From 3802a515521151617ab63fcc17d5fa49c90203a7 Mon Sep 17 00:00:00 2001
From: Jason Ish <jason.ish@oisf.net>
Date: Thu, 10 Aug 2023 11:38:18 -0600
Subject: [PATCH] eve/schema: add host

The "host" field is added to EVE events if the "sensor-name" field is
configured in suricata.yaml.
---
 etc/schema.json | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/etc/schema.json b/etc/schema.json
index 1e945a2768..1b49cf5af1 100644
--- a/etc/schema.json
+++ b/etc/schema.json
@@ -39,6 +39,11 @@
         "flow_id": {
             "type": "integer"
         },
+        "host": {
+            "$comment": "May change to sensor_name in the future, or become user configurable: https://redmine.openinfosecfoundation.org/issues/4919",
+            "description": "the sensor-name, if configured",
+            "type": "string"
+        },
         "icmp_code": {
             "type": "integer"
         },