From 0e53a9bb6bbbc8e8c52231732be90758d3fb8a4c Mon Sep 17 00:00:00 2001
From: Aleksandr Maus <aleksandr.maus@elastic.co>
Date: Mon, 28 Jun 2021 13:59:29 -0700
Subject: [PATCH] Osquerybeat: set the raw index name to supress the timestamp
 suffix (#26545)

(cherry picked from commit 67cf2c6c341944fd127ec533324979560223cbaa)
---
 x-pack/osquerybeat/beater/osquerybeat.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/x-pack/osquerybeat/beater/osquerybeat.go b/x-pack/osquerybeat/beater/osquerybeat.go
index fef59f975ec..24a24623c08 100644
--- a/x-pack/osquerybeat/beater/osquerybeat.go
+++ b/x-pack/osquerybeat/beater/osquerybeat.go
@@ -19,6 +19,7 @@ import (
 	"golang.org/x/sync/errgroup"
 
 	"github.com/elastic/beats/v7/libbeat/beat"
+	"github.com/elastic/beats/v7/libbeat/beat/events"
 	"github.com/elastic/beats/v7/libbeat/common"
 	"github.com/elastic/beats/v7/libbeat/logp"
 	"github.com/elastic/beats/v7/libbeat/processors"
@@ -430,7 +431,7 @@ func (bt *osquerybeat) publishEvents(index, actionID, responseID string, hits []
 			event.Fields["response_id"] = responseID
 		}
 		if index != "" {
-			event.Meta = common.MapStr{"index": index}
+			event.Meta = common.MapStr{events.FieldMetaRawIndex: index}
 		}
 
 		bt.client.Publish(event)