doc/eve.anomaly: fix indent and general formatting

diff --git a/doc/userguide/output/eve/eve-json-output.rst b/doc/userguide/output/eve/eve-json-output.rst
index 081f4687b8011f8b229e318906045d6e273b10b0..77feb219054eea0c5ff7f3710a9195bf77c1e646 100644 (file)
--- a/doc/userguide/output/eve/eve-json-output.rst
+++ b/doc/userguide/output/eve/eve-json-output.rst
@@ -97,32 +97,33 @@ Anomalies are reported by and configured by type:
 
 Metadata::
 
-       - anomaly:
-               # Anomaly log records describe unexpected conditions such as truncated packets, packets
-        #  with invalid IP/UDP/TCP length values, and other events that render the packet
-        # invalid for further processing or describe unexpected behavior on an established stream.
-        # Networks which experience high occurrences of anomalies may experience packet processing
-        # degradation.
-               #
-               # Anomalies are reported for the following:
-               # 1. Decode: Values and conditions that are detected while decoding individual packets.
-        # This includes invalid or unexpected values for low-level protocol lengths as well
-        # as stream related events (TCP 3-way handshake issues, unexpected sequence number, etc).
-               # 2. Stream: This includes stream related events (TCP 3-way handshake issues, unexpected
-        # sequence number, etc).
-               # 3. Application layer: These denote application layer specific conditions that are unexpected,
-        # invalid or are unexpected given the application monitoring state.
-               #
-               # By default, anomaly logging is disabled. When anomaly logging is enabled, application-layer anomaly
-               # reporting is enabled.
-               #
-               # Choose one or both types of anomaly logging and whether to enable
-               # logging of the packet header for packet anomalies.
-               types:
-                 #decode: no
-                 #stream: no
-                 #applayer: yes
-               #packethdr: no
+    - anomaly:
+        # Anomaly log records describe unexpected conditions such as truncated packets,
+        # packets with invalid IP/UDP/TCP length values, and other events that render
+        # the packet invalid for further processing or describe unexpected behavior on
+        # an established stream. Networks which experience high occurrences of
+        # anomalies may experience packet processing degradation.
+        #
+        # Anomalies are reported for the following:
+        # 1. Decode: Values and conditions that are detected while decoding individual
+        #    packets. This includes invalid or unexpected values for low-level protocol
+        #    lengths as well.
+        # 2. Stream: This includes stream related events (TCP 3-way handshake issues,
+        #    unexpected sequence number, etc).
+        # 3. Application layer: These denote application layer specific conditions that
+        #    are unexpected, invalid or are unexpected given the application monitoring
+        #    state.
+        #
+        # By default, anomaly logging is disabled. When anomaly logging is enabled,
+        # application-layer anomaly reporting is enabled.
+        #
+        # Choose one or both types of anomaly logging and whether to enable
+        # logging of the packet header for packet anomalies.
+        types:
+          #decode: no
+          #stream: no
+          #applayer: yes
+        #packethdr: no
 
 HTTP
 ~~~~