Add event.ingested to Netflow module

Add event.ingested to the pipeline in the Netflow Filebeat module.
elastic · Nov 4, 2020 · 4cd73e4 · 4cd73e4
1 parent d2ea3c8
commit 4cd73e4
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 0 deletions.
diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
@@ -655,6 +655,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 - Update Okta documentation for new stateful restarts. {pull}22091[22091]
 - Copy tag names from MISP data into events. {pull}21664[21664]
 - Added TLS JA3 fingerprint, certificate not_before/not_after, certificate SHA1 hash, and certificate subject fields to Zeek SSL dataset. {pull}21696[21696]
+- Added `event.ingested` field to data from the Netflow module. {pull}22412[22412]
 
 *Heartbeat*
 

diff --git a/x-pack/filebeat/module/netflow/log/ingest/pipeline.yml b/x-pack/filebeat/module/netflow/log/ingest/pipeline.yml
@@ -2,6 +2,10 @@
 description: Pipeline for Filebeat NetFlow
 
 processors:
+  - set:
+      field: event.ingested
+      value: '{{_ingest.timestamp}}'
+
   # IP Geolocation Lookup
   - geoip:
         if: ctx.source?.geo == null