From 66a074e46a140bda89059eade6ca01b081c31ff4 Mon Sep 17 00:00:00 2001
From: Ryan Saunders <ryan@kc8zyv.com>
Date: Fri, 29 Jul 2022 16:22:14 -0400
Subject: [PATCH] correct bytes sent/received field aliases

---
 Splunk_TA_paloalto/default/props.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Splunk_TA_paloalto/default/props.conf b/Splunk_TA_paloalto/default/props.conf
index 0d485012..0164309d 100644
--- a/Splunk_TA_paloalto/default/props.conf
+++ b/Splunk_TA_paloalto/default/props.conf
@@ -35,8 +35,8 @@ FIELDALIAS-fwcloud_application = Application as application
 FIELDALIAS-fwcloud_app = Application as app
 FIELDALIAS-fwcloud_app_is_saas = IsSaaSApplication as app:is_saas
 FIELDALIAS-fwcloud_bytes = Bytes as bytes
-FIELDALIAS-fwcloud_bytes_out = BytesReceived as bytes_out
-FIELDALIAS-fwcloud_bytes_in = BytesSent as bytes_in
+FIELDALIAS-fwcloud_bytes_out = BytesSent as bytes_out
+FIELDALIAS-fwcloud_bytes_in = BytesReceived as bytes_in
 EVAL-client_ip = coalesce(SourceAddress, PrivateIPv4)
 FIELDALIAS-fwcloud_client_location = SourceLocation as client_location
 EVAL-description = coalesce(Description, EventDescription)