{
  "description": "Pipeline for parsing pfSense Suricata logs.",
  "processors": [
    { "set": {
        "field": "event.module",
        "value": "suricata"
      }
    },
    {
     "pipeline": {
        "name": "suricata.common_pfsense"
      }
    }
  ],
  "on_failure": [
    {
      "set": {
        "field": "event.kind",
        "value": "pipeline_error"
      }
    },
    {
      "append": {
        "field": "error.message",
        "value": "{{{ _ingest.on_failure_message }}}"
      }
    }
  ],
  "_meta": {
    "managed_by": "fleet",
    "managed": true,
    "package": {
      "name": "pfsense"
    }
  }
}