Skip to content

Commit

Permalink
Add event.ingested to Netflow module (#22412) (#22449)
Browse files Browse the repository at this point in the history 
Add event.ingested to the pipeline in the Netflow Filebeat module.

(cherry picked from commit fa9ebaa)
  • Loading branch information
@andrewkroh
andrewkroh authored Nov 6, 2020
1 parent 668ceab commit 590b497
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 0 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -741,6 +741,7 @@ field. You can revert this change by configuring tags for the module and omittin
- Copy tag names from MISP data into events. {pull}21664[21664]
- Added DNS response IP addresses to `related.ip` in Suricata module. {pull}22291[22291]
- Added TLS JA3 fingerprint, certificate not_before/not_after, certificate SHA1 hash, and certificate subject fields to Zeek SSL dataset. {pull}21696[21696]
- Added `event.ingested` field to data from the Netflow module. {pull}22412[22412]

*Heartbeat*

Expand Down
4 changes: 4 additions & 0 deletions x-pack/filebeat/module/netflow/log/ingest/pipeline.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@
description: Pipeline for Filebeat NetFlow

processors:
- set:
field: event.ingested
value: '{{_ingest.timestamp}}'

# IP Geolocation Lookup
- geoip:
if: ctx.source?.geo == null
Expand Down

0 comments on commit 590b497

Please sign in to comment.