Cyberdefense/VulnWhisperer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

don't use reserved _timestamp

Browse Source
This commit is contained in:
pemontto
2019-04-22 11:18:49 +10:00
parent 7c2aa54156
commit 8d59831855
4 changed files with 12 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
resources/elk6/pipeline/1000_nessus_process_file.conf
View File

@ -28,9 +28,9 @@ filter {
if "nessus" in [tags] or "tenable" in [tags] {
date {
match => [ "_timestamp", "UNIX" ]
match => [ "scan_time", "UNIX" ]
target => "@timestamp"
remove_field => ["_timestamp"]
remove_field => ["scan_time"]
}
#If using filebeats as your source, you will need to replace the "path" field to "source"