Add convert for inode field

SimonKoetting · SimonKoetting · commit c6ca6afc62ad · 2024-04-10T14:51:21.000Z
diff --git a/packages/microsoft_exchange_server/data_stream/httpproxy/elasticsearch/ingest_pipeline/default.yml b/packages/microsoft_exchange_server/data_stream/httpproxy/elasticsearch/ingest_pipeline/default.yml
@@ -272,6 +272,11 @@ processors:
     type: long
     ignore_failure: true
     ignore_missing: true
+- convert:
+    field: "log.file.inode"
+    type: long
+    ignore_failure: true
+    ignore_missing: true
 - set:
     field: event.ingested
     copy_from: _ingest.timestamp
diff --git a/packages/microsoft_exchange_server/data_stream/httpproxy/fields/fields.yml b/packages/microsoft_exchange_server/data_stream/httpproxy/fields/fields.yml
@@ -141,6 +141,6 @@
 - name: log.file.device_id
   type: keyword
 - name: log.file.inode
-  type: keyword
+  type: long 
 - name: log.offset
   type: long
diff --git a/packages/microsoft_exchange_server/data_stream/imap4_pop3/elasticsearch/ingest_pipeline/default.yml b/packages/microsoft_exchange_server/data_stream/imap4_pop3/elasticsearch/ingest_pipeline/default.yml
@@ -59,6 +59,11 @@ processors:
     field: microsoft.exchange.seqnumber
     type: long
     ignore_failure: true
+- convert:
+    field: "log.file.inode"
+    type: long
+    ignore_failure: true
+    ignore_missing: true
 - set:
     field: event.ingested
     copy_from: _ingest.timestamp
diff --git a/packages/microsoft_exchange_server/data_stream/imap4_pop3/fields/fields.yml b/packages/microsoft_exchange_server/data_stream/imap4_pop3/fields/fields.yml
@@ -29,6 +29,6 @@
 - name: log.file.device_id
   type: keyword
 - name: log.file.inode
-  type: keyword
+  type: long 
 - name: log.offset
   type: long
diff --git a/packages/microsoft_exchange_server/data_stream/messagetracking/elasticsearch/ingest_pipeline/default.yml b/packages/microsoft_exchange_server/data_stream/messagetracking/elasticsearch/ingest_pipeline/default.yml
@@ -68,6 +68,11 @@ processors:
     type: long
     ignore_failure: true
     ignore_missing: true
+- convert:
+    field: "log.file.inode"
+    type: long
+    ignore_failure: true
+    ignore_missing: true
 - set:
     field: event.ingested 
     value: "{{{_ingest.timestamp}}}"
diff --git a/packages/microsoft_exchange_server/data_stream/messagetracking/fields/fields.yml b/packages/microsoft_exchange_server/data_stream/messagetracking/fields/fields.yml
@@ -41,6 +41,6 @@
 - name: log.file.device_id
   type: keyword
 - name: log.file.inode
-  type: keyword
+  type: long 
 - name: log.offset
   type: long
diff --git a/packages/microsoft_exchange_server/data_stream/smtp/elasticsearch/ingest_pipeline/default.yml b/packages/microsoft_exchange_server/data_stream/smtp/elasticsearch/ingest_pipeline/default.yml
@@ -36,6 +36,11 @@ processors:
     field: microsoft.exchange.sequencenumber
     type: long
     ignore_failure: true
+- convert:
+    field: "log.file.inode"
+    type: long
+    ignore_failure: true
+    ignore_missing: true
 - set:
     field: event.ingested
     copy_from: _ingest.timestamp
diff --git a/packages/microsoft_exchange_server/data_stream/smtp/fields/fields.yml b/packages/microsoft_exchange_server/data_stream/smtp/fields/fields.yml
@@ -21,6 +21,6 @@
 - name: log.file.device_id
   type: keyword
 - name: log.file.inode
-  type: keyword
+  type: long 
 - name: log.offset
   type: long
