Merge pull request #498 from Security-Onion-Solutions/fix/observer

use agent name for observer name

salt/elasticsearch/files/ingest/suricata.common

@@ -8,6 +8,7 @@
     { "rename":{ "field": "message2.dest_ip",       "target_field": "destination.ip",  "ignore_failure": true  } },
     { "rename":{ "field": "message2.dest_port",       "target_field": "destination.port",  "ignore_failure": true  } },
     { "rename":         { "field": "message2.community_id",        "target_field": "network.community_id",     "ignore_missing": true  } },
+    { "set":         { "field": "observer.name",        "value": "{{agent.name}}"  } },
     { "remove":         { "field": ["agent"],     "ignore_failure": true                                                                  } },
     { "pipeline": { "name": "common" } }
   ]

salt/elasticsearch/files/ingest/zeek.common

@@ -15,6 +15,7 @@
     { "dot_expander":   { "field": "id.resp_p",                 "path": "message2",                     "ignore_failure": true  } },
     { "rename":         { "field": "message2.id.resp_p",        "target_field": "destination.port",     "ignore_missing": true  } },
     { "set":         { "field": "server.port",        "value": "{{destination.port}}"  } },
+    { "set":         { "field": "observer.name",        "value": "{{agent.name}}"  } },
     { "date":		{ "field": "message2.ts",	"target_field": "@timestamp",	"formats": ["ISO8601", "UNIX"], "ignore_failure": true	} },
     { "remove":		{ "field": ["agent"],	"ignore_failure": true									} },
     { "pipeline":	{ "name": "common" 													} }