From 928ec7c00d46f5bf1e5c1c1777a2caf1fd6c8feb Mon Sep 17 00:00:00 2001
From: Andrew Kroh <andrew.kroh@elastic.co>
Date: Thu, 17 Oct 2019 11:53:23 -0400
Subject: [PATCH] Set source.bytes/packets for uni-directional netflow (#14111)

This populates the `source.bytes` and `source.packets` fields for uni-directional netflow events. Previously only `network.bytes`/`network.packets` would be set. The input would already populate the source fields for bi-directional flows.

This also fixes an issue where the totals in `network.bytes` and `network.packets` were incorrectly calculated for bi-directional flows.

Closes #11473
---
 CHANGELOG.next.asciidoc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
index d9300433ffce..60fb2fb4a7cc 100644
--- a/CHANGELOG.next.asciidoc
+++ b/CHANGELOG.next.asciidoc
@@ -96,6 +96,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 - Fix cisco module's asa and ftd filesets parsing of domain names where an IP address is expected. {issue}14034[14034]
 - Fixed increased memory usage with large files when multiline pattern does not match. {issue}14068[14068]
 - panw module: Use geo.name instead of geo.country_iso_code for free-form location. {issue}13272[13272]
+- Fix calculation of `network.bytes` and `network.packets` for bi-directional netflow events. {pull}14111[14111]
 
 *Heartbeat*
 
@@ -208,6 +209,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 - Add ExpandEventListFromField config option in the kafka input. {pull}13965[13965]
 - Add ELB fileset to AWS module. {pull}14020[14020]
 - Add module for MISP (Malware Information Sharing Platform). {pull}13805[13805]
+- Add `source.bytes` and `source.packets` for uni-directional netflow events. {pull}14111[14111]
 
 *Heartbeat*