From 59166f562c17efac0e7c89ebb9c7320c902252c9 Mon Sep 17 00:00:00 2001
From: Pier-Hugues Pellerin <phpellerin@gmail.com>
Date: Fri, 21 Feb 2020 14:59:05 -0500
Subject: [PATCH 1/2] Example of a Suricata datasource configuration

Suricate is using the logs input but creates multiples kind of event, so
its a single input mixed output. Lets try to see if type on the stream
could work or not.
---
 .../agent/docs/agent_configuration_example.yml  | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/x-pack/agent/docs/agent_configuration_example.yml b/x-pack/agent/docs/agent_configuration_example.yml
index 21ea4f16c11b..94266f05865c 100644
--- a/x-pack/agent/docs/agent_configuration_example.yml
+++ b/x-pack/agent/docs/agent_configuration_example.yml
@@ -451,6 +451,23 @@ datasources:
             dataset: docker.network
             period: 10s
 
+#################################################################################################
+### Suricata
+#
+ - id?: suricata-x1
+   title: Suricata's data
+   namespace?: "abc"
+   package:
+     name: suricate
+     version: x.x.x
+   inputs:
+     - type: log
+       streams:
+         -  id?: {id}
+            type: "typeX"
+            dataset: suricata.logs
+            path: /var/log/surcata/eve.json
+
 #################################################################################################
 ### suggestion 1
  - id?: myendpoint-x1

From 5580e3085c8c94b95d3080bacd8b966b7f3cdfc6 Mon Sep 17 00:00:00 2001
From: Pier-Hugues Pellerin <phpellerin@gmail.com>
Date: Mon, 24 Feb 2020 13:12:59 -0500
Subject: [PATCH 2/2] Update x-pack/agent/docs/agent_configuration_example.yml

Co-Authored-By: Andrew Kroh <andrew.kroh@elastic.co>
---
 x-pack/agent/docs/agent_configuration_example.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/x-pack/agent/docs/agent_configuration_example.yml b/x-pack/agent/docs/agent_configuration_example.yml
index 94266f05865c..08b92363921a 100644
--- a/x-pack/agent/docs/agent_configuration_example.yml
+++ b/x-pack/agent/docs/agent_configuration_example.yml
@@ -458,7 +458,7 @@ datasources:
    title: Suricata's data
    namespace?: "abc"
    package:
-     name: suricate
+     name: suricata
      version: x.x.x
    inputs:
      - type: log