{
  "description" : "snort",
  "processors" : [
    { 
	"dissect": {
		"field": "message",
		"pattern" : "[%{gid}:%{sid}:%{rev}] %{alert} [Classification: %{classification}] [Priority: %{priority}]: <%{interface}> {%{protocol}} %{source_ip_port} -> %{destination_ip_port}",
		"on_failure": [ { "drop" : { } } ]
	}
    },
    { "split": { "field": "source_ip_port", 		"separator": ":", 			"ignore_failure": true 	} },
    { "split": { "field": "destination_ip_port", 	"separator": ":", 			"ignore_failure": true 	} },
    { "rename":{ "field": "source_ip_port.1",		"target_field": "source_port",		"ignore_failure": true 	} },
    { "rename":{ "field": "destination_ip_port.1",	"target_field": "destination_port",	"ignore_failure": true 	} },
    { "rename":{ "field": "source_ip_port.0",		"target_field": "source_ip",		"ignore_failure": true 	} },
    { "rename":{ "field": "destination_ip_port.0",	"target_field": "destination_ip",	"ignore_failure": true 	} },
    { "remove":{ "field": "source_ip_port", 							"ignore_failure": true	} },
    { "remove":{ "field": "destination_ip_port", 						"ignore_failure": true	} },
    { "pipeline": { "name": "common_nids" } }
  ]
}