From 79bb324a4a315b6df7f84e64a8db93d0919d85b2 Mon Sep 17 00:00:00 2001 From: Marco Ochse Date: Tue, 28 Aug 2018 13:30:58 +0200 Subject: [PATCH] rename conpot fields to match index pattern --- docker/elk/logstash/dist/logstash.conf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docker/elk/logstash/dist/logstash.conf b/docker/elk/logstash/dist/logstash.conf index 4447808b..6178f044 100644 --- a/docker/elk/logstash/dist/logstash.conf +++ b/docker/elk/logstash/dist/logstash.conf @@ -170,6 +170,12 @@ filter { date { match => [ "timestamp", "ISO8601" ] } + mutate { + rename => { + "dst_port" => "dest_port" + "dst_ip" => "dest_ip" + } + } } # Cowrie