Fix typo in ingest pipeline

Test to fix duplicate events in SOC, by removing conflicting field event.created Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
2025-12-06 09:12:45 +01:00 · 2024-04-11 11:18:04 -04:00
parent 7124f04138
commit fd689a4607
2 changed files with 3 additions and 2 deletions
--- a/salt/elasticsearch/files/ingest/kismet.ap
+++ b/salt/elasticsearch/files/ingest/kismet.ap
@@ -24,7 +24,7 @@
    {
      "rename": {
        "field": "message2.dot11_device.dot11_device_last_beaconed_ssid_record.dot11_advertisedssid_dot11e_channel_utilization_perc",
-        "target_field": "network.network.wireless.channel_utilization",
+        "target_field": "network.wireless.channel_utilization",
        "if": "ctx?.message2?.dot11_device?.dot11_device_last_beaconed_ssid_record?.dot11_advertisedssid_dot11e_channel_utilization_perc != null"
      }
    },
--- a/salt/elasticsearch/files/ingest/kismet.common
+++ b/salt/elasticsearch/files/ingest/kismet.common
@@ -149,7 +149,8 @@
          "device_type",
          "wifi",
          "agent",
-          "host"
+          "host",
+          "event.created"
        ],
        "ignore_failure": true
      }