From 359f3e3cb40dfcf1c10cd99af7eee9c866e59d39 Mon Sep 17 00:00:00 2001
From: "Manuel J. Bernal" <manu.asi2@gmail.com>
Date: Fri, 25 Oct 2019 13:45:03 +0200
Subject: [PATCH] Updated Wazuh template

---
 roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 b/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2
index 06af6322..5387bf8c 100644
--- a/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2
+++ b/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2
@@ -162,6 +162,7 @@
       "data.dstip",
       "data.dstport",
       "data.dstuser",
+      "data.extra_data",
       "data.hardware.serial",
       "data.id",
       "data.integration",
@@ -943,6 +944,9 @@
           "data": {
             "type": "keyword"
           },
+          "extra_data": {
+            "type": "keyword"
+          },
           "system_name": {
             "type": "keyword"
           },
@@ -1673,4 +1677,4 @@
     }
   },
   "version": 1
-}
+}
\ No newline at end of file