Fix and use remove_multi_fields function

wazuh · Sep 3, 2024 · c0ab8aa · c0ab8aa
1 parent b6e10df
commit c0ab8aa
Showing 1 changed file with 11 additions and 12 deletions.
diff --git a/ecs/generate.sh b/ecs/generate.sh
@@ -19,9 +19,9 @@ remove_multi_fields() {
   local OUT_FILE="$2"
 
   jq 'del(
-    .template.mappings.properties.host.properties.os.properties.full.fields,
-    .template.mappings.properties.host.properties.os.properties.name.fields,
-    .template.mappings.properties.vulnerability.properties.description.fields
+    .mappings.properties.host.properties.os.properties.full.fields,
+    .mappings.properties.host.properties.os.properties.name.fields,
+    .mappings.properties.vulnerability.properties.description.fields
   )' "$IN_FILE" > "$OUT_FILE"
 }
 
@@ -47,22 +47,21 @@ generate_mappings() {
   echo "Replacing \"match_only_text\" type with \"text\""
   find "$OUT_DIR" -type f -exec sed -i 's/match_only_text/text/g' {} \;
 
+  local IN_FILE="$OUT_DIR/generated/elasticsearch/legacy/template.json"
+  local OUT_FILE="$OUT_DIR/generated/elasticsearch/legacy/template-tmp.json"
+
   # Delete the "tags" field from the index template
   echo "Deleting the \"tags\" field from the index template"
-  jq 'del(.mappings.properties.tags)' "$OUT_DIR/generated/elasticsearch/legacy/template.json" > "$OUT_DIR/generated/elasticsearch/legacy/template-tmp.json"
-  mv "$OUT_DIR/generated/elasticsearch/legacy/template-tmp.json" "$OUT_DIR/generated/elasticsearch/legacy/template.json"
+  jq 'del(.mappings.properties.tags)' "$IN_FILE" > "$OUT_FILE"
+  mv "$OUT_FILE" "$IN_FILE"
 
   # Remove multi-fields from the generated index template
   echo "Removing multi-fields from the index template"
-  jq 'del(
-    .mappings.properties.host.properties.os.properties.full.fields,
-    .mappings.properties.host.properties.os.properties.name.fields,
-    .mappings.properties.vulnerability.properties.description.fields
-  )' "$OUT_DIR/generated/elasticsearch/legacy/template.json" > "$OUT_DIR/generated/elasticsearch/legacy/template-tmp.json"
-  mv "$OUT_DIR/generated/elasticsearch/legacy/template-tmp.json" "$OUT_DIR/generated/elasticsearch/legacy/template.json"
+  remove_multi_fields "$IN_FILE" "$OUT_FILE"
+  mv "$OUT_FILE" "$IN_FILE"
 
   # Transform legacy index template for OpenSearch compatibility
-  cat "$OUT_DIR/generated/elasticsearch/legacy/template.json" | jq '{
+  cat "$IN_FILE" | jq '{
     "index_patterns": .index_patterns,
     "priority": .order,
     "template": {