Fix zeek connection pipeline (#22151) (#22160)

- connection state for rejected is 'REJ' Closes #22149 (cherry picked from commit 5469c46)
elastic · Oct 27, 2020 · d99bbd8 · d99bbd8
1 parent 4368008
commit d99bbd8
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
@@ -309,6 +309,7 @@ field. You can revert this change by configuring tags for the module and omittin
 - Fix checkpoint module when logs contain time field. {pull}20567[20567]
 - Add field limit check for AWS Cloudtrail flattened fields. {pull}21388[21388] {issue}21382[21382]
 - Fix syslog RFC 5424 parsing in the CheckPoint module. {pull}21854[21854]
+- Fix incorrect connection state mapping in zeek connection pipeline. {pull}22151[22151] {issue}22149[22149]
 
 *Heartbeat*
 

diff --git a/x-pack/filebeat/module/zeek/connection/ingest/pipeline.yml b/x-pack/filebeat/module/zeek/connection/ingest/pipeline.yml
@@ -115,7 +115,7 @@ processors:
           - connection
           - start
           - end
-      REG:
+      REJ:
         conn_str: "Connection attempt rejected."
         types:
           - connection
-Original file line number
+Diff line change
@@ Expand Up / @@ -115,7 +115,7 @@ processors: @@
               - connection
               - start
               - end
-          REG:
+          REJ:
             conn_str: "Connection attempt rejected."
             types:
               - connection
@@ Expand Down @@