From ff21de047f69e9615dba26a64c4dbf2a5f5a4b1e Mon Sep 17 00:00:00 2001
From: MehmedSalihbasic <mehmed_salihbasic@cargill.com>
Date: Fri, 12 Jan 2024 12:33:20 -0600
Subject: [PATCH] accidentally deleted this config

---
 config/processors/log_elasticsearch.conf | 44 ++++++++++++++++++++++++
 1 file changed, 44 insertions(+)
 create mode 100644 config/processors/log_elasticsearch.conf

diff --git a/config/processors/log_elasticsearch.conf b/config/processors/log_elasticsearch.conf
new file mode 100644
index 00000000..d66f60b6
--- /dev/null
+++ b/config/processors/log_elasticsearch.conf
@@ -0,0 +1,44 @@
+# Copyright [2021] [Cargill, Incorporated.]
+# SPDX-License-Identifier: Apache-2.0
+# Ansible alert web hook to logstash https listener
+input {
+  pipeline {
+    address => VAR_PIPELINE_NAME
+  }
+}
+filter {
+  mutate {
+    add_field => { "[event][module]" => "elasticsearch" }
+    add_field => { "[event][dataset]" => "elasticsearch.audit" }
+    copy => { "[beat][hostname]" => "[log][source][hostname]" }
+  }
+  mutate {
+    rename => {
+      "@timestamp" => "[event][created]"
+      "[input][type]" => "[file][type]"
+      "program" => "[event][kind]"
+      "source" => "[file][path]"
+      "destination" => "[file][target_path]"
+      "tags" => "[tags]"
+      "severity" => "[event][severity_name]"
+      "[beat][name]" => "[agent][name]"
+      "[beat][hostname]" => "[host][hostname]"
+      "[beat][version]" => "[agent][version]"
+      "service" => "[service][name]"
+      "thread" => "[process][thread][id]"
+      "role" => "[user][roles]"
+      "[fields][environment]" => "[group][name]"
+    }
+  }
+  date {
+    match => [ "[event][created]", "ISO8601" ]
+    target => "[event][created]"
+    tag_on_failure => "_dateparsefailure_ec"
+  }
+  mutate {
+    remove_field => [ "beat" , "input", "topic_name", "offset", "@version", "fields", "prospector", "level"]
+  }
+}
+output {
+  pipeline { send_to => [enrichments] }
+}
\ No newline at end of file