From 1ea529684a20a8b16373d041698404e6c1436a2f Mon Sep 17 00:00:00 2001
From: SG <mero.mero.guero@gmail.com>
Date: Tue, 6 Feb 2024 14:24:15 -0700
Subject: [PATCH] work in progress for idaholab/Malcolm#395, malcolm reporting
 capture statistics from zeek/suricata

---
 logstash/pipelines/beats/11_beats_logs.conf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/logstash/pipelines/beats/11_beats_logs.conf b/logstash/pipelines/beats/11_beats_logs.conf
index 3bb35c3d3..ce3ac4c53 100644
--- a/logstash/pipelines/beats/11_beats_logs.conf
+++ b/logstash/pipelines/beats/11_beats_logs.conf
@@ -784,6 +784,8 @@ filter {
 
     mutate { id => "mutate_add_field_event_module_zeek_diagnostic"
              add_field => { "[event][module]" => "zeek" } }
+    mutate { id => "mutate_remove_field_event_original_zeek_diagnostic"
+             remove_field => [ "[event][original]" ] }
 
   } # event type (filebeat.nginx, miscbeat, etc)