securityonion/salt/elasticsearch/files/ingest/zeek.ja4ssh

{
  "description": "zeek.ja4ssh",
  "processors": [
    {"set": {"field": "event.dataset","value": "ja4ssh"}},
    {"remove": {"field": "host","ignore_missing": true,"ignore_failure": true}},
    {"json": {"field": "message","target_field": "message2","ignore_failure": true}},
    {"rename": {"field": "message2.ja4ssh", "target_field": "ja4.ja4ssh", "ignore_missing": true}},
    {"pipeline": {"name": "zeek.common"}}
  ]
}