Private GIT

Skip to content
Snippets Groups Projects
Commit 4f258255 authored by nin9s's avatar nin9s
Browse files

Merge branch 'master' of https://github.com/nin9s/elk-hole

parents 82c7ffcd a4372621
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
json/logstash-syslog-dns-index.template_ELK7.x_dev.json
+ 347
50
View file @ 4f258255
...@@ -6,23 +6,89 @@ PUT /_template/logstash-syslog-dns ...@@ -6,23 +6,89 @@ PUT /_template/logstash-syslog-dns
"mappings": { "mappings": {
"dynamic": "true", "dynamic": "true",
"properties" : { "properties" : {
"source_host": { "@timestamp" : {
"type": "ip" "type" : "date"
}, },
"logrow": { "@version" : {
"type": "integer" "type" : "keyword"
}, },
"request_from": { "agent" : {
"type": "ip" "properties" : {
"ephemeral_id" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
}, },
"source_port": { "hostname" : {
"type": "integer" "type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
}, },
"ip_request": { "id" : {
"type": "ip" "type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
}, },
"ip_response": { "name" : {
"type": "ip" "type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"type" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"version" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
}
}
},
"blocked_domain" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"date" : {
"type" : "date",
"format" : "MMM d HH:mm:ss||MMM dd HH:mm:ss"
}, },
"dns_forward_to" : { "dns_forward_to" : {
"type" : "ip", "type" : "ip",
...@@ -33,14 +99,211 @@ PUT /_template/logstash-syslog-dns ...@@ -33,14 +99,211 @@ PUT /_template/logstash-syslog-dns
} }
} }
}, },
"tags": { "domain_request" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"domain_response" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword", "type" : "keyword",
"ignore_above" : 256
}
}
},
"ecs" : {
"properties" : {
"version" : {
"type" : "text",
"norms" : false,
"fields" : { "fields" : {
"keyword" : { "keyword" : {
"type" : "keyword", "type" : "keyword",
"ignore_above" : 256 "ignore_above" : 256
} }
} }
}
}
},
"geoip" : {
"dynamic" : "true",
"properties" : {
"city_name" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"continent_code" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"country_code2" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"country_code3" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"country_name" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"dma_code" : {
"type" : "long"
},
"ip" : {
"type" : "ip"
},
"latitude" : {
"type" : "half_float"
},
"location" : {
"type" : "geo_point"
},
"longitude" : {
"type" : "half_float"
},
"postal_code" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"region_code" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"region_name" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"timezone" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
}
}
},
"host" : {
"properties" : {
"name" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
}
}
},
"input" : {
"properties" : {
"type" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
}
}
},
"ip_request" : {
"type" : "ip"
},
"ip_response" : {
"type" : "ip"
},
"log" : {
"properties" : {
"file" : {
"properties" : {
"path" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
}
}
},
"offset" : {
"type" : "long"
}
}
},
"logrow" : {
"type" : "integer"
},
"message" : {
"type" : "text",
"norms" : false
}, },
"pid" : { "pid" : {
"type" : "integer" "type" : "integer"
...@@ -48,7 +311,7 @@ PUT /_template/logstash-syslog-dns ...@@ -48,7 +311,7 @@ PUT /_template/logstash-syslog-dns
"pihole" : { "pihole" : {
"type" : "ip" "type" : "ip"
}, },
"blocked_domain": { "program" : {
"type" : "text", "type" : "text",
"norms" : false, "norms" : false,
"fields" : { "fields" : {
...@@ -58,7 +321,7 @@ PUT /_template/logstash-syslog-dns ...@@ -58,7 +321,7 @@ PUT /_template/logstash-syslog-dns
} }
} }
}, },
"domain_request" : { "query_type" : {
"type" : "text", "type" : "text",
"norms" : false, "norms" : false,
"fields" : { "fields" : {
...@@ -68,9 +331,43 @@ PUT /_template/logstash-syslog-dns ...@@ -68,9 +331,43 @@ PUT /_template/logstash-syslog-dns
} }
} }
}, },
"date": { "request_from" : {
"type": "date", "type" : "ip"
"format": "MMM d HH:mm:ss||MMM dd HH:mm:ss" },
"source_fqdn" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"source_host" : {
"type" : "ip"
},
"source_port" : {
"type" : "integer"
},
"tags" : {
"type" : "keyword",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"type" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
} }
} }
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment

Another place to be (or not)