From b200edd8f97285958e90c74b72036d4ecb470ce4 Mon Sep 17 00:00:00 2001
From: nin9s <strrrn@gmail.com>
Date: Tue, 25 Jun 2019 23:02:14 +0200
Subject: [PATCH] Create logstash-syslog-dns-index.template_ELK7.x_dev.json
fix for https://github.com/nin9s/elk-hole/issues/12
---
...-syslog-dns-index.template_ELK7.x_dev.json | 77 +++++++++++++++++++
1 file changed, 77 insertions(+)
create mode 100644 json/logstash-syslog-dns-index.template_ELK7.x_dev.json
diff --git a/json/logstash-syslog-dns-index.template_ELK7.x_dev.json b/json/logstash-syslog-dns-index.template_ELK7.x_dev.json
new file mode 100644
index 0000000..414335f
--- /dev/null
+++ b/json/logstash-syslog-dns-index.template_ELK7.x_dev.json
@@ -0,0 +1,77 @@
+PUT /_template/logstash-syslog-dns
+{
+ "index_patterns": [
+ "logstash-syslog-dns*"
+ ],
+ "mappings": {
+ "dynamic": "true",
+ "properties": {
+ "source_host": {
+ "type": "ip"
+ },
+ "logrow": {
+ "type": "integer"
+ },
+ "request_from": {
+ "type": "ip"
+ },
+ "source_port": {
+ "type": "integer"
+ },
+ "ip_request": {
+ "type": "ip"
+ },
+ "ip_response": {
+ "type": "ip"
+ },
+ "dns_forward_to": {
+ "type": "ip",
+ "fields": {
+ "keyword": {
+ "type": "keyword",
+ "ignore_above": 256
+ }
+ }
+ },
+ "tags": {
+ "type": "keyword",
+ "fields": {
+ "keyword": {
+ "type": "keyword",
+ "ignore_above": 256
+ }
+ }
+ },
+ "pid": {
+ "type": "integer"
+ },
+ "pihole": {
+ "type": "ip"
+ },
+ "blocked_domain": {
+ "type" : "text",
+ "norms" : false,
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "domain_request" : {
+ "type" : "text",
+ "norms" : false,
+ "fields" : {
+ "keyword" : {
+ "type" : "keyword",
+ "ignore_above" : 256
+ }
+ }
+ },
+ "date": {
+ "type": "date",
+ "format": "MMM d HH:mm:ss||MMM dd HH:mm:ss"
+ }
+ }
+ }
+}
\ No newline at end of file
--
GitLab