From 7b47f1f00449d98c431edd4ec0995fc98d598170 Mon Sep 17 00:00:00 2001
From: Lee Hinman <57081003+leehinman@users.noreply.github.com>
Date: Tue, 11 Aug 2020 09:21:17 -0500
Subject: [PATCH] [Packetbeat] Add "network" to event.category (#20392)

Add "network" to event.category value.

Closes #20364
---
 CHANGELOG.next.asciidoc                   | 1 +
 packetbeat/_meta/sample_outputs/flow.json | 9 ++++++++-
 packetbeat/flows/worker.go                | 2 +-
 packetbeat/flows/worker_test.go           | 3 +++
 4 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
index 20f0be29238f..fde6fe7abd04 100644
--- a/CHANGELOG.next.asciidoc
+++ b/CHANGELOG.next.asciidoc
@@ -320,6 +320,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 
 - Enable setting promiscuous mode automatically. {pull}11366[11366]
 - Fix process monitoring when ipv6 is disabled under Linux. {issue}19941[19941] {pull}19945[19945]
+- Add "network" to event.category {issue}20364[20364] {pull}20392[20392]
 
 *Winlogbeat*
 
diff --git a/packetbeat/_meta/sample_outputs/flow.json b/packetbeat/_meta/sample_outputs/flow.json
index d51644e16d33..3ea57202e95a 100644
--- a/packetbeat/_meta/sample_outputs/flow.json
+++ b/packetbeat/_meta/sample_outputs/flow.json
@@ -70,6 +70,13 @@
         "end": "2018-11-30T01:16:45.645Z",
         "duration": 3965826800,
         "type": "flow",
-        "start": "2018-11-30T01:16:41.679Z"
+        "start": "2018-11-30T01:16:41.679Z",
+        "dataset": "flow",
+        "kind": "event",
+        "action": "network_flow",
+        "category": [
+            "network_traffic",
+            "network"
+        ]
     }
 }
diff --git a/packetbeat/flows/worker.go b/packetbeat/flows/worker.go
index 8bfce02084a3..49548db9865f 100644
--- a/packetbeat/flows/worker.go
+++ b/packetbeat/flows/worker.go
@@ -213,7 +213,7 @@ func createEvent(
 		"duration": f.ts.Sub(f.createTS),
 		"dataset":  "flow",
 		"kind":     "event",
-		"category": "network_traffic",
+		"category": []string{"network_traffic", "network"},
 		"action":   "network_flow",
 	}
 	flow := common.MapStr{
diff --git a/packetbeat/flows/worker_test.go b/packetbeat/flows/worker_test.go
index dab0d11eb14d..4346d54aaf6d 100644
--- a/packetbeat/flows/worker_test.go
+++ b/packetbeat/flows/worker_test.go
@@ -100,6 +100,9 @@ func TestCreateEvent(t *testing.T) {
 			"end":      isdef.KeyPresent,
 			"duration": isdef.KeyPresent,
 			"dataset":  "flow",
+			"kind":     "event",
+			"category": []string{"network_traffic", "network"},
+			"action":   "network_flow",
 		},
 		"type": "flow",
 	})