Phil Hagen

fixed in 0c4d9391ffc251a72a6291f58636f4d11b0082e6 for future build and in staged vm

**DO NOT CLOSE THIS ISSUE** until these lines are removed: https://github.com/philhagen/sof-elk/blob/9131bd1b4215c42df18c642275a1eec7c56fa26e/supporting-scripts/post_merge.sh#L31-L38

@joshlemon can you please send me a sample for this? I now have cycles to get this figured out. DM is fine of course.

I've tested the parser on `feature/ecs` on a bunch of private sample data from @invictus-ir and with the usual exceptions of a very small number of inconsistent fields/data types, all...

I'm about to send a VM configured for testing this update and a TON of other changes to a small group. @marcottedan if you are interested in giving it a...

that tool is not being updated and works with an older version of filebeat. upon further consideration, I don't think automatically removing input files is a good idea. the filebeat...

this is sufficiently met with the `event.original` field. reprising existing records is not anticipated at this time, but can be revisited in the future.

going to close this one since wildcard matching in KQL has been viable for a while.

not fixed - requires more handling

see https://github.com/logstash-plugins/logstash-filter-cidr/issues/27