Cyberdefense/VulnWhisperer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

remove _timestamp correctly

Browse Source
This commit is contained in:
pemontto
2019-04-15 20:12:28 +10:00
parent 97d2a2606c
commit dd66414fe7
3 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
resources/elk6/pipeline/1000_nessus_process_file.conf
View File

@ -30,7 +30,7 @@ filter {
date { date {
match => [ "_timestamp", "UNIX" ] match => [ "_timestamp", "UNIX" ]
target => "@timestamp" target => "@timestamp"
remove_field => ["timestamp"] remove_field => ["_timestamp"]
} }
#If using filebeats as your source, you will need to replace the "path" field to "source" #If using filebeats as your source, you will need to replace the "path" field to "source"

2
resources/elk6/pipeline/2000_qualys_web_scans.conf
View File

@ -22,7 +22,7 @@ filter {
date { date {
match => [ "_timestamp", "UNIX" ] match => [ "_timestamp", "UNIX" ]
target => "@timestamp" target => "@timestamp"
remove_field => ["timestamp"] remove_field => ["_timestamp"]
} }
grok { grok {

2
resources/elk6/pipeline/3000_openvas.conf
View File

@ -23,7 +23,7 @@ filter {
date { date {
match => [ "_timestamp", "UNIX" ] match => [ "_timestamp", "UNIX" ]
target => "@timestamp" target => "@timestamp"
remove_field => ["timestamp"] remove_field => ["_timestamp"]
} }
grok { grok {