From 024b82be58af7e3510ff68d8972037b89ac2c261 Mon Sep 17 00:00:00 2001
From: Andrew Kroh <andrew.kroh@elastic.co>
Date: Wed, 16 Nov 2022 09:16:05 -0500
Subject: [PATCH] Update ECS mapping in docs

---
 .../aws_vpcflow/docs/parse_aws_vpc_flow_log.asciidoc           | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/x-pack/filebeat/processors/aws_vpcflow/docs/parse_aws_vpc_flow_log.asciidoc b/x-pack/filebeat/processors/aws_vpcflow/docs/parse_aws_vpc_flow_log.asciidoc
index cacedfa21b81..8977a84a2970 100644
--- a/x-pack/filebeat/processors/aws_vpcflow/docs/parse_aws_vpc_flow_log.asciidoc
+++ b/x-pack/filebeat/processors/aws_vpcflow/docs/parse_aws_vpc_flow_log.asciidoc
@@ -95,6 +95,7 @@ transformations applied to derive the ECS field.
 | VPC Flow Log Field | ECS Field |
 | account_id | cloud.account.id |
 | action | event.outcome |
+| action | event.action |
 | az_id | cloud.availability_zone |
 | bytes | network.bytes |
 | bytes | source.bytes |
@@ -108,7 +109,7 @@ transformations applied to derive the ECS field.
 | packets | network.packets |
 | packets | source.packets |
 | protocol | network.iana_number |
-| protocol | network.protocol |
+| protocol | network.transport |
 | region | cloud.region |
 | srcaddr | network.type |
 | srcaddr | source.address |