From fd689a4607a8f416b8cbf86905647cd8940ec47c Mon Sep 17 00:00:00 2001
From: reyesj2 <94730068+reyesj2@users.noreply.github.com>
Date: Thu, 11 Apr 2024 11:18:04 -0400
Subject: [PATCH] Fix typo in ingest pipeline Test to fix duplicate events in
 SOC, by removing conflicting field event.created

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
---
 salt/elasticsearch/files/ingest/kismet.ap     | 2 +-
 salt/elasticsearch/files/ingest/kismet.common | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/salt/elasticsearch/files/ingest/kismet.ap b/salt/elasticsearch/files/ingest/kismet.ap
index 107f924fd..a864c09e4 100644
--- a/salt/elasticsearch/files/ingest/kismet.ap
+++ b/salt/elasticsearch/files/ingest/kismet.ap
@@ -24,7 +24,7 @@
     {
       "rename": {
         "field": "message2.dot11_device.dot11_device_last_beaconed_ssid_record.dot11_advertisedssid_dot11e_channel_utilization_perc",
-        "target_field": "network.network.wireless.channel_utilization",
+        "target_field": "network.wireless.channel_utilization",
         "if": "ctx?.message2?.dot11_device?.dot11_device_last_beaconed_ssid_record?.dot11_advertisedssid_dot11e_channel_utilization_perc != null"
       }
     },
diff --git a/salt/elasticsearch/files/ingest/kismet.common b/salt/elasticsearch/files/ingest/kismet.common
index 368e7601a..14d439105 100644
--- a/salt/elasticsearch/files/ingest/kismet.common
+++ b/salt/elasticsearch/files/ingest/kismet.common
@@ -149,7 +149,8 @@
           "device_type",
           "wifi",
           "agent",
-          "host"
+          "host",
+          "event.created"
         ],
         "ignore_failure": true
       }