Private GIT

Skip to content
Snippets Groups Projects
Unverified Commit a4372621 authored by 9S's avatar 9S Committed by GitHub
Browse files

Merge pull request #15 from nin9s/template-patch-for-geoip 

template patch for geoip
parents b200edd8 726efb61
No related merge requests found
Show whitespace changes
Inline Side-by-side
json/logstash-syslog-dns-index.template_ELK7.x_dev.json
+ 347
50
View file @ a4372621
......@@ -6,23 +6,89 @@ PUT /_template/logstash-syslog-dns
"mappings": {
"dynamic": "true",
"properties" : {
"source_host": {
"type": "ip"
"@timestamp" : {
"type" : "date"
},
"logrow": {
"type": "integer"
"@version" : {
"type" : "keyword"
},
"request_from": {
"type": "ip"
"agent" : {
"properties" : {
"ephemeral_id" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"source_port": {
"type": "integer"
"hostname" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"ip_request": {
"type": "ip"
"id" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"ip_response": {
"type": "ip"
"name" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"type" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"version" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
}
}
},
"blocked_domain" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"date" : {
"type" : "date",
"format" : "MMM d HH:mm:ss||MMM dd HH:mm:ss"
},
"dns_forward_to" : {
"type" : "ip",
......@@ -33,14 +99,211 @@ PUT /_template/logstash-syslog-dns
}
}
},
"tags": {
"domain_request" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"domain_response" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"ecs" : {
"properties" : {
"version" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
}
}
},
"geoip" : {
"dynamic" : "true",
"properties" : {
"city_name" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"continent_code" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"country_code2" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"country_code3" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"country_name" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"dma_code" : {
"type" : "long"
},
"ip" : {
"type" : "ip"
},
"latitude" : {
"type" : "half_float"
},
"location" : {
"type" : "geo_point"
},
"longitude" : {
"type" : "half_float"
},
"postal_code" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"region_code" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"region_name" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"timezone" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
}
}
},
"host" : {
"properties" : {
"name" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
}
}
},
"input" : {
"properties" : {
"type" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
}
}
},
"ip_request" : {
"type" : "ip"
},
"ip_response" : {
"type" : "ip"
},
"log" : {
"properties" : {
"file" : {
"properties" : {
"path" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
}
}
},
"offset" : {
"type" : "long"
}
}
},
"logrow" : {
"type" : "integer"
},
"message" : {
"type" : "text",
"norms" : false
},
"pid" : {
"type" : "integer"
......@@ -48,7 +311,7 @@ PUT /_template/logstash-syslog-dns
"pihole" : {
"type" : "ip"
},
"blocked_domain": {
"program" : {
"type" : "text",
"norms" : false,
"fields" : {
......@@ -58,7 +321,7 @@ PUT /_template/logstash-syslog-dns
}
}
},
"domain_request" : {
"query_type" : {
"type" : "text",
"norms" : false,
"fields" : {
......@@ -68,9 +331,43 @@ PUT /_template/logstash-syslog-dns
}
}
},
"date": {
"type": "date",
"format": "MMM d HH:mm:ss||MMM dd HH:mm:ss"
"request_from" : {
"type" : "ip"
},
"source_fqdn" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"source_host" : {
"type" : "ip"
},
"source_port" : {
"type" : "integer"
},
"tags" : {
"type" : "keyword",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"type" : {
"type" : "text",
"norms" : false,
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
}
}
}
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment

Another place to be (or not)