Merge pull request #161 from UncoderIO/gis-8070

Gis 8070

Author: tarnopolskyi

uncoder-core/app/translator/mappings/platforms/splunk/aws_cloudtrail.yml

@@ -3,10 +3,10 @@ source: aws_cloudtrail
 
 
 log_source:
-  source_type: [aws:cloudtrail]
+  sourcetype: [aws:cloudtrail]
 
 default_log_source:
-  source_type: aws:cloudtrail
+  sourcetype: aws:cloudtrail
 
 field_mapping:
   eventSource: eventSource

uncoder-core/app/translator/mappings/platforms/splunk/aws_eks.yml

@@ -3,10 +3,10 @@ source: aws_eks
 
 
 log_source:
-  source_type: [aws:*]
+  sourcetype: [aws:*]
 
 default_log_source:
-  source_type: aws:*
+  sourcetype: aws:*
 
 field_mapping:
   annotations.authorization.k8s.io\/decision: annotations.authorization.k8s.io\/decision

uncoder-core/app/translator/mappings/platforms/splunk/azure_AzureDiagnostics.yml

@@ -3,10 +3,10 @@ source: azure_AzureDiagnostics
 
 
 log_source:
-  source_type: [azure:*]
+  sourcetype: [azure:*]
 
 default_log_source:
-  source_type: azure:*
+  sourcetype: azure:*
 
 field_mapping:
   ResultDescription: ResultDescription

uncoder-core/app/translator/mappings/platforms/splunk/azure_BehaviorAnalytics.yml

@@ -3,10 +3,10 @@ source: azure_BehaviorAnalytics
 
 
 log_source:
-  source_type: [azure:*]
+  sourcetype: [azure:*]
 
 default_log_source:
-  source_type: azure:*
+  sourcetype: azure:*
 
 field_mapping:
   ActionType: ActionType

uncoder-core/app/translator/mappings/platforms/splunk/azure_aadnoninteractiveusersigninlogs.yml

@@ -3,10 +3,10 @@ source: azure_aadnoninteractiveusersigninlogs
 
 
 log_source:
-  source_type: [azure:*]
+  sourcetype: [azure:*]
 
 default_log_source:
-  source_type: azure:*
+  sourcetype: azure:*
 
 field_mapping:
   UserAgent: UserAgent

uncoder-core/app/translator/mappings/platforms/splunk/azure_azureactivity.yml

@@ -3,10 +3,10 @@ source: azure_azureactivity
 
 
 log_source:
-  source_type: [mscs:azure:*, azure:*]
+  sourcetype: [mscs:azure:*, azure:*]
 
 default_log_source:
-  source_type: mscs:azure:*
+  sourcetype: mscs:azure:*
 
 field_mapping:
   ActivityStatus: ActivityStatus

uncoder-core/app/translator/mappings/platforms/splunk/azure_azuread.yml

@@ -3,10 +3,10 @@ source: azure_azuread
 
 
 log_source:
-  source_type: [azure:aad:*]
+  sourcetype: [azure:aad:*]
 
 default_log_source:
-  source_type: azure:aad:*
+  sourcetype: azure:aad:*
 
 field_mapping:
   ActivityDisplayName: ActivityDisplayName

uncoder-core/app/translator/mappings/platforms/splunk/azure_signinlogs.yml

@@ -3,10 +3,10 @@ source: azure_signinlogs
 
 
 log_source:
-  source_type: [azure:aad:*]
+  sourcetype: [azure:aad:*]
 
 default_log_source:
-  source_type: azure:aad:*
+  sourcetype: azure:aad:*
 
 field_mapping:
   AppDisplayName: AppDisplayName

uncoder-core/app/translator/mappings/platforms/splunk/firewall.yml

@@ -3,11 +3,11 @@ source: firewall
 
 
 log_source:
-  source_type: [fortigate_traffic]
+  sourcetype: [fortigate_traffic]
   index: [fortigate]
 
 default_log_source:
-  source_type: fortigate_traffic
+  sourcetype: fortigate_traffic
   index: fortigate
 
 field_mapping:

uncoder-core/app/translator/mappings/platforms/splunk/gcp_gcp.audit.yml

@@ -3,7 +3,7 @@ source: gcp_gcp.audit
 
 
 log_source:
-  source_type: [google:gcp:*]
+  sourcetype: [google:gcp:*]
 
 default_log_source:
   index: google:gcp:*