7 +4,7 @@
 {%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}
 output {
-  if [event_type] =~ "strelka" {
+  if [module] =~ "strelka" {
    elasticsearch {
      pipeline => "%{module}.%{dataset}" 
      hosts => "{{ ES }}"