From c0ab8aa2f1665bbbe02a5e3161cb3a5ac6987520 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=81lex=20Ruiz?= <alejandro.ruiz.becerra@wazuh.com>
Date: Tue, 3 Sep 2024 16:02:55 +0200
Subject: [PATCH] Fix and use remove_multi_fields function

---
 ecs/generate.sh | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/ecs/generate.sh b/ecs/generate.sh
index 20c94d20461a8..f40a7d824e348 100755
--- a/ecs/generate.sh
+++ b/ecs/generate.sh
@@ -19,9 +19,9 @@ remove_multi_fields() {
   local OUT_FILE="$2"
 
   jq 'del(
-    .template.mappings.properties.host.properties.os.properties.full.fields,
-    .template.mappings.properties.host.properties.os.properties.name.fields,
-    .template.mappings.properties.vulnerability.properties.description.fields
+    .mappings.properties.host.properties.os.properties.full.fields,
+    .mappings.properties.host.properties.os.properties.name.fields,
+    .mappings.properties.vulnerability.properties.description.fields
   )' "$IN_FILE" > "$OUT_FILE"
 }
 
@@ -47,22 +47,21 @@ generate_mappings() {
   echo "Replacing \"match_only_text\" type with \"text\""
   find "$OUT_DIR" -type f -exec sed -i 's/match_only_text/text/g' {} \;
 
+  local IN_FILE="$OUT_DIR/generated/elasticsearch/legacy/template.json"
+  local OUT_FILE="$OUT_DIR/generated/elasticsearch/legacy/template-tmp.json"
+
   # Delete the "tags" field from the index template
   echo "Deleting the \"tags\" field from the index template"
-  jq 'del(.mappings.properties.tags)' "$OUT_DIR/generated/elasticsearch/legacy/template.json" > "$OUT_DIR/generated/elasticsearch/legacy/template-tmp.json"
-  mv "$OUT_DIR/generated/elasticsearch/legacy/template-tmp.json" "$OUT_DIR/generated/elasticsearch/legacy/template.json"
+  jq 'del(.mappings.properties.tags)' "$IN_FILE" > "$OUT_FILE"
+  mv "$OUT_FILE" "$IN_FILE"
 
   # Remove multi-fields from the generated index template
   echo "Removing multi-fields from the index template"
-  jq 'del(
-    .mappings.properties.host.properties.os.properties.full.fields,
-    .mappings.properties.host.properties.os.properties.name.fields,
-    .mappings.properties.vulnerability.properties.description.fields
-  )' "$OUT_DIR/generated/elasticsearch/legacy/template.json" > "$OUT_DIR/generated/elasticsearch/legacy/template-tmp.json"
-  mv "$OUT_DIR/generated/elasticsearch/legacy/template-tmp.json" "$OUT_DIR/generated/elasticsearch/legacy/template.json"
+  remove_multi_fields "$IN_FILE" "$OUT_FILE"
+  mv "$OUT_FILE" "$IN_FILE"
 
   # Transform legacy index template for OpenSearch compatibility
-  cat "$OUT_DIR/generated/elasticsearch/legacy/template.json" | jq '{
+  cat "$IN_FILE" | jq '{
     "index_patterns": .index_patterns,
     "priority": .order,
     "template": {