Last active
May 3, 2021 13:28
-
-
Save ankitdevnalkar/04d89eb899c8661484728f85bd8c0695 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "cloud-audit-azure-2021.04" : { | |
| "mappings" : { | |
| "properties" : { | |
| "@timestamp" : { | |
| "type" : "date" | |
| }, | |
| "@version" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "Level" : { | |
| "type" : "long" | |
| }, | |
| "Priority" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "Signal" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "agent" : { | |
| "properties" : { | |
| "ephemeral_id" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "hostname" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "id" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "name" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "type" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "version" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "azure" : { | |
| "properties" : { | |
| "activitylogs" : { | |
| "properties" : { | |
| "Level" : { | |
| "type" : "long" | |
| }, | |
| "category" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "event_category" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "identity" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "operationVersion" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "operation_name" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "properties" : { | |
| "properties" : { | |
| "activityDateTime" : { | |
| "type" : "date" | |
| }, | |
| "activityDisplayName" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "additionalDetails" : { | |
| "properties" : { | |
| "key" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "value" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "alternateSignInName" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "appDisplayName" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "appId" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "appliedConditionalAccessPolicies" : { | |
| "properties" : { | |
| "conditionsNotSatisfied" : { | |
| "type" : "long" | |
| }, | |
| "conditionsSatisfied" : { | |
| "type" : "long" | |
| }, | |
| "displayName" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "enforcedGrantControls" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "id" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "result" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "authenticationDetails" : { | |
| "properties" : { | |
| "RequestSequence" : { | |
| "type" : "long" | |
| }, | |
| "StatusSequence" : { | |
| "type" : "long" | |
| }, | |
| "authenticationMethod" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "authenticationMethodDetail" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "authenticationStepDateTime" : { | |
| "type" : "date" | |
| }, | |
| "authenticationStepRequirement" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "authenticationStepResultDetail" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "succeeded" : { | |
| "type" : "boolean" | |
| } | |
| } | |
| }, | |
| "authenticationProcessingDetails" : { | |
| "properties" : { | |
| "key" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "value" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "authenticationRequirement" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "category" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "clientAppUsed" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "conditionalAccessStatus" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "correlationId" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "createdDateTime" : { | |
| "type" : "date" | |
| }, | |
| "deviceDetail" : { | |
| "properties" : { | |
| "browser" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "deviceId" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "displayName" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "operatingSystem" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "trustType" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "eventCategory" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "eventProperties" : { | |
| "properties" : { | |
| "communication" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "communicationId" : { | |
| "type" : "long" | |
| }, | |
| "defaultLanguageContent" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "defaultLanguageTitle" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "impactMitigationTime" : { | |
| "type" : "date" | |
| }, | |
| "impactStartTime" : { | |
| "type" : "date" | |
| }, | |
| "impactedServices" : { | |
| "properties" : { | |
| "ImpactedRegions" : { | |
| "properties" : { | |
| "RegionName" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "ServiceName" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "impactedServicesTableRows" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "incidentType" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "isHIR" : { | |
| "type" : "boolean" | |
| }, | |
| "isSynthetic" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "region" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "service" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "stage" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "title" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "trackingId" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "version" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "flaggedForReview" : { | |
| "type" : "boolean" | |
| }, | |
| "homeTenantId" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "id" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "initiatedBy" : { | |
| "properties" : { | |
| "app" : { | |
| "properties" : { | |
| "displayName" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "servicePrincipalId" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "user" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "userPrincipalName" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "ipAddress" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "isInteractive" : { | |
| "type" : "boolean" | |
| }, | |
| "location" : { | |
| "properties" : { | |
| "city" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "countryOrRegion" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "geoCoordinates" : { | |
| "properties" : { | |
| "latitude" : { | |
| "type" : "float" | |
| }, | |
| "longitude" : { | |
| "type" : "float" | |
| } | |
| } | |
| }, | |
| "state" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "loggedByService" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "mfaDetail" : { | |
| "type" : "object" | |
| }, | |
| "operationType" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "originalRequestId" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "processingTimeInMilliseconds" : { | |
| "type" : "long" | |
| }, | |
| "resourceDisplayName" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "resourceId" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "resourceTenantId" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "result" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "resultReason" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "riskDetail" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "riskLevelAggregated" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "riskLevelDuringSignIn" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "riskState" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "servicePrincipalId" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "servicePrincipalName" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "signInIdentifier" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "status" : { | |
| "properties" : { | |
| "additionalDetails" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "errorCode" : { | |
| "type" : "long" | |
| }, | |
| "failureReason" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "targetResources" : { | |
| "properties" : { | |
| "displayName" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "id" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "modifiedProperties" : { | |
| "properties" : { | |
| "displayName" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "newValue" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "type" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "userPrincipalName" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "tokenIssuerName" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "tokenIssuerType" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "userAgent" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "userDisplayName" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "userId" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "userPrincipalName" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "userType" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "resultDescription" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "result_signature" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "result_type" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "tenantId" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "correlation_id" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "resource" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "provider" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "resource_id" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "azure-eventhub" : { | |
| "properties" : { | |
| "consumer_group" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "enqueued_time" : { | |
| "type" : "date" | |
| }, | |
| "eventhub" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "offset" : { | |
| "type" : "long" | |
| }, | |
| "sequence_number" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "callerIpAddress" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "category" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "categorySignals" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "cloud" : { | |
| "properties" : { | |
| "provider" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "correlationId" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "durationMs" : { | |
| "type" : "long" | |
| }, | |
| "ecs" : { | |
| "properties" : { | |
| "version" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "error" : { | |
| "properties" : { | |
| "message" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "event" : { | |
| "properties" : { | |
| "action" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "dataset" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "duration" : { | |
| "type" : "long" | |
| }, | |
| "kind" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "module" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "fileset" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "geo" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "identity" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "input" : { | |
| "properties" : { | |
| "type" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "level" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "location" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "log" : { | |
| "properties" : { | |
| "level" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "operationName" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "operationVersion" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "properties" : { | |
| "properties" : { | |
| "activityDateTime" : { | |
| "type" : "date" | |
| }, | |
| "activityDisplayName" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "additionalDetails" : { | |
| "properties" : { | |
| "key" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "value" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "alternateSignInName" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "appDisplayName" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "appId" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "appliedConditionalAccessPolicies" : { | |
| "properties" : { | |
| "conditionsNotSatisfied" : { | |
| "type" : "long" | |
| }, | |
| "conditionsSatisfied" : { | |
| "type" : "long" | |
| }, | |
| "displayName" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "enforcedGrantControls" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "id" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "result" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "authenticationDetails" : { | |
| "properties" : { | |
| "RequestSequence" : { | |
| "type" : "long" | |
| }, | |
| "StatusSequence" : { | |
| "type" : "long" | |
| }, | |
| "authenticationMethod" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "authenticationMethodDetail" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "authenticationStepDateTime" : { | |
| "type" : "date" | |
| }, | |
| "authenticationStepRequirement" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "authenticationStepResultDetail" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "succeeded" : { | |
| "type" : "boolean" | |
| } | |
| } | |
| }, | |
| "authenticationProcessingDetails" : { | |
| "properties" : { | |
| "key" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "value" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "authenticationRequirement" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "category" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "clientAppUsed" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "conditionalAccessStatus" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "correlationId" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "createdDateTime" : { | |
| "type" : "date" | |
| }, | |
| "deviceDetail" : { | |
| "properties" : { | |
| "browser" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "deviceId" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "displayName" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "operatingSystem" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "trustType" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "eventCategory" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "eventProperties" : { | |
| "properties" : { | |
| "communication" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "communicationId" : { | |
| "type" : "long" | |
| }, | |
| "defaultLanguageContent" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "defaultLanguageTitle" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "impactMitigationTime" : { | |
| "type" : "date" | |
| }, | |
| "impactStartTime" : { | |
| "type" : "date" | |
| }, | |
| "impactedServices" : { | |
| "properties" : { | |
| "ImpactedRegions" : { | |
| "properties" : { | |
| "RegionName" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "ServiceName" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "impactedServicesTableRows" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "incidentType" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "isHIR" : { | |
| "type" : "boolean" | |
| }, | |
| "isSynthetic" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "region" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "service" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "stage" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "title" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "trackingId" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "version" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "flaggedForReview" : { | |
| "type" : "boolean" | |
| }, | |
| "homeTenantId" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "id" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "initiatedBy" : { | |
| "properties" : { | |
| "app" : { | |
| "properties" : { | |
| "displayName" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "servicePrincipalId" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "user" : { | |
| "properties" : { | |
| "id" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "userPrincipalName" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "ipAddress" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "isInteractive" : { | |
| "type" : "boolean" | |
| }, | |
| "location" : { | |
| "properties" : { | |
| "city" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "countryOrRegion" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "geoCoordinates" : { | |
| "properties" : { | |
| "latitude" : { | |
| "type" : "float" | |
| }, | |
| "longitude" : { | |
| "type" : "float" | |
| } | |
| } | |
| }, | |
| "state" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "loggedByService" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "mfaDetail" : { | |
| "type" : "object" | |
| }, | |
| "operationType" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "originalRequestId" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "processingTimeInMilliseconds" : { | |
| "type" : "long" | |
| }, | |
| "resourceDisplayName" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "resourceId" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "resourceTenantId" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "result" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "resultReason" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "riskDetail" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "riskLevelAggregated" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "riskLevelDuringSignIn" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "riskState" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "servicePrincipalId" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "servicePrincipalName" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "signInIdentifier" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "status" : { | |
| "properties" : { | |
| "additionalDetails" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "errorCode" : { | |
| "type" : "long" | |
| }, | |
| "failureReason" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "targetResources" : { | |
| "properties" : { | |
| "displayName" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "id" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "modifiedProperties" : { | |
| "properties" : { | |
| "displayName" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "newValue" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "type" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "userPrincipalName" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "tokenIssuerName" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "tokenIssuerType" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "userAgent" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "userDisplayName" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "userId" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "userPrincipalName" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "userType" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "resourceId" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "resultDescription" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "resultSignature" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "resultType" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "service" : { | |
| "properties" : { | |
| "type" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "source" : { | |
| "properties" : { | |
| "as" : { | |
| "properties" : { | |
| "number" : { | |
| "type" : "long" | |
| }, | |
| "organization" : { | |
| "properties" : { | |
| "name" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "geo" : { | |
| "properties" : { | |
| "city_name" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "continent_name" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "country_iso_code" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "country_name" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "location" : { | |
| "properties" : { | |
| "lat" : { | |
| "type" : "float" | |
| }, | |
| "lon" : { | |
| "type" : "float" | |
| } | |
| } | |
| }, | |
| "region_iso_code" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "region_name" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "ip" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "tags" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "tenantId" : { | |
| "type" : "text", | |
| "fields" : { | |
| "keyword" : { | |
| "type" : "keyword", | |
| "ignore_above" : 256 | |
| } | |
| } | |
| }, | |
| "time" : { | |
| "type" : "date" | |
| } | |
| } | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment