diff --git a/json/logstash-syslog-dns-index.template_ELK7.x_dev.json b/json/logstash-syslog-dns-index.template_ELK7.x_dev.json new file mode 100644 index 0000000000000000000000000000000000000000..414335f3d8f4fe31a25278a68867a0e67ccf211a --- /dev/null +++ b/json/logstash-syslog-dns-index.template_ELK7.x_dev.json @@ -0,0 +1,77 @@ +PUT /_template/logstash-syslog-dns +{ + "index_patterns": [ + "logstash-syslog-dns*" + ], + "mappings": { + "dynamic": "true", + "properties": { + "source_host": { + "type": "ip" + }, + "logrow": { + "type": "integer" + }, + "request_from": { + "type": "ip" + }, + "source_port": { + "type": "integer" + }, + "ip_request": { + "type": "ip" + }, + "ip_response": { + "type": "ip" + }, + "dns_forward_to": { + "type": "ip", + "fields": { + "keyword": { + "type": "keyword", + "ignore_above": 256 + } + } + }, + "tags": { + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword", + "ignore_above": 256 + } + } + }, + "pid": { + "type": "integer" + }, + "pihole": { + "type": "ip" + }, + "blocked_domain": { + "type" : "text", + "norms" : false, + "fields" : { + "keyword" : { + "type" : "keyword", + "ignore_above" : 256 + } + } + }, + "domain_request" : { + "type" : "text", + "norms" : false, + "fields" : { + "keyword" : { + "type" : "keyword", + "ignore_above" : 256 + } + } + }, + "date": { + "type": "date", + "format": "MMM d HH:mm:ss||MMM dd HH:mm:ss" + } + } + } +} \ No newline at end of file