{
  "description" : "zeek.conn",
  "processors" : [
    { "remove":         { "field": ["host"],     "ignore_failure": true                                                                  } },
    { "json":		{ "field": "message",				"target_field": "message2",			"ignore_failure": true	} },
    { "rename": 	{ "field": "message2.version", 			"target_field": "ssh.version",			"ignore_missing": true 	} },
    { "rename": 	{ "field": "message2.hassh", 			"target_field": "hash.hassh",			"ignore_missing": true 	} },
    { "rename": 	{ "field": "message2.auth_success",		"target_field": "ssh.authentication.success",	"ignore_missing": true 	} },
    { "rename": 	{ "field": "message2.auth_attempts",		"target_field": "ssh.authentication.attempts",	"ignore_missing": true 	} },
    { "rename": 	{ "field": "message2.direction", 		"target_field": "ssh.direction",			"ignore_missing": true 	} },
    { "rename": 	{ "field": "message2.client", 			"target_field": "ssh.client",			"ignore_missing": true 	} },
    { "rename": 	{ "field": "message2.server", 			"target_field": "ssh.server",			"ignore_missing": true 	} },
    { "rename": 	{ "field": "message2.cipher_alg", 		"target_field": "ssh.cipher_algorithm",		"ignore_missing": true 	} },
    { "rename": 	{ "field": "message2.compression_alg", 		"target_field": "ssh.compression_algorithm",	"ignore_missing": true 	} },
    { "rename": 	{ "field": "message2.cshka", 			"target_field": "ssh.client_host_key_algorithms",	"ignore_missing": true 	} },
    { "rename": 	{ "field": "message2.host_key_alg", 		"target_field": "ssh.host_key_algorithm",		"ignore_missing": true 	} },
    { "rename": 	{ "field": "message2.hasshAlgorithms", 		"target_field": "ssh.hassh_algorithms",		"ignore_missing": true 	} },
    { "rename": 	{ "field": "message2.hasshServer", 		"target_field": "ssh.hassh_server",			"ignore_missing": true 	} },
    { "rename": 	{ "field": "message2.hasshVersion", 		"target_field": "ssh.hassh_version",		"ignore_missing": true 	} },
    { "rename": 	{ "field": "message2.kex_alg", 			"target_field": "ssh.kex_algorithm",		"ignore_missing": true 	} },
    { "rename": 	{ "field": "message2.mac_alg", 			"target_field": "ssh.mac_algorithm",		"ignore_missing": true 	} },
    { "rename": 	{ "field": "message2.sshka", 			"target_field": "ssh.server_host_key_algorithms",	"ignore_missing": true 	} },
    { "rename": 	{ "field": "message2.host_key", 		"target_field": "ssh.host_key",			"ignore_missing": true 	} },
    { "rename": 	{ "field": "message2.destination_region", 	"target_field": "destination.region",		"ignore_missing": true 	} },
    { "rename": 	{ "field": "message2.destination_city", 	"target_field": "destination.city",		"ignore_missing": true 	} },
    { "rename": 	{ "field": "message2.destination_latitude", 	"target_field": "destination.latitude",		"ignore_missing": true 	} },
    { "rename": 	{ "field": "message2.destination_longitude", 	"target_field": "destination.longitude",	"ignore_missing": true 	} },
    { "rename": 	{ "field": "message2.destination_country_code", "target_field": "destination.country_code",	"ignore_missing": true 	} },
    { "rename": 	{ "field": "message2.hasshServerAlgorithms", 	"target_field": "ssh.hassh_server_algorithms",	"ignore_missing": true 	} },
    { "pipeline":       { "name": "zeek.common"                                                                                   		} }
  ]
}