diff --git a/json/logstash-syslog-dns-index.template_ELK7.x.json b/json/logstash-syslog-dns-index.template_ELK7.x.json
index cb982c379f4880f8dae429291bbd856da127385a..e760e0e9df80954455125e66d533232c826ae37a 100644
--- a/json/logstash-syslog-dns-index.template_ELK7.x.json
+++ b/json/logstash-syslog-dns-index.template_ELK7.x.json
@@ -1,6217 +1,59 @@
-{
- "logstash-syslog-dns" : {
- "order" : 1,
- "index_patterns" : [
+{
+ "index_patterns":[
"logstash-syslog-dns*"
- ],
- "settings" : {
- "index" : {
- "lifecycle" : {
- "name" : "filebeat-7.1.1",
- "rollover_alias" : "filebeat-7.1.1"
- },
- "mapping" : {
- "total_fields" : {
- "limit" : "10000"
- }
- },
- "refresh_interval" : "5s",
- "number_of_routing_shards" : "30",
- "query" : {
- "default_field" : [
- "message",
- "tags",
- "agent.ephemeral_id",
- "agent.id",
- "agent.name",
- "agent.type",
- "agent.version",
- "client.address",
- "client.domain",
- "client.geo.city_name",
- "client.geo.continent_name",
- "client.geo.country_iso_code",
- "client.geo.country_name",
- "client.geo.name",
- "client.geo.region_iso_code",
- "client.geo.region_name",
- "client.mac",
- "client.user.email",
- "client.user.full_name",
- "client.user.group.id",
- "client.user.group.name",
- "client.user.hash",
- "client.user.id",
- "client.user.name",
- "cloud.account.id",
- "cloud.availability_zone",
- "cloud.instance.id",
- "cloud.instance.name",
- "cloud.machine.type",
- "cloud.provider",
- "cloud.region",
- "container.id",
- "container.image.name",
- "container.image.tag",
- "container.name",
- "container.runtime",
- "destination.address",
- "destination.domain",
- "destination.geo.city_name",
- "destination.geo.continent_name",
- "destination.geo.country_iso_code",
- "destination.geo.country_name",
- "destination.geo.name",
- "destination.geo.region_iso_code",
- "destination.geo.region_name",
- "destination.mac",
- "destination.user.email",
- "destination.user.full_name",
- "destination.user.group.id",
- "destination.user.group.name",
- "destination.user.hash",
- "destination.user.id",
- "destination.user.name",
- "ecs.version",
- "error.code",
- "error.id",
- "error.message",
- "event.action",
- "event.category",
- "event.dataset",
- "event.hash",
- "event.id",
- "event.kind",
- "event.module",
- "event.original",
- "event.outcome",
- "event.timezone",
- "event.type",
- "file.device",
- "file.extension",
- "file.gid",
- "file.group",
- "file.inode",
- "file.mode",
- "file.owner",
- "file.path",
- "file.target_path",
- "file.type",
- "file.uid",
- "geo.city_name",
- "geo.continent_name",
- "geo.country_iso_code",
- "geo.country_name",
- "geo.name",
- "geo.region_iso_code",
- "geo.region_name",
- "group.id",
- "group.name",
- "host.architecture",
- "host.geo.city_name",
- "host.geo.continent_name",
- "host.geo.country_iso_code",
- "host.geo.country_name",
- "host.geo.name",
- "host.geo.region_iso_code",
- "host.geo.region_name",
- "host.hostname",
- "host.id",
- "host.mac",
- "host.name",
- "host.os.family",
- "host.os.full",
- "host.os.kernel",
- "host.os.name",
- "host.os.platform",
- "host.os.version",
- "host.type",
- "host.user.email",
- "host.user.full_name",
- "host.user.group.id",
- "host.user.group.name",
- "host.user.hash",
- "host.user.id",
- "host.user.name",
- "http.request.body.content",
- "http.request.method",
- "http.request.referrer",
- "http.response.body.content",
- "http.version",
- "log.level",
- "log.original",
- "network.application",
- "network.community_id",
- "network.direction",
- "network.iana_number",
- "network.name",
- "network.protocol",
- "network.transport",
- "network.type",
- "observer.geo.city_name",
- "observer.geo.continent_name",
- "observer.geo.country_iso_code",
- "observer.geo.country_name",
- "observer.geo.name",
- "observer.geo.region_iso_code",
- "observer.geo.region_name",
- "observer.hostname",
- "observer.mac",
- "observer.os.family",
- "observer.os.full",
- "observer.os.kernel",
- "observer.os.name",
- "observer.os.platform",
- "observer.os.version",
- "observer.serial_number",
- "observer.type",
- "observer.vendor",
- "observer.version",
- "organization.id",
- "organization.name",
- "os.family",
- "os.full",
- "os.kernel",
- "os.name",
- "os.platform",
- "os.version",
- "process.args",
- "process.executable",
- "process.name",
- "process.title",
- "process.working_directory",
- "server.address",
- "server.domain",
- "server.geo.city_name",
- "server.geo.continent_name",
- "server.geo.country_iso_code",
- "server.geo.country_name",
- "server.geo.name",
- "server.geo.region_iso_code",
- "server.geo.region_name",
- "server.mac",
- "server.user.email",
- "server.user.full_name",
- "server.user.group.id",
- "server.user.group.name",
- "server.user.hash",
- "server.user.id",
- "server.user.name",
- "service.ephemeral_id",
- "service.id",
- "service.name",
- "service.state",
- "service.type",
- "service.version",
- "source.address",
- "source.domain",
- "source.geo.city_name",
- "source.geo.continent_name",
- "source.geo.country_iso_code",
- "source.geo.country_name",
- "source.geo.name",
- "source.geo.region_iso_code",
- "source.geo.region_name",
- "source.mac",
- "source.user.email",
- "source.user.full_name",
- "source.user.group.id",
- "source.user.group.name",
- "source.user.hash",
- "source.user.id",
- "source.user.name",
- "url.domain",
- "url.fragment",
- "url.full",
- "url.original",
- "url.password",
- "url.path",
- "url.query",
- "url.scheme",
- "url.username",
- "user.email",
- "user.full_name",
- "user.group.id",
- "user.group.name",
- "user.hash",
- "user.id",
- "user.name",
- "user_agent.device.name",
- "user_agent.name",
- "user_agent.original",
- "user_agent.os.family",
- "user_agent.os.full",
- "user_agent.os.kernel",
- "user_agent.os.name",
- "user_agent.os.platform",
- "user_agent.os.version",
- "user_agent.version",
- "agent.hostname",
- "error.type",
- "cloud.project.id",
- "host.os.build",
- "kubernetes.pod.name",
- "kubernetes.pod.uid",
- "kubernetes.namespace",
- "kubernetes.node.name",
- "kubernetes.container.name",
- "kubernetes.container.image",
- "log.file.path",
- "log.source.address",
- "stream",
- "input.type",
- "syslog.severity_label",
- "syslog.facility_label",
- "process.program",
- "log.flags",
- "user_agent.os.full_name",
- "fileset.name",
- "apache.access.ssl.protocol",
- "apache.access.ssl.cipher",
- "apache.error.module",
- "user.terminal",
- "user.audit.id",
- "user.audit.name",
- "user.audit.group.id",
- "user.audit.group.name",
- "user.effective.id",
- "user.effective.name",
- "user.effective.group.id",
- "user.effective.group.name",
- "user.filesystem.id",
- "user.filesystem.name",
- "user.filesystem.group.id",
- "user.filesystem.group.name",
- "user.owner.id",
- "user.owner.name",
- "user.owner.group.id",
- "user.owner.group.name",
- "user.saved.id",
- "user.saved.name",
- "user.saved.group.id",
- "user.saved.group.name",
- "auditd.log.old_auid",
- "auditd.log.new_auid",
- "auditd.log.old_ses",
- "auditd.log.new_ses",
- "auditd.log.items",
- "auditd.log.item",
- "auditd.log.tty",
- "auditd.log.a0",
- "elasticsearch.component",
- "elasticsearch.cluster.uuid",
- "elasticsearch.cluster.name",
- "elasticsearch.node.id",
- "elasticsearch.node.name",
- "elasticsearch.index.name",
- "elasticsearch.index.id",
- "elasticsearch.shard.id",
- "elasticsearch.audit.layer",
- "elasticsearch.audit.event_type",
- "elasticsearch.audit.origin.type",
- "elasticsearch.audit.realm",
- "elasticsearch.audit.user.realm",
- "elasticsearch.audit.user.roles",
- "elasticsearch.audit.action",
- "elasticsearch.audit.url.params",
- "elasticsearch.audit.indices",
- "elasticsearch.audit.request.id",
- "elasticsearch.audit.request.name",
- "elasticsearch.gc.phase.name",
- "elasticsearch.gc.tags",
- "elasticsearch.slowlog.logger",
- "elasticsearch.slowlog.took",
- "elasticsearch.slowlog.types",
- "elasticsearch.slowlog.stats",
- "elasticsearch.slowlog.search_type",
- "elasticsearch.slowlog.source_query",
- "elasticsearch.slowlog.extra_source",
- "elasticsearch.slowlog.total_hits",
- "elasticsearch.slowlog.total_shards",
- "elasticsearch.slowlog.routing",
- "elasticsearch.slowlog.id",
- "elasticsearch.slowlog.type",
- "haproxy.frontend_name",
- "haproxy.backend_name",
- "haproxy.server_name",
- "haproxy.bind_name",
- "haproxy.error_message",
- "haproxy.source",
- "haproxy.termination_state",
- "haproxy.mode",
- "haproxy.http.response.captured_cookie",
- "haproxy.http.response.captured_headers",
- "haproxy.http.request.captured_cookie",
- "haproxy.http.request.captured_headers",
- "haproxy.http.request.raw_request_line",
- "icinga.debug.facility",
- "icinga.main.facility",
- "icinga.startup.facility",
- "iis.access.site_name",
- "iis.access.server_name",
- "iis.access.cookie",
- "iis.error.reason_phrase",
- "iis.error.queue_name",
- "iptables.fragment_flags",
- "iptables.input_device",
- "iptables.output_device",
- "iptables.tcp.flags",
- "iptables.ubiquiti.input_zone",
- "iptables.ubiquiti.output_zone",
- "iptables.ubiquiti.rule_number",
- "iptables.ubiquiti.rule_set",
- "kafka.log.component",
- "kafka.log.class",
- "kafka.log.trace.class",
- "kafka.log.trace.message",
- "kibana.log.tags",
- "kibana.log.state",
- "logstash.log.module",
- "text",
- "logstash.log.thread",
- "logstash.slowlog.module",
- "text",
- "logstash.slowlog.thread",
- "text",
- "logstash.slowlog.event",
- "logstash.slowlog.plugin_name",
- "logstash.slowlog.plugin_type",
- "text",
- "logstash.slowlog.plugin_params",
- "mongodb.log.component",
- "mongodb.log.context",
- "mysql.slowlog.query",
- "mysql.slowlog.schema",
- "mysql.slowlog.current_user",
- "mysql.slowlog.last_errno",
- "mysql.slowlog.killed",
- "mysql.slowlog.log_slow_rate_type",
- "mysql.slowlog.log_slow_rate_limit",
- "mysql.slowlog.innodb.trx_id",
- "netflow.type",
- "netflow.exporter.address",
- "netflow.source_mac_address",
- "netflow.post_destination_mac_address",
- "netflow.destination_mac_address",
- "netflow.post_source_mac_address",
- "netflow.interface_name",
- "netflow.interface_description",
- "netflow.sampler_name",
- "netflow.application_description",
- "netflow.application_name",
- "netflow.class_name",
- "netflow.wlan_ssid",
- "netflow.vr_fname",
- "netflow.metro_evc_id",
- "netflow.nat_pool_name",
- "netflow.p2p_technology",
- "netflow.tunnel_technology",
- "netflow.encrypted_technology",
- "netflow.observation_domain_name",
- "netflow.selector_name",
- "netflow.information_element_description",
- "netflow.information_element_name",
- "netflow.virtual_station_interface_name",
- "netflow.virtual_station_name",
- "netflow.sta_mac_address",
- "netflow.wtp_mac_address",
- "netflow.user_name",
- "netflow.application_category_name",
- "netflow.application_sub_category_name",
- "netflow.application_group_name",
- "netflow.dot1q_customer_source_mac_address",
- "netflow.dot1q_customer_destination_mac_address",
- "netflow.mib_context_name",
- "netflow.mib_object_name",
- "netflow.mib_object_description",
- "netflow.mib_object_syntax",
- "netflow.mib_module_name",
- "netflow.mobile_imsi",
- "netflow.mobile_msisdn",
- "netflow.http_request_method",
- "netflow.http_request_host",
- "netflow.http_request_target",
- "netflow.http_message_version",
- "netflow.http_user_agent",
- "netflow.http_content_type",
- "netflow.http_reason_phrase",
- "osquery.result.name",
- "osquery.result.action",
- "osquery.result.host_identifier",
- "osquery.result.calendar_time",
- "postgresql.log.timestamp",
- "postgresql.log.database",
- "postgresql.log.query",
- "redis.log.role",
- "redis.slowlog.cmd",
- "redis.slowlog.key",
- "redis.slowlog.args",
- "santa.action",
- "santa.decision",
- "santa.reason",
- "santa.mode",
- "santa.disk.volume",
- "santa.disk.bus",
- "santa.disk.serial",
- "santa.disk.bsdname",
- "santa.disk.model",
- "santa.disk.fs",
- "santa.disk.mount",
- "certificate.common_name",
- "certificate.sha256",
- "hash.sha256",
- "suricata.eve.event_type",
- "suricata.eve.app_proto_orig",
- "suricata.eve.tcp.tcp_flags",
- "suricata.eve.tcp.tcp_flags_tc",
- "suricata.eve.tcp.state",
- "suricata.eve.tcp.tcp_flags_ts",
- "suricata.eve.fileinfo.sha1",
- "suricata.eve.fileinfo.state",
- "suricata.eve.fileinfo.sha256",
- "suricata.eve.fileinfo.md5",
- "suricata.eve.dns.type",
- "suricata.eve.dns.rrtype",
- "suricata.eve.dns.rrname",
- "suricata.eve.dns.rdata",
- "suricata.eve.dns.rcode",
- "suricata.eve.flow_id",
- "suricata.eve.email.status",
- "suricata.eve.http.redirect",
- "suricata.eve.http.protocol",
- "suricata.eve.http.http_content_type",
- "suricata.eve.in_iface",
- "suricata.eve.alert.category",
- "suricata.eve.alert.signature",
- "suricata.eve.ssh.client.proto_version",
- "suricata.eve.ssh.client.software_version",
- "suricata.eve.ssh.server.proto_version",
- "suricata.eve.ssh.server.software_version",
- "suricata.eve.tls.issuerdn",
- "suricata.eve.tls.sni",
- "suricata.eve.tls.version",
- "suricata.eve.tls.fingerprint",
- "suricata.eve.tls.serial",
- "suricata.eve.tls.subject",
- "suricata.eve.app_proto_ts",
- "suricata.eve.flow.state",
- "suricata.eve.flow.reason",
- "suricata.eve.app_proto_tc",
- "suricata.eve.smtp.rcpt_to",
- "suricata.eve.smtp.mail_from",
- "suricata.eve.smtp.helo",
- "suricata.eve.app_proto_expected",
- "system.auth.ssh.method",
- "system.auth.ssh.signature",
- "system.auth.ssh.event",
- "system.auth.sudo.error",
- "system.auth.sudo.tty",
- "system.auth.sudo.pwd",
- "system.auth.sudo.user",
- "system.auth.sudo.command",
- "system.auth.useradd.home",
- "system.auth.useradd.shell",
- "traefik.access.user_identifier",
- "traefik.access.frontend_name",
- "traefik.access.backend_url",
- "zeek.session_id",
- "zeek.connection.state",
- "zeek.connection.history",
- "zeek.connection.orig_l2_addr",
- "zeek.connection.resp_l2_addr",
- "zeek.dns.trans_id",
- "zeek.dns.query",
- "zeek.dns.qclass_name",
- "zeek.dns.qtype_name",
- "zeek.dns.rcode_name",
- "zeek.dns.answers",
- "zeek.http.status_msg",
- "zeek.http.info_msg",
- "zeek.http.tags",
- "zeek.http.password",
- "zeek.http.proxied",
- "zeek.http.client_header_names",
- "zeek.http.server_header_names",
- "zeek.http.orig_fuids",
- "zeek.http.orig_mime_types",
- "zeek.http.orig_filenames",
- "zeek.http.resp_fuids",
- "zeek.http.resp_mime_types",
- "zeek.http.resp_filenames",
- "zeek.files.fuid",
- "zeek.files.session_ids",
- "zeek.files.source",
- "zeek.files.analyzers",
- "zeek.files.mime_type",
- "zeek.files.filename",
- "zeek.files.parent_fuid",
- "zeek.files.md5",
- "zeek.files.sha1",
- "zeek.files.sha256",
- "zeek.files.extracted",
- "zeek.ssl.version",
- "zeek.ssl.cipher",
- "zeek.ssl.curve",
- "zeek.ssl.server_name",
- "zeek.ssl.next_protocol",
- "zeek.ssl.cert_chain",
- "zeek.ssl.cert_chain_fuids",
- "zeek.ssl.client_cert_chain",
- "zeek.ssl.client_cert_chain_fuids",
- "zeek.ssl.issuer",
- "zeek.ssl.client_issuer",
- "zeek.ssl.validation_status",
- "zeek.ssl.validation_code",
- "zeek.ssl.subject",
- "zeek.ssl.client_subject",
- "zeek.ssl.last_alert",
- "zeek.notice.connection_id",
- "zeek.notice.icmp_id",
- "zeek.notice.file.id",
- "zeek.notice.file.parent_id",
- "zeek.notice.file.source",
- "zeek.notice.file.mime_type",
- "zeek.notice.fuid",
- "zeek.notice.note",
- "zeek.notice.msg",
- "zeek.notice.sub",
- "zeek.notice.peer_name",
- "zeek.notice.peer_descr",
- "zeek.notice.actions",
- "zeek.notice.email_body_sections",
- "zeek.notice.email_delay_tokens",
- "zeek.notice.identifier",
- "fields.*"
- ]
- }
+ ],
+ "mappings":{
+ "dynamic":"true",
+ "properties":{
+ "source_host":{
+ "type":"ip"
+ },
+ "logrow":{
+ "type":"integer"
+ },
+ "request_from":{
+ "type":"ip"
+ },
+ "source_port":{
+ "type":"integer"
+ },
+ "ip_request":{
+ "type":"ip"
+ },
+ "ip_response":{
+ "type":"ip"
+ },
+ "dns_forward_to":{
+ "type":"ip",
+ "fields":{
+ "keyword":{
+ "type":"keyword",
+ "ignore_above":256
+ }
+ }
+ },
+ "tags":{
+ "type":"keyword",
+ "fields":{
+ "keyword":{
+ "type":"keyword",
+ "ignore_above":256
+ }
+ }
+ },
+ "pid":{
+ "type":"integer"
+ },
+ "pihole":{
+ "type":"ip"
+ },
+ "blocked_domain":{
+ "type":"text"
+ },
+ "date":{
+ "type":"date",
+ "format":"MMM d HH:mm:ss||MMM dd HH:mm:ss"
+ }
}
- },
- "mappings" : {
- "_meta" : {
- "beat" : "filebeat",
- "version" : "7.1.1"
- },
- "dynamic_templates" : [
- {
- "labels" : {
- "path_match" : "labels.*",
- "mapping" : {
- "type" : "keyword"
- },
- "match_mapping_type" : "string"
- }
- },
- {
- "container.labels" : {
- "path_match" : "container.labels.*",
- "mapping" : {
- "type" : "keyword"
- },
- "match_mapping_type" : "string"
- }
- },
- {
- "fields" : {
- "path_match" : "fields.*",
- "mapping" : {
- "type" : "keyword"
- },
- "match_mapping_type" : "string"
- }
- },
- {
- "docker.container.labels" : {
- "path_match" : "docker.container.labels.*",
- "mapping" : {
- "type" : "keyword"
- },
- "match_mapping_type" : "string"
- }
- },
- {
- "kibana.log.meta" : {
- "path_match" : "kibana.log.meta.*",
- "mapping" : {
- "type" : "keyword"
- },
- "match_mapping_type" : "string"
- }
- },
- {
- "strings_as_keyword" : {
- "mapping" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "match_mapping_type" : "string"
- }
- }
- ],
- "date_detection" : false,
- "properties" : {
- "container" : {
- "properties" : {
- "image" : {
- "properties" : {
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "tag" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "runtime" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "labels" : {
- "type" : "object"
- }
- }
- },
- "kubernetes" : {
- "properties" : {
- "container" : {
- "properties" : {
- "image" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "node" : {
- "properties" : {
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "pod" : {
- "properties" : {
- "uid" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "namespace" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "annotations" : {
- "type" : "object"
- },
- "labels" : {
- "type" : "object"
- }
- }
- },
- "agent" : {
- "properties" : {
- "hostname" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "ephemeral_id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "type" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "version" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "icinga" : {
- "properties" : {
- "debug" : {
- "properties" : {
- "facility" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "startup" : {
- "properties" : {
- "facility" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "main" : {
- "properties" : {
- "facility" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- }
- }
- },
- "source" : {
- "properties" : {
- "geo" : {
- "properties" : {
- "continent_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "region_iso_code" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "city_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "country_iso_code" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "country_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "location" : {
- "type" : "geo_point"
- },
- "region_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "address" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "port" : {
- "type" : "long"
- },
- "bytes" : {
- "type" : "long"
- },
- "domain" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "ip" : {
- "type" : "ip"
- },
- "user" : {
- "properties" : {
- "full_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "email" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "hash" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "group" : {
- "properties" : {
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- }
- }
- },
- "mac" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "packets" : {
- "type" : "long"
- }
- }
- },
- "redis" : {
- "properties" : {
- "log" : {
- "properties" : {
- "role" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "slowlog" : {
- "properties" : {
- "args" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "duration" : {
- "properties" : {
- "us" : {
- "type" : "long"
- }
- }
- },
- "cmd" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "id" : {
- "type" : "long"
- },
- "key" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- }
- }
- },
- "cloud" : {
- "properties" : {
- "availability_zone" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "instance" : {
- "properties" : {
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "provider" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "machine" : {
- "properties" : {
- "type" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "project" : {
- "properties" : {
- "id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "region" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "account" : {
- "properties" : {
- "id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- }
- }
- },
- "logstash" : {
- "properties" : {
- "log" : {
- "properties" : {
- "module" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "log_event" : {
- "type" : "object"
- },
- "thread" : {
- "ignore_above" : 1024,
- "fields" : {
- "text" : {
- "norms" : false,
- "type" : "text"
- }
- },
- "type" : "keyword"
- }
- }
- },
- "slowlog" : {
- "properties" : {
- "took_in_millis" : {
- "type" : "long"
- },
- "plugin_params" : {
- "ignore_above" : 1024,
- "fields" : {
- "text" : {
- "norms" : false,
- "type" : "text"
- }
- },
- "type" : "keyword"
- },
- "module" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "plugin_type" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "plugin_params_object" : {
- "type" : "object"
- },
- "thread" : {
- "ignore_above" : 1024,
- "fields" : {
- "text" : {
- "norms" : false,
- "type" : "text"
- }
- },
- "type" : "keyword"
- },
- "event" : {
- "ignore_above" : 1024,
- "fields" : {
- "text" : {
- "norms" : false,
- "type" : "text"
- }
- },
- "type" : "keyword"
- },
- "plugin_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- }
- }
- },
- "observer" : {
- "properties" : {
- "geo" : {
- "properties" : {
- "continent_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "region_iso_code" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "city_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "country_iso_code" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "country_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "location" : {
- "type" : "geo_point"
- },
- "region_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "hostname" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "os" : {
- "properties" : {
- "kernel" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "family" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "version" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "platform" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "full" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "vendor" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "ip" : {
- "type" : "ip"
- },
- "serial_number" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "type" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "version" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "mac" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "netflow" : {
- "properties" : {
- "information_element_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "next_header_ipv6" : {
- "type" : "short"
- },
- "class_id" : {
- "type" : "short"
- },
- "distinct_count_of_sourc_eipa_ddress" : {
- "type" : "long"
- },
- "min_flow_start_milliseconds" : {
- "type" : "date"
- },
- "application_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "nat_event" : {
- "type" : "short"
- },
- "icmp_code_ipv6" : {
- "type" : "short"
- },
- "icmp_code_ipv4" : {
- "type" : "short"
- },
- "sampling_flow_spacing" : {
- "type" : "long"
- },
- "tcp_ack_total_count" : {
- "type" : "long"
- },
- "post_ip_diff_serv_code_point" : {
- "type" : "short"
- },
- "not_sent_packet_total_count" : {
- "type" : "long"
- },
- "mpls_label_stack_section10" : {
- "type" : "short"
- },
- "dropped_packet_total_count" : {
- "type" : "long"
- },
- "flow_start_sys_up_time" : {
- "type" : "long"
- },
- "mpls_label_stack_section5" : {
- "type" : "short"
- },
- "post_octet_delta_count" : {
- "type" : "long"
- },
- "mpls_label_stack_section4" : {
- "type" : "short"
- },
- "pseudo_wire_control_word" : {
- "type" : "long"
- },
- "mpls_label_stack_section3" : {
- "type" : "short"
- },
- "octet_delta_count" : {
- "type" : "long"
- },
- "dropped_octet_total_count" : {
- "type" : "long"
- },
- "initiator_octets" : {
- "type" : "long"
- },
- "mpls_label_stack_section2" : {
- "type" : "short"
- },
- "sampler_id" : {
- "type" : "short"
- },
- "mpls_label_stack_section9" : {
- "type" : "short"
- },
- "mpls_label_stack_section8" : {
- "type" : "short"
- },
- "mpls_label_stack_section7" : {
- "type" : "short"
- },
- "metering_process_id" : {
- "type" : "long"
- },
- "mpls_label_stack_section6" : {
- "type" : "short"
- },
- "address_pool_low_threshold" : {
- "type" : "long"
- },
- "source_ipv6_prefix" : {
- "type" : "ip"
- },
- "connection_sum_duration_seconds" : {
- "type" : "long"
- },
- "sta_ipv4_address" : {
- "type" : "ip"
- },
- "mib_module_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "http_reason_phrase" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "mobile_msisdn" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "confidence_level" : {
- "type" : "double"
- },
- "mib_object_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "ignored_packet_total_count" : {
- "type" : "long"
- },
- "min_flow_start_nanoseconds" : {
- "type" : "date"
- },
- "tcp_options" : {
- "type" : "long"
- },
- "http_user_agent" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "virtual_station_interface_id" : {
- "type" : "short"
- },
- "post_ip_precedence" : {
- "type" : "short"
- },
- "sampling_size" : {
- "type" : "long"
- },
- "flow_sampling_time_spacing" : {
- "type" : "long"
- },
- "ip_version" : {
- "type" : "short"
- },
- "tcp_window_scale" : {
- "type" : "long"
- },
- "data_records_reliability" : {
- "type" : "boolean"
- },
- "ip_total_length" : {
- "type" : "long"
- },
- "post_mcast_octet_delta_count" : {
- "type" : "long"
- },
- "src_traffic_index" : {
- "type" : "long"
- },
- "ingress_physical_interface" : {
- "type" : "long"
- },
- "layer2_octet_total_sum_of_squares" : {
- "type" : "long"
- },
- "address_port_mapping_per_user_high_threshold" : {
- "type" : "long"
- },
- "sampling_time_interval" : {
- "type" : "long"
- },
- "ip_next_hop_ipv6_address" : {
- "type" : "ip"
- },
- "http_request_host" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "sampling_interval" : {
- "type" : "long"
- },
- "session_scope" : {
- "type" : "short"
- },
- "vr_fname" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "mpls_label_stack_depth" : {
- "type" : "long"
- },
- "sampling_flow_interval" : {
- "type" : "long"
- },
- "initiator_packets" : {
- "type" : "long"
- },
- "destination_transport_port" : {
- "type" : "long"
- },
- "vpn_identifier" : {
- "type" : "short"
- },
- "tcp_fin_total_count" : {
- "type" : "long"
- },
- "mib_object_valuei_pa_ddress" : {
- "type" : "ip"
- },
- "source_transport_ports_limit" : {
- "type" : "long"
- },
- "destination_ipv4_prefix" : {
- "type" : "ip"
- },
- "original_flows_completed" : {
- "type" : "long"
- },
- "nat_pool_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "total_length_ipv4" : {
- "type" : "long"
- },
- "data_link_frame_type" : {
- "type" : "long"
- },
- "post_ip_class_of_service" : {
- "type" : "short"
- },
- "nat_instance_id" : {
- "type" : "long"
- },
- "sampling_time_space" : {
- "type" : "long"
- },
- "application_category_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "ignored_layer2_frame_total_count" : {
- "type" : "long"
- },
- "mib_capture_time_semantics" : {
- "type" : "short"
- },
- "port_range_step_size" : {
- "type" : "long"
- },
- "sampling_packet_interval" : {
- "type" : "long"
- },
- "post_mcast_packet_delta_count" : {
- "type" : "long"
- },
- "selector_id" : {
- "type" : "long"
- },
- "dropped_layer2_octet_total_count" : {
- "type" : "long"
- },
- "ipv6_extension_headers" : {
- "type" : "long"
- },
- "not_sent_flow_total_count" : {
- "type" : "long"
- },
- "dot1q_customer_vlan_id" : {
- "type" : "long"
- },
- "tcp_urg_total_count" : {
- "type" : "long"
- },
- "mpls_top_label_type" : {
- "type" : "short"
- },
- "rtp_sequence_number" : {
- "type" : "long"
- },
- "dst_traffic_index" : {
- "type" : "long"
- },
- "section_exported_octets" : {
- "type" : "long"
- },
- "flow_duration_microseconds" : {
- "type" : "long"
- },
- "post_octet_total_count" : {
- "type" : "long"
- },
- "tcp_header_length" : {
- "type" : "short"
- },
- "mib_object_value_unsigned" : {
- "type" : "long"
- },
- "protocol_identifier" : {
- "type" : "short"
- },
- "metro_evc_type" : {
- "type" : "short"
- },
- "mpls_label_stack_section" : {
- "type" : "short"
- },
- "udp_destination_port" : {
- "type" : "long"
- },
- "wlan_ssid" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "collector_ipv4_address" : {
- "type" : "ip"
- },
- "max_fragments_pending_reassembly" : {
- "type" : "long"
- },
- "internal_address_realm" : {
- "type" : "short"
- },
- "flow_start_delta_microseconds" : {
- "type" : "long"
- },
- "information_element_range_begin" : {
- "type" : "long"
- },
- "payload_length_ipv6" : {
- "type" : "long"
- },
- "information_element_units" : {
- "type" : "long"
- },
- "ingress_interface" : {
- "type" : "long"
- },
- "mpls_top_label_ipv4_address" : {
- "type" : "ip"
- },
- "observation_domain_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "max_session_entries" : {
- "type" : "long"
- },
- "tcp_window_size" : {
- "type" : "long"
- },
- "biflow_direction" : {
- "type" : "short"
- },
- "information_element_id" : {
- "type" : "long"
- },
- "bgp_source_as_number" : {
- "type" : "long"
- },
- "exporter_certificate" : {
- "type" : "short"
- },
- "sampler_mode" : {
- "type" : "short"
- },
- "flow_selected_octet_delta_count" : {
- "type" : "long"
- },
- "sta_mac_address" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "dropped_packet_delta_count" : {
- "type" : "long"
- },
- "mpls_top_label_stack_section" : {
- "type" : "short"
- },
- "nat_pool_id" : {
- "type" : "long"
- },
- "ethernet_type" : {
- "type" : "long"
- },
- "source_mac_address" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "multicast_replication_factor" : {
- "type" : "long"
- },
- "anonymization_technique" : {
- "type" : "long"
- },
- "application_id" : {
- "type" : "short"
- },
- "destination_ipv6_prefix_length" : {
- "type" : "short"
- },
- "transport_packet_delta_count" : {
- "type" : "long"
- },
- "original_exporter_ipv6_address" : {
- "type" : "ip"
- },
- "destination_ipv4_address" : {
- "type" : "ip"
- },
- "observation_domain_id" : {
- "type" : "long"
- },
- "digest_hash_value" : {
- "type" : "long"
- },
- "mpls_label_stack_length" : {
- "type" : "long"
- },
- "port_id" : {
- "type" : "long"
- },
- "post_layer2_octet_delta_count" : {
- "type" : "long"
- },
- "exporter_ipv4_address" : {
- "type" : "ip"
- },
- "dot1q_vlan_id" : {
- "type" : "long"
- },
- "hash_flow_domain" : {
- "type" : "long"
- },
- "external_address_realm" : {
- "type" : "short"
- },
- "data_link_frame_section" : {
- "type" : "short"
- },
- "egress_vrfid" : {
- "type" : "long"
- },
- "hash_ipp_ayload_size" : {
- "type" : "long"
- },
- "ip_diff_serv_code_point" : {
- "type" : "short"
- },
- "exported_flow_record_total_count" : {
- "type" : "long"
- },
- "application_description" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "original_flows_present" : {
- "type" : "long"
- },
- "opaque_octets" : {
- "type" : "short"
- },
- "selector_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "information_element_semantics" : {
- "type" : "short"
- },
- "export_interface" : {
- "type" : "long"
- },
- "post_source_mac_address" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "tcp_rst_total_count" : {
- "type" : "long"
- },
- "distinct_count_of_destination_ipv6_address" : {
- "type" : "long"
- },
- "octet_total_sum_of_squares" : {
- "type" : "long"
- },
- "classification_engine_id" : {
- "type" : "short"
- },
- "selector_id_total_pkts_observed" : {
- "type" : "long"
- },
- "information_element_description" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "intermediate_process_id" : {
- "type" : "long"
- },
- "flow_end_delta_microseconds" : {
- "type" : "long"
- },
- "post_mcast_octet_total_count" : {
- "type" : "long"
- },
- "flow_selector_algorithm" : {
- "type" : "long"
- },
- "delta_flow_count" : {
- "type" : "long"
- },
- "ingress_vrfid" : {
- "type" : "long"
- },
- "original_flows_initiated" : {
- "type" : "long"
- },
- "virtual_station_uuid" : {
- "type" : "short"
- },
- "gre_key" : {
- "type" : "long"
- },
- "fragment_offset" : {
- "type" : "long"
- },
- "tcp_source_port" : {
- "type" : "long"
- },
- "flow_end_seconds" : {
- "type" : "date"
- },
- "ipv4_ihl" : {
- "type" : "short"
- },
- "dot1q_priority" : {
- "type" : "short"
- },
- "max_entries_per_user" : {
- "type" : "long"
- },
- "source_ipv6_prefix_length" : {
- "type" : "short"
- },
- "post_destination_mac_address" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "value_distribution_method" : {
- "type" : "short"
- },
- "mib_object_value_oid" : {
- "type" : "short"
- },
- "observed_flow_total_count" : {
- "type" : "long"
- },
- "post_nadt_estination_ipv4_address" : {
- "type" : "ip"
- },
- "mib_object_identifier" : {
- "type" : "short"
- },
- "mib_object_value_gauge" : {
- "type" : "long"
- },
- "not_sent_layer2_octet_total_count" : {
- "type" : "long"
- },
- "udp_source_port" : {
- "type" : "long"
- },
- "hash_selected_range_max" : {
- "type" : "long"
- },
- "post_vlan_id" : {
- "type" : "long"
- },
- "ipv4_router_sc" : {
- "type" : "ip"
- },
- "packet_delta_count" : {
- "type" : "long"
- },
- "layer2_frame_total_count" : {
- "type" : "long"
- },
- "egress_interface_type" : {
- "type" : "long"
- },
- "bgp_next_hop_ipv4_address" : {
- "type" : "ip"
- },
- "sampler_random_interval" : {
- "type" : "long"
- },
- "dot1q_customer_dei" : {
- "type" : "boolean"
- },
- "layer2packet_section_offset" : {
- "type" : "long"
- },
- "post_packet_delta_count" : {
- "type" : "long"
- },
- "hash_ipp_ayload_offset" : {
- "type" : "long"
- },
- "destination_ipv4_prefix_length" : {
- "type" : "short"
- },
- "sampling_probability" : {
- "type" : "double"
- },
- "source_ipv4_prefix_length" : {
- "type" : "short"
- },
- "dot1q_service_instance_id" : {
- "type" : "long"
- },
- "egress_interface" : {
- "type" : "long"
- },
- "observation_point_id" : {
- "type" : "long"
- },
- "tcp_urgent_pointer" : {
- "type" : "long"
- },
- "source_ipv6_address" : {
- "type" : "ip"
- },
- "bgp_prev_adjacent_as_number" : {
- "type" : "long"
- },
- "export_sctp_stream_id" : {
- "type" : "long"
- },
- "max_flow_end_microseconds" : {
- "type" : "date"
- },
- "selection_sequence_id" : {
- "type" : "long"
- },
- "tcp_acknowledgement_number" : {
- "type" : "long"
- },
- "encrypted_technology" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "mpls_top_label_prefix_length" : {
- "type" : "short"
- },
- "max_flow_end_seconds" : {
- "type" : "date"
- },
- "sampler_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "octet_delta_sum_of_squares" : {
- "type" : "long"
- },
- "post_napst_ource_transport_port" : {
- "type" : "long"
- },
- "observation_time_seconds" : {
- "type" : "date"
- },
- "post_nast_ource_ipv4_address" : {
- "type" : "ip"
- },
- "sampling_population" : {
- "type" : "long"
- },
- "tcp_sequence_number" : {
- "type" : "long"
- },
- "min_flow_start_seconds" : {
- "type" : "date"
- },
- "monitoring_interval_end_milli_seconds" : {
- "type" : "date"
- },
- "flow_start_milliseconds" : {
- "type" : "date"
- },
- "minimum_ttl" : {
- "type" : "short"
- },
- "pseudo_wire_destination_ipv4_address" : {
- "type" : "ip"
- },
- "source_ipv4_prefix" : {
- "type" : "ip"
- },
- "wlan_channel_id" : {
- "type" : "short"
- },
- "distinct_count_of_source_ipv6_address" : {
- "type" : "long"
- },
- "post_dot1q_customer_vlan_id" : {
- "type" : "long"
- },
- "global_address_mapping_high_threshold" : {
- "type" : "long"
- },
- "new_connection_delta_count" : {
- "type" : "long"
- },
- "flow_sampling_time_interval" : {
- "type" : "long"
- },
- "mib_object_value_time_ticks" : {
- "type" : "long"
- },
- "nat_threshold_event" : {
- "type" : "long"
- },
- "ingress_interface_type" : {
- "type" : "long"
- },
- "icmp_type_code_ipv4" : {
- "type" : "long"
- },
- "post_layer2_octet_total_count" : {
- "type" : "long"
- },
- "mib_object_value_integer" : {
- "type" : "long"
- },
- "icmp_type_code_ipv6" : {
- "type" : "long"
- },
- "bgp_destination_as_number" : {
- "type" : "long"
- },
- "http_request_target" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "bgp_next_hop_ipv6_address" : {
- "type" : "ip"
- },
- "forwarding_status" : {
- "type" : "short"
- },
- "information_element_index" : {
- "type" : "long"
- },
- "mib_context_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "mpls_top_label_ipv6_address" : {
- "type" : "ip"
- },
- "fragment_identification" : {
- "type" : "long"
- },
- "user_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "port_range_num_ports" : {
- "type" : "long"
- },
- "hash_selected_range_min" : {
- "type" : "long"
- },
- "exporter" : {
- "properties" : {
- "uptime_millis" : {
- "type" : "long"
- },
- "address" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "source_id" : {
- "type" : "long"
- },
- "version" : {
- "type" : "long"
- },
- "timestamp" : {
- "type" : "date"
- }
- }
- },
- "hash_output_range_min" : {
- "type" : "long"
- },
- "http_content_type" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "selector_algorithm" : {
- "type" : "long"
- },
- "address_port_mapping_high_threshold" : {
- "type" : "long"
- },
- "flow_start_seconds" : {
- "type" : "date"
- },
- "mobile_imsi" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "nat_originating_address_realm" : {
- "type" : "short"
- },
- "tcp_destination_port" : {
- "type" : "long"
- },
- "application_sub_category_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "class_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "not_sent_octet_total_count" : {
- "type" : "long"
- },
- "responder_octets" : {
- "type" : "long"
- },
- "layer2_octet_delta_count" : {
- "type" : "long"
- },
- "information_element_data_type" : {
- "type" : "short"
- },
- "flow_start_nanoseconds" : {
- "type" : "date"
- },
- "hash_initialiser_value" : {
- "type" : "long"
- },
- "bgp_validity_state" : {
- "type" : "short"
- },
- "engine_type" : {
- "type" : "short"
- },
- "flow_direction" : {
- "type" : "short"
- },
- "dot1q_customer_source_mac_address" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "wtp_mac_address" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "mpls_payload_length" : {
- "type" : "long"
- },
- "template_id" : {
- "type" : "long"
- },
- "dot1q_customer_destination_mac_address" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "pseudo_wire_type" : {
- "type" : "long"
- },
- "interface_description" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "pseudo_wire_id" : {
- "type" : "long"
- },
- "vlan_id" : {
- "type" : "long"
- },
- "hash_digest_output" : {
- "type" : "boolean"
- },
- "responder_packets" : {
- "type" : "long"
- },
- "ethernet_payload_length" : {
- "type" : "long"
- },
- "collector_certificate" : {
- "type" : "short"
- },
- "tcp_control_bits" : {
- "type" : "long"
- },
- "mpls_payload_packet_section" : {
- "type" : "short"
- },
- "anonymization_flags" : {
- "type" : "long"
- },
- "ingress_unicast_packet_total_count" : {
- "type" : "long"
- },
- "lower_cli_imit" : {
- "type" : "double"
- },
- "address_pool_high_threshold" : {
- "type" : "long"
- },
- "information_element_range_end" : {
- "type" : "long"
- },
- "observation_point_type" : {
- "type" : "short"
- },
- "ip_payload_packet_section" : {
- "type" : "short"
- },
- "http_status_code" : {
- "type" : "long"
- },
- "bgp_next_adjacent_as_number" : {
- "type" : "long"
- },
- "dropped_layer2_octet_delta_count" : {
- "type" : "long"
- },
- "common_properties_id" : {
- "type" : "long"
- },
- "destination_ipv6_prefix" : {
- "type" : "ip"
- },
- "maximum_ip_total_length" : {
- "type" : "long"
- },
- "exporter_ipv6_address" : {
- "type" : "ip"
- },
- "ip_class_of_service" : {
- "type" : "short"
- },
- "rfc3550_jitter_nanoseconds" : {
- "type" : "long"
- },
- "http_request_method" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "is_multicast" : {
- "type" : "short"
- },
- "original_observation_domain_id" : {
- "type" : "long"
- },
- "mib_object_value_counter" : {
- "type" : "long"
- },
- "mib_object_value_bits" : {
- "type" : "short"
- },
- "ip_header_packet_section" : {
- "type" : "short"
- },
- "post_mcast_layer2_octet_delta_count" : {
- "type" : "long"
- },
- "tunnel_technology" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "ingress_multicast_packet_total_count" : {
- "type" : "long"
- },
- "flow_idle_timeout" : {
- "type" : "long"
- },
- "exported_message_total_count" : {
- "type" : "long"
- },
- "max_export_seconds" : {
- "type" : "date"
- },
- "minimum_ip_total_length" : {
- "type" : "long"
- },
- "selector_itd_otal_flows_selected" : {
- "type" : "long"
- },
- "flow_end_nanoseconds" : {
- "type" : "date"
- },
- "layer2_segment_id" : {
- "type" : "long"
- },
- "ip_next_hop_ipv4_address" : {
- "type" : "ip"
- },
- "post_mcast_layer2_octet_total_count" : {
- "type" : "long"
- },
- "egress_physical_interface" : {
- "type" : "long"
- },
- "tcp_psh_total_count" : {
- "type" : "long"
- },
- "mib_index_indicator" : {
- "type" : "long"
- },
- "nat_type" : {
- "type" : "short"
- },
- "udp_message_length" : {
- "type" : "long"
- },
- "selector_itd_otal_flows_observed" : {
- "type" : "long"
- },
- "monitoring_interval_start_milli_seconds" : {
- "type" : "date"
- },
- "layer2packet_section_size" : {
- "type" : "long"
- },
- "port_range_start" : {
- "type" : "long"
- },
- "exported_octet_total_count" : {
- "type" : "long"
- },
- "type" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "source_ipv4_address" : {
- "type" : "ip"
- },
- "collector_transport_port" : {
- "type" : "long"
- },
- "post_dot1q_vlan_id" : {
- "type" : "long"
- },
- "observation_time_nanoseconds" : {
- "type" : "date"
- },
- "firewall_event" : {
- "type" : "short"
- },
- "dropped_octet_delta_count" : {
- "type" : "long"
- },
- "octet_total_count" : {
- "type" : "long"
- },
- "post_nadt_estination_ipv6_address" : {
- "type" : "ip"
- },
- "http_message_version" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "flow_selected_packet_delta_count" : {
- "type" : "long"
- },
- "flow_active_timeout" : {
- "type" : "long"
- },
- "maximum_ttl" : {
- "type" : "short"
- },
- "post_mcast_packet_total_count" : {
- "type" : "long"
- },
- "dot1q_customer_priority" : {
- "type" : "short"
- },
- "igmp_type" : {
- "type" : "short"
- },
- "metro_evc_id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "destination_mac_address" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "flow_end_sys_up_time" : {
- "type" : "long"
- },
- "relative_error" : {
- "type" : "double"
- },
- "source_transport_port" : {
- "type" : "long"
- },
- "export_protocol_version" : {
- "type" : "short"
- },
- "mib_object_value_octet_string" : {
- "type" : "short"
- },
- "exporting_process_id" : {
- "type" : "long"
- },
- "hash_output_range_max" : {
- "type" : "long"
- },
- "max_subscribers" : {
- "type" : "long"
- },
- "dot1q_service_instance_priority" : {
- "type" : "short"
- },
- "ip_header_length" : {
- "type" : "short"
- },
- "sampling_algorithm" : {
- "type" : "short"
- },
- "ingress_broadcast_packet_total_count" : {
- "type" : "long"
- },
- "data_link_frame_size" : {
- "type" : "long"
- },
- "ip_ttl" : {
- "type" : "short"
- },
- "layer2_octet_total_count" : {
- "type" : "long"
- },
- "mib_object_syntax" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "min_flow_start_microseconds" : {
- "type" : "date"
- },
- "ignored_layer2_octet_total_count" : {
- "type" : "long"
- },
- "private_enterprise_number" : {
- "type" : "long"
- },
- "flow_start_microseconds" : {
- "type" : "date"
- },
- "address_port_mapping_low_threshold" : {
- "type" : "long"
- },
- "max_bieb_ntries" : {
- "type" : "long"
- },
- "collector_ipv6_address" : {
- "type" : "ip"
- },
- "distinct_count_of_destinatio_nipa_ddress" : {
- "type" : "long"
- },
- "max_flow_end_milliseconds" : {
- "type" : "date"
- },
- "absolute_error" : {
- "type" : "double"
- },
- "observation_time_microseconds" : {
- "type" : "date"
- },
- "minimum_layer2_total_length" : {
- "type" : "long"
- },
- "ethernet_total_length" : {
- "type" : "long"
- },
- "flow_end_microseconds" : {
- "type" : "date"
- },
- "layer2_octet_delta_sum_of_squares" : {
- "type" : "long"
- },
- "padding_octets" : {
- "type" : "short"
- },
- "application_group_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "dot1q_dei" : {
- "type" : "boolean"
- },
- "upper_cli_imit" : {
- "type" : "double"
- },
- "mpls_top_label_exp" : {
- "type" : "short"
- },
- "ipv4_options" : {
- "type" : "long"
- },
- "virtual_station_interface_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "fragment_flags" : {
- "type" : "short"
- },
- "destination_ipv6_address" : {
- "type" : "ip"
- },
- "system_init_time_milliseconds" : {
- "type" : "date"
- },
- "message_scope" : {
- "type" : "short"
- },
- "connection_transaction_id" : {
- "type" : "long"
- },
- "ip_payload_length" : {
- "type" : "long"
- },
- "dot1q_service_instance_tag" : {
- "type" : "short"
- },
- "flow_end_reason" : {
- "type" : "short"
- },
- "flow_duration_milliseconds" : {
- "type" : "long"
- },
- "original_exporter_ipv4_address" : {
- "type" : "ip"
- },
- "selector_id_total_pkts_selected" : {
- "type" : "long"
- },
- "virtual_station_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "flow_id" : {
- "type" : "long"
- },
- "port_range_end" : {
- "type" : "long"
- },
- "post_mpls_top_label_exp" : {
- "type" : "short"
- },
- "post_nast_ource_ipv6_address" : {
- "type" : "ip"
- },
- "flow_selected_flow_delta_count" : {
- "type" : "long"
- },
- "ignored_data_record_total_count" : {
- "type" : "long"
- },
- "tcp_syn_total_count" : {
- "type" : "long"
- },
- "export_transport_protocol" : {
- "type" : "short"
- },
- "ip_sec_spi" : {
- "type" : "long"
- },
- "rfc3550_jitter_milliseconds" : {
- "type" : "long"
- },
- "maximum_layer2_total_length" : {
- "type" : "long"
- },
- "layer2packet_section_data" : {
- "type" : "short"
- },
- "egress_broadcast_packet_total_count" : {
- "type" : "long"
- },
- "transport_octet_delta_count" : {
- "type" : "long"
- },
- "rfc3550_jitter_microseconds" : {
- "type" : "long"
- },
- "layer2_frame_delta_count" : {
- "type" : "long"
- },
- "line_card_id" : {
- "type" : "long"
- },
- "ethernet_header_length" : {
- "type" : "short"
- },
- "flow_key_indicator" : {
- "type" : "long"
- },
- "interface_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "mpls_vpn_route_distinguisher" : {
- "type" : "short"
- },
- "post_napdt_estination_transport_port" : {
- "type" : "long"
- },
- "icmp_type_ipv4" : {
- "type" : "short"
- },
- "flags_and_sampler_id" : {
- "type" : "long"
- },
- "icmp_type_ipv6" : {
- "type" : "short"
- },
- "message_md5_checksum" : {
- "type" : "short"
- },
- "distinct_count_of_source_ipv4_address" : {
- "type" : "long"
- },
- "packet_total_count" : {
- "type" : "long"
- },
- "mib_context_engine_id" : {
- "type" : "short"
- },
- "mib_sub_identifier" : {
- "type" : "long"
- },
- "post_packet_total_count" : {
- "type" : "long"
- },
- "sampling_packet_space" : {
- "type" : "long"
- },
- "p2p_technology" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "egress_unicast_packet_total_count" : {
- "type" : "long"
- },
- "min_export_seconds" : {
- "type" : "date"
- },
- "exporter_transport_port" : {
- "type" : "long"
- },
- "distinct_count_of_destination_ipv4_address" : {
- "type" : "long"
- },
- "flow_label_ipv6" : {
- "type" : "long"
- },
- "ignored_octet_total_count" : {
- "type" : "long"
- },
- "observation_time_milliseconds" : {
- "type" : "date"
- },
- "nat_quota_exceeded_event" : {
- "type" : "long"
- },
- "max_flow_end_nanoseconds" : {
- "type" : "date"
- },
- "engine_id" : {
- "type" : "short"
- },
- "mib_object_description" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "mpls_top_label_ttl" : {
- "type" : "short"
- },
- "section_offset" : {
- "type" : "long"
- },
- "flow_end_milliseconds" : {
- "type" : "date"
- },
- "ip_precedence" : {
- "type" : "short"
- },
- "collection_time_milliseconds" : {
- "type" : "date"
- }
- }
- },
- "apache" : {
- "properties" : {
- "access" : {
- "properties" : {
- "ssl" : {
- "properties" : {
- "cipher" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "protocol" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- }
- }
- },
- "error" : {
- "properties" : {
- "module" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- }
- }
- },
- "ecs" : {
- "properties" : {
- "version" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "elasticsearch" : {
- "properties" : {
- "cluster" : {
- "properties" : {
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "uuid" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "node" : {
- "properties" : {
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "server" : {
- "properties" : {
- "stacktrace" : {
- "ignore_above" : 1024,
- "index" : false,
- "type" : "keyword"
- },
- "gc" : {
- "properties" : {
- "overhead_seq" : {
- "type" : "long"
- },
- "young" : {
- "properties" : {
- "one" : {
- "type" : "long"
- },
- "two" : {
- "type" : "long"
- }
- }
- },
- "observation_duration" : {
- "properties" : {
- "ms" : {
- "type" : "float"
- }
- }
- },
- "collection_duration" : {
- "properties" : {
- "ms" : {
- "type" : "float"
- }
- }
- }
- }
- }
- }
- },
- "component" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "audit" : {
- "properties" : {
- "request" : {
- "properties" : {
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "indices" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "event_type" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "origin" : {
- "properties" : {
- "type" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "action" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "realm" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "user" : {
- "properties" : {
- "roles" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "realm" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "layer" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "url" : {
- "properties" : {
- "params" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- }
- }
- },
- "slowlog" : {
- "properties" : {
- "routing" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "took" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "total_shards" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "source_query" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "types" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "total_hits" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "stats" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "extra_source" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "logger" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "type" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "search_type" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "index" : {
- "properties" : {
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "shard" : {
- "properties" : {
- "id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "deprecation" : {
- "properties" : { }
- },
- "gc" : {
- "properties" : {
- "phase" : {
- "properties" : {
- "cpu_time" : {
- "properties" : {
- "real_sec" : {
- "type" : "float"
- },
- "sys_sec" : {
- "type" : "float"
- },
- "user_sec" : {
- "type" : "float"
- }
- }
- },
- "scrub_symbol_table_time_sec" : {
- "type" : "float"
- },
- "scrub_string_table_time_sec" : {
- "type" : "float"
- },
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "weak_refs_processing_time_sec" : {
- "type" : "float"
- },
- "parallel_rescan_time_sec" : {
- "type" : "float"
- },
- "class_unload_time_sec" : {
- "type" : "float"
- },
- "duration_sec" : {
- "type" : "float"
- }
- }
- },
- "jvm_runtime_sec" : {
- "type" : "float"
- },
- "stopping_threads_time_sec" : {
- "type" : "float"
- },
- "old_gen" : {
- "properties" : {
- "size_kb" : {
- "type" : "long"
- },
- "used_kb" : {
- "type" : "long"
- }
- }
- },
- "young_gen" : {
- "properties" : {
- "size_kb" : {
- "type" : "long"
- },
- "used_kb" : {
- "type" : "long"
- }
- }
- },
- "threads_total_stop_time_sec" : {
- "type" : "float"
- },
- "heap" : {
- "properties" : {
- "size_kb" : {
- "type" : "long"
- },
- "used_kb" : {
- "type" : "long"
- }
- }
- },
- "tags" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- }
- }
- },
- "host" : {
- "properties" : {
- "geo" : {
- "properties" : {
- "continent_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "region_iso_code" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "city_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "country_iso_code" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "country_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "location" : {
- "type" : "geo_point"
- },
- "region_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "hostname" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "os" : {
- "properties" : {
- "build" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "kernel" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "family" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "version" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "platform" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "full" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "containerized" : {
- "type" : "boolean"
- },
- "ip" : {
- "type" : "ip"
- },
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "type" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "user" : {
- "properties" : {
- "full_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "email" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "hash" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "group" : {
- "properties" : {
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- }
- }
- },
- "mac" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "architecture" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "mysql" : {
- "properties" : {
- "thread_id" : {
- "type" : "long"
- },
- "slowlog" : {
- "properties" : {
- "schema" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "tmp_table_sizes" : {
- "type" : "long"
- },
- "rows_examined" : {
- "type" : "long"
- },
- "innodb" : {
- "properties" : {
- "trx_id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "io_r_ops" : {
- "type" : "long"
- },
- "io_r_wait" : {
- "properties" : {
- "sec" : {
- "type" : "long"
- }
- }
- },
- "io_r_bytes" : {
- "type" : "long"
- },
- "pages_distinct" : {
- "type" : "long"
- },
- "queue_wait" : {
- "properties" : {
- "sec" : {
- "type" : "long"
- }
- }
- },
- "rec_lock_wait" : {
- "properties" : {
- "sec" : {
- "type" : "long"
- }
- }
- }
- }
- },
- "tmp_disk_tables" : {
- "type" : "long"
- },
- "filesort_on_disk" : {
- "type" : "boolean"
- },
- "tmp_tables" : {
- "type" : "long"
- },
- "full_join" : {
- "type" : "boolean"
- },
- "current_user" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "log_slow_rate_limit" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "log_slow_rate_type" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "priority_queue" : {
- "type" : "boolean"
- },
- "full_scan" : {
- "type" : "boolean"
- },
- "query" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "merge_passes" : {
- "type" : "long"
- },
- "filesort" : {
- "type" : "boolean"
- },
- "bytes_sent" : {
- "type" : "long"
- },
- "killed" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "tmp_table" : {
- "type" : "boolean"
- },
- "lock_time" : {
- "properties" : {
- "sec" : {
- "type" : "float"
- }
- }
- },
- "rows_affected" : {
- "type" : "long"
- },
- "rows_sent" : {
- "type" : "long"
- },
- "last_errno" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "query_cache_hit" : {
- "type" : "boolean"
- },
- "tmp_table_on_disk" : {
- "type" : "boolean"
- }
- }
- },
- "error" : {
- "properties" : { }
- }
- }
- },
- "kibana" : {
- "properties" : {
- "log" : {
- "properties" : {
- "meta" : {
- "type" : "object"
- },
- "state" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "tags" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- }
- }
- },
- "group" : {
- "properties" : {
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "nginx" : {
- "properties" : {
- "access" : {
- "properties" : {
- "geoip" : {
- "properties" : { }
- },
- "user_agent" : {
- "properties" : { }
- }
- }
- },
- "error" : {
- "properties" : {
- "connection_id" : {
- "type" : "long"
- }
- }
- }
- }
- },
- "zeek" : {
- "properties" : {
- "dns" : {
- "properties" : {
- "AA" : {
- "type" : "boolean"
- },
- "TTLs" : {
- "type" : "double"
- },
- "qclass_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "qtype_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "qtype" : {
- "type" : "long"
- },
- "rejected" : {
- "type" : "boolean"
- },
- "query" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "answers" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "total_replies" : {
- "type" : "long"
- },
- "rcode" : {
- "type" : "long"
- },
- "trans_id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "RA" : {
- "type" : "boolean"
- },
- "TC" : {
- "type" : "boolean"
- },
- "rcode_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "RD" : {
- "type" : "boolean"
- },
- "saw_query" : {
- "type" : "boolean"
- },
- "rtt" : {
- "type" : "double"
- },
- "saw_reply" : {
- "type" : "boolean"
- },
- "total_answers" : {
- "type" : "long"
- },
- "qclass" : {
- "type" : "long"
- }
- }
- },
- "files" : {
- "properties" : {
- "timedout" : {
- "type" : "boolean"
- },
- "sha256" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "tx_host" : {
- "type" : "ip"
- },
- "source" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "extracted" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "duration" : {
- "type" : "double"
- },
- "entropy" : {
- "type" : "double"
- },
- "analyzers" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "total_bytes" : {
- "type" : "long"
- },
- "fuid" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "seen_bytes" : {
- "type" : "long"
- },
- "missing_bytes" : {
- "type" : "long"
- },
- "session_ids" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "parent_fuid" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "local_orig" : {
- "type" : "boolean"
- },
- "is_orig" : {
- "type" : "boolean"
- },
- "extracted_cutoff" : {
- "type" : "boolean"
- },
- "overflow_bytes" : {
- "type" : "long"
- },
- "sha1" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "depth" : {
- "type" : "long"
- },
- "filename" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "mime_type" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "rx_host" : {
- "type" : "ip"
- },
- "extracted_size" : {
- "type" : "long"
- },
- "md5" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "http" : {
- "properties" : {
- "orig_mime_depth" : {
- "type" : "long"
- },
- "server_header_names" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "resp_mime_depth" : {
- "type" : "long"
- },
- "proxied" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "orig_mime_types" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "tags" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "info_msg" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "resp_mime_types" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "client_header_names" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "password" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "trans_depth" : {
- "type" : "long"
- },
- "orig_filenames" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "orig_fuids" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "range_request" : {
- "type" : "boolean"
- },
- "captured_password" : {
- "type" : "boolean"
- },
- "status_msg" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "resp_filenames" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "info_code" : {
- "type" : "long"
- },
- "resp_fuids" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "session_id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "connection" : {
- "properties" : {
- "local_resp" : {
- "type" : "boolean"
- },
- "inner_vlan" : {
- "type" : "long"
- },
- "resp_l2_addr" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "vlan" : {
- "type" : "long"
- },
- "local_orig" : {
- "type" : "boolean"
- },
- "history" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "missed_bytes" : {
- "type" : "long"
- },
- "state" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "orig_l2_addr" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "fnotice" : {
- "properties" : {
- "file" : {
- "properties" : {
- "total_bytes" : {
- "type" : "long"
- }
- }
- }
- }
- },
- "ssl" : {
- "properties" : {
- "cipher" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "established" : {
- "type" : "boolean"
- },
- "server_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "client_cert_chain_fuids" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "curve" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "subject" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "cert_chain_fuids" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "next_protocol" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "version" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "issuer" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "client_subject" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "client_issuer" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "cert_chain" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "client_cert_chain" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "last_alert" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "validation_code" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "validation_status" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "resumed" : {
- "type" : "boolean"
- }
- }
- },
- "notice" : {
- "properties" : {
- "msg" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "suppress_for" : {
- "type" : "double"
- },
- "identifier" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "note" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "sub" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "email_delay_tokens" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "dropped" : {
- "type" : "boolean"
- },
- "email_body_sections" : {
- "norms" : false,
- "type" : "text"
- },
- "n" : {
- "type" : "long"
- },
- "icmp_id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "peer_descr" : {
- "norms" : false,
- "type" : "text"
- },
- "file" : {
- "properties" : {
- "mime_type" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "parent_id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "source" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "is_orig" : {
- "type" : "boolean"
- },
- "seen_bytes" : {
- "type" : "long"
- },
- "missing_bytes" : {
- "type" : "long"
- },
- "overflow_bytes" : {
- "type" : "long"
- }
- }
- },
- "connection_id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "fuid" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "peer_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "actions" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- }
- }
- },
- "labels" : {
- "type" : "object"
- },
- "tags" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "input" : {
- "properties" : {
- "type" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "system" : {
- "properties" : {
- "auth" : {
- "properties" : {
- "ssh" : {
- "properties" : {
- "geoip" : {
- "properties" : { }
- },
- "dropped_ip" : {
- "type" : "ip"
- },
- "method" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "signature" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "event" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "sudo" : {
- "properties" : {
- "tty" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "error" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "pwd" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "user" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "command" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "groupadd" : {
- "properties" : { }
- },
- "useradd" : {
- "properties" : {
- "shell" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "home" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- }
- }
- },
- "syslog" : {
- "properties" : { }
- }
- }
- },
- "kafka" : {
- "properties" : {
- "log" : {
- "properties" : {
- "component" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "trace" : {
- "properties" : {
- "message" : {
- "norms" : false,
- "type" : "text"
- },
- "class" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "class" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- }
- }
- },
- "http" : {
- "properties" : {
- "request" : {
- "properties" : {
- "referrer" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "method" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "bytes" : {
- "type" : "long"
- },
- "body" : {
- "properties" : {
- "bytes" : {
- "type" : "long"
- },
- "content" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- }
- }
- },
- "response" : {
- "properties" : {
- "status_code" : {
- "type" : "long"
- },
- "bytes" : {
- "type" : "long"
- },
- "body" : {
- "properties" : {
- "bytes" : {
- "type" : "long"
- },
- "content" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- }
- }
- },
- "version" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "suricata" : {
- "properties" : {
- "eve" : {
- "properties" : {
- "icmp_type" : {
- "type" : "long"
- },
- "flags" : {
- "properties" : { }
- },
- "ssh" : {
- "properties" : {
- "server" : {
- "properties" : {
- "proto_version" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "software_version" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "client" : {
- "properties" : {
- "proto_version" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "software_version" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- }
- }
- },
- "app_proto_orig" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "src_ip" : {
- "path" : "source.ip",
- "type" : "alias"
- },
- "event_type" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "alert" : {
- "properties" : {
- "severity" : {
- "path" : "event.severity",
- "type" : "alias"
- },
- "rev" : {
- "type" : "long"
- },
- "signature_id" : {
- "type" : "long"
- },
- "gid" : {
- "type" : "long"
- },
- "signature" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "action" : {
- "path" : "event.outcome",
- "type" : "alias"
- },
- "category" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "stats" : {
- "properties" : {
- "defrag" : {
- "properties" : {
- "max_frag_hits" : {
- "type" : "long"
- },
- "ipv4" : {
- "properties" : {
- "reassembled" : {
- "type" : "long"
- },
- "timeouts" : {
- "type" : "long"
- },
- "fragments" : {
- "type" : "long"
- }
- }
- },
- "ipv6" : {
- "properties" : {
- "reassembled" : {
- "type" : "long"
- },
- "timeouts" : {
- "type" : "long"
- },
- "fragments" : {
- "type" : "long"
- }
- }
- }
- }
- },
- "tcp" : {
- "properties" : {
- "insert_data_overlap_fail" : {
- "type" : "long"
- },
- "invalid_checksum" : {
- "type" : "long"
- },
- "ssn_memcap_drop" : {
- "type" : "long"
- },
- "sessions" : {
- "type" : "long"
- },
- "overlap_diff_data" : {
- "type" : "long"
- },
- "stream_depth_reached" : {
- "type" : "long"
- },
- "syn" : {
- "type" : "long"
- },
- "no_flow" : {
- "type" : "long"
- },
- "segment_memcap_drop" : {
- "type" : "long"
- },
- "memuse" : {
- "type" : "long"
- },
- "pseudo_failed" : {
- "type" : "long"
- },
- "reassembly_gap" : {
- "type" : "long"
- },
- "rst" : {
- "type" : "long"
- },
- "overlap" : {
- "type" : "long"
- },
- "insert_list_fail" : {
- "type" : "long"
- },
- "synack" : {
- "type" : "long"
- },
- "pseudo" : {
- "type" : "long"
- },
- "reassembly_memuse" : {
- "type" : "long"
- },
- "insert_data_normal_fail" : {
- "type" : "long"
- }
- }
- },
- "app_layer" : {
- "properties" : {
- "tx" : {
- "properties" : {
- "dcerpc_tcp" : {
- "type" : "long"
- },
- "dcerpc_udp" : {
- "type" : "long"
- },
- "ftp" : {
- "type" : "long"
- },
- "smtp" : {
- "type" : "long"
- },
- "http" : {
- "type" : "long"
- },
- "smb" : {
- "type" : "long"
- },
- "ssh" : {
- "type" : "long"
- },
- "tls" : {
- "type" : "long"
- },
- "dns_tcp" : {
- "type" : "long"
- },
- "dns_udp" : {
- "type" : "long"
- }
- }
- },
- "flow" : {
- "properties" : {
- "dcerpc_tcp" : {
- "type" : "long"
- },
- "dcerpc_udp" : {
- "type" : "long"
- },
- "imap" : {
- "type" : "long"
- },
- "ftp" : {
- "type" : "long"
- },
- "smtp" : {
- "type" : "long"
- },
- "msn" : {
- "type" : "long"
- },
- "smb" : {
- "type" : "long"
- },
- "ssh" : {
- "type" : "long"
- },
- "failed_tcp" : {
- "type" : "long"
- },
- "failed_udp" : {
- "type" : "long"
- },
- "dns_tcp" : {
- "type" : "long"
- },
- "dns_udp" : {
- "type" : "long"
- },
- "http" : {
- "type" : "long"
- },
- "tls" : {
- "type" : "long"
- }
- }
- }
- }
- },
- "dns" : {
- "properties" : {
- "memuse" : {
- "type" : "long"
- },
- "memcap_state" : {
- "type" : "long"
- },
- "memcap_global" : {
- "type" : "long"
- }
- }
- },
- "capture" : {
- "properties" : {
- "kernel_drops" : {
- "type" : "long"
- },
- "kernel_ifdrops" : {
- "type" : "long"
- },
- "kernel_packets" : {
- "type" : "long"
- }
- }
- },
- "detect" : {
- "properties" : {
- "alert" : {
- "type" : "long"
- }
- }
- },
- "http" : {
- "properties" : {
- "memuse" : {
- "type" : "long"
- },
- "memcap" : {
- "type" : "long"
- }
- }
- },
- "decoder" : {
- "properties" : {
- "udp" : {
- "type" : "long"
- },
- "dce" : {
- "properties" : {
- "pkt_too_small" : {
- "type" : "long"
- }
- }
- },
- "ieee8021ah" : {
- "type" : "long"
- },
- "pkts" : {
- "type" : "long"
- },
- "ipv4" : {
- "type" : "long"
- },
- "vlan" : {
- "type" : "long"
- },
- "ipv6" : {
- "type" : "long"
- },
- "pppoe" : {
- "type" : "long"
- },
- "mpls" : {
- "type" : "long"
- },
- "teredo" : {
- "type" : "long"
- },
- "gre" : {
- "type" : "long"
- },
- "max_pkt_size" : {
- "type" : "long"
- },
- "vlan_qinq" : {
- "type" : "long"
- },
- "ipraw" : {
- "properties" : {
- "invalid_ip_version" : {
- "type" : "long"
- }
- }
- },
- "tcp" : {
- "type" : "long"
- },
- "erspan" : {
- "type" : "long"
- },
- "icmpv4" : {
- "type" : "long"
- },
- "raw" : {
- "type" : "long"
- },
- "ipv4_in_ipv6" : {
- "type" : "long"
- },
- "icmpv6" : {
- "type" : "long"
- },
- "ltnull" : {
- "properties" : {
- "unsupported_type" : {
- "type" : "long"
- },
- "pkt_too_small" : {
- "type" : "long"
- }
- }
- },
- "ethernet" : {
- "type" : "long"
- },
- "ppp" : {
- "type" : "long"
- },
- "sll" : {
- "type" : "long"
- },
- "null" : {
- "type" : "long"
- },
- "bytes" : {
- "type" : "long"
- },
- "avg_pkt_size" : {
- "type" : "long"
- },
- "invalid" : {
- "type" : "long"
- },
- "sctp" : {
- "type" : "long"
- },
- "ipv6_in_ipv6" : {
- "type" : "long"
- }
- }
- },
- "flow_mgr" : {
- "properties" : {
- "bypassed_pruned" : {
- "type" : "long"
- },
- "closed_pruned" : {
- "type" : "long"
- },
- "rows_empty" : {
- "type" : "long"
- },
- "flows_notimeout" : {
- "type" : "long"
- },
- "flows_checked" : {
- "type" : "long"
- },
- "flows_timeout_inuse" : {
- "type" : "long"
- },
- "rows_maxlen" : {
- "type" : "long"
- },
- "flows_removed" : {
- "type" : "long"
- },
- "rows_checked" : {
- "type" : "long"
- },
- "flows_timeout" : {
- "type" : "long"
- },
- "est_pruned" : {
- "type" : "long"
- },
- "rows_busy" : {
- "type" : "long"
- },
- "new_pruned" : {
- "type" : "long"
- },
- "rows_skipped" : {
- "type" : "long"
- }
- }
- },
- "file_store" : {
- "properties" : {
- "open_files" : {
- "type" : "long"
- }
- }
- },
- "flow" : {
- "properties" : {
- "emerg_mode_entered" : {
- "type" : "long"
- },
- "memuse" : {
- "type" : "long"
- },
- "tcp" : {
- "type" : "long"
- },
- "udp" : {
- "type" : "long"
- },
- "tcp_reuse" : {
- "type" : "long"
- },
- "icmpv4" : {
- "type" : "long"
- },
- "emerg_mode_over" : {
- "type" : "long"
- },
- "icmpv6" : {
- "type" : "long"
- },
- "memcap" : {
- "type" : "long"
- },
- "spare" : {
- "type" : "long"
- }
- }
- },
- "uptime" : {
- "type" : "long"
- }
- }
- },
- "flow_id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "fileinfo" : {
- "properties" : {
- "sha1" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "filename" : {
- "path" : "file.path",
- "type" : "alias"
- },
- "sha256" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "size" : {
- "path" : "file.size",
- "type" : "alias"
- },
- "stored" : {
- "type" : "boolean"
- },
- "state" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "tx_id" : {
- "type" : "long"
- },
- "gaps" : {
- "type" : "boolean"
- },
- "md5" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "icmp_code" : {
- "type" : "long"
- },
- "dest_port" : {
- "path" : "destination.port",
- "type" : "alias"
- },
- "email" : {
- "properties" : {
- "status" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "flow" : {
- "properties" : {
- "reason" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "pkts_toserver" : {
- "path" : "source.packets",
- "type" : "alias"
- },
- "alerted" : {
- "type" : "boolean"
- },
- "start" : {
- "path" : "event.start",
- "type" : "alias"
- },
- "bytes_toclient" : {
- "path" : "destination.bytes",
- "type" : "alias"
- },
- "end" : {
- "type" : "date"
- },
- "state" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "bytes_toserver" : {
- "path" : "source.bytes",
- "type" : "alias"
- },
- "age" : {
- "type" : "long"
- },
- "pkts_toclient" : {
- "path" : "destination.packets",
- "type" : "alias"
- }
- }
- },
- "timestamp" : {
- "path" : "@timestamp",
- "type" : "alias"
- },
- "tcp" : {
- "properties" : {
- "rst" : {
- "type" : "boolean"
- },
- "tcp_flags_tc" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "tcp_flags_ts" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "psh" : {
- "type" : "boolean"
- },
- "tcp_flags" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "ack" : {
- "type" : "boolean"
- },
- "syn" : {
- "type" : "boolean"
- },
- "fin" : {
- "type" : "boolean"
- },
- "state" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "smtp" : {
- "properties" : {
- "helo" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "rcpt_to" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "mail_from" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "pcap_cnt" : {
- "type" : "long"
- },
- "dns" : {
- "properties" : {
- "rdata" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "rrname" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "rcode" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "id" : {
- "type" : "long"
- },
- "tx_id" : {
- "type" : "long"
- },
- "type" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "ttl" : {
- "type" : "long"
- },
- "rrtype" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "app_proto_tc" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "tx_id" : {
- "type" : "long"
- },
- "app_proto" : {
- "path" : "network.protocol",
- "type" : "alias"
- },
- "in_iface" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "src_port" : {
- "path" : "source.port",
- "type" : "alias"
- },
- "app_proto_expected" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "dest_ip" : {
- "path" : "destination.ip",
- "type" : "alias"
- },
- "proto" : {
- "path" : "network.transport",
- "type" : "alias"
- },
- "http" : {
- "properties" : {
- "redirect" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "hostname" : {
- "path" : "url.domain",
- "type" : "alias"
- },
- "protocol" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "http_method" : {
- "path" : "http.request.method",
- "type" : "alias"
- },
- "http_content_type" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "http_refer" : {
- "path" : "http.request.referrer",
- "type" : "alias"
- },
- "length" : {
- "path" : "http.response.body.bytes",
- "type" : "alias"
- },
- "url" : {
- "path" : "url.original",
- "type" : "alias"
- },
- "http_user_agent" : {
- "path" : "user_agent.original",
- "type" : "alias"
- },
- "status" : {
- "path" : "http.response.status_code",
- "type" : "alias"
- }
- }
- },
- "tls" : {
- "properties" : {
- "notbefore" : {
- "type" : "date"
- },
- "serial" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "issuerdn" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "subject" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "notafter" : {
- "type" : "date"
- },
- "fingerprint" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "session_resumed" : {
- "type" : "boolean"
- },
- "version" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "sni" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "app_proto_ts" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- }
- }
- },
- "fields" : {
- "type" : "object"
- },
- "hash" : {
- "properties" : {
- "sha256" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "iptables" : {
- "properties" : {
- "tcp" : {
- "properties" : {
- "reserved_bits" : {
- "type" : "short"
- },
- "ack" : {
- "type" : "long"
- },
- "flags" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "window" : {
- "type" : "long"
- },
- "seq" : {
- "type" : "long"
- }
- }
- },
- "udp" : {
- "properties" : {
- "length" : {
- "type" : "long"
- }
- }
- },
- "fragment_offset" : {
- "type" : "long"
- },
- "flow_label" : {
- "type" : "long"
- },
- "input_device" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "precedence_bits" : {
- "type" : "short"
- },
- "fragment_flags" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "length" : {
- "type" : "long"
- },
- "icmp" : {
- "properties" : {
- "redirect" : {
- "type" : "ip"
- },
- "code" : {
- "type" : "long"
- },
- "parameter" : {
- "type" : "long"
- },
- "id" : {
- "type" : "long"
- },
- "type" : {
- "type" : "long"
- },
- "seq" : {
- "type" : "long"
- }
- }
- },
- "ttl" : {
- "type" : "long"
- },
- "ether_type" : {
- "type" : "long"
- },
- "ubiquiti" : {
- "properties" : {
- "output_zone" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "input_zone" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "rule_set" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "rule_number" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "output_device" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "tos" : {
- "type" : "long"
- },
- "id" : {
- "type" : "long"
- },
- "incomplete_bytes" : {
- "type" : "long"
- }
- }
- },
- "server" : {
- "properties" : {
- "geo" : {
- "properties" : {
- "continent_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "region_iso_code" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "city_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "country_iso_code" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "country_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "location" : {
- "type" : "geo_point"
- },
- "region_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "address" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "port" : {
- "type" : "long"
- },
- "bytes" : {
- "type" : "long"
- },
- "domain" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "ip" : {
- "type" : "ip"
- },
- "user" : {
- "properties" : {
- "full_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "email" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "hash" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "group" : {
- "properties" : {
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- }
- }
- },
- "mac" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "packets" : {
- "type" : "long"
- }
- }
- },
- "apache2" : {
- "properties" : {
- "access" : {
- "properties" : {
- "geoip" : {
- "properties" : { }
- },
- "user_agent" : {
- "properties" : { }
- }
- }
- },
- "error" : {
- "properties" : { }
- }
- }
- },
- "log" : {
- "properties" : {
- "file" : {
- "properties" : {
- "path" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "original" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "offset" : {
- "type" : "long"
- },
- "level" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "flags" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "source" : {
- "properties" : {
- "address" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- }
- }
- },
- "traefik" : {
- "properties" : {
- "access" : {
- "properties" : {
- "user_identifier" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "geoip" : {
- "properties" : {
- "continent_name" : {
- "path" : "source.geo.continent_name",
- "type" : "alias"
- },
- "region_iso_code" : {
- "path" : "source.geo.region_iso_code",
- "type" : "alias"
- },
- "city_name" : {
- "path" : "source.geo.city_name",
- "type" : "alias"
- },
- "country_iso_code" : {
- "path" : "source.geo.country_iso_code",
- "type" : "alias"
- },
- "location" : {
- "path" : "source.geo.location",
- "type" : "alias"
- },
- "region_name" : {
- "path" : "source.geo.region_name",
- "type" : "alias"
- }
- }
- },
- "backend_url" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "frontend_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "user_agent" : {
- "properties" : {
- "original" : {
- "path" : "user_agent.original",
- "type" : "alias"
- },
- "os" : {
- "path" : "user_agent.os.full_name",
- "type" : "alias"
- },
- "name" : {
- "path" : "user_agent.name",
- "type" : "alias"
- },
- "os_name" : {
- "path" : "user_agent.os.name",
- "type" : "alias"
- },
- "device" : {
- "path" : "user_agent.device.name",
- "type" : "alias"
- }
- }
- },
- "request_count" : {
- "type" : "long"
- }
- }
- }
- }
- },
- "certificate" : {
- "properties" : {
- "sha256" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "common_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "destination" : {
- "properties" : {
- "geo" : {
- "properties" : {
- "continent_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "region_iso_code" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "city_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "country_iso_code" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "country_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "location" : {
- "type" : "geo_point"
- },
- "region_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "address" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "port" : {
- "type" : "long"
- },
- "bytes" : {
- "type" : "long"
- },
- "domain" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "ip" : {
- "type" : "ip"
- },
- "user" : {
- "properties" : {
- "full_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "email" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "hash" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "group" : {
- "properties" : {
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- }
- }
- },
- "mac" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "packets" : {
- "type" : "long"
- }
- }
- },
- "syslog" : {
- "properties" : {
- "priority" : {
- "type" : "long"
- },
- "facility" : {
- "type" : "long"
- },
- "severity_label" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "facility_label" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "auditd" : {
- "properties" : {
- "log" : {
- "properties" : {
- "new_auid" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "item" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "laddr" : {
- "type" : "ip"
- },
- "new_ses" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "geoip" : {
- "properties" : { }
- },
- "old_ses" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "rport" : {
- "type" : "long"
- },
- "lport" : {
- "type" : "long"
- },
- "a0" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "sequence" : {
- "type" : "long"
- },
- "old_auid" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "tty" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "addr" : {
- "type" : "ip"
- },
- "items" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- }
- }
- },
- "error" : {
- "properties" : {
- "code" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "message" : {
- "norms" : false,
- "type" : "text"
- },
- "type" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "docker" : {
- "properties" : {
- "container" : {
- "properties" : {
- "labels" : {
- "type" : "object"
- }
- }
- }
- }
- },
- "network" : {
- "properties" : {
- "community_id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "forwarded_ip" : {
- "type" : "ip"
- },
- "protocol" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "application" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "bytes" : {
- "type" : "long"
- },
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "transport" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "type" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "iana_number" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "packets" : {
- "type" : "long"
- },
- "direction" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "santa" : {
- "properties" : {
- "mode" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "reason" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "disk" : {
- "properties" : {
- "volume" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "bus" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "serial" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "bsdname" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "model" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "fs" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "mount" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "decision" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "action" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "geo" : {
- "properties" : {
- "continent_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "region_iso_code" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "city_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "country_iso_code" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "country_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "location" : {
- "type" : "geo_point"
- },
- "region_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "iis" : {
- "properties" : {
- "access" : {
- "properties" : {
- "site_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "server_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "geoip" : {
- "properties" : { }
- },
- "cookie" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "sub_status" : {
- "type" : "long"
- },
- "win32_status" : {
- "type" : "long"
- },
- "user_agent" : {
- "properties" : { }
- }
- }
- },
- "error" : {
- "properties" : {
- "queue_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "geoip" : {
- "properties" : { }
- },
- "reason_phrase" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- }
- }
- },
- "file" : {
- "properties" : {
- "owner" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "extension" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "gid" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "mtime" : {
- "type" : "date"
- },
- "type" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "target_path" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "inode" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "mode" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "path" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "uid" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "size" : {
- "type" : "long"
- },
- "ctime" : {
- "type" : "date"
- },
- "device" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "group" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "postgresql" : {
- "properties" : {
- "log" : {
- "properties" : {
- "database" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "core_id" : {
- "type" : "long"
- },
- "query" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "timestamp" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- }
- }
- },
- "related" : {
- "properties" : {
- "ip" : {
- "type" : "ip"
- }
- }
- },
- "stream" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "client" : {
- "properties" : {
- "geo" : {
- "properties" : {
- "continent_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "region_iso_code" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "city_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "country_iso_code" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "country_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "location" : {
- "type" : "geo_point"
- },
- "region_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "address" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "port" : {
- "type" : "long"
- },
- "bytes" : {
- "type" : "long"
- },
- "domain" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "ip" : {
- "type" : "ip"
- },
- "user" : {
- "properties" : {
- "full_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "email" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "hash" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "group" : {
- "properties" : {
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- }
- }
- },
- "mac" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "packets" : {
- "type" : "long"
- }
- }
- },
- "event" : {
- "properties" : {
- "severity" : {
- "type" : "long"
- },
- "original" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "risk_score" : {
- "type" : "float"
- },
- "created" : {
- "type" : "date"
- },
- "kind" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "timezone" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "module" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "start" : {
- "type" : "date"
- },
- "type" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "duration" : {
- "type" : "long"
- },
- "risk_score_norm" : {
- "type" : "float"
- },
- "action" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "end" : {
- "type" : "date"
- },
- "id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "category" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "dataset" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "hash" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "outcome" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "mongodb" : {
- "properties" : {
- "log" : {
- "properties" : {
- "component" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "context" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- }
- }
- },
- "user_agent" : {
- "properties" : {
- "original" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "os" : {
- "properties" : {
- "full_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "kernel" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "family" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "version" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "platform" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "full" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "device" : {
- "properties" : {
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "version" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "process" : {
- "properties" : {
- "args" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "start" : {
- "type" : "date"
- },
- "pid" : {
- "type" : "long"
- },
- "working_directory" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "program" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "thread" : {
- "properties" : {
- "id" : {
- "type" : "long"
- }
- }
- },
- "title" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "executable" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "ppid" : {
- "type" : "long"
- }
- }
- },
- "os" : {
- "properties" : {
- "kernel" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "family" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "version" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "platform" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "full" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "osquery" : {
- "properties" : {
- "result" : {
- "properties" : {
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "unix_time" : {
- "type" : "long"
- },
- "action" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "calendar_time" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "host_identifier" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- }
- }
- },
- "fileset" : {
- "properties" : {
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "message" : {
- "norms" : false,
- "type" : "text"
- },
- "url" : {
- "properties" : {
- "path" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "fragment" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "password" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "original" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "scheme" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "port" : {
- "type" : "long"
- },
- "domain" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "query" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "full" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "username" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "@timestamp" : {
- "type" : "date"
- },
- "service" : {
- "properties" : {
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "state" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "ephemeral_id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "type" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "version" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "organization" : {
- "properties" : {
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- },
- "haproxy" : {
- "properties" : {
- "error_message" : {
- "norms" : false,
- "type" : "text"
- },
- "tcp" : {
- "properties" : {
- "connection_waiting_time_ms" : {
- "type" : "long"
- }
- }
- },
- "server_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "bind_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "geoip" : {
- "properties" : { }
- },
- "total_waiting_time_ms" : {
- "type" : "long"
- },
- "termination_state" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "time_queue" : {
- "type" : "long"
- },
- "connection_wait_time_ms" : {
- "type" : "long"
- },
- "destination" : {
- "properties" : { }
- },
- "bytes_read" : {
- "type" : "long"
- },
- "source" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "mode" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "backend_queue" : {
- "type" : "long"
- },
- "backend_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "client" : {
- "properties" : { }
- },
- "frontend_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "http" : {
- "properties" : {
- "request" : {
- "properties" : {
- "captured_cookie" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "raw_request_line" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "captured_headers" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "time_wait_ms" : {
- "type" : "long"
- },
- "time_wait_without_data_ms" : {
- "type" : "long"
- }
- }
- },
- "response" : {
- "properties" : {
- "captured_cookie" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "captured_headers" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- }
- }
- },
- "server_queue" : {
- "type" : "long"
- },
- "time_backend_connect" : {
- "type" : "long"
- },
- "connections" : {
- "properties" : {
- "retries" : {
- "type" : "long"
- },
- "server" : {
- "type" : "long"
- },
- "active" : {
- "type" : "long"
- },
- "backend" : {
- "type" : "long"
- },
- "frontend" : {
- "type" : "long"
- }
- }
- }
- }
- },
- "user" : {
- "properties" : {
- "owner" : {
- "properties" : {
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "group" : {
- "properties" : {
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- }
- }
- },
- "effective" : {
- "properties" : {
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "group" : {
- "properties" : {
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- }
- }
- },
- "full_name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "saved" : {
- "properties" : {
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "group" : {
- "properties" : {
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- }
- }
- },
- "audit" : {
- "properties" : {
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "group" : {
- "properties" : {
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- }
- }
- },
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "terminal" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "email" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "filesystem" : {
- "properties" : {
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "group" : {
- "properties" : {
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- }
- }
- },
- "hash" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "group" : {
- "properties" : {
- "name" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- },
- "id" : {
- "ignore_above" : 1024,
- "type" : "keyword"
- }
- }
- }
- }
- }
- }
- },
- "aliases" : { }
- }
-}
+ }
+}
\ No newline at end of file
diff --git a/json/v7.x vis/filebeat v7.1/elk-hole - vis.json b/json/v7.x vis/filebeat v7.1/elk-hole - vis.json
index 2d7a9edc5a47d099ba7bfa0c3fb718bb30fa4d74..d61e479dd09f64d23c4609597b09051abf4add86 100644
--- a/json/v7.x vis/filebeat v7.1/elk-hole - vis.json
+++ b/json/v7.x vis/filebeat v7.1/elk-hole - vis.json
@@ -101,6 +101,24 @@
}
]
},
+ {
+ "_id": "381275b0-34bc-11e8-beb4-d7353bd14360",
+ "_type": "visualization",
+ "_source": {
+ "title": "Requests vs piholed - pihole",
+ "visState": "{\"title\":\"Requests vs piholed - pihole\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"b0e4bf30-34bb-11e8-806f-b37e16272205\",\"color\":\"rgba(255,0,0,1)\",\"split_mode\":\"filter\",\"metrics\":[{\"id\":\"b0e4bf31-34bb-11e8-806f-b37e16272205\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"none\",\"terms_field\":\"tags.keyword\",\"split_filters\":[{\"filter\":\"test\",\"label\":\"test 1\",\"color\":\"#68BC00\",\"id\":\"035358d0-34bc-11e8-806f-b37e16272205\"}],\"terms_order_by\":\"_count\",\"label\":\"Piholed Count\",\"filter\":\"tags:\\\"piholed\\\"\",\"steps\":0,\"split_color_mode\":\"gradient\"},{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"metrics\":[{\"id\":\"a5cd5cd0-34be-11e8-a36f-6fd9911e50af\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"terms_field\":\"query_type.keyword\",\"terms_order_by\":\"_count\",\"terms_size\":\"10\",\"filter\":\"tags:\\\"request and query type\\\"\",\"override_index_pattern\":0,\"split_color_mode\":\"gradient\",\"label\":\"Request Count\",\"offset_time\":\"\",\"series_drop_last_bucket\":1}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*dns*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"background_color_rules\":[{\"id\":\"76bd8260-34bb-11e8-806f-b37e16272205\"}],\"bar_color_rules\":[{\"id\":\"7892dea0-34bb-11e8-806f-b37e16272205\"}],\"gauge_color_rules\":[{\"id\":\"79668250-34bb-11e8-806f-b37e16272205\"}],\"gauge_width\":10,\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"annotations\":[{\"fields\":\"\",\"template\":\"\",\"index_pattern\":\"\",\"query_string\":\"\",\"id\":\"b09dc6f0-34c2-11e8-a36f-6fd9911e50af\",\"color\":\"#F00\",\"time_field\":\"@timestamp\",\"icon\":\"fa-tag\",\"ignore_global_filters\":1,\"ignore_panel_filters\":1}],\"ignore_global_filter\":0,\"axis_scale\":\"normal\",\"legend_position\":\"bottom\",\"background_color\":\"rgba(255,255,255,1)\"},\"aggs\":[]}",
+ "uiStateJSON": "{}",
+ "description": "",
+ "version": 1,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"
+ }
+ },
+ "_migrationVersion": {
+ "visualization": "7.0.1"
+ },
+ "_references": []
+ },
{
"_id": "0858a2c0-643d-11e9-b607-6710a00e4c3e",
"_type": "visualization",
@@ -125,6 +143,24 @@
}
]
},
+ {
+ "_id": "e611adc0-a203-11e8-8e9e-1d0e979ee6d4",
+ "_type": "visualization",
+ "_source": {
+ "title": "piholed percent - pihole",
+ "visState": "{\"title\":\"piholed percent - pihole\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"gauge\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"filter_ratio\",\"numerator\":\"tags:\\\"piholed\\\"\",\"denominator\":\"tags:\\\"request and query type\\\"\",\"metric_agg\":\"count\"},{\"sigma\":\"\",\"id\":\"ef9f03c0-7c04-11e9-b96e-8bf05a5f3904\",\"type\":\"avg_bucket\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"percent\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"value_template\":\"\",\"filter\":\"\",\"split_filters\":[{\"filter\":\"\",\"label\":\"_exists_: source\\\\* _exists_: blocked\\\\*\",\"color\":\"#68BC00\",\"id\":\"a1999690-7c86-11e9-858f-63d26332fe87\"}],\"label\":\"\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*dns*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"gauge_color_rules\":[{\"id\":\"14b76370-a201-11e8-a2be-75195e55158c\"}],\"gauge_width\":10,\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"bar_color_rules\":[{\"id\":\"c116e410-a201-11e8-a2be-75195e55158c\"}],\"background_color_rules\":[{\"id\":\"6fa17de0-a209-11e8-a2be-75195e55158c\"}],\"annotations\":[],\"axis_scale\":\"normal\",\"default_index_pattern\":\"elastiflow-*\",\"gauge_max\":\"1\"},\"aggs\":[]}",
+ "uiStateJSON": "{}",
+ "description": "",
+ "version": 1,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
+ }
+ },
+ "_migrationVersion": {
+ "visualization": "7.0.1"
+ },
+ "_references": []
+ },
{
"_id": "88d55340-338c-11e8-beb4-d7353bd14360",
"_type": "visualization",