{
  "description" : "common",
  "processors" : [
    { 	
	"geoip":  { 
		"field": "destination.ip",
		"target_field": "destination.geo",
		"database_file": "GeoLite2-City.mmdb",
		"ignore_missing": true, 
		"properties": ["ip", "country_iso_code", "country_name", "continent_name", "region_iso_code", "region_name", "city_name", "timezone", "location"]
	}
    },
    { 
	"geoip":  {
		"field": "source.ip",
		"target_field": "source.geo",
		"database_file": "GeoLite2-City.mmdb",
		"ignore_missing": true,
		"properties": ["ip", "country_iso_code", "country_name", "continent_name", "region_iso_code", "region_name", "city_name", "timezone", "location"]
	}
    },
    { 
	"split":  {
		"field": "_index",
		"target_field": "index_name_prefix",
		"separator": "-"
	}
    },
    { 
	"date_index_name": {
        	"field": "@timestamp",
	        "index_name_prefix": "{{index_name_prefix.0}}-{{index_name_prefix.1}}-",
        	"date_rounding": "d",
	        "ignore_failure": true,
        	"index_name_format": "yyyy.MM.dd"
        }
    },    
    { "rename":         { "field": "module",              "target_field": "event.module",                  "ignore_missing": true  } },
    { "rename":         { "field": "dataset",              "target_field": "event.dataset",                  "ignore_missing": true  } },
    { "rename":         { "field": "category",              "target_field": "event.category",                  "ignore_missing": true  } },
    { "rename":         { "field": "message2.community_id", "target_field": "network.community_id",  "ignore_failure": true,  "ignore_missing": true  } },
    { 
        "remove": {
                "field": [ "index_name_prefix", "message2", "type" ],
                "ignore_failure": true
        }
    }
  ]
}