Add event.ingested to Netflow module (#22412)

Add event.ingested to the pipeline in the Netflow Filebeat module.
elastic · Nov 5, 2020 · fa9ebaa · fa9ebaa
1 parent e914001
commit fa9ebaa
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 0 deletions.
diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
@@ -657,6 +657,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 - Update Okta documentation for new stateful restarts. {pull}22091[22091]
 - Copy tag names from MISP data into events. {pull}21664[21664]
 - Added TLS JA3 fingerprint, certificate not_before/not_after, certificate SHA1 hash, and certificate subject fields to Zeek SSL dataset. {pull}21696[21696]
+- Added `event.ingested` field to data from the Netflow module. {pull}22412[22412]
 
 *Heartbeat*
 

diff --git a/x-pack/filebeat/module/netflow/log/ingest/pipeline.yml b/x-pack/filebeat/module/netflow/log/ingest/pipeline.yml
@@ -2,6 +2,10 @@
 description: Pipeline for Filebeat NetFlow
 
 processors:
+  - set:
+      field: event.ingested
+      value: '{{_ingest.timestamp}}'
+
   # IP Geolocation Lookup
   - geoip:
         if: ctx.source?.geo == null