[Packetbeat] Add "network" to event.category (#20392) (#20554)

Add "network" to event.category value. Closes #20364 (cherry picked from commit 7b47f1f) Co-authored-by: Lee Hinman <57081003+leehinman@users.noreply.github.com>
elastic · Aug 14, 2020 · cfb5188 · cfb5188
1 parent 5b623ea
commit cfb5188
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 2 deletions.
diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
@@ -367,6 +367,7 @@ field. You can revert this change by configuring tags for the module and omittin
 
 - Enable setting promiscuous mode automatically. {pull}11366[11366]
 - Fix process monitoring when ipv6 is disabled under Linux. {issue}19941[19941] {pull}19945[19945]
+- Add "network" to event.category {issue}20364[20364] {pull}20392[20392]
 
 *Winlogbeat*
 

diff --git a/packetbeat/_meta/sample_outputs/flow.json b/packetbeat/_meta/sample_outputs/flow.json
@@ -70,6 +70,13 @@
         "end": "2018-11-30T01:16:45.645Z",
         "duration": 3965826800,
         "type": "flow",
-        "start": "2018-11-30T01:16:41.679Z"
+        "start": "2018-11-30T01:16:41.679Z",
+        "dataset": "flow",
+        "kind": "event",
+        "action": "network_flow",
+        "category": [
+            "network_traffic",
+            "network"
+        ]
     }
 }
diff --git a/packetbeat/flows/worker.go b/packetbeat/flows/worker.go
@@ -213,7 +213,7 @@ func createEvent(
 		"duration": f.ts.Sub(f.createTS),
 		"dataset":  "flow",
 		"kind":     "event",
-		"category": "network_traffic",
+		"category": []string{"network_traffic", "network"},
 		"action":   "network_flow",
 	}
 	flow := common.MapStr{

diff --git a/packetbeat/flows/worker_test.go b/packetbeat/flows/worker_test.go
@@ -100,6 +100,9 @@ func TestCreateEvent(t *testing.T) {
 			"end":      isdef.KeyPresent,
 			"duration": isdef.KeyPresent,
 			"dataset":  "flow",
+			"kind":     "event",
+			"category": []string{"network_traffic", "network"},
+			"action":   "network_flow",
 		},
 		"type": "flow",
 	})