Update more modules with event.ingested

filebeat/module/mysql/slowlog/ingest/pipeline.json

@@ -1,6 +1,11 @@
 {
   "description": "Pipeline for parsing MySQL slow logs.",
   "processors": [{
+    "set": {
+      "field": "event.ingested",
+      "value": "{{_ingest.timestamp}}"
+    }
+  }, {
     "grok": {
       "field": "message",
       "patterns":[

filebeat/module/osquery/result/ingest/pipeline.json

@@ -2,6 +2,11 @@
   "description": "Pipeline for parsing osquery result logs",
   "processors": [
     {
+      "set":{
+        "field": "event.ingested",
+        "value": "{{_ingest.timestamp}}"
+      }
+    }, {
       "rename": {
         "field": "@timestamp",
         "target_field": "event.created"

x-pack/filebeat/module/aws/vpcflow/ingest/pipeline.yml

@@ -1,6 +1,10 @@
 description: Pipeline for AWS VPC Flow Logs
 
 processors:
+  - set:
+      field: event.ingested
+      value: '{{_ingest.timestamp}}'
+
   # Convert Unix epoch to timestamp
   - date:
       field: "aws.vpcflow.end"

x-pack/filebeat/module/barracuda/waf/ingest/pipeline.yml

@@ -2,6 +2,10 @@
 description: Pipeline for Barracuda Web Application Firewall
 
 processors:
+  - set:
+        field: event.ingested
+        value: '{{_ingest.timestamp}}'
+
   # User agent
   - user_agent:
         field: user_agent.original

x-pack/filebeat/module/bluecoat/director/ingest/pipeline.yml

@@ -2,6 +2,10 @@
 description: Pipeline for Blue Coat Director
 
 processors:
+  - set:
+        field: event.ingested
+        value: '{{_ingest.timestamp}}'
+
   # User agent
   - user_agent:
         field: user_agent.original

x-pack/filebeat/module/cef/log/ingest/pipeline.yml

@@ -2,6 +2,10 @@
 description: Pipeline for Filebeat CEF
 
 processors:
+  - set:
+        field: event.ingested
+        value: '{{_ingest.timestamp}}'
+
   # IP Geolocation Lookup
   - geoip:
         field: source.ip

x-pack/filebeat/module/cisco/ios/ingest/pipeline.yml

@@ -1,6 +1,9 @@
 description: Pipeline for Cisco IOS logs.
 
 processors:
+  - set:
+      field: event.ingested
+      value: '{{_ingest.timestamp}}'
   # IP Geolocation Lookup
   - geoip:
       field: source.ip

x-pack/filebeat/module/cisco/shared/ingest/asa-ftd-pipeline.yml

@@ -1,6 +1,9 @@
 ---
 description: "Pipeline for Cisco {< .internal_PREFIX >} logs"
 processors:
+  - set:
+      field: event.ingested
+      value: '{{_ingest.timestamp}}'
   #
   # Parse the syslog header
   #

x-pack/filebeat/module/coredns/log/ingest/pipeline-entry.yml

@@ -1,6 +1,9 @@
 ---
 description: Pipeline for normalizing Kubernetes CoreDNS logs.
 processors:
+  - set:
+      field: event.ingested
+      value: '{{_ingest.timestamp}}'
   - pipeline:
       if: ctx.message.charAt(0) == (char)("{")
       name: '{< IngestPipeline "pipeline-json" >}'

x-pack/filebeat/module/cylance/protect/ingest/pipeline.yml

@@ -2,6 +2,10 @@
 description: Pipeline for CylanceProtect
 
 processors:
+  - set:
+        field: event.ingested
+        value: '{{_ingest.timestamp}}'
+
   # User agent
   - user_agent:
         field: user_agent.original

x-pack/filebeat/module/envoyproxy/log/ingest/pipeline-entry.yml

@@ -1,5 +1,8 @@
 description: Pipeline for normalizing envoyproxy logs
 processors:
+- set:
+    field: event.ingested
+    value: '{{_ingest.timestamp}}'
 - pipeline:
     if: ctx.message.charAt(0) != (char)("{")
     name: '{< IngestPipeline "pipeline-plaintext" >}'

x-pack/filebeat/module/f5/bigipapm/ingest/pipeline.yml

@@ -2,6 +2,10 @@
 description: Pipeline for Big-IP Access Policy Manager
 
 processors:
+  - set:
+        field: event.ingested
+        value: '{{_ingest.timestamp}}'
+
   # User agent
   - user_agent:
         field: user_agent.original

x-pack/filebeat/module/fortinet/clientendpoint/ingest/pipeline.yml

@@ -2,6 +2,10 @@
 description: Pipeline for Fortinet FortiClient Endpoint Security
 
 processors:
+  - set:
+        field: event.ingested
+        value: '{{_ingest.timestamp}}'
+
   # User agent
   - user_agent:
         field: user_agent.original

x-pack/filebeat/module/googlecloud/firewall/ingest/pipeline.yml

@@ -1,6 +1,10 @@
 description: Pipeline for Google Cloud Firewall Logs
 
 processors:
+  - set:
+      field: event.ingested
+      value: '{{_ingest.timestamp}}'
+
   # IP Geolocation Lookup
   - geoip:
       field: source.ip

x-pack/filebeat/module/googlecloud/vpcflow/ingest/pipeline.yml

@@ -1,6 +1,10 @@
 description: Pipeline for Google Cloud VPC Flow Logs
 
 processors:
+  - set:
+      field: event.ingested
+      value: '{{_ingest.timestamp}}'
+
   # IP Geolocation Lookup
   - geoip:
       field: source.ip

x-pack/filebeat/module/imperva/securesphere/ingest/pipeline.yml

@@ -2,6 +2,10 @@
 description: Pipeline for Imperva SecureSphere
 
 processors:
+  - set:
+        field: event.ingested
+        value: '{{_ingest.timestamp}}'
+
   # User agent
   - user_agent:
         field: user_agent.original

x-pack/filebeat/module/infoblox/nios/ingest/pipeline.yml

@@ -2,6 +2,10 @@
 description: Pipeline for Infoblox NIOS
 
 processors:
+  - set:
+        field: event.ingested
+        value: '{{_ingest.timestamp}}'
+
   # User agent
   - user_agent:
         field: user_agent.original

x-pack/filebeat/module/microsoft/dhcp/ingest/pipeline.yml

@@ -2,6 +2,10 @@
 description: Pipeline for Microsoft DHCP
 
 processors:
+  - set:
+        field: event.ingested
+        value: '{{_ingest.timestamp}}'
+
   # User agent
   - user_agent:
         field: user_agent.original

x-pack/filebeat/module/misp/threat/ingest/pipeline.json

@@ -1,6 +1,12 @@
 {
     "description": "Pipeline for normalizing MISP threat",
     "processors": [
+      {
+        "set": {
+          "field": "event.ingested",
+          "value": "{{_ingest.timestamp}}"
+        }
+      },
       {
         "geoip": {
           "field": "destination.ip",

x-pack/filebeat/module/netscout/sightline/ingest/pipeline.yml

@@ -2,6 +2,10 @@
 description: Pipeline for Arbor Peakflow SP
 
 processors:
+  - set:
+        field: event.ingested
+        value: '{{_ingest.timestamp}}'
+
   # User agent
   - user_agent:
         field: user_agent.original

x-pack/filebeat/module/panw/panos/ingest/pipeline.yml

@@ -1,5 +1,8 @@
 description: "Pipeline for Palo Alto Networks PAN-OS Logs"
 processors:
+  - set:
+      field: event.ingested
+      value: '{{_ingest.timestamp}}'
 
 # keep message as log.original.
  - rename:

x-pack/filebeat/module/rapid7/nexpose/ingest/pipeline.yml

@@ -2,6 +2,10 @@
 description: Pipeline for Rapid7 NeXpose
 
 processors:
+  - set:
+        field: event.ingested
+        value: '{{_ingest.timestamp}}'
+
   # User agent
   - user_agent:
         field: user_agent.original

x-pack/filebeat/module/sonicwall/firewall/ingest/pipeline.yml

@@ -2,6 +2,10 @@
 description: Pipeline for Sonicwall-FW
 
 processors:
+  - set:
+        field: event.ingested
+        value: '{{_ingest.timestamp}}'
+
   # User agent
   - user_agent:
         field: user_agent.original

x-pack/filebeat/module/squid/log/ingest/pipeline.yml

@@ -2,6 +2,10 @@
 description: Pipeline for Squid
 
 processors:
+  - set:
+        field: event.ingested
+        value: '{{_ingest.timestamp}}'
+
   # User agent
   - user_agent:
         field: user_agent.original

x-pack/filebeat/module/tomcat/log/ingest/pipeline.yml

@@ -2,6 +2,10 @@
 description: Pipeline for Apache Tomcat
 
 processors:
+  - set:
+        field: event.ingested
+        value: '{{_ingest.timestamp}}'
+
   # User agent
   - user_agent:
         field: user_agent.original

x-pack/filebeat/module/zeek/capture_loss/ingest/pipeline.yml

@@ -1,5 +1,8 @@
 description: Pipeline for normalizing Zeek capture_loss.log
 processors:
+- set:
+    field: event.ingested
+    value: '{{_ingest.timestamp}}'
 - set:
     field: event.created
     value: '{{_ingest.timestamp}}'

x-pack/filebeat/module/zeek/connection/ingest/pipeline.yml

@@ -1,5 +1,8 @@
 description: Pipeline for normalizing Zeek conn.log
 processors:
+- set:
+    field: event.ingested
+    value: '{{_ingest.timestamp}}'
 - set:
     field: event.created
     value: '{{_ingest.timestamp}}'

x-pack/filebeat/module/zeek/dce_rpc/ingest/pipeline.yml

@@ -1,5 +1,8 @@
 description: Pipeline for normalizing Zeek dce_rpc.log
 processors:
+- set:
+    field: event.ingested
+    value: '{{_ingest.timestamp}}'
 - set:
     field: event.created
     value: '{{_ingest.timestamp}}'

x-pack/filebeat/module/zeek/dhcp/ingest/pipeline.yml

@@ -1,5 +1,8 @@
 description: Pipeline for normalizing Zeek dhcp.log
 processors:
+- set:
+    field: event.ingested
+    value: '{{_ingest.timestamp}}'
 - set:
     field: event.created
     value: '{{_ingest.timestamp}}'

x-pack/filebeat/module/zeek/dnp3/ingest/pipeline.yml

@@ -1,5 +1,8 @@
 description: Pipeline for normalizing Zeek dnp3.log
 processors:
+- set:
+    field: event.ingested
+    value: '{{_ingest.timestamp}}'
 - set:
     field: event.created
     value: '{{_ingest.timestamp}}'

x-pack/filebeat/module/zeek/dns/ingest/pipeline.yml

@@ -2,6 +2,10 @@
 description: Pipeline for Filebeat Zeek dns.log
 
 processors:
+  - set:
+        field: event.ingested
+        value: '{{_ingest.timestamp}}'
+
   # IP Geolocation Lookup
   - geoip:
         field: source.ip

x-pack/filebeat/module/zeek/dpd/ingest/pipeline.yml

@@ -1,5 +1,8 @@
 description: Pipeline for normalizing Zeek dpd.log
 processors:
+- set:
+    field: event.ingested
+    value: '{{_ingest.timestamp}}'
 - set:
     field: event.created
     value: '{{_ingest.timestamp}}'

x-pack/filebeat/module/zeek/files/ingest/pipeline.yml

@@ -1,5 +1,8 @@
 description: Pipeline for normalizing Zeek files.log
 processors:
+- set:
+    field: event.ingested
+    value: '{{_ingest.timestamp}}'
 - set:
     field: event.created
     value: '{{_ingest.timestamp}}'
@@ -47,7 +50,7 @@ processors:
 - set:
     field: client.ip
     value: "{{zeek.files.rx_host}}"
-    if: "ctx?.zeek?.files?.rx_host != null"    
+    if: "ctx?.zeek?.files?.rx_host != null"
 - append:
     field: related.hash
     value: "{{file.hash.md5}}"

x-pack/filebeat/module/zeek/ftp/ingest/pipeline.yml

@@ -1,5 +1,8 @@
 description: Pipeline for normalizing Zeek ftp.log
 processors:
+- set:
+    field: event.ingested
+    value: '{{_ingest.timestamp}}'
 - set:
     field: event.created
     value: '{{_ingest.timestamp}}'

x-pack/filebeat/module/zeek/http/ingest/pipeline.yml

@@ -1,5 +1,8 @@
 description: Pipeline for normalizing Zeek http.log
 processors:
+- set:
+    field: event.ingested
+    value: '{{_ingest.timestamp}}'
 - set:
     field: event.created
     value: '{{_ingest.timestamp}}'

x-pack/filebeat/module/zeek/intel/ingest/pipeline.yml

@@ -1,6 +1,9 @@
 ---
 description: Pipeline for normalizing Zeek intel.log.
 processors:
+  - set:
+      field: event.ingested
+      value: '{{_ingest.timestamp}}'
   - set:
       field: event.created
       value: "{{_ingest.timestamp}}"

x-pack/filebeat/module/zeek/irc/ingest/pipeline.yml

@@ -1,5 +1,8 @@
 description: Pipeline for normalizing Zeek irc.log
 processors:
+- set:
+    field: event.ingested
+    value: '{{_ingest.timestamp}}'
 - set:
     field: event.created
     value: '{{_ingest.timestamp}}'