securityonion-elastic: reconcile additional geo fields in ingest node

Security-Onion-Solutions / security-onion

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management

https://securityonion.net

3.06k stars 521 forks source link

securityonion-elastic: reconcile additional geo fields in ingest node #1640

Closed dougburks closed 4 years ago

dougburks commented 5 years ago

Ingest node geoip includes continent_name and country_iso_code. These fields are not defined in our Elasticsearch template, so we should remove the extra fields from the ingest node parser config.

weslambert commented 4 years ago

Looks good 👍 .

dougburks commented 4 years ago

Published: https://blog.securityonion.net/2019/11/elastic-684-now-available-for-security.html