{
  "description" : "zeek.signatures",
  "processors" : [
    { "remove":         { "field": ["host"],     "ignore_failure": true                                                                  } },
    { "json":		{ "field": "message",			"target_field": "message2",		"ignore_failure": true	} },
    { "rename": 	{ "field": "message2.note", 		"target_field": "note",			"ignore_missing": true 	} },
    { "rename": 	{ "field": "message2.sig_id", 		"target_field": "signature_id",		"ignore_missing": true 	} },
    { "rename": 	{ "field": "message2.event_msg", 	"target_field": "event_message",	"ignore_missing": true 	} },
    { "rename": 	{ "field": "message2.sub_msg", 		"target_field": "sub_message",		"ignore_missing": true 	} },
    { "rename": 	{ "field": "message2.sig_count", 	"target_field": "signature_count",	"ignore_missing": true 	} },
    { "rename": 	{ "field": "message2.host_count", 	"target_field": "host.count",		"ignore_missing": true 	} },
    { "pipeline":       { "name": "zeek.common"                                                                                   } }
  ]
}