# Author: Justin Henderson
#         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
# Email: justin@hasecuritysolution.com
# Last Update: 12/9/2016

filter {
  if "bro" in [tags] {
    if "_grokparsefailure" not in [tags] and "_csvparsefailure" not in [tags] and "_jsonparsefailure" not in [tags] {
      #mutate {
      #  remove_field => [ "message" ]
      #}
    }
	mutate {
		#add_tag => [ "conf_file_8000"]
	}
  }
}