Phil Hagen

this is handled via other means now. will continue to consider a "time in flight" metadata calculation though

also add for any entry with all necessary component fields

create ElasticSearch pipeline and apply via the logstash elasticsearch output https://www.elastic.co/guide/en/elasticsearch/reference/current/ingest.html#add-pipeline-to-indexing-request https://www.elastic.co/guide/en/logstash/current/plugins-outputs-elasticsearch.html

may be easier to just use a ruby implementation: https://github.com/rocknsm/rock-dashboards/blob/master/ecs-configuration/logstash/conf.d/logstash-900-filter-community_Id_hash-enrich.conf

OK - thanks for the follow-up and I can see that making sense. However, it appears that by default `files.log` contains md5 and sha1, but not sha256. At least this...

Also, since x509 certificates are not NOT listed in `files.log` by default, this is not ideal. Working around it for now, but there are a few steps/configuration items needed to...

Yes, I was able to get things logged as needed with `X509:log_x509_in_files_log` as well as an extra configuration to enable sha256 checksum generation in `files.log` as well. Thanks for the...

I think this was regarding the geoip script