From 87ccd20565526301b80ff71414f66b5838e60303 Mon Sep 17 00:00:00 2001
From: Joseph Thacker <2989856+jthack@users.noreply.github.com>
Date: Tue, 21 Apr 2020 13:10:23 -0400
Subject: [PATCH] Organization.id

There's organization.id in ECS now https://www.elastic.co/guide/en/ecs/current/ecs-organization.html
---
 _meta/beat.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_meta/beat.yml b/_meta/beat.yml
index d464d44..a3bd6a1 100644
--- a/_meta/beat.yml
+++ b/_meta/beat.yml
@@ -69,7 +69,7 @@ processors:
         - {from: Id, to: 'event.id', type: string}                # ecs core
         - {from: RecordType, to: 'event.code', type: string}      # ecs extended
         - {from: Operation, to: 'event.action', type: string}     # ecs core
-        - {from: OrganizationId, to: 'cloud.account.id', type: string} # ecs extended
+        - {from: OrganizationId, to: 'organization.id', type: string} # ecs extended
         # - {from: UserType, to: '', type: ''}                    # no ecs mapping
         # - {from: UserKey, to: '', type: ''}                     # no ecs mapping
         - {from: Workload, to: 'event.category', type: string}    # ecs core