Change results to nested field

elastic · Oct 16, 2020 · 74f346f · 74f346f
1 parent 422240f
commit 74f346f
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 2 deletions.
diff --git a/x-pack/filebeat/module/virustotal/README.md b/x-pack/filebeat/module/virustotal/README.md
@@ -95,3 +95,7 @@ kafkacat -b 127.0.0.1:9093 -C -t virustotal.raw | head | jq
 ```
 
 Configure filebeat to use the kafka input as show above, and run it until all events are replayed. After which, you can switch back to `httpjson` as the input type and stream new data.
+
+```shell
+./filebeat -c filebeat.dev.yml -e
+```
diff --git a/x-pack/filebeat/module/virustotal/fields.go b/x-pack/filebeat/module/virustotal/fields.go
diff --git a/x-pack/filebeat/module/virustotal/livehunt/_meta/fields.yml b/x-pack/filebeat/module/virustotal/livehunt/_meta/fields.yml
@@ -21,7 +21,7 @@
         - name: results
           description: >
             Contains each engine's resulting data about sample
-          type: group
+          type: nested
           fields:
             - name: method
               description: >

diff --git a/x-pack/filebeat/module/virustotal/livehunt/ingest/pipeline.yml b/x-pack/filebeat/module/virustotal/livehunt/ingest/pipeline.yml
@@ -64,6 +64,12 @@ processors:
     formats:
     - UNIX
 
+- date:
+    field: virustotal.analysis.results.engine_update
+    ignore_failure: True
+    formats:
+    - yyyyMMdd
+
 on_failure:
   - set:
       field: error.message