Skip to content

Commit

Permalink
fix missing extra fields when the key doesn't contain a dot and flatt…
Browse files Browse the repository at this point in the history 
…enfields=true

Signed-off-by: Thomas Labarussias <[email protected]>
  • Loading branch information
@Issif @poiana
Issif authored and poiana committed Oct 28, 2024
1 parent 3b87d91 commit 74ce82c
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions outputs/elasticsearch.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -285,8 +285,10 @@ func (c *Client) buildESPayload(falcopayload types.FalcoPayload) eSPayload {

if c.Config.Elasticsearch.FlattenFields || c.Config.Elasticsearch.CreateIndexTemplate {
for i, j := range payload.OutputFields {
payload.OutputFields[strings.ReplaceAll(i, ".", "_")] = j
delete(payload.OutputFields, i)
if strings.Contains(i, ".") {
payload.OutputFields[strings.ReplaceAll(i, ".", "_")] = j
delete(payload.OutputFields, i)
}
}
}
return payload
Expand Down

0 comments on commit 74ce82c

Please sign in to comment.