From 81a0780b55732b833817dedb48bc71834512bc5d Mon Sep 17 00:00:00 2001
From: Andrew <a@3ilson.com>
Date: Mon, 30 Sep 2019 22:48:27 -0400
Subject: [PATCH] Update 12-suricata.conf

---
 conf.d/12-suricata.conf | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/conf.d/12-suricata.conf b/conf.d/12-suricata.conf
index e7ee141..1e6ea37 100644
--- a/conf.d/12-suricata.conf
+++ b/conf.d/12-suricata.conf
@@ -6,13 +6,13 @@ filter {
     }
     if [message] =~ /^{.*}$/ {
       json {
-        source => "message"
+        source => "syslog_message"
         target => "[suricata][eve]"
       }
     } else {
       grok {
         patterns_dir => ["/etc/logstash/conf.d/patterns"]
-        match => [ "message", "%{SURICATA}"]
+        match => [ "syslog_message", "%{SURICATA}"]
       }
     }
     if [suricata][eve][src_ip] and ![source][ip] {
@@ -92,7 +92,6 @@ filter {
         mutate {
 	    add_field => { "[event][module]" => "suricata"}
 	    add_field => { "[event][dataset]" => "suricata"}
-	    rename => { "[message]" => "[event][original]"}
     }
   }
 }
-- 
GitLab